Transcript
Avaya WLAN 8100 WC 8180 CLI Reference
1.1.0.0NN47251-107, 01.01
August 2011
© 2011 Avaya Inc.
All Rights Reserved.
Notice
While reasonable efforts have been made to ensure that theinformation in this document is complete and accurate at the time ofprinting, Avaya assumes no liability for any errors. Avaya reserves theright to make changes and corrections to the information in thisdocument without the obligation to notify any person or organization ofsuch changes.
Documentation disclaimer
“Documentation” means information published by Avaya in varyingmediums which may include product information, operating instructionsand performance specifications that Avaya generally makes availableto users of its products. Documentation does not include marketingmaterials. Avaya shall not be responsible for any modifications,additions, or deletions to the original published version ofdocumentation unless such modifications, additions, or deletions wereperformed by Avaya. End User agrees to indemnify and hold harmlessAvaya, Avaya's agents, servants and employees against all claims,lawsuits, demands and judgments arising out of, or in connection with,subsequent modifications, additions or deletions to this documentation,to the extent made by End User.
Link disclaimer
Avaya is not responsible for the contents or reliability of any linked Websites referenced within this site or documentation provided by Avaya.Avaya is not responsible for the accuracy of any information, statementor content provided on these sites and does not necessarily endorsethe products, services, or information described or offered within them.Avaya does not guarantee that these links will work all the time and hasno control over the availability of the linked pages.
Warranty
Avaya provides a limited warranty on its Hardware and Software(“Product(s)”). Refer to your sales agreement to establish the terms ofthe limited warranty. In addition, Avaya’s standard warranty language,as well as information regarding support for this Product while underwarranty is available to Avaya customers and other parties through theAvaya Support Web site: http://support.avaya.com. Please note that ifyou acquired the Product(s) from an authorized Avaya reseller outsideof the United States and Canada, the warranty is provided to you bysaid Avaya reseller and not by Avaya.
Licenses
THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYAWEBSITE, HTTP://SUPPORT.AVAYA.COM/LICENSEINFO/ AREAPPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/ORINSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC.,ANY AVAYA AFFILIATE, OR AN AUTHORIZED AVAYA RESELLER(AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITHAVAYA OR AN AUTHORIZED AVAYA RESELLER. UNLESSOTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOESNOT EXTEND THIS LICENSE IF THE SOFTWARE WAS OBTAINEDFROM ANYONE OTHER THAN AVAYA, AN AVAYA AFFILIATE OR ANAVAYA AUTHORIZED RESELLER; AVAYA RESERVES THE RIGHTTO TAKE LEGAL ACTION AGAINST YOU AND ANYONE ELSEUSING OR SELLING THE SOFTWARE WITHOUT A LICENSE. BYINSTALLING, DOWNLOADING OR USING THE SOFTWARE, ORAUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OFYOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING,DOWNLOADING OR USING THE SOFTWARE (HEREINAFTERREFERRED TO INTERCHANGEABLY AS “YOU” AND “END USER”),AGREE TO THESE TERMS AND CONDITIONS AND CREATE ABINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THEAPPLICABLE AVAYA AFFILIATE ( “AVAYA”).
Copyright
Except where expressly stated otherwise, no use should be made ofmaterials on this site, the Documentation, Software, or Hardwareprovided by Avaya. All content on this site, the documentation and theProduct provided by Avaya including the selection, arrangement anddesign of the content is owned either by Avaya or its licensors and isprotected by copyright and other intellectual property laws including thesui generis rights relating to the protection of databases. You may notmodify, copy, reproduce, republish, upload, post, transmit or distributein any way any content, in whole or in part, including any code andsoftware unless expressly authorized by Avaya. Unauthorizedreproduction, transmission, dissemination, storage, and or use withoutthe express written consent of Avaya can be a criminal, as well as acivil offense under the applicable law.
Third-party components
Certain software programs or portions thereof included in the Productmay contain software distributed under third party agreements (“ThirdParty Components”), which may contain terms that expand or limitrights to use certain portions of the Product (“Third Party Terms”).Information regarding distributed Linux OS source code (for thoseProducts that have distributed the Linux OS source code), andidentifying the copyright holders of the Third Party Components and theThird Party Terms that apply to them is available on the Avaya SupportWeb site: http://support.avaya.com/Copyright.
Trademarks
The trademarks, logos and service marks (“Marks”) displayed in thissite, the Documentation and Product(s) provided by Avaya are theregistered or unregistered Marks of Avaya, its affiliates, or other thirdparties. Users are not permitted to use such Marks without prior writtenconsent from Avaya or such third party which may own the Mark.Nothing contained in this site, the Documentation and Product(s)should be construed as granting, by implication, estoppel, or otherwise,any license or right in and to the Marks without the express writtenpermission of Avaya or the applicable third party.
Avaya is a registered trademark of Avaya Inc.
All non-Avaya trademarks are the property of their respective owners,and “Linux” is a registered trademark of Linus Torvalds.
Downloading Documentation
For the most current versions of Documentation, see the AvayaSupport Web site: http://support.avaya.com.
Contact Avaya Support
Avaya provides a telephone number for you to use to report problemsor to ask questions about your Product. The support telephone numberis 1-800-242-2121 in the United States. For additional supporttelephone numbers, see the Avaya Web site: http://support.avaya.com.
2 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Contents
Chapter 1: Command Line Interface workflows............................................................... 7Basic controller configuration.................................................................................................................... 7Enabling traps and logs............................................................................................................................ 8Displaying system logs.............................................................................................................................. 9Troubleshooting client-related issues........................................................................................................ 9Troubleshooting AP-related issues........................................................................................................... 11Troubleshooting Layer 2 and Layer 3 issues............................................................................................ 12
Chapter 2: Command Line Interface Configuration......................................................... 15Configuring WLAN options........................................................................................................................ 15
Managing wireless communications................................................................................................. 15Configuring wireless communications.............................................................................................. 22
Configuring system options....................................................................................................................... 35General switch administration.......................................................................................................... 35Configuring Energy Saver Options................................................................................................... 49Using Simple Network Time Protocol............................................................................................... 49Real time clock configuration........................................................................................................... 52Custom Autonegotiation Advertisements ......................................................................................... 54Connecting to another switch........................................................................................................... 55Domain Name Server (DNS) Configuration..................................................................................... 57Changing switch software................................................................................................................ 59Configuration files in CLI.................................................................................................................. 60Enabling Quickconfig........................................................................................................................ 63Terminal setup.................................................................................................................................. 64Setting the default management interface........................................................................................ 64Enabling Serial Console Port Access............................................................................................... 65Setting Telnet access....................................................................................................................... 65Setting boot parameters................................................................................................................... 67Defaulting to BootP-when-needed................................................................................................... 67shutdown command......................................................................................................................... 69reload command............................................................................................................................... 69Configuring Packet Storm Control Settings...................................................................................... 70CLI Help........................................................................................................................................... 71Clearing the default TFTP server with CLI....................................................................................... 71Configuring a default TFTP server with CLI..................................................................................... 71Configuring default clock source...................................................................................................... 71Configuring daylight savings time with CLI....................................................................................... 72Configuring Dual Agent.................................................................................................................... 73Configuring local time zone with CLI................................................................................................ 75Customizing CLI banner with CLI..................................................................................................... 75Displaying the default TFTP server with CLI.................................................................................... 77Displaying complete GBIC information............................................................................................. 77Displaying hardware information...................................................................................................... 77Configuring Auto-Unit Replacement................................................................................................. 78Configuring the UI button................................................................................................................. 78
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 3
Configuring USB Host Port............................................................................................................... 78Enabling Autosave........................................................................................................................... 79Setting the server for Web-based management with CLI................................................................. 79Setting the read-only and read-write passwords.............................................................................. 80Enabling and disabling passwords................................................................................................... 81Configuring RADIUS authentication................................................................................................. 82Configuring RADIUS server load balancing..................................................................................... 83Configuring RADIUS AAA offloading................................................................................................ 84Configuring Radius Health Check.................................................................................................... 86
Configuring system security...................................................................................................................... 87Configuring MAC address-based security using CLI........................................................................ 88Configuring RADIUS authentication using CLI................................................................................. 95SNMP configuration using CLI......................................................................................................... 98Configuring TACACS+ using CLI..................................................................................................... 118Configuring IP Manager using CLI................................................................................................... 121Configuring password security using CLI......................................................................................... 123Configuring Avaya Secure Network Access Options........................................................................ 125Displaying CLI Audit log using CLI................................................................................................... 125Enabling Audit Log Save Settings.................................................................................................... 126Configuring Secure Socket Layer services using CLI...................................................................... 126Configuring Secure Shell protocol using CLI.................................................................................... 128
Configuring VLANs and Link Aggregation................................................................................................ 133Configuring VLANs using CLI........................................................................................................... 134Configuring STP using CLI............................................................................................................... 146Configuring MLT using CLI............................................................................................................... 157Configuring LACP and VLACP using CLI......................................................................................... 160
Configuring IP routing............................................................................................................................... 169IP routing configuration using CLI.................................................................................................... 169Static route configuration using CLI................................................................................................. 176DHCP relay configuration using CLI................................................................................................. 179Directed broadcasts configuration using CLI.................................................................................... 185Static ARP and Proxy ARP configuration using CLI ......................................................................... 186IGMP snooping configuration using CLI........................................................................................... 190
Configuring Access Lists........................................................................................................................... 206Assigning ports to an access list...................................................................................................... 206Removing an access list assignment............................................................................................... 207Creating an IP access list................................................................................................................. 207Removing an IP access list.............................................................................................................. 208Creating a Layer 2 access list.......................................................................................................... 209Removing a Layer 2 access list........................................................................................................ 210
Configuring Elements, Classifiers, and Classifier Blocks.......................................................................... 210Configuring IP classifier element entries.......................................................................................... 211Viewing IP classifier entries.............................................................................................................. 212Removing IP classifier entries.......................................................................................................... 212Adding Layer 2 elements.................................................................................................................. 213Viewing Layer 2 elements................................................................................................................ 214Removing Layer 2 elements............................................................................................................. 214
4 Avaya WLAN 8100 WC 8180 CLI Reference August 2011
Linking IP and L2 classifier elements............................................................................................... 215Removing classifier entries.............................................................................................................. 215Combining individual classifiers....................................................................................................... 216Removing classifier block entries..................................................................................................... 217
Configuring wired Quality of Service......................................................................................................... 217Displaying QoS Parameters............................................................................................................. 218Displaying QoS capability policy configuration................................................................................. 222QoS Agent configuration.................................................................................................................. 223Configuring Default Buffering Capabilities........................................................................................ 225Configuring the CoS-to-Queue Assignments................................................................................... 226Configuring QoS Interface Groups................................................................................................... 227Configuring DSCP and 802.1p and Queue Associations................................................................. 229Configuring QoS system-element.................................................................................................... 232Configuring QoS Actions.................................................................................................................. 234Configuring QoS Interface Action Extensions.................................................................................. 236Configuring QoS Meters................................................................................................................... 237Configuring QoS Interface Shaper................................................................................................... 239Configuring QoS Policies................................................................................................................. 240QoS Generic Filter set configuration................................................................................................ 242Configuring User Based Policies...................................................................................................... 244Maintaining the QoS Agent.............................................................................................................. 247Configuring DoS Attack Prevention Package................................................................................... 251
Configuring Serviceability.......................................................................................................................... 253Configuring RMON with the CLI....................................................................................................... 253Configuring IPFIX using CLI............................................................................................................. 259
Configuring diagnostics and graphing....................................................................................................... 263System diagnostics and statistics using CLI.................................................................................... 263Network monitoring configuration using CLI..................................................................................... 267
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 5
6 Avaya WLAN 8100 WC 8180 CLI Reference August 2011
Chapter 1: Command Line Interfaceworkflows
The following section provides workflows for commonly used Command Line Interface procedures. Thissection contains the following topics:
• Basic controller configuration on page 7
• Enabling traps and logs on page 8
• Displaying system logs on page 9
• Troubleshooting client-related issues on page 9
• Troubleshooting AP-related issues on page 11
• Troubleshooting Layer 2 and Layer 3 issues on page 12
Basic controller configurationAbout this taskPerform the following procedure to place a basic configuration on a WC 8180 device:
Procedure
1. Log into the controller. If this is the first time accessing the device, connect a consolecable and start a terminal session using the guidelines provided in thedocumentation.
2. Press CTRL + Y on the keyboard to enter the CLI.
3. Enter Privileged mode using the enable command.
4. Enter General Configuration mode using the configure terminal command.
5. Specify the system IP address, subnet mask, and default gateway using the ipaddress command. This command has the following syntax:ip address <ip_address> netmask <subnet_mask> default-gateway<default_gateway>
6. Enable SNMP services using the command snmp-server enable.
7. Disable SNMP user lists using the command no ipmgr snmp.
8. Enable IP routing capabilities using the ip routing command.
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 7
9. Enter Wireless Configuration mode using the wireless command.
10. Specify the wireless IP address using the command interface-ip<ip_address> command.
11. Enable wireless capabilities using the enable command.
12. Enable MDC capability using the controller mdc-capable.
13. Enter the domain password at the prompt.
Enabling traps and logsAbout this taskPerform the following procedure to enable SNMP trap and logging functionality.
Procedure
1. Log into the controller.
2. Press CTRL + Y on the keyboard to enter the console menu.
3. Select Command Line Interface from the menu.
4. Type the enable command to enter Privileged mode.
5. Type the configure terminal command to enter Configuration mode.
6. Set the logging level using the command logging level {critical |informational | serious | none}.
7. Enable logging using the command logging enable.
8. Set the remote logging level using the command logging remote level{critical | informational | serious | none}.
9. Set the IP address of the remote log server using the command logging remoteaddress <ip_address>.
10. Enable remote logging using the command logging remote enable.
11. Enable individual SNMP traps using the command snmp-servernotification-control <snmp_trap>. For a list of available SNMP traps usethe command show snmp-server notification-control. Repeat this stepfor all traps that must be enabled.
12. Set the IP address of the SNMP server using the command snmp-server host<ip_address>.
Command Line Interface workflows
8 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Displaying system logsAbout this taskPerform the following procedure to display system logs.
Procedure
1. Log into the controller.
2. Press CTRL + Y on the keyboard to enter the console menu.
3. Select Command Line Interface from the menu.
4. Type the enable command to enter Privileged mode.
5. Use the command show logging system to display logs concerning Layer 2and Layer 3 operations.
6. Use the command show logging wireless-controller volatile todisplay logs concerning controller operation.
Troubleshooting client-related issuesAbout this taskPerform the following procedure to troubleshoot client-related issues.
Procedure
1. Log into the controller.
2. Press CTRL + Y on the keyboard to enter the console menu.
3. Select Command Line Interface from the menu.
4. Type the enable command to enter Privileged mode.
5. Use the command show wireless ap status to view the overall status of allregistered access points.
6. Use the command show wireless ap status <ap_mac_address> detailto view detailed information about individual access points.
7. Use the command show wireless ap-profile network to view informationabout the correlation between network and AP profiles.
Displaying system logs
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 9
8. Use the command show wireless network-profile <profile_number>detail to view detailed information about a network profile.
9. Use the command show wireless switch vlan-map to view informationabout the correlation between wired and wireless VLANs.
10. Use the command show wireless security {mac-db | radius | user-db | wids-wips} to display information about wireless security settings.
11. Use the command show wireless client status to display information aboutthe current status of wireless clients.
12. Use the command show wireless radio TSpec <radio number> to displayinformation about overall system usage, the number of associated stations, themeasured channel utilization percentage, and the total available admission capacityin units of mediumTime.
Command Line Interface workflows
10 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Troubleshooting AP-related issuesAbout this taskPerform the following procedure to troubleshoot AP-related issues.
Procedure
1. Log into the controller.
2. Press CTRL + Y on the keyboard to enter the console menu.
3. Select Command Line Interface from the menu.
4. Type the enable command to enter Privileged mode.
5. Use the command show wireless to view the overall status of the wirelesssystem.
6. Use the command show wireless domain ap database to view informationabout the access points configured for the wireless domain.
7. Use the command show wireless domain ap discovered to view anyaccess points that have been discovered. Access points listed here need to beadded to main access point database to be used by the domain.
8. Use the command show wireless ap status to display all of the access pointsthat are part of the wireless domain and under which controller it falls.
9. Use the command show wireless ap status detail command to displaydetailed information about each AP that is part of the wireless domain.
10. Use the command show wireless controller status to determine thecurrent status of the wireless controller. This command should indicate the controlleris either the Active or Backup MDC.
Troubleshooting AP-related issues
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 11
11. Use the command show wireless ap radio TSpec-statusto displayAvailable Admission Capacity on a per User Priority or per Access Category basisinformation in Beacon and Probe Response messages.
12. Use the command show wireless client tspec-status to display thecurrent TSPEC inactivity level.
Troubleshooting Layer 2 and Layer 3 issuesAbout this taskPerform the following procedure to troubleshoot Layer 2 and 3 issues.
Procedure
1. Log into the controller.
2. Press CTRL + Y on the keyboard to enter the console menu.
3. Select IP Configuration/Setup from the console menu to check the controller IPconfiguration.
4. Press CTRL + R to return to the console menu.
5. Select SNMP Configuration from the console menu to check the controller SNMPconfiguration.
6. Press CTRL + R to return to the console menu.
7. Select Switch Configuration from the console menu.
Command Line Interface workflows
12 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
8. Use the options in this menu to track the various aspects of switch configuration.
9. Press CTRL + R to return to the console menu.
10. Select Spanning Tree Configuration from the console menu.
11. Use the options in this menu to track the various aspects of the spanning treeconfiguration.
12. Press CTRL + R to return to the console menu.
13. Select Command Line Interface from the menu.
14. Type the enable command to enter Privileged mode.
15. Use the command show ip to view the IP address configuration.
16. Use the command ping <ip_address> to ping another device on the network.
17. Use the command show wireless to view the overall status of the wirelesssystem.
Troubleshooting Layer 2 and Layer 3 issues
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 13
Command Line Interface workflows
14 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Chapter 2: Command Line InterfaceConfiguration
The following sections provide information and procedures for the configuration of the WLAN Controller8180 (WC 8180).
Configuring WLAN optionsAbout this taskThis section describes the procedures for the management and configuration of WLANController 8180 (WC 8180) wireless options.
Navigation
• Managing wireless communications on page 15• Configuring wireless communications on page 22
Managing wireless communicationsThe procedures in this section are used for the management of the various aspects of wirelesscommunications.
Navigation
• Managing AP operations on page 16
• Managing automatic radio frequency operations on page 17
• Managing portals on page 17
• Managing clients on page 21
• Managing wireless controller actions on page 21
• Managing wireless domains on page 22
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 15
Managing AP operations
About this taskUse the following procedure to manage access point operations
Procedure
1. Enter Privileged mode of the CLI.
2. Use the command wireless ap channel <ap_mac_address><radio_interface> <channel_number> to manage access point channeloptions.
3. Use the command wireless ap image-update <ap_mac_address> toupdate the access point's software image.
4. Use the command wireless ap power <ap_mac_address><radio_interface> <power_percentage> to adjust the access point radiotransmit power.
5. Use the command wireless ap reset to reset a managed access point.
6. Use the command wireless radio-profile clone<source_profile_id> <target_profile_id> to clone an existing radioprofile to the targeted radio profile.
7. Use the command wireless ap tech-dump <ap_mac_address><tftp_ip_address> filename <file_name> to save the current APconfiguration information to the specified TFTP server.
8. Use the command wireless radio-profile tspec X detail to configurethe TSPEC inactivity timeout interval. Default is 30 seconds. 1 second up to 10minutes is recommended as a reasonable range.
Displaying AP related information
Use the following commands to display information about AP hardware, model details, antennatypes and extension cable length.
Procedure
1. Use the command show wireless domain ap hardware to display thehardware capability of all supported APs.
2. Use the command show wireless domain ap database ap-model{ap8120 | ap8120-E | ap8120-O} to display the AP database entries with aspecific AP model.
Command Line Interface Configuration
16 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
3. Use the command show wireless domain ap discovered ap-model{ap8120| ap8120-E | ap8120-O} to display the discovered AP entries with aspecific AP model.
4. Use the command show wireless ap model {ap8120 | ap8120-E |ap8120-O} to display the list of managed APs with a specific AP model.
5. Use the command show wireless domain ap database [ap-mac]detail to display configured values for antenna type and extension cable lengthfor each radio of AP entries.
Managing automatic radio frequency operations
About this taskThis following procedure is used to manage automatic radio frequency functionality.
Procedure
1. Enter Privileged mode of the CLI.
2. Use the command wireless auto-rf channel-plan {a-n | b/g-n}start to run the channel adjustment algorithm.
3. Use the command wireless auto-rf channel-plan {a-n | b/g-n}apply to apply the proposed channel adjustment plan.
4. Use the command wireless auto-rf power-plan start to run the powerplanning algorithm.
5. Use the command wireless auto-rf power-plan apply to apply theproposed power plan.
Managing portals
About this taskThe following procedure is used to manage captive portals.
Configuring WLAN options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 17
Procedure
1. Enter Privileged mode of the CLI.
2. Use the command wireless captive-portal certificate-generate togenerate HTTPS certificates.
3. Use the command wireless captive-portal client-deauthenticate<client_mac_address> to revoke authentication from a client.
Configuring captive portal profiles
The captive-portal IP address is used only for the captive-portal user access. All captive-portaluser clients send HTTP/HTTPS GET requests to this IP address which are then mapped tothe web host name internally. The WC8180 system provides a way to protect the wirelesssystem IP address from guest user access. The captive-portal IP should exist physically in oneof the WC8120 domain controllers.
One captive-portal profile can have two captive-portal IP addresses and the client HTTP/HTTPS GET requests are load-balanced based on the client MAC address.
Procedure
1. In Global Configuration Command mode, use the command WC8180(config)#interface vlan <1–4054> to create an IP interface on the L3 interfacemenu.
2. Use the command WC8180(config-if)# ip address <A.B.C.D> to set the IPaddress.
3. Enter Wireless Configuration mode of the CLI.
4. Use the command, WC8180(config-wireless)# captive-portal profile<ID> to configure a captive profile id. Use a profile id, for example profile 2.
5. Use the configuration captive profile command, WC8180(config-cp-profile)# ip <ip-address> to configure a captive portal IP interface. Use the command, no ip< ip-address> to remove the captive portal ip address.
6. Use the command, WC8180(config-cp-profile)# show wireless captive-portal profile <ID> detail to show details of the captive portal profile.
Redirecting the URL for captive portals
The redirect command is used in captive-portal POST authentication to specify the URL toredirect the user requests after the captive-portal authentication. By default, the displays the
Command Line Interface Configuration
18 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
default captive-portal welcome page. You can apply the redirect command in the followingcases:
• If the redirect is enabled but no redirect-url is configured. In this case, the user requestsare redirected to the initial requested URL.
• If the redirect is enabled and redirect-url configured, the user requests are redirected tothe configured “redirect-url” page. It can be a corporate portal, guest portal and any kindof Web page that is reachable from the wireless clients.
• If the redirect is disabled, then after user authentication the default welcome pagedisplays.
Use the following commands to redirect the URL
1. Enter captive portal configuration in the CLI.
2. Use the command redirect to enable redirection
3. Use the command redirect-url <url> to redirect the URL.
4. Use the command no redirect to disable redirection.
5. Use the command default redirect-url to reset the redirect-url to the defaultvalue.
Configuring the Web-hostname in captive portals
Your can configure the Web-hostname to hide the captive-portal IP address from the captive-portal users to restrict user accesses to the WC 8180 system.
The default web-hostname is <random-string>.cp-login.com. You cannot change the“hostname” section in the DNS name.
1. Enter the captive portal configuration in the CLI.
2. Use the captive-portal profile <ID> command to go to the captive portalprofile.
3. Use the web-hostname <avaya-guest.com> command to change the web-hostname.
4. Use the default web-hostname command to reset the web-hostname to thedefault value.
Configuring WLAN options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 19
Customizing Portals
Administrators can customize the “captive-portal.html” for logon, logon error, and refreshpages. After the Administrator provides the zip file for the customization, the user cancustomize html files and images and to replace existing templates to the users.
About this taskUse the following instructions to customize captive portals:
WC8180(config)#wirelessWC8180(config-wireless)#capWC8180(config-wireless)#captive-portal profile 1Entering captive-portal-profile (id = 1) ...WC8180(config-cp-profile)#localeWC8180(config-cp-locale)#?Captive Portal Locale Configuration Commandscode : Set locale code(browser preferred language)custom: Set customization Modecustom-file: Set customization package filedefault: Set captive portal parameters to default settingsend: End configuration modeerror-msg: Configure captive portal locale error messageexit: Exit out of locale configuration modefont-list: Set captive-portal HTML page fontimage: Configure captive portal locale image nameSet locale link text for user identification.login-msg: Configure captive portal locale login messagelogout-msg: Configure captive portal locale logout messagepopup-msg: Set text to remind user to allow popups from our web site-msg: Set text to notify user if their browser has javascript disabledsuccess-msg: Configure captive portal locale logout success messagewelcome-msg: Configure captive portal locale welcome messagewip-msg: Set message indicating authentication in progress
Command Line Interface Configuration
20 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
WC8180(config-cp-locale)#
Managing clients
About this taskThis procedure is used to manage clients.
Procedure
1. Enter Privileged mode of the CLI.
2. Use the command wireless client disassociate<client_mac_address> to remove a client from an access point.
Managing wireless controller actions
About this taskThe following procedure is used to manage wireless controller actions.
Procedure
1. Enter Privileged mode of the CLI.
2. Use the command wireless controller ap image-update start toupdate the software image of all controlled access points. This action can bestopped at any time with the wireless controller ap image-update stopcommand.
3. Use the command wireless controller ap reset to reset all controlledaccess points.
4. Use the command wireless controller config-sync to synchronizeconfigurations with other controllers in the domain.
5. Use the command wireless controller join-domain domain-name<domain_name> mdc-address <ip_address> to join a domain.
6. Use the command wireless controller leave-domain to remove acontroller from its current domain.
7. Use the command wireless peer-controller ap image-update<ip_address> start to update the images of all controlled access points on apeer controller. This action can be stopped at any time using the commandwireless peer-controller ap image-update <ip_address> stop.
Configuring WLAN options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 21
Managing wireless domains
About this taskThis procedure is used to manage wireless domains.
Procedure
1. Enter Privileged mode of the CLI.
2. Use the command wireless domain ap image-update start to update thesoftware image of all access points in a domain. This action can be stopped at anytime using the command wireless domain ap image-update stop.
3. Use the command wireless domain ap rebalance start to rebalance theaccess point distribution among all of the domain controllers. This action can bestopped at any time using the command wireless domain ap rebalancestop.
4. Use the command wireless domain ap redistribute start to rebalancethe access point distribution to their preferred domain controllers. This action canbe stopped at any time using the command wireless domain apredistribute stop.
5. Use the command wireless domain ap reset to reset all domain accesspoints.
6. Use the command wireless domain discovered-ap <ap_mac_address>{approve | discard} to take action on a discovered access point.
7. Use the command wireless domain purge-controller<controller_ip_address> to purge a controller from a domain.
8. Use the command wireless domain purge-stale-controllers to purgeall stale controllers from the domain.
Configuring wireless communicationsAbout this taskThe procedures in this section are used for the configuraton of the various aspects of wirelesscommunications.
Navigation
• Configuring general controller options on page 23• Configuring wireless profiles on page 25
Command Line Interface Configuration
22 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
• Configuring automatic radio frequency options on page 28• Configuring captive portals on page 28• Configuring domain options on page 29• Configuring wireless security on page 31
Configuring general controller options
About this taskThe following procedure is used to configure general wireless controller options.
Procedure
1. Enter Wireless Configuration mode of the CLI.
2. Use the command controller mdc-capable to mark a controller as availableto be a Mobility Domain Controller.
3. Use the command interface-ip <ip_address> to set the wireless systeminterface IP address.
4. Use the command tcp-udp-base-port <49152 - 64983> to set the wirelesssystem base port.
5. Use the command diffserv classifierblock <block_name> to configurea classifier block for the controller.This command has the options listed in the following table.
Command Option Descriptiondiffservclassifierblock<block_name>
match all Match all packets.
match cos Match CoS.
match ds-field Match IP DSCP.
match dst-ip Match destination IPaddress.
match dst-mac Match destination MACaddress.
match dstport Match destination Layer 4port.
match ethertype Match Ethernet Type.
match precedence Match IP precedence.
match protocol Match IP protocol.
match src-ip Match source IPaddress.
Configuring WLAN options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 23
Command Option Descriptionmatch src-mac Match source MAC
address.
match srcport Match source Layer 4port
match tos Match ToS.
end End Classifier Block.
exit Exit Classifier Block.
6. Use the command diffserv policy <policy_name> to configure a policy forthe controller.This command has the options listed in the following table.
Command Option Descriptiondiffserv policy<policy_name>
allow Allow packets.
drop Drop packets.
remark-cos Remark CoS.
remark-dscp Remark DSCP.
remark-precedence
Remark precedence.
7. Use the command switch vlan-map <mobility_vlan_name> l3-mobility server to set the mobility role to server.
8. Use the command switch vlan-map <mobility_vlan_name> l3-mobility none to set the mobility role to none.
9. Use the command switch vlan-map <mobility_vlan_name> lvid <1 -4094> to set the local VLAN ID.
10. Use the command switch vlan-map <mobility_vlan_name> track<port_list> to track a set of ports.
11. Use the command switch vlan-map <mobility_vlan_name> weight <1- 7> to set the VLAN server preference.
12. Use the command enable to enable wireless operations on the device.
Command Line Interface Configuration
24 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Configuring wireless profiles
About this taskThe following procedure is used to configure wireless profiles.
Procedure
1. Enter Wireless Configuration mode of the CLI.
2. Use the command ap-profile <1 - 32> to create an access point profile.
3. Use the command network-profile <1 - 64> to create a network profile.This command has the options listed in the following table.
Command Option Descriptionnetwork profile<1 — 64>
arp-suppression Enable wireless ARPsuppression.
captive-portal Configure captive portalmapping.
client-qos Configure client QoSsettings.
cos2wmm WMM values for CoSsettings.
default Set default networkprofile settings.
dot1x Configure 802.1xparameters.
end End configuration.
exit Exit configuration.
hide-ssid Enable SSID hiding innetwork beacons.
mac-validation Enable clientauthentication throughclient MAC addresses.
mobility-vlan Configure the defaultmobility VLAN.
probe-response Enable response tobroadcast probe request.
profile-name Configure the networkprofile name.
Configuring WLAN options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 25
Command Option Descriptionradius Configure RADIUS
related parameters.
security-mode Configure the securitymode.
ssid Configure the networkSSID.
user-group Configure the local usergroup.
user-validation Configure user validationmethod if captive portal isenabled.
wep Configure WEP-relatedparameters.
wmm2cos CoS mapping for WMM.
wpa2 Configure WPA2settings.
4. Use the command radio-profile <1 - 64> to create a radio profile.This command has the options listed in the following table.
Command Options Descriptionradio-profile <1— 64>
apsd Enable auto powersavedelivery mode.
beacon-interval Set the beacon interval.
channel Configure radio channelsettings.
data-rates Configure basic/supported data rates.
default Set default profileparameters.
dot11–mode Configure the physicalmode of the radio.
dot11n Set the 802.11nconfiguration.
dot11n-protection-mode
Configure the 802.11nprotection mode.
dtim-period Configure the DeliveryTraffic Indication Map.
Command Line Interface Configuration
26 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Command Options Descriptionend End configuration.
exit Exit configuration.
fragmentation-threshold
Configure packetfragmentation threshold.
incorrect-frame-no-ack
Enable No-Ack forincorrectly receivedframes on radio.
load-balance Configure load balancingparameters.
max-clients Configure the maximumnumber of simultaneousclients.
multicast-tx-rate
Configure the multicasttransfer rate.
no Disable the radio profile.
power Configure the radiopower settings.
profile-name Set the radio profilename.
qos Configure radio QoSqueues.
rate-limit Configure the broadcastand multicast rates.
rf-scan Configure the RF scanmode parameters.
rrm Enable Radio ResourceMeasurement.
rts-threshold Configure the thresholdbelow which MPDU RTS/CTS is not performed.
station-isolation
Enable station isolation.
tspec Configure TSPECsettings.
wmm-mode Enable WMM mode.
Configuring WLAN options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 27
5. Use the command captive-portal profile <1 - 10> to create a captiveportal profile.
Configuring automatic radio frequency options
About this taskThis procedure is used to configure automatic radio frequency options
Procedure
1. Enter Wireless Configuration mode of the CLI.
2. Use the command auto-rf channel-plan {a-n | bg-n} history-depth<0 - 10> to set the number of saved historical channel plans.
3. Use the command auto-rf channel-plan {a-n | bg-n} interval <6 -24> to set the channel adjustment interval in hours.
4. Use the command auto-rf channel-plan {a-n | bg-n} mode{interval | manual | time} to set the channel adjustment mode.
5. Use the command auto-rf channel-plan {a-n | bg-n} time <hh:mm>to set the time of day to perform channel adjustment.
6. Use the command auto-rf power-plan interval <15 - 1440> to set thepower adjustment interval in minutes.
7. Use the command auto-rf power-plan {interval | manual} to set thepower adjustment mode.
Configuring captive portals
About this taskThe following procedure is used to configure the default captive portal.
Procedure
1. Enter Wireless Configuration mode of the CLI.
2. Use the command captive-portal auth-timeout <60 - 600> to set theauthentication timeout value in seconds.
3. Use the command captive-portal http-port <0 - 65535> to configurethe captive portal HTTP port.
Command Line Interface Configuration
28 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
4. Use the command captive-portal https-portal <0 - 65535> toconfigure the captive portal HTTPS port.
5. Use the command captive-portal stats-report-interval <15 -3600> to configure the statistics reporting interval in seconds.
6. Use the command captive portal profile <profile_number> block toblock profile traffic.
7. Use the command captive portal profile <profile_number> idle-timeout to set the session idle timeout value.
8. Use the command captive portal profile <profile_number> localeto set the captive portal locale settings.
9. Use the command captive portal profile <profile_number> max-bandwidth to configure the maximum transmit and receive bandwidth limits.
10. Use the command captive portal profile <profile_number> max-octets to configure the maximum session octets.
11. Use the command captive portal profile <profile_number>profile-name to set the profile name.
12. Use the command captive portal profile <profile_number>protocol-mode to the protocol mode.
13. Use the command captive portal profile <profile_number>session-timeout to set the session timeout value.
14. Use the command captive portal profile <profile_number> user-logout to enable user logout.
15. Use the command captive-portal enable to enable the captive portal.
Configuring domain options
About this taskThe following procedure is used to configure domain options.
Procedure
1. Enter Wireless Configuration mode of the CLI.
2. Use the command domain ap-client-qos to enable access point QoSoperations for clients.
3. Use the command domain auto-promote-discovered-ap to enable autopromotion of discovered access points.
Configuring WLAN options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 29
4. Use the command domain client-roam-agetime <1 - 120> to configurethe client roaming timeout value in seconds.
5. Use the command domain country-code <country_code> to configure acode for domain operation.
Note:When creating an AP profile, specify a country code or use the default ‘primary’country code of the domain. To change a country code after a profile has beencreated you must delete the AP profile and create a new profile. Multiple-countrydomain names support a maximum of 32 countries.
6. Use the command domain tspec-violation-report-interval <0 -900> to configure the reporting interval in seconds.
7. Use the command domain ap image-update download-group-size <1 -100> to configure the percentage of access points forming a group.
8. Use the command domain ap image-update external-download todownload an image from an external web server.
9. Use the command domain ap image-update model <ap8120> version<1.0.0.0> filename <path/filename> server-ip <ip_addr>server-port <portnum> to configure the model, version number of the APimage, filename including http server path, server-ip address, and server portnumber.
10. Use the command domain ap lb-metric {least-load | local-CBF |local-CBFS | roundrobin} to set the domain load balancing metric.
11. Use the command domain ap reset-group-size <1 - 100> to configurethe percentage of access points in the domain that will be reset.
12. Use the command domain ap <ap_mac> alternate-controller toconfigure an alternate wireless controller.
13. Use the command domain ap <ap_mac> label to configure the AP label.
14. Use the command domain ap <ap_mac> location to configure the APlocation.
15. Use the command domain ap model {ap8120 | ap8120-E | ap8120-O}to configure the AP model.
16. Use the command domain ap <ap_mac> preferred-controller toconfigure the preferred AP controller.
17. Use the command domain ap <ap_mac> profile-id to assign the appropriateAP profile ID.
18. Use the command domain ap <ap_mac> radio to configure the AP radio.
19. Use the command domain ap <ap_mac> serial to configure the AP serialnumber.
Command Line Interface Configuration
30 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
20. Use the command domain mobility-vlan <vlan_name> to create a newmobility VLAN.
21. Use the command domain e911 address <ip_address> enable to enablethe E911 server.
22. Use the command domain ap radio <radio-id> antenna {70-degree |180-degree} to specify a type of an external antenna attached to an AP radio.
23. Use the command domain ap default radio [<radio-id> [antenna]]to restore the antenna the default.
24. Use the command domain ap radio <radio-id> ext-cable {3-ft |10-ft} to specify the length of an extension cable used to attach an externalantenna.
25. Use the command domain ap default radio [<radio-id> [ext-cable]] to restore the default value (3-ft) of an extension cable.
Configuring wireless security
About this taskThe following procedure is used to configure wireless security options.
Procedure
1. Enter Wireless Configuration mode of the CLI.
2. Use the command security to enter Security Configuration mode.
3. Use the command mac-db blacklist <mac_address> to add a device to theMAC address black list.
4. Use the command mac-db whitelist <mac_address> to add a device to theMAC address white list.
5. Use the command user-db group <group_name> to create a new userdatabase group.
6. Use the following commands to create a new user database entry:user-db user-name <member_name> start-date <yyyy-mm-dd>user-db user-name <member_name> end-date <yyyy-mm-dd>user-db user-name <member_name> idle-timeout <0 - 900>user-db user-name <member_name> max-bandwidth-down<down_bps>user-db user-name <member_name> max-bandwidth-up <up_bps>user-db user-name <member_name> max-input-octets <octets>
Configuring WLAN options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 31
user-db user-name <member_name> max-output-octets <octets>user-db user-name <member_name> max-total-octets <octets>user-db user-name <member_name> password <password>user-db user-name <member_name> session-timeout<timeout_value>
7. Use the command user-db membership <member_name> <group_name> toadd a member to an existing group.
8. Use the following commands to configure Wireless Intrusion Detection (WIDS)timeout settings:wids ageout adhoc-clients <0 - 10080>wids ageout ap-failure <0 - 10080>wids ageout detected-clients <0 - 10080>wids ageout rf-scan <0 - 10080>
9. Use the following commands to configure WIDS known access point settings:wids known-ap <mac_address> channel <0 - 216>wids known-ap <mac_address> security {any | open | wep | wpa}wids known-ap <mac_address> ssid <ssid_string>wids known-ap <mac_address> type {known-foreign | local-enterprise | other}wids known-ap <mac_address> wds-mode {any | bridge | normal}wids known-ap <mac_address> wired-mode {allowed | not-allowed}
10. Use the following commands to configure WIDS rogue access point settings:wids rogue-ap ack {all | rogue_mac_address}wids rogue-ap trap-interval <60 - 3600>wids rogue-ap wired-detection-interval <1 - 3600>
11. Use the command wips mitigation ap-threat to enable access threatmitigation.
12. Use the command wips mitigation client-threat to enable client threatmitigation.
13. Use the command radius server-retries to configure RADIUS serverretries.
14. Use the command radius server-timeout to configure the RADIUS servertimeout.
Command Line Interface Configuration
32 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
15. Use the command radius profile to configure global RADIUS profiles.
16. Use the command radius server to configure global RADIUS servers.
Configuring Wireless Multi-Media (WMM) in radio-profiles using Tspecsettings
Voice and Video access categories provide a higher priority access to the wireless mediumthan Best Effort or Background access categories. The TSPEC/ Call Admission Control (CAC)provides controlled access to the wireless medium for Voice and Video access categories.Clients must obtain permission from the AP before using the Voice and Video categories. TheAP provides permission, in the form of a Tspec, that defines the amount of air time (mediumtime) a client can use. WMM allows used data to be sent over the air using the four followingAccess Categories: Voice, Video, Best Effort and Background.
Procedure
1. Enter wireless config mode in the CL.I
2. Enable Wireless Multi-Media in radio-profiles.WC8180>enableWC8180# configure terminalWC8180(config)# wirelessWC8180(config-wireless)# radio-profile 1Entering radio-profile (id = 1) configuration mode...WC8180(config-radio-profile)# wmm-mode
3. Enable Tspec in radio-profiles and set the percentages of medium time limitsreserved for Voice, Video, Shared and Roam access categories as suggested inthe following example. Do not allocate 10% to allow for Best Effort andBackground.
Note:Ensure that the total of these four allocations do not exceed 100%. When thetotal is less than 100%, a portion of the total medium time can be made availablefor Best Effort and Background traffic. Allocating 100% to only the four categoriescan impede access to air time for Best Effort and Background traffic when thereis a high load of voice/video traffic.
WC8180>enableWC8180# configure terminalWC8180(config)# wirelessWC8180(config-wireless)# radio-profile 1
Configuring WLAN options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 33
Entering radio-profile (id = 1) configuration mode...WC8180(config-radio-profile)# tspec acm-limit voice 25 video 15 shared 40 roam-reserve 10Adjustment to these settings can be made based on the specific needs of adeployment. For example, if the APs are deployed in a scenario where video is notan important service then the Voice category should be increased and the Videoand Shared categories decreased.
4. Enable Tspec and Access Control Mandatory (ACM) voice and video acm-modesto force permission from the APs when clients are sending data using the voice orvideo access categories.WC8180>enableWC8180# configure terminalWC8180(config)# wirelessWC8180(config-wireless)# radio-profile 1Entering radio-profile (id = 1) configuration mode...WC8180(config-radio-profile)# tspec acm-mode voiceWC8180(config-radio-profile)# tspec acm-mode videoWC8180(config-radio-profile)# tspec enable
Note:Proper operation of Access Category based Call Admission Control dependsupon standard compliant clients that support Traffic Streams.
Clients that support Wireless Multi-Media (WMM) access categories but do notsupport Tspec will not use the Voice or Video access categories if thecorresponding acm-mode is set. To support a large number of clients of this type,it is recommended that you disable the acm-mode for Video. This allows theseclients to access the video access category which provides higher priority thanBest Effort or Background, while still allowing fully Tspec compliant clientsexclusive access to the voice access category. If the acm-mode is enabled forVideo as well, then these clients are forced to use the Best Effort accesscategory.
Clients that neither support Tspec nor obey the ACM bits (NOTE: these stationsare not WMM compliant or Wi-Fi Alliance Certified), attempt to send AC_VO and/or AC_VI traffic even though the ACM bits for these access categories areenabled and they have no valid Traffic Stream. In this case the client will attemptto send voice and video traffic using the admission controlled access categorieswithout first having obtained permission from the AP. Of course the AP will neversend data to the clients using a non-existant Tspec, but the client may stillincorrectly use an access category it does not have permission to use for clientto AP transmissions. The AP maintains statistics on these Tspec violations andif they persist an SNMP trap is rasied.
Command Line Interface Configuration
34 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Configuring system optionsAbout this taskThis section describes the system configuration procedures for the WLAN Controller 8180 (WC8180).
General switch administrationAbout this taskThis section outlines the Command Line Interface commands used in general switchadministration. It contains information about the following topics:
• Multiple switch configurations on page 35• Configuring Asset-ID on page 36• Assigning and clearing IP addresses on page 37• Enabling Audit Log Save Settings on page 126• Displaying interfaces on page 39• Configuring Interface Options on page 40• Enabling Jumbo Frames on page 40• Configuring the EDM Help File Path on page 40• Configuring the HTTP Port on page 41• Setting port speed on page 41• Testing cables with the Time Domain Reflectometer on page 43• Enabling Autotopology on page 44• Enabling rate-limiting on page 47• Using Simple Network Time Protocol on page 49• Real time clock configuration on page 52• Custom Autonegotiation Advertisements on page 54• Connecting to another switch on page 55• Domain Name Server (DNS) Configuration on page 57
Multiple switch configurations
About this taskThe following CLI commands are used to configure and use multiple switch configuration:
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 35
show nvram block command This command shows the configurations currently stored on theswitch. The syntax for this command is: show nvram blockThis command is executed in the Global Configuration command mode.
copy config nvram block command This command copies the current configuration to one ofthe flash memory spots. The syntax for this command is: copy config nvram block<1-2> name <block_name>The following table outlines the parameters for this command.
Table 1: copy config nvram block parameters
Parameter Descriptionblock <1-2> The flash memory location to store the configuration.
name <block_name> The name to attach to this block. Names can be up to40 characters in length with no spaces.
This command is executed in the Global Configuration command mode.
copy nvram config block command This command copies the configuration stored in flashmemory at the specified location and makes it the active configuration. The syntax for thiscommand is: copy nvram config block <1-2>Substitute <1-2> with the configuration file to load.
This command causes the switch to reset so that the new configuration can be loaded.
This command is executed in the Global Configuration command mode.
Configuring Asset-ID
About this taskUse the following procedure to configure unit and stack asset-ID
Procedure
1. Enter Privileged mode of the CLI.
2. Enter Configuration mode by entering the config command.
3. Use the command asset-id to configure asset ID options.
4. Use the command asset-id <WORD> to assign an asset-ID to the current unit.
5. Use the command asset- id stack <WORD> to assign an asset-ID of a stack.
6. Use the command asset- id unit <WORD> to assign an asset-ID of a specificunit in a stack.
Command Line Interface Configuration
36 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Assigning and clearing IP addresses
You can assign, clear, and view IP addresses and gateway addresses with CLI. The commandsdiscussed in this section are used to perform these tasks.
Note:Users should not change the Wireless System IP address of the controller after the controllerjoins a domain. Do the following if a change is required after the controller joins a domain:
1. Remove the controller from the mobility domain.2. Disable wireless operations.3. Change the IP address.4. Join the controller to the domain.
ip address commandThe ip address command sets the IP address and subnet mask for the switch.
The syntax for the ip address command is: ip address <A.B.C.D> [netmask<A.B.C.D>] [default-gateway <A.B.C.D.DX>]The ip address command is executed in the Global Configuration command mode.
The following table describes the parameters for the ip address command.
Table 2: ip address parameters
Parameters DescriptionA.B.C.D Denotes the IP address in dotted-decimal notation; netmask
is optional.
netmask Signifies the IP subnet mask.
Default Gateway A.B.C.D Displays the IP address of the default gateway. Enter the IPaddress of the default IP gateway.
Note: When the IP address or subnet mask is changed, connectivity to Telnet and the Webcan be lost.
ip address source commandIf you want to automatically obtain an IP address, subnet mask and default gateway, you canuse the ip address command with the source parameter. When you use DHCP, the switch canalso obtain up to three DNS server IP addresses.
The syntax for the ip address source command is: ip address source {bootp-always | bootp-last-address | bootp-when-needed | configured-address| dhcp-always | dhcp-last-address | dhcp-when-needed}Execute the ip address source command in the Global Configuration command mode.
The following table describes the variables for the ip address source command:
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 37
Table 3: ip address source command parameters
Parameter Descriptionbootp-always Always use the bootp server.
bootp-last-address Use the last bootp server.
bootp-when-needed Use bootp server when needed.
dhcp-always Always use the DHCP server.
dhcp-last-address Use the last DHCP server.
dhcp-when-needed Use DHCP client when needed.
no ip address commandThe no ip address command clears the IP address and subnet mask for a switch. Thiscommand sets the IP address and subnet mask for a switch to all zeros (0).
The syntax for the no ip address command is: no ip address switchThe no ip address command is executed in the Global Configuration command mode.
Note: When the IP address or subnet mask is changed, connectivity to Telnet and the WebInterface can be lost. Any new Telnet connection can be disabled and is required to connectto the serial console port to configure a new IP address.
ip default-gateway commandThe ip default-gateway command sets the default IP gateway address for a switch to use.
The syntax for the ip default-gateway command is: ip default-gateway <A.B.C.D>The ip default-gateway command is executed in the Global Configuration commandmode.
The following table describes the parameters for the ip default-gateway command.
Table 4: ip default-gateway command parameters
Parameters DescriptionA.B.C.D Enter the dotted-decimal IP address of the default IP gateway.
Note: When the IP gateway is changed, connectivity to Telnet and the Web Interface can belost.
show ip commandThe show ip command displays the IP configurations, BootP/DHCP mode, switch address,subnet mask, and gateway address. This command displays these parameters for what isconfigured, what is in use, and the last BootP/DHCP.
The syntax for the show ip command is: show ip [bootp] [dhcp] [default-gateway] [address]The show ip command is executed in the User EXEC command mode.
Command Line Interface Configuration
38 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
If you do not enter any parameters, this command displays all IP-related configurationinformation.
The following table describes the parameters for the show ip command.
Parameters Descriptionbootp Displays BootP/DHCP-related IP information. The
possibilities for status returned are:
• BootP Always
• Disabled
• BootP or Last Address
• BootP When Needed
• DHCP Always
• DHCP or Last Address
• DHCP When Needed
dhcp client lease Displays DHCP client lease information. Thecommand displays information about configured leasetime and lease time granted by the DHCP server.
default-gateway Displays the IP address of the default gateway.
address Displays the current IP address.
address source Displays the BootP or DHCP clientinformation.Assigning and clearing IP addresses forspecific units
• DHCP always
• DHCP when needed
• DHCP or last address
• Disabled
• BootP always
• BootP when needed
• BootP or last address
Displaying interfaces
The status of all interfaces on the switch can be viewed, including Multi-Link Trunkmembership, link status, autonegotiation and speed using the following command.
show interfaces commandThe show interfaces command displays the current configuration and status of allinterfaces.
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 39
The syntax for the show interfaces command is: show interfaces [names][<portlist>]The show interfaces command is executed in the User EXEC command mode.
Table 5: show interfaces command parameters
Parameters Descriptionnames <portlist> Displays the interface names; enter specific ports if you
want to see only those.
Configuring Interface Options
About this taskUse the following procedure to configure Fast Ethernet and Layer 3 IP VLAN options.
Procedure
1. Enter Privileged mode of the CLI.
2. Enter Configuration mode by entering the config command.
3. Use the command interface FastEthernet <list of ports> to set thelist of ports to support Fast Ethernet.
4. Use the command interface vlan <1–4094> to assign the Layer 3 IP VLAN ID.
Enabling Jumbo Frames
About this taskUse the following procedure to enable Jumbo Frames
Procedure
1. Enter Privileged mode of the CLI.
2. Enter Configuration mode by entering the config command.
3. Use the command jumbo-frames enable to enable Jumbo Frames.
Configuring the EDM Help File Path
About this taskUse the following procedure to change the location of EDM help files
Command Line Interface Configuration
40 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
1. Enter Privileged mode of the CLI.
2. Enter Configuration mode by entering the config command.
3. Use the command edm help-file-path <help-file-path> to set the EDMhelp file path.
Configuring the HTTP Port
About this taskUse the following procedure to configure the HTTP Port.
Procedure
1. Enter Privileged mode of the CLI.
2. Enter Configuration mode by entering the config command.
3. Use the command http-port <1024–65535> to set the HTTP port.
Setting port speed
To set port speed and duplexing with CLI, refer to the following:
• speed command on page 41• default speed command on page 42• duplex command on page 42• default duplex command on page 43
speed commandThe speed command sets the speed of the port.
The syntax for the speed command is: speed [port <portlist>] {10 | 100 | 1000| auto}The speed command is executed in the Interface Configuration command mode.
The following table describes the parameters for the speed command.
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 41
Table 6: speed command parameters
Parameters Descriptionport <portlist> Specifies the port numbers for which to
configure the speed. Enter the port numbersyou want to configure.Note: If you omit this parameter, the systemuses the port number you specified in theinterface command.
10|100|1000|auto Sets speed to:
• 10—10Mb/s
• 100— 100 Mb/s
• 1000— 1000 Mb/s or 1GB/s
• auto— autonegotiation
Note: Enabling and disabling autonegotiation for speed also enables and disables it for duplexoperation.When you set the port speed for autonegotiation, ensure that the other side of thelink is also set for autonegotiation.
default speed commandThe default speed command sets the speed of the port to the factory default speed.
The syntax for the default speed command is: default speed [port <portlist>]The default speed command is executed in the Interface Configuration command mode.
The following table describes the parameters for this command.
Parameters Descriptionport <portlist> Specifies the port numbers to set the speed to factory
default. Enter the port numbers you want to set.Note: If you omit this parameter, the system uses theport number you specified in the interfacecommand.
duplex commandThe duplex command specifies the duplex operation for a port.
The syntax for the duplex command is: duplex [port <portlist>] {full | half| auto}The duplex command is executed in the Interface Configuration command mode.
The following table describes the parameters for this command.
Command Line Interface Configuration
42 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Parameters Descriptionport <portlist> Specifies the port numbers for which to reset the
duplex mode to factory default values. Enter the portnumber you want to configure. The default value isautonegotiation.Note: If you omit this parameter, the system uses theports you specified in the interface command.
full | half | auto Sets duplex to:
• full— full-duplex mode
• half —half-duplex mode
• auto—autonegotiation
Note: Enabling/disabling autonegotiation for speed also enables/disables it for duplexoperation.When you set the duplex mode for autonegotiation, ensure that the other side of thelink is also set for autonegotiation.
default duplex commandThe default duplex command sets the duplex operation for a port to the factory defaultduplex value.
The syntax for the default duplex command is: default duplex [port<portlist>]The default duplex command is executed in the Interface Configuration commandmode.
The following table describes the parameters for this command.
Parameters Descriptionport <portlist> Specifies the port numbers to reset the duplex mode to
factory default values. Enter the port numbers you wantto configure. The default value is autonegotiation.Note: If you omit this parameter, the system uses theports you specified in the interface command.
Testing cables with the Time Domain Reflectometer
The WC 8180 is equipped with a Time Domain Reflectometer (TDR). The TDR provides adiagnostic capability to test connected cables for defects (such as short pin and pin open). Youcan obtain TDR test results from CLI or Device Manager.
The cable diagnostic tests only apply to Ethernet copper ports; fiber ports cannot be tested.
You can initiate a test on multiple ports at the same time.
When you test a cable with the TDR, if the cable has a 10/100 MB/s link, the link is brokenduring the test and restored only when the test is complete. If the cable has a 10/100 MB/s
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 43
link, the test results may be incomplete as the test does not test all of the pins in the connector.Use of the TDR does not affect 1 GB/s links.
See the Troubleshooting Guide (NN47251-700) for more information on troubleshooting cablesand for connector pin tables.
Note: The accuracy margin of cable length diagnosis is between three to five meters. Avayasuggests the shortest cable for length information be five meters long.
With the following CLI commands, you can initiate a TDR cable diagnostic test and obtain testreports.
• tdr test command on page 44• show tdr command on page 44
tdr test commandThe tdr test command initiates a TDR test on a port or ports.
The syntax for this command is: tdr test <portlist>where <portlist> specifies the ports to be tested.
The tdr test command is in the privExec command mode.
show tdr commandThe show tdr command displays the results of a TDR test.
The syntax for this command is: show tdr <portlist>where <portlist> specifies the ports for which to display the test results.
The show tdr command is in the privExec command mode.
Enabling Autotopology
About this taskThe Optivity Autotopology protocol can be configured with CLI.
To enable autotopology with CLI, refer to the following:
• autotopology command on page 44• no autotopology command on page 45• default autotopology command on page 45• show autotopology settings command on page 45• show autotopology nmm-table command on page 45
autotopology commandThe autotopology command enables the Autotopology protocol.
The syntax for the autotopology command is: autotopologyThe autotopology command is executed in the Global Configuration command mode.
Command Line Interface Configuration
44 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
no autotopology commandThe no autotopology command disables the Autotopology protocol.
The syntax for the no autotopology command is: no autotopologyThe no autotopology command is executed in the Global Configuration command mode.
default autotopology commandThe default autotopology command enables the Autotopology protocol.
The syntax for the default autotopology command is: default autotopologyThe default autotopology command is executed in the Global Configuration commandmode.
show autotopology settings commandThe show autotopology settings command displays the global autotopology settings.
The syntax for the show autotopology settings command is: show autotopologysettingsThe show autotopology settings command is executed in the Privileged EXECcommand mode.
show autotopology nmm-table commandThe show autotopology nmm-table command displays the Autotopology networkmanagement module (NMM) table.
The syntax for the show autotopology nmm-table command is: show autotopology nmm-tableThe show autotopology nmm-table command is executed in the Privileged EXECcommand mode.
Enabling flow control
About this taskGigabit Ethernet, when used with the WC 8180, can control traffic on this port using theflowcontrol command.
To enable flow control with CLI, refer to the following:
• flow control command on page 45• no flowcontrol command on page 46• default flowcontrol command on page 46
flow control commandThe flowcontrol command is used only on Gigabit Ethernet ports and controls the trafficrates during congestion.
The syntax for the flowcontrol command is: flowcontrol [port <portlist>]{asymmetric | symmetric | auto | disable}
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 45
The flowcontrol command is executed in the Interface Configuration mode.
The following table describes the parameters for this command.
Table 7: flowcontrol command parameters
Parameters Descriptionport <portlist> Specifies the port numbers to configure for flow
control.Note: If you omit this parameter, the system uses theports you specified in the interface command but onlythose ports which have speed set to 1000/full.
asymmetric | symmetric | auto |disable
Sets the mode for flow control:
• asymmetric- PAUSE frames can only flow in onedirection.
• symmetric- PAUSE frames con flow in eitherdirection.
• auto- sets the port to automatically determine the flowcontrol mode (default)
• disable- disables flow control
no flowcontrol commandThe no flowcontrol command is used only on Gigabit Ethernet ports and disables flowcontrol.
The syntax for the no flowcontrol command is: no flowcontrol [port<portlist>]The no flowcontrol command is executed in the Interface Configuration mode.
The following table describes the parameters for this command.
Table 8: no flowcontrol command parameters
Parameters Descriptionport <portlist> Specifies the port numbers for which to
disable flow control.Note: If you omit this parameter, the systemuses the ports you specified in theinterface command, but only those portsthat have speed set to 1000/full.
default flowcontrol commandThe default flowcontrol command is used only on Gigabit Ethernet ports and sets theflow control to auto, which automatically detects the flow control.
The syntax for the default flowcontrol command is: default flowcontrol [port<portlist>]
Command Line Interface Configuration
46 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
The default flowcontrol command is executed in the Interface Configuration mode.
The following table describes the parameters for this command.
Parameters Descriptionport <portlist> Specifies the port numbers to default to auto flow
control.Note: If you omit this parameter, the system uses the portnumber you specified in the interface command.
default rate-limit commandThe default rate-limit command restores the rate-limiting value for the specified portto the default setting.
The syntax for the default rate-limit command is: default rate-limit [port<portlist>]The default rate-limit command is executed in the Interface Configuration commandmode.
The following table describes the parameters for this command.
Table 9: default rate-limit command parameters
Parameters Descriptionport <portlist> Specifies the port numbers on which to reset rate-limiting to
factory default. Enter the port numbers on which to set rate-limiting to default.Note: If you omit this parameter, the system uses the port numberyou specified in the interface command.
Enabling rate-limiting
About this taskThe percentage or packets per seconds of multicast traffic, or broadcast traffic, or both can belimited with CLI. For details, refer to the following:
• show rate-limit command on page 47• rate-limit command on page 48• no rate-limit command on page 48• default rate-limit command on page 47
show rate-limit commandThe show rate-limit command displays the rate-limiting settings and statistics.
The syntax for the show rate-limit command is: show rate-limitThe show rate-limit command is executed in the Privileged EXEC command mode.
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 47
rate-limit commandThe rate-limit command configures rate-limiting on the port.
The syntax for the rate-limit command is: rate-limit {multicast | broadcast| both} {percent <0-10>}The rate-limit command is executed in the Interface Configuration command mode.
The following table describes the parameters for this command.
Table 10: rate-limit command parameters
Parameters Descriptionmulticast | broadcast | both Applies rate-limiting to the type of traffic.
• multicast--applies rate-limiting to multicastpackets
• broadcast--applies rate-limiting tobroadcast packets
• both--applies rate-limiting to both multicastand broadcast packets
percent <0-10> Specifies the mode for setting the rates of theincoming traffic.
percent <0-10>--enter and integer from 1to 10 to set the rate-limiting percentage.
For 10 Gb/s links, the default value forlimiting both broadcast and multicast is 10percent.Rate limiting using packet per seconds canonly be configured using CLI.
no rate-limit commandThe no rate-limit command disables rate-limiting on the port.
The syntax for the no rate-limit command is: no rate-limit [port <portlist>]The no rate-limit command is executed in the Interface Configuration command mode.
The following table describes the parameters for this command.
Table 11: no rate-limit command parameters
Parameters Descriptionport <portlist> Specifies the port numbers to disable for rate-limiting. Enter the
port numbers you want to disable.Note: If you omit this parameter, the system uses the port numberyou specified in the interface command.
Command Line Interface Configuration
48 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Configuring Energy Saver OptionsAbout this taskUse the following procedure to configure Energy Saver options.
Procedure
1. Enter Privileged mode of the CLI.
2. Enter Configuration mode by entering the config command.
3. Use the command energy-saver enable to enable energy saver mode.
4. Use the command energy-saver efficiency-mode to enable efficiencymode.
5. Use the command energy-saver poe-power-saving to enable Power OverEthernet power saving mode.
Using Simple Network Time ProtocolThe Simple Network Time Protocol (SNTP) feature synchronizes the Universal CoordinatedTime (UCT) to an accuracy within 1 second. This feature adheres to the IEEE RFC 2030 (MIBis the s5agent). With this feature, the system can obtain the time from any RFC 2030-compliantNTP/SNTP server.
Note: If you have trouble using this feature, try various NTP servers. Some NTP servers canbe overloaded or currently inoperable.The system retries connecting with the NTP server amaximum of three times, with 5 minutes between each retry.
Using SNTP provides a real-time timestamp for the software, shown as Greenwich Mean Time(GMT).
If SNTP is enabled, the system synchronizes with the configured NTP server at boot-up andat user-configurable periods thereafter (the default synchronization interval is 24 hours). Thefirst synchronization is not performed until network connectivity is established.
SNTP supports primary and secondary NTP servers. The system tries the secondary NTPserver only if the primary NTP server is unresponsive.
To configure SNTP, refer to the following commands:
• show SNTP command on page 50• show sys-info command on page 50• SNTP enable command on page 50• no SNTP enable command on page 50
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 49
• SNTP server primary address command on page 51• SNTP server secondary address command on page 51• no SNTP server command on page 51• SNTP sync-now command on page 52• SNTP sync-interval command on page 52
show SNTP command
The show SNTP command displays the SNTP information, as well as the configured NTPservers.
The syntax for the show SNTP command is: show sntpThe show SNTP command is executed in the Privileged EXEC command mode.
show sys-info command
The show sys-info command displays the current system characteristics.
The syntax for the show sys-info command is: show sys-infoThe show sys-info command is executed in the Privileged EXEC command mode.
Note: You must have SNTP enabled and configured to display GMT time.
SNTP enable command
The SNTP enable command enables SNTP.
The syntax for the SNTP enable command is: sntp enableThe SNTP enable command is executed in the Global Configuration command mode.
Note: The default setting for SNTP is disabled.
no SNTP enable command
The no SNTP enable command disables SNTP.
The syntax for the no SNTP enable command is: no sntp enableThe no SNTP enable command is executed in the Global Configuration command mode.
Command Line Interface Configuration
50 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
SNTP server primary address command
The SNTP server primary address command specifies the IP addresses of the primaryNTP server.
The syntax for the SNTP server primary address command is: sntp serverprimary address <A.B.C.D>The SNTP server primary address command can be executed in the GlobalConfiguration command mode.
The following table describes the parameters for this command.
Table 12: sntp server primary address command parameters
Parameters Description<A.B.C.D> Enter the IP address of the primary NTP server in dotted-
decimal notation.
SNTP server secondary address command
The SNTP server secondary address command specifies the IP addresses of thesecondary NTP server.
The syntax for the SNTP server secondary address command is: sntp serversecondary address <A.B.C.D>The SNTP server secondary address command is executed in the Global Configurationcommand mode.
The following table describes the parameters for this command.
Table 13: sntp server secondary address command parameters
Parameters Description<A.B.C.D> Enter the IP address of the secondary NTP server in
dotted-decimal notation.
no SNTP server command
The no SNTP server command clears the NTP server IP addresses. The command clearsthe primary and secondary server addresses.
The syntax for the no SNTP server command is: no sntp server {primary |secondary}The no SNTP server command is executed in the Global Configuration command mode.
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 51
The following table describes the parameters for this command.
Table 14: no sntp server command parameters
Parameters Descriptionprimary Clear primary SNTP server address.
secondary Clear secondary SNTP server address.
SNTP sync-now command
The SNTP sync-now command forces a manual synchronization with the NTP server.
The syntax for the SNTP sync-now command is: sntp sync-nowThe SNTP sync-now command is executed in the Global Configuration command mode.
Note: SNTP must be enabled before this command can take effect.
SNTP sync-interval command
The SNTP sync-interval command specifies recurring synchronization with the secondaryNTP server in hours relative to initial synchronization.
The syntax for the SNTP sync-interval command is: sntp sync-interval <0-168>The SNTP sync-interval command is executed in the Global Configuration commandmode.
The following table describes the parameters for this command.
Table 15: sntp sync-interval command parameters
Parameters Descriptions<0-168> Enter the number of hours for periodic synchronization with
the NTP server.Note: 0 is boot-time only, and 168 is once a week.
Real time clock configurationIn addition to SNTP time configuration, a real-time clock (RTC) is available to provide the switchwith time information. This RTC provides the switch information in the instance that SNTP timeis not available.
Command Line Interface Configuration
52 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Use the following commands to view and configure the RTC:
• clock set command on page 53• Clock sync rtc-with-SNTP enable command on page 53• no clock sync-rtc-with-SNTP enable command on page 53• Default clock sync-rtc-with-SNTP enable command on page 54• Clock source command on page 54• default clock source command on page 54
clock set command
This command is used to set the RTC. The syntax of the clock set command is: clockset {<LINE> | <hh:mm:ss>}The following table outlines the parameters for this command.
Table 16: clock set command parameters
Parameters Description<LINE> A string in the format of mmddyyyyhhmmss that
defines the current local time.
<hh:mm:ss> Numeric entry of the current local time in the mannerspecified.
This command is executed in the Privileged EXEC command mode.
Clock sync rtc-with-SNTP enable command
This command enables the synching of the RTC with the SNTP clock when the SNTP clocksynchronizes.
The syntax for this command is: clock sync-rtc-with-sntp enableThis command is executed in the Global Configuration command mode.
no clock sync-rtc-with-SNTP enable command
This command disables the synching of the RTC with the SNTP clock when the SNTP clocksynchronizes.
The syntax for this command is: no clock sync-rtc-with-sntp enableThis command is executed in the Global Configuration command mode.
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 53
Default clock sync-rtc-with-SNTP enable command
This command sets the synchronizing of the RTC with the SNTP clock to factory defaults.
The syntax for this command is: default clock sync-rtc-with-sntp enableThis command is executed in the Global Configuration command mode.
Clock source command
This command sets the default clock source for the switch.
The syntax for this command is: clock source {sntp | rtc | sysUpTime}Substitute {sntp | rtc | sysUpTime} with the clock source selection.
This command is executed in the Global Configuration command mode.
default clock source command
This command sets the clock source to factory defaults. The syntax of this command is:default clock sourceThis command is executed in the Global Configuration command mode.
Custom Autonegotiation AdvertisementsCustom Autonegotiation Advertisement (CANA) customizes the capabilities that areadvertised. It also controls the capabilities that are advertised by the WC 8180 as part of theauto-negotiation process.
The following sections describe configuring CANA with CLI:
• Configuring CANA on page 54• Viewing current autonegotiation advertisements on page 55• Setting default auto-negotiation-advertisements on page 55• no auto-negotiation-advertisements command on page 55
Configuring CANA
About this taskUse the auto-negotiation-advertisements command to configure CANA.
Command Line Interface Configuration
54 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
To configure port 5 to advertise the operational mode of 10 Mb/s and full duplex enter thefollowing command line: auto-negotiation-advertisements port 5 10-full
Viewing current autonegotiation advertisements
About this taskTo view the autonegotiation advertisements for the device, enter the following command: showauto-negotiation-advertisements [port <portlist>]
Setting default auto-negotiation-advertisements
The default auto-negotiation-advertisements command makes a port advertiseall its auto-negotiation-capabilities.
The syntax for the default auto-negotiation-advertisements command is:default auto-negotiation-advertisements [port <portlist>]To set default advertisements for port 5 of the device, enter the following command line:default auto-negotiation-advertisements port 5The default auto-negotiation-advertisements command can be executed in theInterface Configuration mode.
no auto-negotiation-advertisements command
The no auto-negotiation-advertisements command makes a port silent.
The syntax for the no auto-negotiation-advertisements command is: no auto-negotiation-advertisements [port <portlist>]The no auto-negotiation-advertisements command can be executed in the InterfaceConfiguration mode.
Connecting to another switchUsing the Command Line Interface (CLI), it is possible to communicate with another switchwhile maintaining the current switch connection. This is accomplished with the familiar pingand telnet commands.
ping command
Use the ping command to determine if communication with another switch can be established.The syntax for this command is: ping<dns_host_name> [datasize <64-4096>
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 55
[{count <1-999>} | continuous] [{timeout | -t} <1-120>] [interval<1-60] [debug]Substitute <dns_host_name> with the DNS host name of the unit to test.
Run this command in User EXEC command mode or any of the other command modes.
The following table describes the parameters for this command.
Table 17: ping command parameters
Parameters Description<dns_host_name> The DNS host name of the unit to test.
datasize <64–4096> Specify the size of the ICMP packet to be sent. Thedata size range is from 64 to 4096 bytes.
count <1–9999> | continuous Set the number of ICMP packets to be sent. Thecontinuous mode sets the ping running until theuser interrupts it by entering Ctrl+C.
timeout | -t | <1–120> Set the timeout using either the timeout with the -tparameter followed by the number of seconds theswitch must wait before timing out.
interval <1–60> Specify the number of seconds betweentransmitted packets.
debug Provide additional output information such as theICMP sequence number and the trip time.
telnet command
Use the telnet command to establish communications with another switch during the currentCLI session. Communication can be established to only one external switch at a time usingthe telnet command.
The syntax for this command is: telnet <dns_host_name>Substitute <dns_host_name> with the DNS hostname of the unit with which tocommunicate.
This command is executed in the User EXEC command mode.
Command Line Interface Configuration
56 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Domain Name Server (DNS) ConfigurationDomain name servers are used when the switch needs to resolve a domain name to an IPaddress. The following commands allow for the configuration of the switch domain nameservers:
• show ip dns command on page 57• ip domain-name command on page 57• no ip domain-name command on page 57• default ip domain-name command on page 58• ip name-server command on page 58• no ip name-server command on page 58
show ip dns command
The show ip dns command is used to display DNS-related information. This informationincludes the default switch domain name and any configured DNS servers.
The syntax for this command is: show ip dnsThis command is executed in the User EXEC command mode.
ip domain-name command
The ip domain-name command is used to set the default DNS domain name for the switch.This default domain name is appended to all DNS queries or commands that do not alreadycontain a DNS domain name.
The syntax for this command is: ip domain-name <domain_name>Substitute <domain_name> with the default domain name to be used. A domain name isdetermined to be valid if it contains alphanumeric characters and contains at least one period(.).
This command is executed in the Global Configuration command mode.
no ip domain-name command
The no ip domain-name command is used to clear a previously configured default DNSdomain name for the switch.
The syntax for this command is: no ip domain-nameThis command is executed in the Global Configuration command mode.
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 57
default ip domain-name command
The default ip domain-name command is used to set the system default switch domainname. Because this default is an empty string, this command has the same effect as the noip domain-name command.
The syntax for this command is: default ip domain-nameThis command is executed in the Global Configuration command mode.
ip name-server command
The ip name-server command is used to set the domain name servers the switch uses toresolve a domain name to an IP address. A switch can have up to three domain name serversspecified for this purpose.
The syntax of this command is:
ip name-server <ip_address_1> ip name-server <ip_address_2> ip name-server <ip_address_3>Note: To enter all three server addresses you must enter the command three times, each witha different server address.
The following table outlines the parameters for this command.
Table 18: ip name-server command parameters
Parameters Description<ip_address_1> The IP address of the domain name server used by the
switch.
<ip_address_2> Optional. The IP address of a domain name server to add tothe list of servers used by the switch.
<ip_address_3> Optional. The IP address of a domain name server to add tothe list of servers used by the switch.
This command is executed in the Global Configuration command mode.
no ip name-server command
The no ip name-server command is used to remove domain name servers from the listof servers used by the switch to resolve domain names to an IP address.
The syntax for this command is:
no ip name-server <ip_address_1> no ip name-server [<ip_address_2>]no ip name-server [<ip_address_2>]
Command Line Interface Configuration
58 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Note: To remove all three server addresses you must enter the command three times, eachwith a different server address.
The following table outlines the parameters for this command.
Parameters Description<ip_address_1> The IP address of the domain name server to remove.
<ip_address_2> Optional. The IP address of a domain name server toremove from the list of servers used by the switch.
<ip_address_3> Optional. The IP address of a domain name server toremove from the list of servers used by the switch.
This command is executed in the Global Configuration command mode.
Changing switch softwareAbout this taskThe software download begins when the user initiates the download and follows the downloadprocess accordingly. This process deletes the contents of the flash memory and replaces itwith the desired software image. Do not interrupt the download process. Depending on networkconditions, this process make take up to 10 minutes.
The current WLAN 8180 image build is as follows:
Image name Image Version Image Sizewc8180_1.1.0.130s.imgsoftware image
1.1.0.130 47 megabytes
When the download process is complete, the switch automatically resets unless the no-resetparameter was used. The software image initiates a self-test and returns a message when theprocess is complete.
An example of this message is illustrated in the following table.
Table 19: Software download message output
Download Image [/] Saving Image [-] Finishing UpgradingImage
Note:Before upgrading to the latest software image, Avaya recommends to take the backup ofthe binary & ASCII configuration on the controller and save it.
During the download process the switch is not operational.
The progress of the download process can be tracked by observing the front panel LEDs.
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 59
To change the software version running on the switch with CLI, follow this procedure:
Procedure
1. Access CLI through the Telnet protocol or a Console connection.
2. Enter enable and then hit enter to enter Privileged Access.
3. Enter download and then hit enter.
4. Enter the IP address address <a.b.c.d> of the TFTP address of where theimage us stored and then hit enter.
5. Enter the image file name image <image name> and hit enter.
6. The image downloads, saves the image, and reboots.The following table explains the parameters for the download command.
Table 20: download command parameters
Parameter Descriptionaddress <a.b.c.d> This parameter is the IP address of the
TFTP server to be used. The address<ip> parameter is optional and ifomitted the switch defaults to theTFTP server specified by the tftp-server command unless softwaredownload is to take place using a USBMass Storage Device.
image <image name> This parameter is the name of thesoftware image to be downloadedfrom the TFTP server.
Configuration files in CLICLI provides many options for working with configuration files. Through CLI, configuration filescan be displayed, stored, and retrieved.
For details, refer to the following:
• Displaying the current configuration on page 61• Storing the current configuration on page 61• copy tftp config command on page 62• copy usb config command on page 62• Saving the current configuration on page 62
Command Line Interface Configuration
60 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Importing action commands
The import and export of action commands in ASCII configuration files is not supported in thisrelease. This includes commands such as radius secret and mdc-join. Actioncommands that are part of a device configuration before an export operation will be excludedduring the export operation. Subsequent imports of the configuration file will not contain theexcluded commands. Excluded commands must be manually executed after the importprocess.
This is very important to keep in mind especially in regards to configuring a new device orupdating a device that has been returned to factory defaults. Note the action commands thatwere part of the pre-export configuration so they can be manually executed after theconfiguration file is imported.
Displaying the current configuration
The show running-config command displays the current configuration of switch.
The syntax for the show running-config command is:
show running-configThis command only can be executed in the Privileged EXEC mode and takes noparameters.
Storing the current configuration
The copy running-config command copies the contents of the current configuration fileto another location for storage. For all switches in the 8100 Series, the configuration file canbe saved to a TFTP server. The WC 8180 also provide the ability to save the configuration fileto a USB Mass Storage Device through the front panel USB drive.
The syntax for the copy running-config command is:
copy running-config {tftp | (usb) [u2] } address <A.B.C.D> filename<name>The following table outlines the parameters for this command.
Table 21: copy running-config parameters
Parameters Description{tftp | usb} This parameter specifies the general location in which
the configuration file is saved.
address <A.B.C.D> If a TFTP server is to be used, this parameter signifiesthe IP address of the server to be used.
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 61
Parameters Descriptionfilename <name> The name of the file that is created when the
configuration is saved to the TFTP server or USB MassStorage Device.
The copy running-config command only can be executed in the Privileged EXECmode.
copy tftp config command
Use this command to restore a configuration file stored on a TFTP server.
The syntax for this command is:
copy tftp config address <A.B.C.D> filename <name>The following table outlines the parameters for this command.
Table 22: copy tftp config command parameters
Parameter Descriptionaddress <A.B.C.D> The IP address of the TFTP server to be used.
filename <name> The name of the file to be retrieved.
copy usb config command
Use this command to restore a configuration file stored on a USB Mass Storage Device. Thesyntax is:
copy usb config filename <name>The only parameter for this command is the name of the file to be retrieved from the USBdevice.
Saving the current configuration
The configuration currently in use on a switch is regularly saved to the flash memoryautomatically. However, you can manually initiate this process using the copy confignvram command. This command takes no parameters and you must run it in Privileged EXECmode. If you have disabled the AutosaveToNvramEnabled function by removing the defaultcheck in the AutosaveToNvRamEnabled field, the configuration is not automatically saved tothe flash memory.
Command Line Interface Configuration
62 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Automatically downloading a configuration file with CLI
This feature is enabled through CLI by using the configure network command. This commandenables a script to be loaded and executed immediately as well as configure parameters toautomatically download a configuration file when the switch is booted.
The syntax for the configure network command is: configure network load-on-boot{disable | use-bootp | use-config} address <A.B.C.D> filename <name>The following table outlines the parameters for this command.
Table 23: configure network command parameters
Parameter Descriptionload-on-boot {disable | use-bootp | useconfig}
Specifies the settings for automaticallyloading a configuration file when the systemboots:
• disable - disables the automatic loading ofconfig file
• use-bootp - specifies loading the ASCIIconfiguration file at boot and using BootPto obtain values for the TFTP address andfilename
• use-config - specifies loading the ASCIIconfiguration file at boot and using thelocally configured values for the TFTPaddress and filename
Note: If you omit this parameter, the systemimmediately downloads and runs the ASCIIconfig file.
address <A.B.C.D> The IP address of the desired TFTP server.
filename <name> The name of the configuration file to use inthis process
This command must be run in the Privileged EXEC mode.
The current switch settings relevant to this process can be viewed using the show config-network command. This command takes no parameters and must be executed in PrivilegedEXEC mode.
Enabling QuickconfigAbout this taskUse the following procedure to enable Quickconfig
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 63
Procedure
1. Enter Privileged mode of the CLI.
2. Enter Configuration mode by entering the config command.
3. Use the command quickconfig enable to enable Quickconfig.
Terminal setupSwitch terminal settings can be customized to suit the preferences of a switch administrator.This operation must be performed in CLI.
The terminal command configures terminal settings. These settings are transmit and receivespeeds, terminal length, and terminal width.
The syntax of the terminal command is: terminal speed {2400 | 4800 | 9600 |19200 | 38400} length <0-132> width <1-132>The terminal command is executed in the User EXEC command mode.
The following table describes the parameters for this command.
Table 24: terminal command parameters
Parameters Descriptionspeed {2400|4800|19200|38400} Sets the transmit and receive baud rates for
the terminal. The speed can be set at one ofthe five options shown; the default is 9600.
length Sets the length of the terminal display inlines; the default is 23.Note: If the terminal length is set to a valueof 0, the pagination is disabled and thedisplay continues to scroll without stopping.
width Sets the width of the terminal display incharacters; the default is 79.
The show terminal command can be used at any time to display the current terminalsettings. This command takes no parameters and is executed in the EXEC command mode.
Setting the default management interfaceYou can set the default management interface with CLI to suit the preferences of the switchadministrator. This selection is stored in NVRAM. When the system is started, the bannerdisplays and prompts the user to enter Ctrl+Y. After these characters are entered, the systemdisplays either a menu or the command line interface prompt, depending on previously
Command Line Interface Configuration
64 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
configured defaults. When using the console port, you must log out for the new mode to display.When using Telnet, all subsequent Telnet sessions display the selection.
To change the default management interface, use the cmd-interface command. The syntax ofthis command is: cmd-interface {cli | menu}The cmd-interface command must be executed in the Privileged EXEC command mode.
Enabling Serial Console Port AccessAbout this taskUse the following procedure to enable serial console port access.
Procedure
1. Enter Privileged mode of the CLI.
2. Enter Configuration mode by entering the config command.
3. Use the command serial-console unit <1–8> to set the unit you want toenable serial console port access.
4. Use the command serial-console enable to enable serial console portaccess.
Setting Telnet accessCLI can be accessed through a Telnet session. To access CLI remotely, the management portmust have an assigned IP address and remote access must be enabled.
Note: Multiple users can access CLI system simultaneously, through the serial port, Telnet,and modems. The maximum number of simultaneous users is four. All users can configuresimultaneously.
For details on viewing and changing the Telnet-allowed IP addresses and settings, refer to thefollowing:
• telnet-access command on page 65• default telnet-access command on page 66
telnet-access command
The telnet-access command configures the Telnet connection that is used to manage theswitch. The telnet-access command is executed through the console serial connection.
The syntax for the telnet-access command is:
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 65
telnet-access [enable | disable] [login-timeout <1-10>][retry<1-100>] [inactive-timeout <0-60>] [logging {none | access |failures | all}] [source-ip <1-50> <A.B.C.D> <WORD> [mask <A.B.C.D>]Execute the telnet-access command in the Global Configuration command mode.
The following table describes the parameters for the telnet-access command.
Table 25: telnet-access command parameters
Parameters Descriptionenable | disable Enables or disables Telnet connection.
login-timeout <1-10> Specify in minutes the time to wait for Telnetand Console login before the connectioncloses. Enter an integer between 1 and 10.
retry <1-100> Specify the number of times the user canenter an incorrect password before closingthe connection. Enter an integer between 1and 100.
inactive-timeout <0-60> Specify in minutes the duration for aninactive session to be terminated.
logging {none | access | failures | all} Specify the events whose details you want tostore in the event log:
• none-do not save access events in the log
• access-save only successful accessevents in the log
• failure-save failed access events in the log
• all-save all access events in the log
[source-ip <1-50> <A.B.C.D> [mask<A.B.C.D>] [source-ip <WORD>
Specify the source IP address from whichconnections are allowed. Enter the IPaddress in dotted-decimal notation. Maskspecifies the subnet mask from whichconnections are allowed; enter IP mask indotted-decimal notation.
default telnet-access command
The default telnet-access command sets the Telnet settings to the default values.
The syntax for the default telnet-access command is:
default telnet-accessThe default telnet-access command is executed in the Global Configuration commandmode.
Command Line Interface Configuration
66 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Setting boot parametersThe command outlined in this section is used for booting the switch as well as setting bootparameters.
boot command
The boot command performs a soft-boot of the switch.
The syntax for the boot command is:
boot [default] [partial default]The boot command is executed in the Privileged EXEC command mode.
The following table describes the parameters for the boot command.
Table 26: boot command parameters
Parameters Descriptiondefault Reboot the switch and use the factory default
configurations
partial-default Reboot the switch and use partial factory defaultconfigurations
Note: When you reset to factory defaults, the switch retains the last reset count and reason forlast reset; these two parameters do not default to factory defaults.
Defaulting to BootP-when-neededThe BootP default value is BootP-when-needed. This enables the switch to be booted and thesystem to automatically seek a BootP server for the IP address.
If an IP address is assigned to the device and the BootP process times out, the BootP moderemains in the default mode of BootP-when-needed.
However, if the device does not have an assigned IP address and the BootP process timesout, the BootP mode automatically changes to BootP disabled. But this change to BootPdisabled is not stored, and the BootP reverts to the default value of BootP-when-needed afterrebooting the device.
When the system is upgraded, the switch retains the previous BootP value. When the switchis defaulted after an upgrade, the system moves to the default value of BootP-when-needed.
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 67
Refer to the following commands to configure BootP parameters:
• ip bootp server command on page 68• no ip bootp server command on page 68• default ip bootp server command on page 68
ip bootp server command
The ip bootp server command configures BootP on the current instance of the switch orserver. This command is used to change the value of BootP from the default value, which isBootP-when-needed.
The syntax for the ip bootp server command is:
ip bootp server {always | disable | last | needed}The ip bootp server command is executed in the Global Configuration command mode.
The following table describes the parameters for this command.
Table 27: ip bootp server command parameters
Parameters Descriptionalways | disable | last | needed Specifies when to use BootP:
• always-Always use BootP
• disable-never use BootP
• last-use BootP or the last known address
• needed-use BootP only when needed
Note: The default value is to use BootP whenneeded.
no ip bootp server command
The no ip bootp server command disables the BootP server.
The syntax for the no ip bootp server command is:
no ip bootp serverThe no ip bootp server command is executed in the Global Configuration commandmode.
default ip bootp server command
The default ip bootp server command uses BootP when needed.
Command Line Interface Configuration
68 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
The syntax for the default ip bootp server command is:
default ip bootp serverThe default ip bootp server command is executed in the Global Configurationcommand mode.
shutdown commandAbout this taskThe shutdown command proves a mechanism for safely shutting down a switch withoutinterfering with device processes or corrupting the software image. After this command isissued, the configuration is saved, auto-save functionality is temporarily disabled, andconfiguration changes are not allowed until the switch restarts. If the shutdown is cancelled,auto-save functionality returns to the state in which it was previously functioning.
The shutdown command has the following syntax: shutdown [force] [minutes-to-wait <1-60>] [cancel]The following table describes the parameters of the shutdown command.
Table 28: shutdown command parameter
Parameters Descriptionforce This parameter forces the shutdown without
confirmation.
minutes-to-wait <1-60> This parameter represents the number of minutes towait before the shutdown occurs. If no value isspecified, the default value of 10 minutes is used.
cancel This parameter cancels a scheduled shutdown anytime during the time period specified by theminutes-to-wait parameter.
reload commandAbout this taskThe reload command operates in a similar fashion to the shutdown command. However, thereload command is intended more to be used by system administrators using the commandfunctionality to configure remote devices and reset them when the configuration is complete.
The reload command differs from the shutdown command in that the configuration is notexplicitly saved after the command is issued. This means that any configuration changes mustbe explicitly saved before the switch reloads.
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 69
The reload command does temporarily disable auto-save functionality until the reload occurs.Cancelling the reload returns auto-save functionality to any previous setting.
The reload command has the following syntax: reload [force] [minutes-to-wait<1-60>] [cancel]The following table describes the parameters of the reload command.
Table 29: reload command parameters
Parameter Descriptionforce This parameter forces the reload without confirmation.
minutes-to-wait <1-60> This parameter represents the number of minutes towait before the reload occurs. If no value is specified,the default value of 10 minutes is used.
cancel This parameter cancels a scheduled reload any timeduring the time period specified by the minutes-to-waitparameter.
Configuring Packet Storm Control SettingsAbout this taskUse the following procedure to configure Packet Storm Control settings.
Procedure
1. Enter Privileged mode of the CLI.
2. Enter Configuration mode by entering the config command.
3. Use the command storm-control and one of the following sub-commands toPacket Storm Control settings:
a. Use the enable sub-command to enable the feature.
b. Use the high-watermark <11–100000000> sub-command to set the highwatermark in packets per second.
c. Use the low-watermark <10–100000000> sub-command to set the lowwatermark in packets per second.
d. Use the poll-interval <5–300> sub-command to set the poll interval inseconds.
e. Use the trap-send-interval <0–1000> sub-command to set the trap sendinterval in poll cycles.
Command Line Interface Configuration
70 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
CLI HelpAbout this taskTo obtain help on the navigation and use of Command Line Interface (CLI), use the followingcommand: help {commands | modes}Use help commands to obtain information about the commands available in CLI organized bycommand mode. A short explanation of each command is also included.
Use help modes to obtain information about command modes available and CLI commandsused to access them.
These commands are available in any command mode.
Clearing the default TFTP server with CLIAbout this taskThe default TFTP server can be cleared from the switch and reset to 0.0.0.0 with the followingtwo commands:
• no tftp-server• default tftp-server
Configuring a default TFTP server with CLIAbout this taskThe switch processes that make use of a TFTP server often give the switch administrator theoption of specifying the IP address of a TFTP server to be used. Instead of entering this addressevery time it is needed, a default IP address can be stored on the switch.
A default TFTP server for the switch is specified with the tftp-server command. The syntax ofthis command is: tftp-server <A.B.C.D>To complete the command, replace <A.B.C.D> with the IP address of the default TFTP server.This command must be executed in the Privileged EXEC command mode.
Configuring default clock sourceAbout this taskThis command sets the default clock source for the switch.
The syntax for this command is: clock source {rtp | sntp | sysUpTime}
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 71
Substitute {rtp | sntp | sysUpTime}with the clock source selection.
Run this command in Global Configuration command mode.
Configuring daylight savings time with CLIAbout this taskUse the following procedure to configure the daylight savings time adjustment with CLI:
Procedure
1. In CLI, set the Global Configuration command mode.configure
2. Enable sntp server.
3. Set the date to change to daylight savings time.clock summer-time zone date day month year hh:mm day monthyear hh:mm [offset]
Job aid
The following table defines the variables for the clock summer-time command:
Table 30: clock summer-time command parameters
Parameters Descriptiondate Indicates that daylight savings time should
start and end on the specified days everyyear.
day Date to start daylight savings time.
month Month to start daylight savings time.
year Year to start daylight savings time.
hh:mm Hour and minute to start daylight savingstime.
day Date to end daylight savings time.
month Month to end daylight savings time.
year Year to end daylight savings time.
hh:mm Hour and minute to end daylight savingstime.
Command Line Interface Configuration
72 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Parameters Descriptionoffset Number of minutes to add during the summer
time.
zone The time zone acronym to be displayed whendaylight savings time is in effect. If it isunspecified, it defaults to the time zoneacronym set when the time zone was set.
Configuring Dual AgentAbout this taskUse the following commands to configure the Dual Agent feature with CLI:
• Enhanced download command on page 73• toggle next boot image command on page 74• boot secondary command on page 74• Show agent images on page 74
Enhanced download command
You can update either active image or non-active image. Once the image download is done,the unit resets and restarts with the new image regardless of the value of the Next Boot imageindicator. In case of image download without reset, the new image in the flash will be the NextBoot image.
Use the download command to specify the download target image. The syntax for thiscommand is:
download [address <a.b.c.d>] {primary | secondary} {image <imagename> | image-if-newer <image name> | diag <image name>} [no-reset][usb]The following table defines the parameters for the download command.
Table 31: download command parameters
Parameters Variablea.b.c.d IP address in dot notation.
primary | secondary Choose which image to download.
image <image name> Download the specified image.
image-if-newer <image name> Only download the image if the version is newerthan the installed version.
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 73
Parameters Variablediag <image name> Download the specified diagnostic image.
no-reset Do not reset the switch.
usb Download the image from the USB drive.
Note: Dual Agent supports the WLAN switches NBUs through AAUR.
toggle next boot image command
You can use CLI commands to change the next boot image of the device.
Use the toggle-next-boot-image command to toggle the next boot image.
The syntax for this command is:
toggle-next-boot-imageYou must restart the switch after this command to use the next boot image as the new primaryimage.
boot secondary command
You can use CLI commands to change the next boot image of the device.
Use the boot secondary command to use the secondary boot image. The syntax for thiscommand is:
boot secondaryThe switch will restart automatically with the new image.
Show agent images
You can use CLI commands to list the following information about the agent images stored inflash memory:
• Primary image version• Secondary image name• Active image version
Use the show boot image command to show the agent image information for agent imagesstored in the flash memory. They syntax for this command is:
show boot image
Command Line Interface Configuration
74 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Configuring local time zone with CLIAbout this taskSNTP uses Coordinated Universal Time (UTC) for all time synchronizations so it is not affectedby different time zones. To have the switch report the time in your local time zone, you needto use the clock commands to set the local time zone.
You must enable SNTP before you set the time zone. If SNTP is not enabled, this commandhas no effect. If you enable SNTP and do not specify a time zone, UTC is shown by default.
Use the following procedure to configure your switch for your local time zone with CLI:
Procedure
1. In CLI, set the Global Configuration command mode.configure
2. Enable sntp server.
3. Set clock time zone using the clock command.clock time-zone zone hours [minutes]
Job aid
The following table defines the variables for the clock time-zone command:
Table 32: clock time-zone command
Variables Descriptionzone Time zone acronym to be displayed when showing
system time (up to 4 characters).
hours Difference from UTC in hours. This can be any valuebetween -12 and +12.
minutes Optional: This is the number of minutes difference fromUTC. Minutes can be any value between 0 and 59.
Customizing CLI banner with CLI
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 75
show banner command
The show banner command displays the banner.
The syntax for the show banner command is:
show banner [static | custom]The show banner command is executed in the Privileged EXEC command mode.
The following table outlines the parameters for this command.
Table 33: show banner command parameters
Parameters Descriptionstatic | custom Displays which banner is currently set to display:
• static
• custom
banner command
The banner command specifies the banner displayed at startup; either static or custom.
The syntax for the banner command is:
banner {static | custom} <line number> "<LINE>"The following table outlines the parameters for this command.
Table 34: banner command parameters
Parameters Descriptionstatic | custom Sets the display banner as:
• static
• custom
line number Enter the banner line number you are setting.The range is 1 to 19.
LINE Specifies the characters in the line number.
This command is executed in the Privileged EXEC command mode.
Command Line Interface Configuration
76 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
no banner command
The no banner command clears all lines of a previously stored custom banner. Thiscommand sets the banner type to the default setting (STATIC).
Displaying the default TFTP server with CLI
no bannerThe no banner command is executed in the Privileged EXEC command mode.
Displaying the default TFTP server with CLIAbout this taskThe default TFTP server configured for the switch can be displayed in CLI at any time by usingthe show tftp-server command. This command has no parameters and is executed in thePrivileged EXEC mode.
Displaying complete GBIC informationAbout this taskComplete information can obtained for a GBIC port using the following command: showinterfaces gbic-info <port-list>Substitute <port-list> with the GBIC ports for which to display information. If no GBIC isdetected, this command does not show any information.
This command is available in all command modes.
Displaying hardware informationAbout this taskTo display a complete listing of information about the status of switch hardware in CLI, use thefollowing command: show system [verbose]The inclusion of the [verbose] option displays additional information about fan status, powerstatus, and switch serial number.
Switch hardware information is displayed in a variety of locations in Web-based managementand Device Manager. No special options are needed in these interfaces to display theadditional information.
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 77
Configuring Auto-Unit ReplacementAbout this taskUse the following procedure to configure auto-unit replacement.
Procedure
1. Enter Privileged mode of the CLI.
2. Enter Configuration mode by entering the config command.
3. Use the command stack auto-unit-replacement enable to enable auto-unit replacement.
4. Use the command stack auto-unit-replacement config restore unit<1–8> restore the configuration of a unit from the saved configuration on the savedunit.
5. Use the command stack auto-unit-replacement-image enable to enableauto-unit replacement image settings.
Configuring the UI buttonAbout this taskUse the following procedure to configure UI button options.
Procedure
1. Enter Privileged mode of the CLI.
2. Enter Configuration mode by entering the config command.
3. Use the command ui-button unit <1–8> to set the unit to enable.
4. Use the command ui-button enable to enable the ui-button feature.
Configuring USB Host PortAbout this taskUse the following procedure to configure the USB host port.
Command Line Interface Configuration
78 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
1. Enter Privileged mode of the CLI.
2. Enter Configuration mode by entering the config command.
3. Use the command usb-host-port unit <1–8> to set the unit to enable.
4. Use the command usb-host-port enable to enable the usb host port.
Enabling AutosaveAbout this taskWith autosave enabled the system checks every minute to see if there is any new configurationdata. If there is, it will automatically be saved to NVRAM. While autosave is enabled, the AURfeature should perform normally.
Use the following command to enable the autosave feature.
autosave enable command
The autosave enable command is used to enable the autosave feature.
The syntax for this command is:
autosave enableThe autosave enable command is executed in Global Configuration command mode.
Setting the server for Web-based management with CLISetting the server for Web-based management with CLI You can use CLI to enable or disablea web server for use with Web-based management. For details, refer to the following:
• web-server command on page 79• no web-server command on page 80
web-server command
The web-server command enables or disables the web server used for Web-basedmanagement.
The syntax for the web-server command is:
web-server {enable | disable}
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 79
The web-server command is executed in the Global Configuration command mode.
The following table describes the parameters for this command.
Table 35: web-server command parameters
Parameter Descriptionenable | disable Enables or disables the web server.
no web-server command
The no web-server command disables the web server used for Web-basedmanagement.
The syntax for the no web-server command is:
no web-serverThe no web-server command is executed in the Global Configuration command mode.
Setting the read-only and read-write passwordsAbout this taskThe first step to requiring password authentication when the user logs in to the switch is to editthe password settings. To set the read-only and read-write passwords, perform the followingprocedure.
Procedure
1. Access CLI through the Telnet protocol or a Console connection.
2. From the command prompt, use the cli password command to change the desiredpassword.cli password {read-only | read-write} <password>The following table describes the parameters for this command.
Table 36: cli password command parameters
Parameter Description{read-only | read-write} This parameter specifies if the
password change is for read-onlyaccess or read-write access.
<password> If password security is disabled, thelength can be 1-15 chars. If password
Command Line Interface Configuration
80 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Parameter Descriptionsecurity is enabled, the range for lengthis 10-15 chars.
3. Press Enter.
Enabling and disabling passwordsAbout this taskAfter the read-only and read-write passwords are set, they can be individually enabled ordisabled for the various switch access methods. When enabled, password security promptsyou for a password and the value is hidden. To enable or disable passwords, perform thefollowing procedure:
Procedure
1. Access CLI through the Telnet protocol or a Console connection.
2. From the command prompt, use the cli password command to enable or disablethe desired password.cli password {telnet | serial} {none | local | radius |tacacs}The following table describes the parameters for this command.
Table 37: cli password parameters
Parameter Description{telnet | serial} This parameter specifies if the
password is enabled or disabled fortelnet or the console. Telnet and webaccess are tied together so thatenabling or disabling passwords forone enables or disables it for theother.
{none | local | radius | tacacs} This parameter specifies if thepassword is to be disabled (none), or ifthe password to be used is the locallystored password created in theprevious procedure, or if RADIUSauthentication or TACACS +AAAservices is used.
3. Press Enter.
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 81
Configuring RADIUS authenticationAbout this taskThe Remote Authentication Dial-In User Service (RADIUS) protocol is a means to authenticateusers through the use of a dedicated network resource. This network resource contains a listingof eligible user names and passwords and their associated access rights. When RADIUS isused to authenticate access to a switch, the user supplies a user name and, when prompted,a password. The password value is hidden when entered. This information is checked againstthe preexisting list. If the user credentials are valid they can access the switch.
If RADIUS Authentication was selected when enabling passwords through CLI, the RADIUSserver settings must be specified to complete the process. Ensure that Global Configurationmode is entered in CLI before beginning this task.
To enable RADIUS authentication through CLI, follow these steps:
Procedure
1. Access CLI through the Telnet protocol or a Console connection.
2. From the command prompt, use the radius-server command to configure theserver settings.radius-server host <address> [secondary-host <address>] port<num> key <string> [password fallback]The following table describes the parameters for this command.
Table 38: radius-server parameters
Parameter Descriptionhost <address> This parameter is the IPv6 or IPv4
address of the RADIUS server that isused for authentication.
[secondary-host <address>] The secondary-host <address>address> parameter is optional. If abackup RADIUS server is to bespecified, include this parameter withthe IPv6 or IPv4 address of the backupserver.
port <num> This parameter is the UDP port numberthe RADIUS server uses to listen forrequests.
key This parameter prompts you to supplya secret text string or password that isshared between the switch and theRADIUS server. Enter the secret string,which is a string up to 16 characters in
Command Line Interface Configuration
82 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Parameter Descriptionlength. The password is hidden whenentered.
[password fallback] This parameter is optional and enablesthe password fallback feature on theRADIUS server. This option is disabledby default.
3. Press Enter.
Related RADIUS Commands
About this taskDuring the process of configuring RADIUS authentication, there are three other CLI commandsthat can be useful to the process. These commands are:
Procedure
1. show radius-serverThe command takes no parameters and displays the current RADIUS serverconfiguration.
2. no radius-serverThis command takes no parameters and clears any previously configured RADIUSserver settings.
3. radius-server password fallbackThis command takes no parameters and enables the password fallback RADIUSoption if it was not done when the RADIUS server was configured initially.
Configuring RADIUS server load balancingUse the following procedure to configure RADIUS server load balancing to ease the serverload during heavy authentications requests. RADIUS server load balancing applies only toradius profiles of type authentication not for RADIUS accounting profiles.
Ensure to synchronize the server load balancing profile among controllers in a mobilitydomain.
About this taskUse the procedure to create a RADIUS profile for server load balancing.
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 83
Procedure
1. Enter Wireless Configuration mode of the CLI.
2. Use the command security to enter Security Configuration mode.
3. Use the command radius profile <profile-name> server-load-balancing to configure RADIUS server load balancing.
4. Use the command default radius profile <profile-name> server-load-balancing to create the default load balancing profile.
5. Use the command no radius profile <profile-name> server-load-balancing to disable RADIUS server load balancing.
6. Use the command show wireless security radius profile profile-name to show the RADIUS balancing profile.
Configuring RADIUS AAA offloadingUse RADIUS AAA offloading to reduce heavy loads between the RADIUS server and wirelessusers during authentication. AAA offloading applies only to PEAPv0-MSCHAPv2 userauthentication and needs to be enabled on a network for it to take effect.
Use the following procedure to do one or more of the following:
• Configure AAA RADIUS offloading: configure RADIUS AA offloading.
• Create a self-signed X.509 certificate: generates the self-signed certificate withoptions.
• Import an X.509 certificate from a PKCS#12: imports a 3rd party certificate.
• Map an application to an X.509 certificate: change (map) the RADIUS server certificatewith newly imported certificate.
Procedure
1. Enter the Network-profile configuration mode of the CLI.Configure RADIUS AAA offloading
2. Use the command radius offload to create a profile.
3. Use the command default radius offload to create a default.
4. Use the command no radius offload to disable Radius offload.
5. Chose step 6 to create a self-signed certificate or step 10 to import a 3rd partycertificate.Create a self-signed X.509 certificate
Command Line Interface Configuration
84 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
6. Enter the Crypto configuration mode of the CLI.
7. Use the command certificate self-signed certificate-index [key-size 1024 | 2048| 4096] [common-name common-name] [country-code country-code] [state-name state-name] [locality name locality-name] [organization org-name][organization-unit org-unit] [email email] [valid days] to create a certificate.Use the following variables to help you create a specified certificate.
key-size 1024 | 2048 | 4096 Size of the key
common-name A name such as user name or server name( 0–64 characters)
country-code A country code (2 characters)
state-name Name of the state or province ( 0–128characters)
locality-name Name of locality, for example, city name ( 0–64 characters)
organization Name of the organization ( 0–64 characters)
organization-unit Name of the organization unit such assection or subdivision ( 0–64 characters)
email E-mail address ( 0–128 characters)
valid Certificate's valid period in days
8. Use the command default certificate certificate-index to create a defaultcertificate.
9. Use the command no certificate certificate-index to disable the certificate.Import an X.509 certificate from a PKCS#12After creating the RADIUS offloading you can import a 3rd party certificate
10. Enter the Wireless Crypto configuration of the CLI.
11. Use the command certificate import pkcs12 certificate-index <tftpip tftp-ipaddress> <filename file-name> [encrypted <encrypted-passphrase>] toimport a certificate.Use the following variables to help you import a certificate
Variable Description
tftpip TFTP server IP address ( 0.0.0.0 –255.255.255.255)
filename Certification file in pkcs#12 format ( 0–127characters)
passphrase AES encrypted passphrase
Configuring system options
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 85
12. Use the command default certificate certificate-index to create a defaultcertificate.
13. Use the command no certificate certificate-index to delete a certificate.Map an application to an X.509 certificateUse the following command to change (map) the RADIUS server certificate withnewly imported certificate.
14. In the NNCLI, enter the wireless/crypto configuration.
15. Use the command certificate mapping certificate-index {captive-portal | radius}to map the certificate to the captive portal.Use the following variables to help you map to a certificate
Variable Description
captive-portal Name of captive portal
radius Name of RADIUS server
16. Use the command default certificate mapping {captive-portal | radius} to createthe default.
17. Use the command no certificate mapping {captive-portal | radius} to delete themapping.
Configuring Radius Health CheckUse this procedure to determine if a RADIUS server is available for authentication process. Ifthe server is not available, health check selects a new server and incoming user authenticationrequests are forwarded to the new server.
About this taskComplete the following steps to configure a health check user name, password, or encryptedpassword. Synchronize the following configurations among controllers in a mobility domain.
Procedure
1. Enter Wireless Configuration mode of the CLI.
2. Use the command security to enter Security Configuration mode.Create user name
3. Use the command radius server-healthcheck-user <user name> toconfigure the RADIUS health check user name.
4. Use the command default radius server-healthcheck-user to create adefault Health Check.
Command Line Interface Configuration
86 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
5. Use the command no radius server-healthcheck-user (same as defaultcommand) to disable the RADIUS health check user name.Create password
6. Use the command radius server-healthcheck-password <password> tocreate the health check password.
7. Use the command default radius server-healthcheck-password tocreate a default password.
8. Use the command no radius server-healthcheck-password (same asdefault command) to disable the RADIUS health check password.Create encrypted user password
9. Use the command radius server-healthcheck-password encrypted<encrpt-password> to create the health check encrypted password.
10. Use the command default radius server-healthcheck-password tocreate a default encrypted password.
11. Use the command no radius server-healthcheck-password same asdefault command) to disable the RADIUS health check encrypted password.Show command
12. Use the command show wireless security radius to show the health checkconfiguration.The System prompts for a password input and is echo’d with “*”. . When you executethe show command, the AES-encrypted user password displays.
Configuring system securityAbout this taskThis chapter describes the methods and procedures necessary to configure system security.
Depending on the scope and usage of the commands listed in this chapter, you can needdifferent command modes to execute them.
Navigation
• Configuring MAC address-based security using CLI on page 88• Configuring RADIUS authentication using CLI on page 95• SNMP configuration using CLI on page 98• Configuring TACACS+ using CLI on page 118• Configuring IP Manager using CLI on page 121
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 87
• Configuring password security using CLI on page 123• Displaying CLI Audit log using CLI on page 125• Configuring Secure Socket Layer services using CLI on page 126• Configuring Secure Shell protocol using CLI on page 128
Configuring MAC address-based security using CLIAbout this taskThe following CLI commands allow for the configuration of the BaySecureapplication usingMedia Access Control (MAC) addresses.
The CLI commands in this section are used to configure and manage MAC address security.
CLI commands for MAC address security
The CLI commands in this section are used to configure and manage MAC address security.
• show mac-security command on page 89• show mac-security mac-da-filter command on page 89• mac-security command on page 89• mac-security mac-address-table address command on page 90• show mac-security mac-address-table command on page 91• mac-security security-list command on page 91• no mac-security security-list command on page 92• mac-security command for specific ports on page 92• show mac-security command on page 93• mac-security mac-da-filter command on page 93• CLI commands for MAC address auto-learning on page 93• mac-security auto-learning aging-time command on page 93• no mac-security auto-learning aging-time command on page 94• default mac-security auto-learning aging-time command on page 94• mac-security auto-learning port command on page 94• no mac-security auto-learning command on page 95• default mac-security auto-learning command on page 95
Command Line Interface Configuration
88 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
show mac-security command
The show mac-security command displays configuration information for the BaySecureapplication.
The syntax for the show mac-security command is:
show mac-security {config|mac-address-table [address <macaddr>] |port|security-lists}The following table outlines the parameters for this command.
Table 39: show mac-security command parameters
Parameter Descriptionconfig Displays general BaySecure configuration.
mac-address-table [address <madaddr>] Displays contents of BaySecure table ofallowed MAC addresses:
address—specifies a single MAC addressto display; enter the MAC address
port Displays the BaySecure status of all ports.
security-lists Displays port membership of all securitylists.
The show mac-security command is executed in the Privileged EXEC command mode.
show mac-security mac-da-filter command
The show mac-security mac-da-filter command displays configuration informationfor filtering MAC destination addresses (DA). Packets can be filtered from up to 10 MACDAs.
The syntax for the show mac-security mac-da-filter command is
show mac-security mac-da-filterThe show mac-security mac-da-filter command is executed in the Privileged EXECcommand mode.
The show mac-security mac-da-filter command has no parameters or variables.
mac-security command
The mac-security command modifies the BaySecure configuration.
The syntax for the mac-security command is
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 89
mac-security [disable|enable] [filtering {enable|disable}][intrustion-detect {enable|disable|forever}] [intrusion-timer<1-65535>] [learning-ports <portlist>] [learning {enable|disable}][snmp-lock {enable|disable}] [snmp-trap {enable|disable}]The following table outlines the parameters for this command.
Table 40: mac-security parametersParameter Description
disable|enable Disables or enables MAC address-basedsecurity.
filtering {enable|disable} Enables or disables DA filtering on intrusiondetected.
intrusion-detect {enable|disable|forever} Specifies partitioning of a port when anintrusion is detected:
• enable—port is partitioned for a period oftime
• disabled—port is not partitioned ondetection
• forever—port is partitioned until manuallychanged
intrustion-timer <1-65535> Specifies, in seconds, length of time a port ispartitioned when an intrusion is detected;enter the number of seconds desired.
learning-ports <portlist> Specifies MAC address learning. Learnedaddresses are added to the table of allowedMAC addresses. Enter the ports to learn; asingle port, a range of ports, several ranges,all ports, or no ports can be entered.
learning {enable|disable} Specifies MAC address learning:
• enable—enables learning by ports
• disable—disables learning by ports
snmp-lock {enable|disable} Enables or disables a lock on SNMP write-access to the BaySecure MIBs.
snmp-trap {enable|disable} Enables or disables trap generation uponintrusion detection.
The mac-security command is executed in the Global Configuration mode.
mac-security mac-address-table address command
The mac-security mac-address-table address command assigns either a specificport or a security list to the MAC address. This removes the previous assignment to the
Command Line Interface Configuration
90 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
specified MAC address and creates an entry in the BaySecure table of allowed MACaddresses.
The syntax for the mac-security mac-address-table address command is
mac-security mac-address-table address <H.H.H.> {port <portlist>|security-list <1-32>}The following table outlines the parameters for this command.
Table 41: no mac-security mac-address-table parameters
Parameter Description<H.H.H> Enter the MAC address in the form of H.H.H.
port <portlist> Enter the port number.
security-list <1-32> Enter the security list number.
The no mac-security mac-address-table command executes in the GlobalConfiguration mode.
show mac-security mac-address-table command
The show mac-security mac-address-table command displays the current global MAC Addresssecurity table. The syntax for this command is
show mac-security mac-address-table.This command executes in the Privileged EXEC command mode.
mac-security security-list command
The mac-security security-list command assigns a list of ports to a security list.
The syntax for the mac-security security-list command is:
mac-security security-list <1-32> <portlist>The following table outlines the parameters for this command.
Table 42: mac-security security-list parameters
Parameter Description<1-32> Enter the number of the security list you want to use.
<portlist> Enter the port number.
The mac-security security-list command executes in the Global Configurationmode.
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 91
no mac-security security-list command
The no mac-security security-list command clears the port membership of asecurity list.
The syntax for the no mac-security security-list command is:
no mac-security security-list <1-32>Substitute the <1-32> with the number of the security list to be cleared.
The no mac-security security-list command executes in the Global Configurationmode.
mac-security command for specific ports
The mac-security command for specific ports configures the BaySecure status of specificports.
The syntax for the mac-security command for specific ports is
mac-security [port <portlist>] {disable|enable|learning}The following table outlines the parameters for this command.
Table 43: mac-security parameters
Parameter Descriptionport <portlist> Enter the port numbers.
disable|enable|learning Directs the specific port
• disable—disables BaySecure on the specifiedport and removes the port from the list of portsfor which MAC address learning is beingperformed
• enable—enables BaySecure on the specifiedport and removes the port from the list of portsfor which MAC address learning is beingperformed
• learning—disables BaySecure on the specifiedport and adds these port to the list of ports forwhich MAC address learning is being performed
The mac-security command for specific ports executes in the Interface Configurationmode.
Command Line Interface Configuration
92 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
show mac-security command
The show mac-security command displays the current MAC Address security table for theports entered. The syntax for this command is
show mac-security port <portlist>Substitute <portlist> with the ports to be displayed.
This command executes in the Privileged EXEC command mode.
mac-security mac-da-filter command
The mac-security mac-da-filter command allows packets to be filtered from up to tenspecified MAC DAs. This command also allows you to delete such a filter and then receivepackets from the specified MAC DA.
The syntax for the mac-security mac-da-filter command is
mac-security mac-da-filter {add|delete} <H.H.H>Substitute the {add|delete} <H.H.H> with either the command to add or delete a MACaddress and the MAC address in the form of H.H.H.
The mac-security mac-da-filter command executes in the Global Configurationmode.
CLI commands for MAC address auto-learning
The CLI commands in this section are used to configure and manage MAC auto-learning.
mac-security auto-learning aging-time command
The mac-security auto-learning aging-time command sets the aging time for theauto-learned addresses in the MAC Security Table.
The syntax for the command is
mac-security auto-learning aging-time <0-65535>Substitute <0-65535> with the aging time in minutes. An aging time of 0 means that thelearned addresses never age out. The default is 60 minutes.
The mac-security auto-learning aging-time command executes in the GlobalConfiguration mode.
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 93
no mac-security auto-learning aging-time command
The no mac-security auto-learning aging-time command sets the aging time forthe auto-learned addresses in the MAC Security Table to 0. In this way, it disables the removalof auto-learned MAC addresses.
The syntax for the command is
no mac-security auto-learning aging-timeThe no mac-security aging-time command executes in the Global Configurationmode.
default mac-security auto-learning aging-time command
The default mac-security auto-learning aging-time command sets the agingtime for the auto-learned addresses in the MAC Security Table to the default of 60 minutes.
The syntax for the command is
default mac-security auto-learning aging-timeThe default mac-security auto-learning aging-time command executes in theGlobal Configuration mode.
mac-security auto-learning port command
The mac-security auto-learning port command configures MAC security auto-learning on the ports.
The syntax for the command is
mac-security auto-learning port <portlist> disabledisable|{enable[max-addrs <1-25>}The following table outlines the parameters for this command.
Table 44: mac-security auto-learning parameters
Parameter Description<portlist> The ports to configure for auto-learning.
disable|enable Disables or enables auto-learning on the specified ports.The default is disabled.
max-addrs <1-25> Sets the maximum number of addresses the port learns.The default is 2.
Command Line Interface Configuration
94 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
The mac-security auto-learning command executes in the Interface Configurationmode.
no mac-security auto-learning command
This command disables MAC security auto-learning for the specified ports on the switch. Thesyntax for this command is
no mac-security auto-learning port <portlist>The no mac-security auto-learning command executes in the Interface Configurationmode.
default mac-security auto-learning command
The default mac-security auto-learning command sets the default MAC securityauto-learning on the switch.
The syntax for the command is
default mac-security auto-learning port <portlist> [enable] [max-addrs]The following table outlines the parameters for this command.
Table 45: default mac-security auto-learning parameters
Parameters Description<portlist> The ports to configure for auto-learning.
enable Sets to default the auto-learning status forthe port. The default is disabled.
max-addrs Sets to default the maximum number ofaddresses the port learns. The default is 2.
The default mac-security auto-learning command executes in the InterfaceConfiguration mode.
Configuring RADIUS authentication using CLIAbout this taskConfigure RADIUS to perform authentication services for system users by doing the following:
• Configure the RADIUS server itself. For specific configuration procedures, see the vendordocumentation. In particular, ensure that you set the appropriate Service-Type attributein the user accounts:
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 95
- for read-write access, Service-Type = Administrative- for read-only access, Service-Type = NAS-Prompt
• Configure RADIUS server settings on the switch (see “Configuring RADIUS serversettings” (page 100)).
• (Optional) Enable the RADIUS password fallback feature (see “Enabling RADIUSpassword fallback” (page 101)).
Use the following commands to configure RADIUS authentication:
• Configuring RADIUS server settings on page 96• Enabling RADIUS password fallback on page 97• Viewing RADIUS information on page 97
Configuring RADIUS server settings
About this taskAdd a RADIUS server using the following command in Global or Interface Configuration mode:
radius-serverThe following table describes the parameters for this command.
Table 46: radius-server command parameters
Parameter Descriptionhost <IPaddr> Specifies the IP address of the primary
server you want to add or configure.
key <key> Specifies the secret authentication andencryption key used for all communicationsbetween the NAS and the RADIUS server.The key, also referred to as the sharedsecret, must be the same as the one definedon the server. You are prompted to enter andconfirm the key.
[port <port>] Specifies the UDP port for RADIUS.
<port> is an integer in the range 0–65535.The default port number is 1812.
[secondary-host <IPaddr>] Specifies the IP address of the secondaryserver. The secondary server is used only ifthe primary server does not respond.
[timeout <timeout>] Specifies the number of seconds before theservice request times out. RADIUS allowsthree retries for each server (primary andsecondary).<timeout>
Command Line Interface Configuration
96 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Parameter Descriptionis an integer in the range 1–60. The defaulttimeout interval is 2 seconds.
Delete a RADIUS server and restore default RADIUS settings by using one of the followingcommands in Global or Interface Configuration mode:
no radius-serverdefault radius-server
Enabling RADIUS password fallback
About this taskEnable the RADIUS password fallback feature by using the following command in Global orInterface Configuration mode:
radius-server password fallbackWhen RADIUS password fallback is enabled, users can log on to the switch using the localpassword if the RADIUS server is unavailable or unreachable.The default is disabled.
After you enable RADIUS password fallback, you cannot disable it without erasing all otherRADIUS server settings.
Important:You can use the Console Interface to disable the RADIUS password fallback without erasingother RADIUS server settings. From the main menu, choose Console/Comm PortConfiguration, then toggle the RADIUS Password Fallback field to No.
Disable the RADIUS password fallback feature by using one of the following commands inGlobal or Interface Configuration mode:
no radius-serverdefault radius-serverThe command erases settings for the RADIUS primary and secondary servers and secret key,and restores default RADIUS settings.
Viewing RADIUS information
About this taskDisplay RADIUS configuration status by using the following command from any mode:
show radius-server
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 97
SNMP configuration using CLIThis section describes how you can configure SNMP using CLI, to monitor devices runningsoftware that supports the retrieval of SNMP information.
Use the following commands to configure SNMP:
• Configuring SNMP v1, v2c, v3 Parameters using CLI on page 99• SNMPv3 table entries stored in NVRAM on page 100• show snmp-server command on page 100• snmp-server authentication-trap command on page 101• no snmp-server authentication-trap command on page 101• default snmp-server authentication-trap command on page 101• snmp-server community for read or write command on page 102• snmp-server community command on page 102• no snmp-server community command on page 103• default snmp-server community command on page 104• no snmp-server contact command on page 104• default snmp-server contact command on page 104• snmp-server command on page 105• no snmp-server command on page 105• snmp-server host command on page 105• show snmp-server host command on page 107• no snmp-server host command on page 107• default snmp-server host command on page 108• snmp-server location command on page 108• no snmp-server location command on page 109• default snmp-server location command on page 109• snmp-server name command on page 109• no snmp-server name command on page 110• default snmp-server name command on page 110• snmp-server user command on page 110• no snmp-server user command on page 112• snmp-server view command on page 112• no snmp-server view command on page 113• snmp-server bootstrap command on page 114
Command Line Interface Configuration
98 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
• show snmp-server notification-control on page 115• snmp-server notification-control command on page 115• no snmp-server notification-control on page 115• default snmp-server notification-control on page 116• spanning-tree rstp traps command on page 116• no spanning-tree rstp traps command on page 117• default spanning-tree rstp traps command on page 117• show spanning-tree rstp traps config conmmand on page 117
Configuring SNMP v1, v2c, v3 Parameters using CLI
Earlier releases of SNMP used a proprietary method for configuring SNMP communities andtrap destinations for specifying SNMPv1 configuration that included:
• A single read-only community string that can only be configured using the consolemenus.
• A single read-write community string that can only be configured using the consolemenus.
• Up to four trap destinations and associated community strings that can be configuredeither in the console menus, or using SNMP Set requests on the s5AgTrpRcvrTable
With the WLAN 8100 Series support for SNMPv3, you can configure SNMP using the newstandards-based method of configuring SNMP communities, users, groups, views, and trapdestinations.
Important:You must configure views and users using CLI before SNMPv3 can be used.
Important:You must have the secure version of the software image installed on your switch before youcan configure SNMPv3.
The WLAN 8100 Series also supports the previous proprietary SNMP configuration methodsfor backward compatibility.
All the configuration data configured in the proprietary method is mapped into the SNMPv3tables as read-only table entries. In the new standards-based SNMPv3 method of configuringSNMP, all processes are configured and controlled through the SNMPv3 MIBs. The CommandLine Interface commands change or display the single read-only community, read-writecommunity, or four trap destinations of the proprietary method of configuring SNMP. Otherwise,the commands change or display SNMPv3 MIB data.
The WLAN 8100 Series software supports MD5 and SHA authentication, as well as AES andDES encryption.
The SNMP agent supports exchanges using SNMPv1, SNMPv2c and SNMPv3. Support forSNMPv2c introduces a standards-based GetBulk retrieval capability using SNMPv1
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 99
communities. SNMPv3 support introduces industrial-grade user authentication and messagesecurity. This includes MD5 and SHA-based user authentication and message integrityverification, as well as AES- and DES-based privacy encryption.
Export restrictions on SHA and DES necessitate support for domestic and non-domesticexecutable images or defaulting to no encryption for all customers.
The traps can be configured in SNMPv1, v2, or v3 format. If you do not identify the version (v1,v2, or v3), the system formats the traps in the v1 format. A community string can be entered ifthe system requires one.
SNMPv3 table entries stored in NVRAM
The following list shows the number of nonvolatile entries (entries stored in NVRAM) allowedin the SNMPv3 tables. The system does not allow you to create more entries markednonvolatile when you reach these limits:
• snmpCommunityTable: 20• vacmViewTreeFamilyTable: 60• vacmSecurityToGroupTable: 40• vacmAccessTable: 40• usmUserTable: 20• snmpNotifyTable: 20• snmpTargetAddrTabel: 20• snmpTargetParamsTable: 20
show snmp-server command
The show snmp-server command displays SNMP configuration.
The syntax for the show snmp-server command is
show snmp-server {host|user|view}The show snmp-server command executes in the Privileged EXEC command mode.
The following table outlines the parameters for this command.
Table 47: show snmp-server command parameters
Parameter Descriptionhost Displays the trap receivers configured in the SNMPv3
MIBs.
user Displays the SNMPv3 users, including views accessibleto each user.
Command Line Interface Configuration
100 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Parameter Descriptionview Displays SNMPv3 views.
snmp-server authentication-trap command
The snmp-server authentication-trap command enables or disables the generationof SNMP authentication failure traps.
The syntax for the snmp-server authentication-trap command is
snmp-server authentication-trap {enable|disable}The snmp-server authentication-trap command executes in the Global Configurationmode.
The following table outlines the parameters for this command.
Table 48: snmp-server authentication-trap command parameters
Parameter Descriptionenable|disable Enables or disables the generation of authentication failure
traps.
no snmp-server authentication-trap command
The no snmp-server authentication-trap command disables generation of SNMPauthentication failure traps.
The syntax for the no snmp-server authentication-trap command is
no snmp-server authentication-trapThe no snmp-server authentication-trap command executes in the GlobalConfiguration mode.
default snmp-server authentication-trap command
The default snmp-server authentication-trap command restores SNMPauthentication trap configuration to the default settings.
The syntax for the default snmp-server authentication-trap command is
default snmp-server authentication-trapThe default snmp-server authentication-trap command executes in the GlobalConfiguration mode.
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 101
snmp-server community for read or write command
This command configures a single read-only or a single read-write community. A communityconfigured using this command does not have access to any of the SNMPv3 MIBs. Thecommunity strings created by this command are controlled by the SNMP Configuration screenin the console interface. These community strings have a fixed MIB view.
The snmp-server community command for read/write modifies the community strings forSNMPv1 and SNMPv2c access.
The syntax for the snmp-server community for read/write command is
snmp-server community [ro|rw]The snmp-server community for read/write command executes in the Global Configurationmode.
The following table outlines the parameters for this command.
Table 49: snmp-server community for read/write command
Parameter Descriptionro|rw (read-only I read-write) Specifies read-only or read-write access. Stations
with ro access can only retrieve MIB objects, andstations with rw access can retrieve and modify MIBobjects. If ro nor rw are not specified, ro is assumed(default).
snmp-server community command
The snmp-server community command allows you to create community strings withvarying levels of read, write, and notification access based on SNMPv3 views. Thesecommunity strings are separate from those created using the snmp-server community for read/write command.
This command affects community strings stored in the SNMPv3 snmpCommunity Table, whichallows several community strings to be created. These community strings can have any MIBview.
The syntax for the snmp-server community command is
snmp-server community {read-view <view-name>|write-view <view-name>|notify-view <view-name>}The snmp-server community command executes in the Global Configuration mode.
The following table outlines the parameters for this command.
Command Line Interface Configuration
102 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Table 50: snmp-server community command parameters
Parameter Description
read-view <view-name> Changes the read view used by the new communitystring for different types of SNMP operations.view-name—specifies the name of the view which isa set of MIB objects/instances that can be accessed;enter an alphanumeric string.
write-view <view-name> Changes the write view used by the new communitystring for different types of SNMP operations.view-name—specifies the name of the view which isa set of MIB objects/instances that can be accessed;enter an alphanumeric string.
notify-view <view-name> Changes the notify view settings used by the newcommunity string for different types of SNMPoperations.view-name—specifies the name of the view which isa set of MIB objects/instances that can be accessed;enter an alphanumeric string.
no snmp-server community command
The no snmp-server community command clears the snmp-server communityconfiguration.
The syntax for the no snmp-server community command is
no snmp-server community {ro|rw|<community-string>}The no snmp-server community command is executed in the Global Configurationmode.
If you do not specify a read-only or read-write community parameter, all community strings areremoved, including all the communities controlled by the snmp-server communitycommand and the snmp-server community for read-write command.
If you specify read-only or read-write, then just the read-only or read-write community isremoved. If you specify the name of a community string, then the community string with thatname is removed.
The following table outlines the parameters for this command.
Table 51: no snmp-server community command parameters
Parameters Descriptionro |rw|<community-string> Changes the settings for SNMP:
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 103
Parameters Description
• ro|rw—sets the specified old-style communitystring value to NONE, thereby disabling it.
• community-string—deletes the specifiedcommunity string from the SNMPv3 MIBs (thatis, from the new-style configuration).
default snmp-server community command
The default snmp-server community command restores the community stringconfiguration to the default settings.
The syntax for the default snmp-server community command is
default snmp-server community [ro|rw]The default snmp-server community command executes in the Global Configurationmode.
If the read-only or read-write parameter is omitted from the command, then all communitiesare restored to their default settings. The read-only community is set to Public, the read-writecommunity is set to Private, and all other communities are deleted.
The following table describes the parameters for this command.
Table 52: default snmp-server community command parameters
Parameters Descriptionro|rw Restores the read-only community to Public, or the read-
write community to Private.
no snmp-server contact command
The no snmp-server contact command clears the sysContact value.
The syntax for the no snmp-server contact command is
no snmp-server contactThe no snmp-server contact command executes in the Global Configuration mode.
default snmp-server contact command
The default snmp-server contact command restores sysContact to the defaultvalue.
Command Line Interface Configuration
104 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
The syntax for the default snmp-server contact command is
default snmp-server contactThe default snmp-server contact command executes in the Global Configurationmode.
snmp-server command
The snmp-server command enables or disables the SNMP server.
The syntax for the snmp-server command is:
snmp-server {enable|disable}The following table describes the parameters for this command.
Table 53: snmp-server command parameters
Parameter Descriptionenable|disable Enables or disables the SNMP server.
no snmp-server command
The no snmp-server command disables SNMP access.
The syntax for the no snmp-server command is
no snmp-serverThe no snmp-server command executes in the Global Configuration mode.
The no snmp-server command has no parameters or variables.
Important:If you disable SNMP access to the switch, you cannot use Device Manager for the switch.
snmp-server host command
The snmp-server host command adds a trap receiver to the trap-receiver table.
In the proprietary method, the table has a maximum of four entries, and these entries cangenerate only SNMPv1 traps. This command controls the contents of the s5AgTrpRcvrTable,which is the set of trap destinations controlled by the SNMP Configuration screen in the consoleinterface.
The proprietary method syntax for the snmp-server host for command is
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 105
snmp-server host <host-ip> <community-string>Using the new standards-based SNMP method, you can create several entries in SNMPv3MIBs. Each can generate v1, v2c, or v3 traps.
Important:Before using the desired community string or user in this command, ensure that it isconfigured with a notify-view.
The new standards-based method syntax for the snmp-server host command is
snmp-server host <host-ip> [port <trap-port>] {v1 <community-string>|v2c <community-string>|v3 {auth|no-auth|auth-priv}<username>The snmp-server host command executes in the Global Configuration mode.
The following table describes the parameters for this command.
Table 54: snmp-server host command parameters
Parameter Descriptionhost-ip Enter a dotted-decimal IP address of a host
to be the trap destination.
community-string If you are using the proprietary method forSNMP, enter a community string that worksas a password and permits access to theSNMP protocol.
port <trap-port> Enter a value for the SNMP trap port between1 and 65535.
v1<community-string> To configure the new standards-basedtables, using v1 creates trap receivers in theSNMPv3 MIBs. Multiple trap receivers withvarying access levels can be created.
v2c<community-string> To configure the new standards-basedtables, using v2c creates trap receivers in theSNMPv3 MIBs. Multiple trap receivers withvarying access levels can be created.
v3{auth|no-auth|auth-priv} To configure the new standards-basedtables, using v3 creates trap receivers in theSNMPv3 MIBs. Multiple trap receivers withvarying access levels can be created. Enterthe following variables:
Command Line Interface Configuration
106 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Parameter Description
• auth—auth specifies SNMPv3 traps aresent using authentication and no privacy.
• no-auth—no-auth specifies SNMPv3 trapsare sent using with no authentication andno privacy.
• auth-priv—specifies traps are sent usingauthentication and privacy; this parameteris available only if the image has full SHA/DES support.
username To configure the new standards-basedtables; specifies the SNMPv3 username fortrap destination; enter an alphanumericstring.
show snmp-server host command
The show snmp-server host command displays the current SNMP host informationincluding the configured trap port.
The syntax for the show snmp-server host command is
show snmp-server hostThe show snmp-server host executes in the Privileged EXEC mode.
no snmp-server host command
The no snmp-server host command deletes trap receivers from the table.
The proprietary method syntax for the no snmp-server host command is
no snmp-server host [<host-ip> [community-string>]]Using the standards-based method of configuring SNMP, a trap receiver matching the IPaddress and SNMP version is deleted.
The standards-based method syntax for the no snmp-server host command is
no snmp-server host <host-ip> [port<trap-port>] {v1|v2c|v3|<community-string>}The no snmp-server host command executes in the Global Configuration mode.
If you do not specify any parameters, this command deletes all trap destinations from thes5AgTrpRcvrTable and from SNMPv3 tables.
The following table describes the parameters for this command.
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 107
Table 55: no snmp-server host command parameters
Parameter Description<host-ip> [<community-string>] In the proprietary method, enter the following
variables:
• host-ip—the IP address of a trapdestination host.
• community-string—the community stringthat works as a password and permitsaccess to the SNMP protocol.
If both parameters are omitted, all hosts arecleared, proprietary and standards-based. Ifa host IP is included, the community-string isrequired or an error is reported.
<host-ip> Using the standards-based method, enterthe IP address of a trap destination host.
port <trap-port> Using the standards-based method, enterthe SNMP trap port.
v1|v2c|v3|<community-string> Using the standards-based method,specifies trap receivers in the SNMPv3 MIBs.<community-string>—the community stringthat works as a password and permitsaccess to the SNMP protocol.
default snmp-server host command
The default snmp-server host command restores the-old style SNMP server and thestandards based tables are reset (cleared).
The syntax for the default snmp-server host command is:
default snmp-server hostThe default snmp-server host command is executed in the Global Configurationmode.
The default snmp-server host command has no parameters or variables.
snmp-server location command
The snmp-server location command configures the SNMP sysLocation value.
The syntax for the snmp-server location command is:
snmp-server location <text>
Command Line Interface Configuration
108 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
The snmp-server location command is executed in the Global Configuration mode.
The following table describes the parameters for this command.
Table 56: snmp-server location command parameters
Parameter Descriptiontext Specify the SNMP sysLocation value; enter an
alphanumeric string of up to 255 characters.
no snmp-server location command
The no snmp-server location command clears the SNMP sysLocation value.
The syntax for the no snmp-server location command is:
no snmp-server locationThe no snmp-server location command is executed in the Global Configurationmode.
default snmp-server location command
The default snmp-server location command restores sysLocation to the defaultvalue.
The syntax for the default snmp-server location command is:
default snmp-server locationThe default snmp-server location command is executed in the Global Configurationmode.
snmp-server name command
The snmp-server name command configures the SNMP sysName value.
The syntax for the snmp-server name command is:
snmp-server name <text>The snmp-server name command is executed in the Global Configuration mode.
The following table describes the parameters for this command.
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 109
Table 57: snmp-server name command parameters
Parameter Descriptiontext Specify the SNMP sysName value; enter an
alphanumeric string of up to 255 characters.
no snmp-server name command
The no snmp-server name command clears the SNMP sysName value.
The syntax for the no snmp-server name command is:
no snmp-server nameThe no snmp-server name command is executed in the Global Configuration mode.
default snmp-server name command
The default snmp-server name command restores sysName to the default value.
The syntax for the default snmp-server name command is:
default snmp-server nameThe default snmp-server name command is executed in the Global Configurationmode.
snmp-server user command
The snmp-server user command creates an SNMPv3 user.
For each user, you can create three sets of read/write/notify views:
• for unauthenticated access• for authenticated access• for authenticated and encrypted access
The syntax for the snmp-server user command for unauthenticated access is:
snmp-server user <username> [read-view<view-name>] [write-view<view-name>] [notify-view<view-name]The syntax for the snmp-server user command for authenticated access is:
snmp-server user <username> [read-view<view-name>] [write-view<view-name>] [notify-view<view-name]] md5|sha <password> [read-view<view-name>] [write-view<view-name>] [notify-view<view-name]
Command Line Interface Configuration
110 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
The syntax for the snmp-server user command for authenticated and encrypted accessis:
snmp-server user <username> [read-view<view-name>] [write-view<view-name>] [notify-view<view-name]] md5|sha <password> [read-view<view-name>] [write-view<view-name>] [notify-view<view-name]] {3des|aes|des} <password> [read-view<view-name>] [write-view<view-name>][notify-view<view-name]The snmp-server user command is executed in the Global Configuration mode.
The sha and 3des/aes/des parameters are only available if the switch image has SSHsupport.
For authenticated access, you must specify the md5 or sha parameter. For authenticated andencrypted access, you must also specify the 3des, aes, or des parameter.
For each level of access, you can specify read, write, and notify views. If you do not specifyview parameters for authenticated access, the user will have access to the views specified forunauthenticated access. If you do not specify view parameters for encrypted access, the userwill have access to the views specified for authenticated access or, if no authenticated viewswere specified, the user will have access to the views specified for unauthenticated access.
The following table describes the parameters for this command.
Table 58: snmp-server user command parameters
Parameters Descriptionusername Specifies the user name. Enter an alphanumeric string
of up to 255 characters.
md5 <password> Specifies the use of an md5 password. <password>specifies the new user md5 password; enter analphanumeric string. If this parameter is omitted, the useris created with only unauthenticated access rights.
read-view <view-name> Specifies the read view to which the new user hasaccess:
view-name—specifies the viewname; enter analphanumeric string of up to 255 characters.
write-view <view-name> Specifies the write view to which the new user hasaccess:
view-name—specifies the viewname; enter analphanumeric string that can contain at least some ofthe nonalphanumeric characters.
notify-view <view-name> Specifies the notify view to which the new user hasaccess:
view-name—specifies the viewname; enter analphanumeric string that can contain at least some ofthe nonalphanumeric characters.
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 111
Parameters DescriptionSHA Specifies SHA authentication.
3DES Specifies 3DES privacy encryption.
AES Specifies AES privacy encryption.
DES Specifies DES privacy encryption.
engine-id Specifies the new remote user to receive notifications.
notify-view—specifies the viewname to notify.
Important:If a view parameter is omitted from the command, that view type cannot be accessed.
no snmp-server user command
The no snmp-server user command deletes the specified user.
The syntax for the no snmp-server user command is:
no snmp-server user [engine-id<engine ID>] <username>The no snmp-server user command is executed in the Global Configuration mode.
Important:If you do not specify any parameters, this command deletes all snmpv3 users from theSNMPv3 tables.
The following table describes the parameters for this command.
Table 59: no snmp-server user command parameters
Parameters Description[engine-id <engine ID>] Specifies the SNMP engine ID of the remote SNMP
entity.
username Specifies the user to be removed.
snmp-server view command
The snmp-server view command creates an SNMPv3 view. The view is a set of MIB objectinstances which can be accessed.
The syntax for the snmp-server view command is:
Command Line Interface Configuration
112 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
snmp-server view <view-name> <OID> [<OID> {<OID> [<OID> [<OID> [<OID>[<OID> [<OID> [<OID> [<OID>]]]]]]]]]The snmp-server view command is executed in the Global Configuration mode.
The following table describes the parameters for this command.
Table 60: snmp-server view command parameters
Parameters Descriptionviewname Specifies the name of the new view; enter an
alphanumeric string.
OID Specifies Object identifier. OID can be entered as adotted form OID. Each OID must be preceded by a+ or - sign (if this is omitted, a + sign is implied). The+ is not optional.For the dotted form, a sub-identifier can be anasterisk, indicating a wildcard. Here are someexamples of valid OID parameters:
• sysName
• +sysName
• -sysName
• +sysName.0
• +ifIndex.1
• -ifEntry..1 (this matches all objects in the ifTablewith an instance of 1; that is, the entry for interface#1)
• 1.3.6.1.2.1.1.1.0 (the dotted form of sysDescr)
The + or - indicates whether the specified OID isincluded in or excluded from, the set of MIB objectsaccessible using this view.There are 10 possible OID values.
no snmp-server view command
The no snmp-server view command deletes the specified view.
The syntax for the no snmp-server view is:
no snmp-server view <viewname>The no snmp-server view is executed in the Global Configuration mode.
The following table describes the parameters for this command.
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 113
Table 61: no snmp-server view command parameters
Parameter Descriptionviewname Specifies the name of the view to be removed. This is
not an optional parameter.
snmp-server bootstrap command
The snmp-server bootstrap command allows you to specify how you wish to secureSNMP communications, as described in the SNMPv3 standards. It creates an initial set ofconfiguration data for SNMPv3. This configuration data follows the conventions described inthe SNMPv3 standard (in RFC 3414 and 3415). This commands creates a set of initial users,groups and views.
Important:This command deletes all existing SNMP configurations, hence must be used with care.
The syntax for the snmp-server bootstrap command is:
snmp-server bootstrap <minimum-secure>|<semi-secure>|<very-secure>The snmp-server bootstrap command is executed in the Global Configuration mode.
The following table describes the parameters for this command.
Table 62: snmp-server bootstrap command parameters
Parameters Description<minimum-secure> Specifies a minimum security configuration that allows read
access and notify access to all processes (view restricted) withnoAuth-noPriv and read, write, and notify access to allprocesses (internet view) using Auth-noPriv and Auth-Priv.
Important:In this configuration, view restricted matches viewinternet.
<semi-secure> Specifies a minimum security configuration that allows readaccess and notify access to all processes (view restricted) withnoAuth-noPriv and read, write, and notify access to allprocesses (internet view) using Auth-noPriv and Auth-Priv.
Important:In this configuration, restricted contains a smaller subset ofviews than internet view. The subsets are defined accordingto RFC 3515 Appendix A.
<very-secure> Specifies a maximum security configuration that allows noaccess to the users.
Command Line Interface Configuration
114 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
show snmp-server notification-control
The show snmp-server notification-control command shows the current state ofthe applicable notifications.
The syntax for the show snmp-server notification-control command is
show snmp-server notification-controlThe show snmp-server notification-control command executes in PrivilegedEXEC mode.
snmp-server notification-control command
The snmp-server notification-control command enables the notification identifiedby the command parameter. The notification options are:
• DHCP Snooping: bsDhcpSnoopingBindingTableFull, bsDhcpSnoopingTrap• Dynamic ARP Inspection: bsaiArpPacketDroppedOnUntrustedPort• IP Source Guard: bsSourceGuardReachedMaxIpEntries,
bsSourceGuardCannotEnablePortThe syntax for the snmp-server notification-control command is
snmp-server notification-control <WORD/1-128>The snmp-server notification-control command executes in Global Configurationmode.
The following table describes the parameters for this command.
Table 63: snmp-server notification-control command parameters
Parameter Description<WORD/1-128> Can either be the English description or the OID of a
supported notification type.
no snmp-server notification-control
The no snmp-server notification-control command disables the notificationidentified by the command parameter. The notification options are:
• DHCP Snooping: bsDhcpSnoopingBindingTableFull, bsDhcpSnoopingTrap• Dynamic ARP Inspection: bsaiArpPacketDroppedOnUntrustedPort• IP Source Guard: bsSourceGuardReachedMaxIpEntries,
bsSourceGuardCannotEnablePort
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 115
The syntax for the no snmp-server notification-control command is
no snmp-server notification-control <WORD/1-128>The no snmp-server notification-control command executes in GlobalConfiguration mode.
The following table describes the parameters for this command.
Table 64: no snmp-server notification-control command parameters
Parameter Description<WORD/1-128> Can either be the English description or the OID of a
supported notification type.
default snmp-server notification-control
The default snmp-server notification-control command returns the notificationidentified by the command parameter to its default state.
The syntax for the default snmp-server notification-control command is
default snmp-server notification-control <WORD/1-128>The default snmp-server notification-control command executes in GlobalConfiguration mode.
The following table describes the parameters for this command.
Table 65: default snmp-server notification-control command parameters
Parameter Description<WORD/1-128> Can either be the English description or the OID of a supported
notification type.
spanning-tree rstp traps command
The RSTP traps feature provides notifications for the following events:
• RSTP instance up/down• RSTP core memory allocation error• RSTP core buffer allocation error• New root bridge• Port protocol migration
The default settings of RSTP traps are enabled. The events are notified as SNMP traps andas system log messages.
Command Line Interface Configuration
116 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
The following messages for the RSTP traps will be logged into the system log:
• Trap: RSTP General Event (Up/Down)• Trap: RSTP Error Event (Mem Fail / Buff Fail)• Trap: RSTP New Root tt:tt:tt:tt:tt:tt:tt:tt• Trap: RSTP Topology Change• Trap: RSTP Protocol Migration Type: Send (RSTP/STP) for Port: t
If the traps are not received on the traps receiver host (should be configured) but the traps arelogged into the system log, the network connectivity should be checked.
The spanning-tree rstp traps command enables RSTP traps.
The syntax for the spanning-tree rstp traps command is
spanning-tree rstp trapsThe spanning-tree rstp traps command executes in the Global Configuration mode.
no spanning-tree rstp traps command
The no spanning-tree rstp traps command disables RSTP traps.
The syntax for the no spanning-tree rstp traps is
no spanning-tree rstp trapsThe no spanning-tree rstp traps command executes in the Global Configurationmode.
default spanning-tree rstp traps command
The default spanning-tree rstp traps command returns RSTP traps to their defaultstate.
The syntax for the default spanning-tree rstp traps is
default spanning-tree rstp trapsThe default spanning-tree rstp traps command executes in the GlobalConfiguration mode.
show spanning-tree rstp traps config conmmand
The show spanning-tree rstp traps config command shows the current state of theRSTP trap.
The syntax for the show spanning-tree rstp traps config command is
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 117
show spanning-tree rstp traps configThe show spanning-tree rstp traps config command executes in the PrivilegedEXEC mode.
Configuring TACACS+ using CLIAbout this taskTo configure TACACS+ to perform AAA services for system users, do the following:
1. Configure the TACACS+ server itself. For more information, see the vendordocumentation for your server for specific configuration procedures.
2. Configure TACACS+ server settings on the switch3. Enable TACACS+ services over serial or Telnet connections4. Enable TACACS+ authorization and specify privilege levels5. Enable TACACS+ accounting
Important:You can enable TACACS+ authorization without enabling TACACS+ accounting, and youcan enable TACACS+ accounting without enabling TACACS+ authorization.
Use the following commands to configure TACACS+:
• Configuring TACACS+ server settings on page 118• Enabling remote TACACS+ services on page 119• Enabling TACACS+ authorization on page 120• Setting authorization privilege levels on page 120• Viewing TACACS+ information on page 121
Configuring TACACS+ server settings
About this taskTo add a TACACS+ server, use the following command in Global or Interface Configurationmode:
tacacs serverThe following table describes the parameters for this command.
Table 66: tacas server command parameters
Parameter Descriptionhost <IPaddr> Specifies the IP address of the primary
server you want to add or configure.
Command Line Interface Configuration
118 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Parameter Descriptionkey <key> Specifies the secret authentication and
encryption key used for all communicationsbetween the NAS and the TACACS+ server.The key, also referred to as the sharedsecret, must be the same as the one definedon the server. You are prompted to confirmthe key when you enter it.
Important:The key parameter is a requiredparameter when you create a new serverentry. The parameter is optional when youare modifying an existing entry.
[secondary host <IPaddr>] Specifies the IP address of the secondaryserver. The secondary server is used only ifthe primary server does not respond.
[port <port>] Specifies the TCP port for TACACS+ whereport is an integer in the range of 0-65535.The default port number is 49.
To delete a TACACS+ server, use one of the following commands in Global or InterfaceConfiguration mode:
no tacacsdefault tacacsThe commands erase settings for the TACACS+ primary and secondary servers and secretkey, and restore default port settings.
Enabling remote TACACS+ services
About this taskTo enable TACACS+ to provide services to remote users over serial or Telnet connections, usethe following commands in Global or Interface Configuration mode.
For serial connections:
cli password serial tacacsFor Telnet connections:
cli password telnet tacacsYou must configure a TACACS+ server on the switch before you can enable remote TACACS+ services. For more information about configuring the primary TACACS+ server and sharedsecret, see “Configuring TACACS+ server settings” (page 159).
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 119
Enabling TACACS+ authorization
About this taskTo enable TACACS+ authorization globally on the switch, use the following command in Globalor Interface Configuration mode:
tacacs authorization enableTo disable TACACS+ authorization globally on the switch, use the following command in Globalor Interface Configuration mode:
tacacs authorization disableThe default is disabled.
Setting authorization privilege levels
The preconfigured privilege levels control which commands can be executed. If a user hasbeen assigned a privilege level for which authorization has been enabled, TACACS+authorizes the authenticated user to execute a specific command only if the command isallowed for that privilege level.
To specify the privilege levels to which authorization applies, use the following command inGlobal or Interface Configuration mode:
tacacs authorization level all|<level>|noneThe following table describes the parameters for this command.
Table 67: tacas authorization command parameters
Parameter Descriptionall Authorization is enabled for all privilege levels.
<level> An integer in the range 0–15 that specifies theprivilege levels for which authorization is enabled.You can enter a single level, a range of levels, orseveral levels. For any levels you do not specify,authorization does not apply, and users assignedto these levels can execute all commands.
none Authorization is not enabled for any privilege level.All users can execute any command available onthe switch.
Command Line Interface Configuration
120 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Viewing TACACS+ information
About this taskTo display TACACS+ configuration status, enter the following command from any mode:
show tacacs
Configuring IP Manager using CLIAbout this taskTo configure the IP Manager to control management access to the switch, do the following:
• Enable IP Manager.• Configure the IP Manager list.
Use the following commands to configure IP Manager:
• Enabling IP Manager on page 121• Configuring the IP Manager list on page 122• Removing IP Manager list entries on page 122• Viewing IP Manager settings on page 122
Enabling IP Manager
About this taskTo enable IP Manager to control Telnet, SNMP, SSH, or HTTP access, use the followingcommand in Global Configuration mode:
ipmgr {telnet|snmp|web|ssh}The following table describes the parameters for this command.
Table 68: Enabling IP manager command parameters
Parameter Descriptiontelnet Enables the IP Manager list check for Telnet access.
snmp Enables the IP Manager list check for SNMP, includingDevice Manager.
web Enables the IP Manager list check for Web-basedmanagement system.
ssh Enables the IP Manager list check for SSH access.
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 121
To disable IP Manager for a management system, use the no keyword at the start of thecommand.
Configuring the IP Manager list
About this taskTo specify the source IP addresses or address ranges that have access the switch when IPManager is enabled, use the following command in Global Configuration mode:
For Ipv4 entries with list ID between 1-50:
ipmgr source-ip <list ID> <Ipv4addr> [mask<mask>]The following table describes the parameters for this command.
Table 69: ipmgr source-ip command parameters
Parameter Description<list ID> An integer in the range 1-50 for Ipv4 entries and
51-100 for Ipv6 entries that uniquely identifies theentry in the IP Manager list.
<Ipv4addr> Specifies the source IP address from whichaccess is allowed. Enter the IP address either asan integer or in dotted-decimal notation.
[mask <mask>] Specifies the subnet mask from which access isallowed. Enter the IP mask in dotted-decimalnotation.
Removing IP Manager list entries
To deny access to the switch for specified source IP addresses or address ranges, use thefollowing command in Global Configuration mode:
no ipmgr source-ip [<list ID>]<list ID> is an integer in the range 1-50 for Ipv4 addresses that uniquely identifies the entry inthe IP Manager list.
The command sets both the IP address and mask for the specified entry to 255.255.255.255for Ipv4 entries. If you do not specify a <list ID> value, the command resets the whole listto factory defaults.
Viewing IP Manager settings
About this taskTo view IP Manager settings, use the following command in any mode:
Command Line Interface Configuration
122 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
show ipmgrThe command displays
• whether Telnet, SNMP, SSH, and Web access are enabled• whether the IP Manager list is being used to control access to Telnet, SNMP, SSH, and
Web-based management system• the current IP Manager list configuration
Configuring password security using CLIAbout this taskThe CLI commands detailed in this section are used to manage password security features.These commands can be used in the Global Configuration and Interface Configurationcommand modes.
• Enabling password security on page 123• Disabling password security on page 123• Creating user names and passwords on page 124• Configuring password retry attempts on page 124• Configuring password history on page 124• Defaulting password history on page 124• Displaying password history settings on page 125
Enabling password security
About this taskThe password security command enables the Password Security feature on the WLAN8100 Series.
The syntax of the password security command is
password security
Disabling password security
The no password security command disables the Password Security feature on theWLAN 8100 Series.
The syntax for the no password security command is
no password security
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 123
Creating user names and passwords
About this taskUse the username command to create custom user names and assign switch read-only andread-write passwords to them. These custom user names apply to local authentication only.
The syntax of this command is as follows:
username <username> {ro | rw}After entering this command the user is prompted to enter the password for the new user.
Custom users cannot have custom access rights and limitations. Use of the associated read-only password confers the same rights and limitations as the default read-only user. Use ofthe associated read-write password confers the same rights and limitation as the default read-write user.
Configuring password retry attempts
About this taskTo configure the number of times a user can retry a password, use the following command inGlobal or Interface Configuration mode:
telnet-access retry <number>Where number is an integer in the range 1 to 100 that specifies the allowed number of failedlog on attempts. The default is 3.
Configuring password history
About this taskUse the password password-history command to configure the number of passwordsstored in the password history table. This command has the following syntax:
password password-history <3-10>The parameter <3-10> represents the number of passwords to store in the history table. Usethe appropriate value when configuring the feature.
Defaulting password history
Use the default password password-history command to return the number ofpasswords stored in the password history table to the default value of 3.
Command Line Interface Configuration
124 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Displaying password history settings
The show password password-history command is used to display the number ofpasswords currently stored in the password history table.
Configuring Avaya Secure Network Access OptionsAbout this taskUse the following procedure to configure Avaya Secure Network Access (formerly NortelSecure Network Access or NSNA).
Procedure
1. Enter Privileged mode of the CLI.
2. Enter Configuration mode by entering the config command.
3. Use the command nsna fail-open and one of the following commands toconfigure fail-open options:
a. Use the command filter-vlan-id <1–4094> to set fail-open filter vlanID.
b. Use the command vlan-id <1–4094> to set fail-open vlan ID.
c. Use the command enable to enable secure network access fail-open.
4. Use the command nsnas <subnet address> to set the secure network accesssubnet.
5. Use the command nsnas phone-signature <WORD> to assign a securenetwork access phone signature.
6. Use the command nsnas vlan <1–4094> to set the secure network access vlanID.
Displaying CLI Audit log using CLIAbout this taskThe CLI audit provides a means for tracking CLI commands. The show audit log commanddisplays the command history audit log stored in NVRAM. The syntax for the show auditlog command is:
show audit log [asccfg | serial | telnet]The show audit log command is in the Privileged EXEC mode.
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 125
The following table describes the parameters and variables for the show audit logcommand.
Table 70: show audit log command parameters
Parameter Descriptionasccfg Displays the audit log for ASCII configuration.
serial Displays the audit log for serial connections.
telnet Displays the audit log for Telnet and SSHconnections.
Enabling Audit Log Save SettingsAbout this taskUse the following procedure to enable Audit Log save settings.
Procedure
1. Enter Privileged mode of the CLI.
2. Enter Configuration mode by entering the config command.
3. Use the command audit log save enable to enable audit log save settings.
Configuring Secure Socket Layer services using CLIAbout this taskThe following table lists CLI commands available for working with Secure Socket Layer(SSL).
Table 71: SSL commands
Command Description[no] ssl Enables or disables SSL. The Web server operates
in a secure mode when SSL is enabled and innonsecure mode when the SSL server is disabled.
[no] ssl certificate Creates or deletes a certificate. The new certificate isused only on the next system reset or SSL serverreset. The new certificate is stored in the NVRAM withthe file name SSLCERT.DAT. The new certificate filereplaces the existing file. On deletion, the certificatein NVRAM is also deleted. The current SSL server
Command Line Interface Configuration
126 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Command Descriptionoperation is not affected by the create or deleteoperation.
ssl reset Resets the SSL server. If SSL is enabled, the SSLserver is restarted and initialized with the certificatethat is stored in the NVRAM. Any existing SSLconnections are closed. If SSL is not enabled, theexisting nonsecure connection is also closed and thenonsecure operation resumes.
show ssl Shows the SSL server configuration and SSL serverstate.
show ssl certificate Displays the certificate which is stored in the NVRAMand is used by the SSL server.
The following table describes the output for the show ssl command.
Table 72: Server state information
Field DescriptionWEB Server SSL secured Shows whether the Web server is using an
SSL connection.
SSL server state Displays one of the following states:
• Un-initialized: The server is not running.
• Certificate Initialization: The server isgenerating a certificate during itsinitialization phase.
• Active: The server is initialized andrunning.
SSL Certificate: Generation in progress Shows whether SSL is in the process ofgenerating a certificate. The SSL servergenerates a certificate during server startupinitialization, or CLI user can regenerate anew certificate.
SSL Certificate: Saved in NVRAM Shows whether an SSL certificate exists inthe NVRAM. The SSL certificate is notpresent if the system is being initialized forthe first time or CLI user has deleted thecertificate.
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 127
Configuring Secure Shell protocol using CLIAbout this taskSecure Shell protocol is used to improve Telnet and provide a secure access to CLI interface.There are two versions of the SSH Protocol. The WLAN 8100 Series SSH supports SSH2.
The following CLI commands are used in the configuration and management of SSH.
• show ssh command on page 128• ssh dsa-host-key command on page 129• no ssh dsa-host-key command on page 129• ssh download-auth-key command on page 129• no ssh dsa-auth-key command on page 130• ssh command on page 130• no ssh command on page 130• ssh secure command on page 131• ssh dsa-auth command on page 131• no ssh dsa-auth on page 131• default ssh dsa-auth command on page 132• ssh pass-auth command on page 132• no ssh pass-auth command on page 132• default ssh pass-auth command on page 132• ssh port command on page 132• default ssh port command on page 133• ssh timeout command on page 133• default ssh timeout command on page 133
show ssh command
This command displays information about all active SSH sessions and on other general SSHsettings.
The syntax for the show ssh command is:
show ssh {global|session|download-auth-key}The following table describes the parameters for this command.
Command Line Interface Configuration
128 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Table 73: show ssh command parameters
Parameter Descriptiondownload-auth-key Display authorization key and TFTP server IP address
global Display general SSH settings
session Display SSH session information
The show ssh global command is executed in the Privileged EXEC command mode.
ssh dsa-host-key command
The ssh dsa-host-key command triggers the DSA key regeneration.
The syntax for the ssh dsa-host-key command is:
ssh dsa-host-keyThe command is executed in the Global Configuration mode.
The ssh dsa-host-key command has no parameters or variables.
no ssh dsa-host-key command
The no ssh dsa-host-key command deletes the DSA keys in the switch. A new DSA keycan be generated by executing dsa-host-key or SSH enable commands.
The syntax for the no ssh dsa-host-key command is:
no ssh dsa-host-keyThe no ssh dsa-host-key command is executed in the Global Configuration mode.
The no ssh dsa-host-key command has no parameters or variables.
ssh download-auth-key command
The ssh download-auth-key command downloads the DSA authentication key into theswitch from the specified TFTP server or from the USB stick, if available.
The syntax for the ssh download-auth-key command is:
ssh download-auth-key [address] [<key-name>] [usb]The following table describes the parameters for this command.
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 129
Table 74: ssh download-auth-key command parameters
Parameter Descriptionaddress Specify the TFTP server IP address.
key-name Specify the TFTP/USB file name.
usb Specify whether download SSH auth key from theUSB stick.Available only if the device has USB port.
The ssh download-auth-key command is executed in the Global Configuration mode.
no ssh dsa-auth-key command
The no ssh dsa-auth-key command deletes the DSA authentication key stored in theswitch.
The syntax for the no ssh dsa-auth-key command is:
no ssh dsa-auth-keyThe no ssh dsa-auth-key command is executed in the Global Configuration mode.
ssh command
The ssh command enables SSH in a non secure mode. If the host keys do not exist, they aregenerated.
The syntax for the ssh command is:
sshThe ssh command is executed in the Global Configuration mode.
This command has no parameters.
no ssh command
The no ssh command disables SSH.
The syntax for the no ssh command is:
no ssh {dsa-auth|dsa-auth-key|dsa-host-key|pass-auth}The following table describes the parameters for this command.
Command Line Interface Configuration
130 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Table 75: no ssh command parameters
Parameter Descriptiondsa-auth Disable SSH DSA authentication.
dsa-auth-key Delete SSH DSA auth key.
dsa-host-key Delete SSH DSA host key.
pass-auth Disable SSH password authentication.
The no ssh command is executed in the Global Configuration mode.
ssh secure command
The ssh secure command disables web, SNMP, and Telnet management interfacespermanently.
The no ssh command does NOT turn them back on; they must be re-enabled manually. Awarning message is issued to the user to enable one of the other interfaces before turning offSSH secure mode.
The syntax for the ssh secure command is:
ssh secureThe ssh secure command is executed in the Global Configuration mode.
ssh dsa-auth command
The ssh dsa-auth command enables the user log on using DSA key authentication.
The syntax for the command is:
ssh dsa-authThe ssh dsa-auth command is executed in the Global Configuration mode.
no ssh dsa-auth
The no ssh dsa-auth command disables user log on using DSA key authentication.
The syntax for the no ssh dsa-auth command is:
no ssh dsa-authThe no ssh dsa-auth command is executed in the Global Configuration mode.
Configuring system security
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 131
default ssh dsa-auth command
The default ssh dsa-auth command enables the user log on using the DSA keyauthentication.
The syntax for the default ssh dsa-auth command is:
default ssh dsa-authThe default ssh dsa-auth command is executed in the Global Configuration mode.
ssh pass-auth command
The ssh pass-auth command enables user log on using the password authenticationmethod.
The syntax for the ssh pass-auth command is:
ssh pass-authThe ssh pass-auth command is executed in the Global Configuration mode.
no ssh pass-auth command
The no ssh pass-auth command disables user log on using password authentication.
The syntax for the no ssh pass-auth command is:
no ssh pass-authThe no ssh pass-auth command is executed in the Global Configuration mode.
default ssh pass-auth command
The default ssh pass-auth command enables user log on using passwordauthentication.
The syntax for the default ssh pass-auth command is:
default ssh pass-authThe default ssh pass-auth command is executed in the Global Configuration mode.
ssh port command
The ssh port command sets the TCP port for the SSH daemon.
Command Line Interface Configuration
132 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
The syntax for the ssh port command is:
ssh port <1-65535>Substitute the <1-65535> with the number of the TCP port to be used.
The ssh port command is executed in the Global Configuration mode.
default ssh port command
The default ssh port command sets the default TCP port for the SSH daemon.
The syntax for the default ssh port command is:
default ssh portThe default ssh port command is executed in the Global Configuration mode.
ssh timeout command
The ssh timeout command sets the authentication timeout, in seconds.
The syntax of the ssh timeout command is:
ssh timeout <1-120>Substitute <1-120> with the desired number of seconds.
The ssh timeout command is executed in the Global Configuration mode.
default ssh timeout command
The default ssh timeout command sets the default authentication timeout to 60seconds.
The syntax for the default ssh timeout command is:
default ssh timeoutThe default ssh timeout command is executed in the Global Configuration mode.
Configuring VLANs and Link AggregationAbout this taskThis chapter describes the methods and procedures necessary to configure VLANs, SpanningTree and Link Aggregation on the WC 8180.
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 133
Navigation
• Configuring VLANs using CLI on page 134• Configuring STP using CLI on page 146• Configuring MLT using CLI on page 157• Configuring LACP and VLACP using CLI on page 160
Configuring VLANs using CLIAbout this taskThe Command Line Interface commands detailed in this section allow for the creation andmanagement of VLANs. Depending on the type of VLAN being created or managed, thecommand mode needed to execute these commands can differ.
Navigation
This section contains information about the following topics:
• Displaying VLAN information on page 134• Displaying VLAN interface information on page 136• Displaying VLAN port membership on page 136• Setting the management VLAN on page 136• Resetting the management VLAN to default on page 137• Creating a VLAN on page 137• Deleting a VLAN on page 138• Modifying VLAN MAC address flooding on page 138• Configuring VLAN name on page 139• Enabling automatic PVID on page 139• Configuring VLAN port settings on page 139• Configuring VLAN members on page 140• Configuring VLAN Configuration Control on page 141• Managing the MAC address forwarding database table on page 142• IP Directed Broadcasting on page 145
Displaying VLAN information
About this taskUse the following procedure to display the number, name, type, protocol, user PID, state of aVLAN and whether it is a management VLAN.
Command Line Interface Configuration
134 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
To display VLAN information, use the following command from Privileged EXECmode.show vlan [configcontrol] [dhcp-relay <1-4094>] [igmp{<1-4094>| unknown-mcast-allow-flood | unknown-mcast-no-flood}] [interface { info | vids}] [ip <vid>] [mgmt] [multicast<membership>] [type {port | protocol-ipEther2| protocol-ipx802.3 | protocol-ipx802.2 | protocol-ipxSnap | protocol-ipxEther2 | protocol-decEther2 | protocol-snaEther2 | protocol-Netbios | protocol-xnsEther2 | protocol-vi nesEther2 |protocol-ipv6Ether2 | protocol-Userdef |protocol-RarpEther2][vid <1-4094>]
Variable definitions
The following table describes the variables for this command.
Variable Valuevid <1-4094> Enter the number of the VLAN to display.
type Enter the type of VLAN to display:
• port - port-based
• protocol - protocol-based (see following list)
protocol-ipEther2 Specifies an ipEther2 protocol-based VLAN.
protocol-ipx802.3 Specifies an ipx802.3 protocol-based VLAN.
protocol-ipx802.2 Specifies an ipx802.2 protocol-based VLAN.
protocol-ipxSnap Specifies an ipxSnap protocol-based VLAN.
protocol-ipxEther2 Specifies an ipxEther2 protocol-based VLAN.
protocol-decEther2 Specifies a decEther2 protocol-based VLAN.
protocol-snaEther2 Specifies an snaEther2 protocol-based VLAN.
protocol-Netbios Specifies a NetBIOS protocol-based VLAN.
protocol-xnsEther2 Specifies an xnsEther2 protocol-based VLAN.
protocol-vinesEther2 Specifies a vinesEther2 protocol-based VLAN.
protocol-ipv6Ether2 Specifies an ipv6Ether2 protocol-based VLAN.
protocol-Userdef Specifies a user-defined protocol-based VLAN.
protocol-RarpEther2 Specifies a RarpEther2 protocol-based VLAN.
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 135
Displaying VLAN interface information
About this taskUse the following procedure to display VLAN settings associated with a port, including tagginginformation, PVID number, priority, and filtering information for tagged, untagged, andunregistered frames.
Procedure
To display VLAN interface information, use the following command from PrivilegedEXEC mode.show vlan interface info [<portlist>]
Displaying VLAN port membership
About this taskUse the following procedure to display port memberships in VLANs.
Procedure
To display VLAN port memberships, use the following command from Privileged EXECmode.show vlan interface vids [<portlist>]
Setting the management VLAN
About this taskUse the following procedure to set a VLAN as the management VLAN.
Procedure
To set the management VLAN, use the following command from Global Configurationmode.vlan mgmt <1-4094>
Command Line Interface Configuration
136 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Resetting the management VLAN to default
About this taskUse the following procedure to reset the management VLAN to VLAN1.
Procedure
To reset the management VLAN to default, use the following command from GlobalConfiguration mode.default vlan mgmt
Creating a VLAN
About this taskUse the following procedure to create a VLAN. A VLAN is created by setting the state of apreviously nonexistent VLAN.
Procedure
To create a VLAN, use the following command from Global Configuration mode.vlan create <1-4094> [name<line>] type {port | protocol-ipEther2 | protocol-ipx802.3 | protocolipx802.2 | protocol-ipxSnap | protocol-ipxEther2 | protocol-decEther2 | protocol-snaEther2 | protocol-N etbios | protocol-xnsEther2 | protocol-vinesEther2 | protocol-ipv6Ether2 | protocol-Userdef<4096-65534>| protocol-RarpEther2}
Variable definitions
Variable Value<1-4094> Enter the number of the VLAN to create.
name <line> Enter the name of the VLAN to create.
type Enter the type of VLAN to create:
• port - port-based
• protocol - protocol-based (see following list)
protocol-ipEther2 Specifies an ipEther2 protocol-based VLAN.
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 137
Variable Valueprotocol-ipx802.3 Specifies an ipx802.3 protocol-based VLAN.
protocol-ipx802.2 Specifies an ipx802.2 protocol-based VLAN.
protocol-ipxSnap Specifies an ipxSnap protocol-based VLAN.
protocol-ipxEther2 Specifies an ipxEther2 protocol-based VLAN.
protocol-decEther2 Specifies a decEther2 protocol-based VLAN.
protocol-snaEther2 Specifies an snaEther2 protocol-based VLAN.
protocol-Netbios Specifies a NetBIOS protocol-based VLAN.
protocol-xnsEther2 Specifies an xnsEther2 protocol-based VLAN.
protocol-vinesEther2 Specifies a vinesEther2 protocol-based VLAN.
protocol-Userdef <4096-65534> Specifies a user-defined protocol-based VLAN.
protocol-ipv6Ether2 Specifies an ipv6Ether2 protocol-based VLAN.
Deleting a VLAN
About this taskUse the following procedure to delete a VLAN.
Procedure
To delete a VLAN, use the following command from Global Configuration mode.vlan delete <2-4094>
Modifying VLAN MAC address flooding
About this taskUse the following procedure to remove MAC addresses from the list of addresses for whichflooding is allowed. This procedure can also be used as an alternate method of deleting aVLAN.
Procedure
To modify VLAN MAC address flooding, or to delete a VLAN, use the followingcommand from Global Configuration mode.no vlan [<2-4094>] [igmp unknown-mcast-allow-flood <H.H.H>]
Command Line Interface Configuration
138 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Configuring VLAN name
About this taskUse the following procedure to configure or modify the name of an existing VLAN.
Procedure
To configure the VLAN name, use the following command from Global Configurationmode.vlan name <1-4094> <line>
Enabling automatic PVID
About this taskUse the following procedure to enable the automatic PVID feature.
Procedure
To enable automatic PVID, use the following command from Global Configurationmode.[no] auto-pvidUse the no form of this command to disable
Configuring VLAN port settings
About this taskUse the following procedure to configure VLAN-related settings for a port.
Procedure
To configure VLAN port settings, use the following command from Global Configurationmode.vlan ports [<portlist>] [tagging {enable | disable | tagAll |untagAll | tagPvidOnly | untagPvidOnly}] [pvid <1-4094>][filter-untagged-frame {enable | disable}] [filter-unregistered-frames {enable | disable}] [priority <0-7>] [name<line>]
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 139
Variable Definitions
Variable Value<portlist> Enter the port numbers to be configured for a VLAN.
tagging {enable|disable|tagAll|untagAll| tagPvidOnly|untagPvidOnly}
Enables or disables the port as a tagged VLANmember for egressing packet.
pvid <1-4094> Sets the PVID of the port to the specified VLAN.
filter-untagged-frame {enable|disable}
Enables or disables the port to filter received untaggedpackets.
filter-unregistered-frames {enable |disable}
Enables or disables the port to filter receivedunregistered packets. Enabling this feature on a portmeans that any frames with a VID to which the portdoes not belong to are discarded.
priority <0-7> Sets the port as a priority for the switch to consider asit forwards received packets.
name <line> Enter the name you want for this port.Note: This option can only be used if a single port isspecified in the <portlist>
Configuring VLAN members
About this taskUse the following procedure to add or delete a port from a VLAN.
Procedure
To configure VLAN members, use the following command from Global Configurationmode.vlan members [add | remove] <1-4094> <portlist>
Variable Definitions
Variable Valueadd | remove Adds a port to or removes a port from a VLAN.
Note: If this parameter is omitted, set the exact portmembership for the VLAN; the prior port membership of theVLAN is discarded and replaced by the new list of ports.
<1-4094> Specifies the target VLAN.
portlist Enter the list of ports to be added, removed, or assigned to theVLAN.
Command Line Interface Configuration
140 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Configuring VLAN Configuration Control
About this taskVLAN Configuration Control (VCC) allows a switch administrator to control how VLANs aremodified. VLAN Configuration Control is a superset of the existing AutoPVID functionality andincorporates this functionality for backwards compatibility. VLAN Configuration Control isglobally applied to all VLANs on the switch.
VLAN Configuration Control offers four options for controlling VLAN modification:
• Strict• Automatic• AutoPVID• Flexible
Note: The factory default setting is Strict.
VLAN Configuration Control is only applied to ports with the tagging modes of Untag All andTag PVID Only.
To configure VCC using the CLI, refer to the following commands:
• Displaying VLAN Configuration Control settings on page 141• Modifying VLAN Configuration Control settings on page 141
Displaying VLAN Configuration Control settingsAbout this taskUse the following procedure to display the current VLAN Configuration Control setting.
Procedure
To display VLAN Configuration Control settings, use the following command fromGlobal Configuration mode.show vlan configcontrol
Modifying VLAN Configuration Control settingsAbout this taskUse the following procedure to modify the current VLAN Configuration Control setting. Thiscommand applies the selected option to all VLANs on the switch.
Procedure
To modify VLAN Configuration Control settings, use the following command fromGlobal Configuration morevlan configcontrol <vcc_option>
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 141
Variable Definitions
Variable Value<vcc_option> This parameter denotes the VCC option to use on the
switch. The valid values are:
• automatic -- Changes the VCC option to Automatic.
• autopvid -- Changes the VCC option to AutoPVID.
• flexible -- Changes the VCC option to Flexible.
• strict -- Changes the VCC option to Strict. This is thedefault VCC value.
Managing the MAC address forwarding database table
About this taskThis section shows you how to view the contents of the MAC address forwarding databasetable, as well as setting the age-out time for the addresses.
The MAC flush feature is a direct way to flush MAC addresses from the MAC address table.The MAC flush commands allow flushing of:
• a single MAC address (see “Removing a single address from the MAC address table”(page 157))
• all addresses from the MAC address table (see “Clearing the MAC address table” (page156)
• a port or list of ports (see “Clearing the MAC address table on a FastEthernet interface”(page 156))
• a trunk (see “Clearing the MAC address table on a trunk” (page 156))• a VLAN (see “Clearing the MAC address table on a VLAN” (page 156))
MAC flush deletes dynamically learned addresses. MAC flush commands may not be executedinstantly when the command is issued. Since flushing the MAC address table is not consideredan urgent task, MAC flush commands are assigned the lowest priority and placed in aqueue.
The MAC flush commands are supported in CLI, SNMP, DM, and Web-based Management.
Use the following commands to manage the MAC address forwarding database table:
• Displaying MAC address forwarding table on page 143• Configuring MAC address retention on page 143• Setting MAC address retention time to default on page 144• Clearing the MAC address table on page 144• Clearing the MAC address table on a VLAN on page 144
Command Line Interface Configuration
142 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
• Clearing the MAC address table on a FastEthernet interface on page 144• Clearing the MAC address table on a trunk on page 145
Displaying MAC address forwarding tableAbout this taskUse the following procedure to display the current contents of the MAC address forwardingdatabase table. You can filter the MAC Address table by port number. The MAC address tablecan store up to 16000 addresses.
Procedure
To displaying the MAC address forwarding table, use the following command fromPrivileged EXEC modeshow mac-address-table [vid<1-4094>] [aging-time][address<H.H.H>] [port<portlist>]
Variable Definitions
Variable Valuevid <1-4094> Enter the number of the VLAN for which you want to
display the forwarding database. Default is to displaythe management VLAN’s database.
aging-time Displays the time in seconds after which an unusedentry is removed from the forwarding database.
address <H.H.H> Displays a specific MAC address if it exists in thedatabase. Enter the MAC address you wantdisplayed.
Configuring MAC address retentionAbout this taskUse the following procedure to set the time during which the switch retains unseen MACaddresses.
Procedure
To configure unseen MAC address retention, use the following command from GlobalConfiguration mode.mac-address-table aging-time <10-1 000 000>
Variable Definitions
Variable Valuevid <10-1 000 000> Enter the aging time in seconds that you want for
MAC addresses before they expire.
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 143
Setting MAC address retention time to defaultAbout this taskUse the following procedure to set the retention time for unseen MAC addresses to 300seconds.
Procedure
To set the MAC address retention time to default, use the following command fromGlobal Configuration mode.default mac-address-table aging-time
Clearing the MAC address tableAbout this taskUse the following procedure to clear the MAC address table.
Procedure
To flush the MAC address table, use the following command from Privileged EXECmode.clear mac-address-table
Clearing the MAC address table on a VLANAbout this taskUse the following procedure to flush the MAC addresses for the specified VLAN.
Procedure
To flush the MAC address table for a specific VLAN, use the following command fromPrivileged EXEC mode.clear mac-address-table interface vlan <vlan#>
Clearing the MAC address table on a FastEthernet interfaceAbout this taskUse the following procedure to flush the MAC addresses for the specified ports. This commanddoes not flush the addresses learned on the trunk.
Procedure
To clear the MAC address table on a FastEthernet interface, use the followingcommand from Privileged EXEC mode.clear mac-address-table interface FastEthernet <port-list|ALL>
Command Line Interface Configuration
144 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Clearing the MAC address table on a trunkAbout this taskUse the following procedure to flush the MAC addresses for the specified trunk. This commandflushes only addresses that are learned on the trunk.
Procedure
To flush a single MAC address, use the following command from Privileged EXECmode.clear mac-address-table address <H.H.H>
IP Directed Broadcasting
About this taskIP directed broadcasting takes the incoming unicast Ethernet frame, determines that thedestination address is the directed broadcast for one of its interfaces, and then forwards thedatagram onto the appropriate network using a link-layer broadcast.
IP directed broadcasting in a VLAN forwards direct broadcast packets in two ways:
• Through a connected VLAN subnet to another connected VLAN subnet.• Through a remote VLAN subnet to the connected VLAN subnet.
By default, this feature is disabled.
The following CLI commands are used to work with IP directed broadcasting:
Enabling IP directed broadcast on page 145Enabling IP directed broadcast
About this taskUse the following procedure to enable IP directed broadcast.
Procedure
To enable IP directed broadcast, use the following command from Global Configurationmode.[no] ip directed-broadcast enableUse the no form of this command to disable.
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 145
Configuring STP using CLIAbout this taskUse the following procedures to configure STP for the WLAN 8100 Series using the CLI.
• Setting the STP mode using the CLI on page 146• Configuring STP BPDU Filtering using the CLI on page 146• Creating and Managing STGs using the CLI on page 147• Managing RSTP using the CLI on page 154
Setting the STP mode using the CLI
About this taskUse the following procedure to set the STP operational mode.
Procedure
To set the STP mode, use the following command from Global Configuration mode.spanning-tree op-mode {stpg | rstp }
Configuring STP BPDU Filtering using the CLI
About this taskUse the following procedure to configure STP BPDU Filtering on a port. This command isavailable in all STP modes (STPG, RSTP, and MSTP).
Procedure
1. To enable STP BPDU filtering, use the following command from InterfaceConfiguration mode.[no] spanning-tree bpdu-filtering [port<portlist>] [enable][timeout <10-65535> | 0>]Use the no form of this command to disable.
2. To set the STP BPDU Filtering properties on a port to their default values, use thefollowing command from the Interface Configuration command mode:default spanning-tree bpdu-filtering [port<portlist>][enable] [timeout]
3. To show the current status of the BPDU Filtering parameters, use the followingcommand from the Privileged EXEC mode:
Command Line Interface Configuration
146 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
show spanning-tree bpdu-filtering [<interface-type>][port<portlist>]
Variable Definitions
Variable Valueport <portlist> Specifies the ports affected by the command.
enable Enables STP BPDU Filtering on the specified ports.The default value is disabled.
timeout <10-65535| 0> When BPDU filtering is enabled, this indicates thetime (in seconds) during which the port remainsdisabled after it receives a BPDU. The port timer isdisabled if this value is set to 0. The default value is120 seconds.
Creating and Managing STGs using the CLI
About this taskTo create and manage Spanning Tree Groups, you can refer to the Command Line Interfacecommands listed in this section. Depending on the type of Spanning Tree Group that you wantto create or manage, the command mode needed to execute these commands can differ.
In the following commands, the omission of any parameters that specify a Spanning TreeGroup results in the command operating against the default Spanning Tree Group (SpanningTree Group 1).
To configure STGs using the CLI, refer to the following:
• Configuring path cost calculation mode on page 148• Configuring STG port membership mode on page 148• Displaying STP configuration information on page 148• Creating a Spanning Tree Group on page 149• Deleting a Spanning Tree Group on page 149• Enabling a Spanning Tree Group on page 149• Disabling a Spanning Tree Group on page 150• Configuring STP values on page 150• Restoring default Spanning Tree values on page 151• Adding a VLAN to a STG on page 152• Removing a VLAN from a STG on page 152• Configuring STP and MSTG participation on page 152• Resetting Spanning Tree values for ports to default on page 153
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 147
Configuring path cost calculation modeAbout this taskUse the following procedure to set the path cost calculation mode for all Spanning Tree Groupson the switch.
Procedure
To configure path cost calculation mode, use the following command from PrivilegedEXEC mode.spanning-tree cost-calc-mode {dot1d | dot1t}
Configuring STG port membership modeAbout this taskUse the following procedure to set the STG port membership mode for all Spanning TreeGroups on the switch.
Procedure
To configure STG port membership mode, use the following command from PrivilegedEXEC mode.spanning-tree port-mode {auto | normal}
Displaying STP configuration informationAbout this taskUse the following procedure to display spanning tree configuration information that is specificto either the Spanning Tree Group or to the port.
Procedure
To display STP configuration information, use the following command from PrivilegedEXEC mode.show spanning-tree [stp <1-8>] {config | port| port-mode |vlans}
Variable Definitions
Variable Valuestp <1-8> Displays specified Spanning Tree Group
configuration; enter the number of the groupto be displayed.
config | port | port-mode | vlans Displays spanning tree configuration for:
Command Line Interface Configuration
148 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Value
• config--the specified (or default) SpanningTree Group
• port--the ports within the Spanning TreeGroup
• port-mode--the port mode
• vlans--the VLANs that are members of thespecified Spanning Tree Group
Creating a Spanning Tree GroupAbout this taskUse the following procedure to create a Spanning Tree Group.
Procedure
To create a Spanning Tree Group, use the following command from GlobalConfiguration mode.spanning-tree stp <1-8> create
Deleting a Spanning Tree GroupAbout this taskUse the following procedure to delete a Spanning Tree Group.
Procedure
To delete a Spanning Tree Group, use the following command from GlobalConfiguration mode.spanning-tree stp <1-8> delete
Enabling a Spanning Tree GroupAbout this taskUse the following procedure to enable a Spanning Tree Group.
Procedure
To enable a Spanning Tree Group, use the following command from GlobalConfiguration mode.spanning-tree stg <1-8> enable
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 149
Disabling a Spanning Tree GroupAbout this taskUse the following procedure to disable a Spanning Tree Group.
Procedure
To disable a Spanning tree Group, use the following command from GlobalConfiguration mode.spanning-tree stp <1-8> disable
Configuring STP valuesAbout this taskUse the following procedure to set STP values by STG.
Procedure
To configure STP values, use the following command from Global Configurationmode.spanning-tree [stp <1-8>] [forward-time <4-30>] [hello-time<1-10>] [max-age <6-40> [priority {0*0000 | 0*1000| 0*2000 |0*3000 | ... | 0*E000 | 0*F000}] [tagged-bpdu {enable |disable}] [tagged-bpdu-vid >1-4094>] [multicast-address<H.H.H>] [add-vlan] [remove-vlan]
Variable Definitions
Variable Valuestp <1-8> Specifies the Spanning Tree Group; enter
the STG ID.
forward-time <4-30> Enter the forward time of the STG inseconds; the range is 4 -- 30, and the defaultvalue is 15.
hello-time <1-10> Enter the hello time of the STG in seconds;the range is 1 --10, and the default value is2.
max-age <6-40> Enter the max-age of the STG in seconds;the range is 6 -- 40, and the default value is20.
priority {0x000 | 0x1000 | 0x2000 | 0x3000| .... | 0xE000 | 0xF000}
Sets the spanning tree priority (in Hex); if802.1T compliant, this value must be amultiple of 0x1000.
tagged-bpdu {enable | disable} Sets the BPDU as tagged or untagged. Thedefault value for Spanning Tree Group 1
Command Line Interface Configuration
150 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Value(default group) is untagged; the default forthe other groups is tagged.
tagged-bpdu-vid <1-4094> Sets the VLAN ID (VID) for the tagged BPDU.The default value is 4001 -- 4008 for STG 1-- 8, respectively.
multicast-address <H.H.H> Sets the spanning tree multicast address.
add-vlan Adds a VLAN to the Spanning Tree Group.
remove-vlan Removes a VLAN from the Spanning TreeGroup.
Restoring default Spanning Tree valuesAbout this taskUse the following procedure to restore default spanning tree values for the Spanning TreeGroup.
Procedure
To restore Spanning Tree values to default, use the following command from GlobalConfiguration mode.default spanning-tree [stp <1-8> [forward-time] [hello-time][max-age] [priority] [tagged-bpdu] [multicast address]
Variable Definitions
Variable Valuestp <1-8> Disables the Spanning Tree Group; enter the
STG ID.
forward-time Sets the forward time to the default value of15 seconds.
hello-time Sets the hello time to the default value of 2seconds.
max-age Sets the maximum age time to the defaultvalue of 20 seconds.
priority Sets spanning tree priority (in Hex); if 802.1Tcompliant, this value must be a multiple of0x1000.
tagged-bpdu Sets the tagging to the default value. Thedefault value for Spanning Tree Group 1(default group) is untagged; the default forthe other groups is tagged.
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 151
Variable Valuemulticast address Sets the spanning tree multicast MAC
address to the default.
Adding a VLAN to a STGAbout this taskUse the following procedure to add a VLAN to a specified Spanning Tree Group.
Procedure
To add a VLAN to a STG, use the following command from Global Configurationmode.spanning-tree [stp <1-8>] add-vlan <1-4094>
Removing a VLAN from a STGAbout this taskUse the following procedure to remove a VLAN from a specified Spanning Tree Group.
Procedure
To remove a VLAN from a STG, use the following command from Global Configurationmode.spanning-tree [stp <1-8>] remove-vlan <1-4094>
Configuring STP and MSTG participationAbout this taskUse the following procedure to set the Spanning Tree Protocol (STP) and multiple SpanningTree Group (STG) participation for the ports within the specified Spanning Tree Group.
Procedure
To configure STP and MSTG participation, use the following command from InterfaceConfiguration mode.[no] spanning-tree [port <portlist>] [stp <1-8>] [learning{disable | normal | fast}] [cost <1-65535>] [priority]Use the no form of this command to disable.
Command Line Interface Configuration
152 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Definitions
Variable Valueport <portlist> Enables the spanning tree for the specified
port or ports; enter port or ports you wantenabled for the spanning tree.Note: If you omit this parameter, the systemuses the port number you specified when youissued the interface command to enter theInterface Configuration mode.
stp <1-8> Specifies the spanning tree group; enter theSTG ID.
learning {disable|normal|fast} Specifies the STP learning mode:
• disable -- disables FastLearn mode
• normal -- changes to normal learning mode
• fast -- enables FastLearn mode
cost <1-65535> Enter the path cost of the spanning tree;range is 1 -- 65535.
priority Sets the spanning tree priority for a port as ahexadecimal value. If the Spanning TreeGroup is 802.1T compliant, this value mustbe a multiple of 0x10.
Resetting Spanning Tree values for ports to defaultAbout this taskUse the following procedure to set the spanning tree values for the ports within the specifiedSpanning Tree Group to the factory default settings.
Procedure
To reset Spanning Tree values to default, use the following command from InterfaceConfiguration mode.default spanning-tree [port <portlist>] [stp <1-8>] [learning][cost] [priority]
Variable Definitions
Variable Valueport <portlist> Enables spanning tree for the specified port or ports;
enter port or ports to be set to factory spanning treedefault values.Note: If this parameter is omitted, the system usesthe port number specified when the interface
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 153
Variable Valuecommand was used to enter Interface Configurationmode.
stp <1-8> Specifies the Spanning Tree Group to set to factorydefault values; enter the STG ID. This commandplaces the port into the default STG. The defaultvalue for STG is 1.
learning Sets the spanning tree learning mode to the factorydefault value.The default value for learning is Normal mode.
cost Sets the path cost to the factory default value.The default value for path cost depends on the typeof port.
priority Sets the priority to the factory default value.The default value for the priority is 0x8000.
Managing RSTP using the CLIAbout this taskUse the following command to configure RSTP:
• Configuring RSTP parameters on page 154• Configuring RSTP on a port on page 156• Displaying RSTP configuration on page 156• Displaying RSTP port configuration on page 155
Configuring RSTP parametersAbout this taskUse the following procedure to set the RSTP parameters which include forward delay, hellotime, maximum age time, default path cost version, bridge priority, transmit holdcount, andversion for the bridge.
Procedure
To configure RSTP parameters, use the following command from Global Configurationmode.spanning-tree rstp [ forward-time <4-30>] [hello-time <1-10>][max-age <6-40>] [pathcost-type {bits16 | bits32}] [priority{0000|1000|2000| ...| F000}] [tx-holdcount <1-10>] [version{stp-compatible | rstp}]
Command Line Interface Configuration
154 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Definitions
Variable Valueforward-time <4-30> Sets the RSTP forward delay for the bridge
in seconds; the default is 15.
hello-time <1-10> Sets the RSTP hello time delay for the bridgein seconds; the default is 2.
max-age <6-40> Sets the RSTP maximum age time for thebridge in seconds; the default is 20.
pathcost-type {bits16 | bits32} Sets the RSTP default path cost version; thedefault is bits32.
priority {0000 | 1000 | ... | F000} Sets the RSTP bridge priority (in hex); thedefault is 8000.
tx-hold count Sets the RSTP Transmit Hold Count; thedefault is 3.
version {stp-compatible | rstp} Sets the RSTP version; the default is rstp.
Displaying RSTP port configurationAbout this taskUse the following procedure to display the Rapid Spanning Tree Protocol (RSTP) related port-level configuration details.
Procedure
To display RSTP port configuration, use the following command from Privileged EXECmode.show spanning-tree rstp port {config | status | statistics |role} [<portlist>]
Variable Definitions
Variable Valueconfig Displays RSTP port-level configuration.
status Displays RSTP port-level role information.
statistics Displays RSTP port-level statistics.
role Displays RSTP port-level status.
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 155
Configuring RSTP on a portAbout this taskUse the following procedure to set the RSTP parameters, which include path cost, edge-portindicator, learning mode, point-to-point indicator, priority, and protocol migration indicator onthe single or multiple port.
Procedure
To configure RSTP on a port, use the following command from Interface Configurationmode.spanning-tree rstp [port <portlist>] [cost <1-200000000> [edge-port {false | true}] [learning {disable | enable}] [p2p {auto |force-false | force-true}] [priority {00 | 10 | ... | F0}][protocol-migration {false | true}]
Variable Definitions
Variable Valueport <portlist> Filter on list of ports.
cost <1-200000000> Sets the RSTP path cost on the single ormultiple ports; the default is 200000.
edge-port {false | true} Indicates whether the single or multiple portsare assumed to be edge ports. Thisparameter sets the Admin value of edge portstatus; the default is false.
learning {disable | enable} Enables or disables RSTP on the single ormultiple ports; the default is enable.
p2p {auto | force-false | force-true} Indicates whether the single or multiple portsare to be treated as point-to-point links. Thiscommand sets the Admin value of P2PStatus; the default is force-true.
priority {00 | 10 |... | F0} Sets the RSTP port priority on the single ormultiple ports; the default is 80.
protocol-migration {false | true} Forces the single or multiple port to transmitRSTP BPDUs when set to true, whileoperating in RSTP mode; the default isfalse.
Displaying RSTP configurationAbout this taskUse the following procedure to display the Rapid Spanning Tree Protocol (RSTP) relatedbridge-level configuration details.
Command Line Interface Configuration
156 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
To display RSTP configuration details, use the following command from PrivilegedEXEC mode.show spanning-tree rstp {config | status | statistics}
Variable Definitions
Variable Valueconfig Displays RSTP bridge-level configuration.
status Displays RSTP bridge-level role information.
statistics Displays RSTP bridge-level statistics.
Configuring MLT using CLIAbout this taskThe Command Line Interface commands detailed in this section allow for the creation andmanagement of Multi-Link trunks. Depending on the type of Multi-Link trunk being created ormanaged, the command mode needed to execute these commands can differ.
Refer to the following sections to configure MLT:
• Displaying MLT configuration and utilization on page 157• Configuring a Multi-Link trunk on page 158• Disabling a MLT on page 158• Displaying MLT properties on page 159• Configuring STP participation for MLTs on page 159
Displaying MLT configuration and utilization
About this taskUse the following procedure to display Multi-Link Trunking (MLT) configuration andutilization.
Procedure
To display MLT configuration and utilization, use the following command fromPrivileged EXEC mode.show mlt [utilization <1-32>]
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 157
Configuring a Multi-Link trunk
About this taskUse the following procedure to configure a Multi-Link trunk (MLT).
Procedure
To configure a Multi-Link trunk, use the following command from Global Configurationmode.mlt <id> [name<trunkname>] [enable | disable] [member<portlist>] [learning {disable | fast | normal}] [bpdu {all-ports | single-port}] loadbalance {basic | advance}
Variable Definitions
Variable Valueid Enter the trunk ID; the range is 1 to 32.
name <trunkname> Specifies a text name for the trunk; enter upto 16 alphanumeric characters.
enable | disable Enables or disables the trunk.
member <portlist> Enter the ports that are members of thetrunk.
learning <disable | fast | normal> Sets STP learning mode.
bpdu {all-ports | single-port} Sets trunk to send and receive BPDUs oneither all ports or a single port.
loadbalance {basic | advance} Sets the MLT load-balancing mode:
• basic: MAC-based load-balancing
• advance: IP-based load-balancing
Disabling a MLT
About this taskUse the following procedure to disable a Multi-Link trunk (MLT), clearing all the portmembers.
Procedure
To disable a MLT, use the following command from Global Configuration mode.
Command Line Interface Configuration
158 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
no mlt [<id>]
Displaying MLT properties
About this taskUse the following procedure to display the properties of Multi-Link trunks (MLT) participatingin Spanning Tree Groups (STG).
Procedure
To display MLT properties, use the following command from Global Configurationmode.show mlt spanning-tree <1-32>
Configuring STP participation for MLTs
About this taskUse the following procedure to set Spanning Tree Protocol (STP) participation for Multi-Linktrunks (MLT).
Procedure
To configure STP participation for MLTs, use the following command from GlobalConfiguration mode.mlt spanning-tree <1-32> [stp <1-8>, ALL>] [learning {disable |normal | fast}]
Variable Definitions
Variable Value<1-32> Specifies the ID of the MLT to associate with
the STG.
stp <1-8> Specifies the spanning tree group.
learning {disable | normal | fast} Specifies the STP learning mode:
• disable -- disables learning
• normal -- sets the learning mode to normal
• fast -- sets the learning mode to fast
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 159
Configuring LACP and VLACP using CLIAbout this taskThis section contains information on the following topics:
• Configuring Link Aggregation using CLI on page 160• Configuring VLACP using CLI on page 165
Configuring Link Aggregation using CLI
About this taskThis section describes the commands necessary to configure and manage Link Aggregationusing the Command Line Interface (CLI).
To configure Link Aggregation using the CLI, refer to the fo
• Displaying LACP system settings on page 161• Displaying LACP per port configuration on page 161• Displaying LACP port mode on page 160• Displaying LACP port statistics on page 161• Clearing LACP port statistics on page 162• Displaying LACP port debug information on page 162• Displaying LACP aggregators on page 162• Configuring LACP system priority on page 162• Enabling LACP port aggregation mode on page 163• Configuring the LACP administrative key on page 163• Configuring LACP operating mode on page 163• Configuring per port LACP priority on page 164• Configuring LACP periodic transmission timeout interval on page 164• Configuring LACP port mode on page 165
Displaying LACP port modeAbout this taskUse the following procedure to display the current port mode (default or advanced).
Procedure
To display the port mode, use the following command from Privileged EXEC mode.show lacp port-mode
Command Line Interface Configuration
160 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Displaying LACP system settingsAbout this taskUse the following procedure to display system-wide LACP settings.
Procedure
To display system settings, use the following command from Privileged EXEC mode.show lacp system
Displaying LACP per port configurationAbout this taskUse the following procedure to display information on the per-port LACP configuration. Selectports either by port number or by aggregator value.
Procedure
To display per port configuration, use the following command from Privileged EXECmode.show lacp port [<portList> | aggr <1-65535>]
Variable Definitions
Variable Value<portList> Enter the specific ports for which to display LACP
information.
aggr <1-65535> Enter the aggregator value to display ports that aremembers of it.
Displaying LACP port statisticsAbout this taskUse the following procedure to displayLACP port statistics. Select ports either by port numberor by aggregator value.
Procedure
To display port statistics, use the following command from Privileged EXEC mode.show lacp stats [<portList> | aggr <1-65535>]
Variable Definitions
Variable Value<portList> Enter the specific ports for which to display LACP
information.
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 161
Variable Valueaggr <1-65535> Enter the aggregator value to display ports that are
members of it.
Clearing LACP port statisticsAbout this taskUse the following procedure to clear existing LACP port statistics.
Procedure
To clear statistics, use the following command from Interface Configuration mode.lacp clear-stats <portList>
Displaying LACP port debug informationAbout this taskUse the following procedure to display port debug information.
Procedure
To display port debug information, use the following command from Privileged EXECmode.show lacp debug member [<portList>]
Displaying LACP aggregatorsAbout this taskUse the following procedure to display LACP aggregators or LACP trunks.
Procedure
To display aggregators, use the following command from Privileged EXEC mode.show lacp aggr <1-65535>
Configuring LACP system priorityAbout this taskUse the following procedure to configure the LACP system priority. It is used to set the system-wide LACP priority. The factory default priority value is 32768.
Procedure
To configure system priority, use the following command from Global Configurationmode.
Command Line Interface Configuration
162 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
lacp system-priority <0-65535>
Enabling LACP port aggregation modeAbout this taskUse the following procedure to enable the port aggregation mode.
Procedure
To enable the port aggregation mode, use the following command from InterfaceConfiguration mode.[no] lacp aggregation [port <portList>] enableUse the no form of the command to disable.
Configuring the LACP administrative keyAbout this taskUse the following procedure to configure the administrative LACP key for a set of ports.
Procedure
To set the administrative key, use the following command from Interface Configurationmode.lacp key [port <portList>] <1-4095>
Variable Definitions
Variable Valueport <portList> The ports to configure the LACP key for.
<1-4095> The LACP key to use.
Configuring LACP operating modeAbout this taskUse the following procedure to configure the LACP mode of operations for a set of ports.
Procedure
To configure the operating mode, use the following command from InterfaceConfiguration mode.lacp mode [port <portList>] {active | passive | off}
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 163
Variable Definitions
Variable Valueport <portList> The ports for which the LACP mode is to be
set.
{active | passive | off} The type of LACP mode to set for the port.The LACP modes are:
• active -- The port will participate as anactive Link Aggregation port. Ports inactive mode send LACPDUs periodically tothe other end to negotiate for linkaggregation.
• passive -- The port will participate as apassive Link Aggregation port. Ports inpassive mode send LACPDUs only whenthe configuration is changed or when itslink partner communicates first.
• off -- The port does not participate in LinkAggregation.
LACP requires at least one end of each linkto be in active mode.
Configuring per port LACP priorityAbout this taskUse the following procedure to configure the per-port LACP priority for a set of ports.
Procedure
To configure priority, use the following command from Interface Configuration mode.lacp priority [port <portList> <0-65535>
Variable Definitions
Variable Valueport <portList> The ports for which to configure LACP priority.
<0-65535> The priority value to assign.
Configuring LACP periodic transmission timeout intervalAbout this taskUse the following procedure to configure the LACP periodic transmission timeout interval fora set of ports.
Command Line Interface Configuration
164 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
To configure the interval, use the following command from Interface Configurationmode.lacp timeout-time [port <portList>] {long | short}
Variable Definitions
Variable Valueport <portList> The ports for which to configure the timeout
interval.
{long | short} Specify the long or short timeout interval.
Configuring LACP port modeAbout this taskUse the following procedure to configure the LACP port mode on the switch.
Procedure
To configure the port mode, use the following command from Interface Configurationmode.lacp port-mode {default | advance}
Variable Definitions
Variable Valuedefault Default LACP port mode.
advance Advanced LACP port mode.
Configuring VLACP using CLI
About this taskTo configure VLACP using the CLI, refer to the following commands:
• Enabling VLACP globally on page 166• Configuring VLACP multicast MAC address on page 168• Configuring VLACP port parameters on page 166• Displaying VLACP status on page 168• Displaying VLACP port configuration on page 168
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 165
Enabling VLACP globallyAbout this taskUse the following procedure to globally enable VLACP for the device.
Procedure
To enable VLACP, use the following command from Global Configuration mode.[no] vlacp enableUse the no form of this command to disable.
Configuring VLACP port parametersAbout this taskUse the following procedure to configure VLACP parameters on a port.
Procedure
To configure parameters, use the following command from Interface Configurationmode.[no] vlacp port <port> [enable | disable] [timeout <long/short>][fast-periodic-time <integer>] [slow-periodic-time<integer>] [timeout-scale <integer>] [funcmac-addr <mac>][ethertype <hex>]Use the no form of this command to remove parameters.
Variable Definitions
Variable Value<port> Specifies the port number.
enable|disable Enables or disables VLACP.
timeout <long/short> Specifies whether the timeout control valuefor the port is a long or short timeout.
• long sets the port timeout value to:(timeout-scale value) × (slow-periodic-timevalue).
• short sets the port’s timeout value to:(timeout-scale value) × (fast-periodic-timevalue).
For example, if the timeout is set to shortwhile the timeout-scale value is 3 and thefast-periodic-time value is 400 ms, the timerexpires after 1200 ms.Default is long.
Command Line Interface Configuration
166 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Valuefast-periodic-time <integer> Specifies the number of milliseconds
between periodic VLACPDU transmissionsusing short timeouts.The range is 400-20000 milliseconds.Default is 500.
slow-periodic-time <integer> Specifies the number of millisecondsbetween periodic VLACPDU transmissionsusing long timeouts.The range is 10000-30000 milliseconds.Default is 30000.
timeout-scale <integer> Sets a timeout scale for the port, wheretimeout = (periodic time) × (timeout scale).The range is 1-10. Default is 3.Note: With VLACP, a short interval existsbetween a port transmitting a VLACPDU andthe partner port receiving the sameVLACPDU. However, if the timeout-scale isset to less than 3, the port timeout value doesnot take into account the normal travel timeof the VLACPDU. The port expects to receivea VLACPDU at the same moment the partnerport sends it. Therefore, the delayedVLACPDU results in the link being blocked,and then enabled again when the packetarrives. To prevent this scenario fromhappening, set the timeout-scale to a valuelarger than 3. VLACP partners must also wait3 synchronized VLACPDUs to have the linkenabled. If VLACP partner miss 3consecutive packets from the other partner,sets the link as VLACP down.
funcmac-addr <mac> Specifies the address of the far-end switchconfigured to be the partner of this switch. Ifnone is configured, any VLACP-enabledswitch communicating with the local switchthrough VLACP PDUs is considered to bethe partner switch.Note: VLACP has only one multicast MACaddress, configured using the vlacpmacaddress command, which is the Layer 2destination address used for theVLACPDUs.The port-specific funcmac-addr parameterdoes not specify a multicast MAC address,but instead specifies the MAC address of theswitch to which this port is sendingVLACPDUs.
Configuring VLANs and Link Aggregation
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 167
Variable ValueYou are not always required to configurefuncmac-addr. If not configured, the firstVLACP-enabled switch that receives thePDUs from a unit assumes that it is theintended recipient and processes the PDUsaccordingly.If you want an intermediate switch to dropVLACP packets, configure the funcmac-addrparameter to the desired destination MACaddress. With funcmac-addr configured, theintermediate switches do not misinterpret theVLACP packets.
ethertype <hex> Sets the VLACP protocol identification forthis port. Defines the ethertype value of theVLACP frame. The range is 8101-81FF.Default is 8103.
Configuring VLACP multicast MAC addressAbout this taskUse the following procedure to set the multicast MAC address used by the device forVLACPDUs.
Procedure
To configure the multicast MAC address, use the following command from GlobalConfiguration mode.[no] vlacp macaddress <macaddress>Use the no form of this command to delete the address.
Displaying VLACP statusAbout this taskUse the following procedure to display the status of VLACP on the switch.
Procedure
To display VLACP status, use the following command from Privileged EXEC mode.show vlacp
Displaying VLACP port configurationAbout this taskUse the following procedure to display the VLACP configuration details for a port or list ofports.
Command Line Interface Configuration
168 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
To display port configuration, use the following command from Privileged EXECmode.show vlacp interface <slot/port>where <slot/port> specifies a port or list of ports.
Among other properties, the show vlacp interface command displays a columncalled HAVE PARTNER, with possible values of yes or no.If HAVE PARTNER is yes when ADMIN ENABLED and OPER ENABLED are true,then that port has received VLACPDUs from a port and those PDUs were recognizedas valid according to the interface settings.If HAVE PARTNER is no, when ADMIN ENABLED is true and OPER ENABLED isFALSE, then the partner for that port is down (that port received at least one correctVLACPDU, but did not receive additional VLACPDUs within the configured timeoutperiod). In this case VLACP blocks the port. This scenario is also seen if only one unithas VLACP enabled and the other has not enabled VLACP.The show vlacp interface command is in the privExec command mode.
Note: If VLACP is enabled on an interface, the interface will not forward traffic unlessit has a valid VLACP partner. If one partner has VLACP enabled and the other is notenabled, the unit with VLACP enabled will not forward traffic, however the unit withVLACP disabled will continue to forward traffic.
Configuring IP routing
IP routing configuration using CLIAbout this taskThis chapter describes the procedures you can use to configure routable VLANs using theCLI.
The WC 8180 can function as a Layer 3 (L3) switch. This means that a regular Layer 2 VLANbecomes a routable Layer 3 VLAN if an IP address and MAC address are attached to theVLAN. When routing is enabled in Layer 3 mode, every Layer 3 VLAN is capable of routing aswell as carrying the management traffic. You can use any Layer 3 VLAN instead of theManagement VLAN to manage the switch.
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 169
Refer to the following sections to configure IP routing using CLI:
• IP routing configuration procedures on page 170• Configuring global IP routing status on page 171• Displaying global IP routing status on page 171• Configuring an IP address for a VLAN on page 171• Configuring IP routing status on a VLAN on page 172• Configuring a secondary IP address for a VLAN on page 172• Displaying the IP address configuration and routing status for a VLAN on page 173• Displaying IP routes on page 174• Performing a traceroute on page 175
IP routing configuration procedures
About this taskTo configure inter-VLAN routing on the switch, perform the following steps:
Procedure
1. Enable IP routing globally.
2. Assign an IP address to a specific VLAN or brouter port.Routing is automatically enabled on the VLAN or brouter port when you assign anIP address to it.
IP routing configuration navigation
About this task
• Configuring global IP routing status• Displaying global IP routing status• Configuring an IP address for a VLAN• Configuring IP routing status for a VLAN• Displaying the IP address configuration and routing status for a VLAN• Displaying IP routes• Performing a traceroute• Entering Router Configuration mode
Command Line Interface Configuration
170 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Configuring global IP routing status
About this taskUse this procedure to enable and disable global routing at the switch level. By default, routingis disabled.
Procedure
To configure the status of IP routing on the switch, enter the following from the GlobalConfiguration mode:[no] ip routing
Variable Definitions
Variable Valueno Disables IP routing on the switch
Displaying global IP routing status
About this taskUse this command to display the status of IP blocking on the switch.
Procedure
To display the status of IP blocking on the switch, enter the following from the UserEXEC mode:show ip routing
Configuring an IP address for a VLAN
About this taskTo enable routing an a VLAN, you must first configure an IP address on the VLAN.
Procedure
To configure an IP address on a VLAN, enter the following from the VLAN InterfaceConfiguration mode:[no] ip address <ipaddr> <mask> [<MAC-offset>]
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 171
Variable Definitions
Variable Value[no] Removes the configured IP address and
disables routing on the VLAN.
<ipaddr> Specifies the IP address to attach to theVLAN.
<mask> Specifies the subnet mask to attach to theVLAN
[<MAC-offset>] Specifies the value used to calculate theVLAN MAC address, which is offset from theswitch MAC address. The valid range is1-256. Specify the value 1 for theManagement VLAN only. If no MAC offset isspecified, the switch applies oneautomatically.
Configuring IP routing status on a VLAN
About this taskUse this procedure to enable and disable routing for a particular VLAN.
Procedure
To configure the status of IP routing on a VLAN, enter the following from the VLANInterface Configuration mode:[default] [no] ip routing
Variable Definitions
Variable Valuedefault Disables IP routing on the VLAN.
no Disables IP routing on the VLAN.
Configuring a secondary IP address for a VLAN
About this taskUse this procedure to configure a secondary IP interface to a VLAN (also known asmultinetting). You can have a maximum of eight secondary IP addresses for every primaryaddress, and you must configure the primary address before configuring any secondaryaddresses.
Command Line Interface Configuration
172 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Primary and secondary interfaces must reside on different subnets.
To remove a primary IP address from a VLAN, you must first remove all secondary addressesfrom the VLAN.
Prerequisites
Configure a primary IP address on the VLAN.
Procedure
To configure the secondary IP interface on the VLAN, enter the following from the VLANInterface Configuration mode.[no] ip address <ip address> <mask> [<mac offset>] secondary
Variable Definitions
Variable Valueno Removes the configured IP address. To remove a
primary IP address from a VLAN, you must first removeall secondary addresses from the VLAN.
<ipaddr> Specifies the IP address to attach to the VLAN.
<mask> Specifies the subnet mask to attach to the VLAN
[<MAC-offset>] Specifies the value used to calculate the VLAN MACaddress, which is offset from the switch MAC address.The valid range is 1-256. Specify the value 1 for theManagement VLAN only. If no MAC offset is specified,the switch applies one automatically.
Job aid: Example of adding a secondary IP interface to a VLANAbout this taskPrimary and secondary interfaces must reside on different subnets. In the following example,4.1.0.10 is the primary IP and 4.1.1.10 is the secondary IP.
(config)# interface vlan 4(config)# ip address 4.1.0.10 255.255.255.0 6(config-if)# ip address 4.1.1.10 255.255.255.0 7 secondary
Displaying the IP address configuration and routing status for a VLAN
About this taskUse this procedure to display the IP address configuration and the status of routing on aVLAN.
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 173
Procedure
To display the IP address configuration on a VLAN, enter the following from the VLANPrivileged Exec mode:show vlan ip [vid <vid>]
Variable Definitions
Variable Value[vid <vid>] Specifies the VLAN ID of the VLAN to be displayed.
Range is 1-4094.
Job aidThe following table shows the field descriptions for the show vlan ip command.
Field DescriptionVid Specifies the VLAN ID.
ifindex Specifies an index entry for the interface.
Address Specifies the IP address associated with the VLAN.
Mask Specifies the mask.
MacAddress Specifies the MAC address associated with theVLAN.
Offset Specifies the value used to calculate the VLAN MACaddress, which is offset from the switch MACaddress.
Routing Specifies the status of routing on the VLAN: enabledor disabled.
Displaying IP routes
About this taskUse this procedure to display all active routes in the routing table.
Route entries appear in ascending order of the destination IP addresses.
Procedure
To display all active routes in the routing table, enter the following from the User EXECcommand mode:show ip route [<dest-ip>] [-s <subnet><mask>] [summary]
Command Line Interface Configuration
174 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Definitions
Variable Value[<dest-ip>] Specifies the destination IP address of the route to
display.
[-s <subnet><mask>] Specifies the destination subnet of the routes todisplay.
[summary] Displays a summary of IP route information.
Performing a traceroute
About this taskUse this procedure to display the route taken by IP packets to a specified host.
Procedure
1. To perform a traceroute, enter the following from the Global Configuration mode:traceroute <Hostname|A.B.C.D.> <-m> <-p> <-q> <-v> <-w><1-1464>
2. Type CTRL+C to interrupt the command.
Variable Definitions
Variable ValueHostname Specifies the name of the remote host.
A.B.C.D Specifies the IP address of the remote host.
-m Specifies the maximum time to live (ttl). The valuefor this parameter is in the rage from 1-255. Thedefault value is 10. Example: traceroute 10.3.2.134-m 10
-p Specifies the base UDP port number. The value forthis parameter is in the range from 0-65535.Example: traceroute 1.2.3.4 -p 87
-q Specifies the number of probes per time to live. Thevalue for this parameter is in the range from 1-255.The default value is 3. Example: traceroute10.3.2.134 -q 3
-v Specifies verbose mode. Example: traceroute10.3.2.134 -v
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 175
Variable Value-w Specifies the wait time per probe. The value for this
parameter is in the range from 1-255. The defaultvalue is 5 seconds. Example: traceroute 10.3.2.134-w 15
<1-1464> Specifies the UDP probe packet size. TIP: probepacket size is 40 plus specified data length in bytes.Example: traceroute 10.3.2.134 -w 60
Static route configuration using CLIAbout this taskThis chapter describes the procedures you can use to configure static routes using the CLI.
Static route configuration navigation
• Configuring a static route on page 176• Displaying static routes on page 177• Configuring a management route on page 178• Displaying the management routes on page 179
Configuring a static route
About this taskUse this procedure to configure a static route. Create static routes to manually configure a pathto destination IP address prefixes.
Prerequisites
• Enable IP routing globally• Enable IP routing and configure an IP address on the VLANs to be routed.
Procedure
To configure a static route, enter the following from the Global Configuration commandmode:[no] ip route <dest-ip> <mask> <next-hop> [<cost>] [disable][enable] [weight<cost>]
Command Line Interface Configuration
176 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Definitions
Variable Value[no] Removes the specified static route.
<dest-ip> Specifies the destination IP address for the route beingadded. 0.0.0.0 is considered the default route.
<mask> Specifies the destination subnet mask for the route beingadded.
<next-hop> Specifies the next hop IP address for the route beingadded.
[<cost>] Specifies the weight, or cost, of the route being added. Rangeis 1-65535.
[disable] Disables the specified static route.
[enable] Enables the specified static route.
[weight<cost>] Changes the weight, or cost, of an existing static route. Rangeis 1-65535.
Displaying static routes
About this taskUse this procedure to display all static routes, whether these routes are active or inactive.
Procedure
To display a static route, enter the following from the User EXEC command mode:show ip route static [<dest-ip>] [-s<subnet><mask>]
Variable Definitions
Variable Value<dest-ip> Specifies the destination IP address of the
static routes to display.
[-s<subnet><mask>] Specifies the destination subnet of the routesto display.
Job aidThe following table shows the field descriptions for the show ip route staticcommand.
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 177
Field DescriptionDST Identifies the route destination.
MASK Identifies the route mask.
NEXT Identifies the next hop in the route.
COST Identifies the route cost.
VLAN Identifies the VLAN ID on the route.
PORT Specifies the ports.
PROT Specifies the routing protocols. For static routes, optionsare LOC (local route) or STAT (static route).
TYPE Indicates the type of route as described by the TypeLegend on the CLI screen.
PRF Specifies the route preference.
Configuring a management route
About this taskUse this procedure to create a management route to the far end network, with a next-hop IPaddress from the management VLAN’s subnet. A maximum of 4 management routes can beconfigured on the switch.
Prerequisites
• Enable IP routing globally• Enable IP routing and configure an IP address on the management VLAN interface.
Procedure
To configure a static management route, enter the following from the GlobalConfiguration command mode:[no] ip mgmt route <dest-ip><mask><next-hop>
Variable Definitions
Variable Value[no] Removes the specified management route.
<dest-ip> Specifies the destination IP address for the route beingadded.
<mask> Specifies the destination subnet mask for the route beingadded.
Command Line Interface Configuration
178 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Value<next-hope> Specifies the next hop IP address for the route being
added.
Displaying the management routes
About this taskUse this procedure to display the static routes configured for the management VLAN.
Procedure
To display the static routes configured for the management VLAN, enter the followingfrom the User EXEC mode:show ip mgmt route
Job aid
The following table shows the shows the field descriptions for the show ip mgmt routecommand.
Field DescriptionDestination IP Identifies the route destination.
Subnet Mask Identifies the route mask.
Gateway IP Identifies the next hop in the route.
DHCP relay configuration using CLIAbout this taskThis chapter describes the procedures you can use to configure DHCP relay using the CLI.
Important:DHCP relay uses a hardware resource that is shared by switch Quality of Serviceapplications. When DHCP relay is enabled globally, the Quality of Service filter manager willnot be able to use precedence 11 for configurations.
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 179
Prerequisites
• Enable IP routing globally.• Enable IP routing and configure an IP address on the VLAN to be set as the DHCP relay
agent.• Ensure that a route to the destination DHCP server is available on the switch.
DHCP relay configuration procedures
About this taskTo configure DHCP relay, perform the following steps:
Procedure
1. Ensure that DHCP relay is enabled globally. (DHCP relay is enabled by default.)
2. Configure the DHCP relay forwarding path, specifying the VLAN IP as the DHCPrelay agent and the remote DHCP server as the destination.
3. Enable DHCP for the specific VLAN.
DHCP relay configuration navigation
About this task
• Configuring global DHCP relay status on page 180• Displaying the global DHCP relay status on page 181• Specifying a local DHCP relay agent and remote DHCP server on page 181• Displaying the DHCP relay configuration on page 182• Configuring DHCP relay status and parameters on a VLAN on page 183• Displaying the DHCP relay configuration for a VLAN on page 184• Displaying DHCP relay counters on page 184• Clearing DHCP relay counters for a VLAN on page 185
Configuring global DHCP relay status
About this taskUse this procedure to configure the global DHCP relay status. DHCP relay is enabled bydefault.
Command Line Interface Configuration
180 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
To configure the global DHCP relay status, enter the following from the GlobalConfiguration mode:[no] ip dhcp-relay
Variable Definitions
Variable Value[no] Disables DHCP relay.
Displaying the global DHCP relay status
About this taskUse this procedure to display the current DHCP relay status for the switch.
Procedure
To display the global DHCP relay status, enter the following from the User EXECcommand mode:show ip dhcp-relay
Specifying a local DHCP relay agent and remote DHCP server
About this taskUse this procedure to specify a VLAN as a DHCP relay agent on the forwarding path to aremote DHCP server. The DHCP relay agent can forward DHCP client requests from the localnetwork to the DHCP server in the remote network.
The DHCP relay feature is enabled by default, and the default mode is BootP-DHCP.
Prerequisites
Enable IP routing and configure an IP address on the VLAN to configure as a DHCP relayagent.
Procedure
To configure a VLAN as a DHCP relay agent, enter the following from the GlobalConfiguration mode:[no] ip dhcp-relay fwd-path <relay-agent-ip> <DHCP-server>[enable] [disable] [mode {bootp | bootp-dhcp | dhcp}]
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 181
Variable Definitions
Variable Value[no] Removes the specified DHCP forwarding path.
<relay-agent-ip> Specifies the IP address of the VLAN that servesas the local DHCP relay agent.
<DHCP-server> Specifies the address of the remote DHCPserver to which DHCP packets are to berelayed.
[enable] Enables the specified DHCP relay forwardingpath.
[disable] Disables the specified DHCP relay forwardingpath.
[mode {bootp | bootp-dhcp | dhcp}] Specifies the mode for DHCP relay.
• BootP only
• BootP and DHCP
• DHCP only
If you do not specify a mode, the default DHCPand BootP is used.
Displaying the DHCP relay configuration
About this taskUse this procedure to display the current DHCP relay agent configuration.
Procedure
To display the DHCP relay configuration, enter the following from the User EXECcommand mode:show ip dhcp-relay fwd-path
Job aid
The following table shows the field descriptions for the show ip dhcp-relay fwd-pathcommand.
Field DescriptionINTERFACE Specifies the interface IP address of the DHCP relay
agent.
Command Line Interface Configuration
182 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Field DescriptionSERVER Specifies the IP address of the DHCP server.
ENABLE Specifies whether DHCP is enabled.
MODE Specifies the DHCP mode.
Configuring DHCP relay status and parameters on a VLAN
About this taskUse this procedure to configure the DHCP relay parameters on a VLAN. To enable DHCP relayon the VLAN, enter the command with no optional parameters.
Procedure
To configure DHCP relay on a VLAN, enter the following from the VLAN InterfaceConfiguration mode:[no] ip dhcp-relay [broadcast] [min-sec <min-sec>] [mode {bootp| dhcp | bootp_dhcp}]
Variable Definitions
Variable Value
[no] Disables DHCP relay on the specified VLAN.
[broadcast] Enables the broadcast of DHCP reply packets tothe DHCP clients on this VLAN interface.
min-sec <min-sec> The switch immediately forwards a BootP/DHCPpacket if the ’secs’ field in the BootP/DHCPpacket header is greater than the configured min-sec value; otherwise, the packet is dropped.Range is 0-65535. The default is 0.
mode {bootp | dhcp | bootp_dhcp} Specifies the type of DHCP packets this VLANsupports:
• bootp - Supports BootP only
• dhcp - Supports DHCP only
• bootp_dhcp - Supports both BootP and DHCP
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 183
Displaying the DHCP relay configuration for a VLAN
About this taskUse this procedure to display the current DHCP relay parameters configured for a VLAN.
Procedure
To display the DHCP relay VLAN parameters, enter the following from the PrivilegedEXEC command mode:show vlan dhcp-relay [<vid>]
Variable Definitions
Variable Value[<vid>] Specifies the VLAN ID of the VLAN to be displayed. Range is
1-4094.
Job aidThe following table shows the field descriptions for the show ip dhcp-relay command.
Field DescriptionIfIndex Indicates the VLAN interface index.
MIN_SEC Indicates the minimum time, in seconds, to waitbetween receiving a DHCP packet and forwarding theDHCP packet to the destination device. A value ofzero indicates forwarding is done immediately withoutdelay.
ENABLED Indicates whether DHCP relay is enabled on theVLAN.
MODE Indicates the type of DHCP packets this interfacesupports. Options include none, BootP, DHCP, andboth.
ALWAYS_BROADCAST Indicates whether DHCP reply packets are broadcastto the DHCP client on this VLAN interface.
Displaying DHCP relay counters
About this taskUse this procedure to display the current DHCP relay counters. This includes the number ofrequests and the number of replies.
Command Line Interface Configuration
184 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
To display the DHCP relay counters, enter the following from the User EXEC commandmode:show ip dhcp-relay counters
Job aid
The following table shows the field descriptions for the show ip dhcp-relay counterscommand.
Field DescriptionINTERFACE Indicates the interface IP address of the DHCP relay
agent.
REQUESTS Indicates the number of DHCP requests.
REPLIES Indicates the number of DHCP replies.
Clearing DHCP relay counters for a VLAN
About this taskUse this procedure to clear the DHCP relay counters for a VLAN.
Procedure
To clear the DHCP relay counters, enter the following from the VLAN InterfaceConfiguration command mode:ip dhcp-relay clear-counters
Directed broadcasts configuration using CLIAbout this taskThis chapter describes procedures you can use to configure and display the status of directedbroadcasts using CLI.
Navigation
• Configuring directed broadcasts on page 186• Displaying the directed broadcast configuration on page 186
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 185
Configuring directed broadcasts
About this taskUse this procedure to enable directed broadcasts on the switch. By default, directed broadcastsare disabled.
Prerequisites
• Enable IP routing globally.• Enable IP routing and configure an IP address on the VLAN to be configured as a
broadcast interface.• Ensure that a route (local or static) to the destination address is available on the switch.
Procedure
To enable directed broadcasts, enter the following from the Global Configuration mode:ip directed-broadcast enable
Displaying the directed broadcast configuration
About this taskUse this procedure to display the status of directed broadcasts on the switch. By default,directed broadcasts are disabled.
Procedure
To display directed broadcast status, enter the following from the User EXEC mode:show ip directed-broadcast
Static ARP and Proxy ARP configuration using CLIAbout this taskThis chapter describes the procedures you can use to configure Static ARP, Proxy ARP, anddisplay ARP entries using the CLI.
Static ARP and Proxy ARP configuration navigation
• Static ARP configuration on page 187• Displaying the ARP table on page 187• Proxy ARP configuration on page 189
Command Line Interface Configuration
186 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Static ARP configuration
About this taskThis section describes how to configure Static ARP using the CLI.
Configuring a static ARP entryAbout this taskUse this procedure to create and enable a static ARP entry.
Prerequisites
• Enable IP routing globally.• Enable IP routing and configure an IP address on the target VLAN.
Procedure
To configure a static ARP entry, enter the following from the Global Configuration mode:[no] ip arp <A.B.C.D> <aa:bb:cc:dd:ee:ff> <port> [vid <1-4094>]
Variable Definitions
Variable Value[no] Removes the specified ARP entry.
<A.B.C.D> Specifies the IP address of the device being setas a static ARP entry.
<aa:bb:cc:dd:ee:ff> Specifies the MAC address of the device being setas a static ARP entry.
< port> Specifies the port number to which the static ARPentry is being added.
vid <1-4094> Specifies the VLAN ID to which the static ARPentry is being added.
Displaying the ARP tableAbout this taskUse the following procedures to display the ARP table, configure a global timeout for ARPentries, and clear the ARP cache.
Navigation
• Displaying ARP entries on page 188• Configuring a global timeout for ARP entries on page 188• Clearing the ARP cache on page 189
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 187
Displaying ARP entriesAbout this taskUse this procedure to display ARP entries.
Procedure
To display ARP entries, enter the following from the User Exec mode:show arp-tableORshow ip arp [static | dynamic] [<ip-addr> | {-s <subnet><mask>{] [summary]The show ip arp command is invalid if the switch is not in Layer 3 mode.
Variable Definitions
Variable Value<ip-addr> Specifies the IP address of the ARP entry to be
displayed.
-s <subnet> <mask> Displays ARP entries for the specified subnet only.
static Displays all configured static entries, including thosewithout a valid route.
Job aidThe following table shows the field descriptions for the show ip arp command.
Field DescriptionIP Address Specifies the IP address of the ARP entry.
Age (min) Displays the ARP age time.
MAC Address Specifies the MAC address of the ARP entry.
VLAN-Unit/Port/Trunk Specifies the VLAN/port of the ARP entry.
Flags Specifies the type of ARP entry. S=Static,D=Dynamic, L=Local, B=Broadcast.
Configuring a global timeout for ARP entriesAbout this taskUse this procedure to configure an aging time for the ARP entries.
Procedure
To configure a global timeout for ARP entries, enter the following from the GlobalConfiguration mode:
Command Line Interface Configuration
188 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
ip arp timeout <timeout>
Variable Definitions
Variable Value<timeout> Specifies the amount of time in minutes before an ARP entry
ages out. Range is 5-360. The default value is 360 minutes.
Clearing the ARP cacheAbout this taskUse this procedure to clear the cache of ARP entries.
Procedure
To clear the ARP cache, enter the following from the Global Configuration mode:clear arp-cache
Proxy ARP configuration
About this taskThis section describes how to configure Proxy ARP using the CLI.
Navigation
• Configuring proxy ARP status on page 189• Displaying proxy ARP status on a VLAN on page 190
Configuring proxy ARP statusAbout this taskUse this procedure to enable proxy ARP functionality on a VLAN. By default, proxy ARP isdisabled.
Prerequisites
• Enable IP routing globally.• Enable IP routing and configure an IP address on the VLAN to be configured as a Proxy
ARP interface.
Procedure
To configure proxy ARP status, enter the following from the VLAN InterfaceConfiguration mode:[default] [no] ip arp-proxy enable
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 189
Variable Definitions
Variable Valuedefault Disables proxy ARP functionality on the VLAN.
no Disables proxy ARP functionality on the VLAN.
Displaying proxy ARP status on a VLANAbout this taskUse this procedure to display the status of proxy ARP on a VLAN.
Procedure
To display proxy ARP status for a VLAN, enter the following from the User EXEC mode:show ip arp-proxy interface [vlan<vid>]
Variable Definitions
Variable Value<vid> Specifies the ID of the VLAN to display. Range is 1-4094.
Job aidThe following table shows the field descriptions for the show ip arp-proxy interfacescommand.
Field DescriptionVlan Identifies a VLAN.
Proxy ARP status Specifies the status of Proxy ARP on the VLAN.
IGMP snooping configuration using CLIAbout this taskThis chapter describes the procedures you can use to configure IGMP snooping on a VLANusing CLI.
IGMP snooping configuration procedures
Procedure
To configure IGMP snooping, the only required configuration is to enable snooping onthe VLAN.
Command Line Interface Configuration
190 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
All related configurations, listed below, are optional and can be configured to suit therequirements of your network.
IGMP snooping configuration navigation
About this task
• Configuring IGMP snooping on a VLAN on page 191• Configuring IGMP send query on a VLAN on page 192• Configuring IGMP proxy on a VLAN on page 192• Configuring the IGMP version on a VLAN on page 193• Configuring static mrouter ports on a VLAN on page 194• Displaying IGMP snoop, proxy, and mrouter configuration on page 194• Configuring IGMP parameters on a VLAN on page 195• Configuring the router alert option on a VLAN on page 197• Displaying IGMP interface information on page 197• Displaying IGMP group membership information on page 199• Configuring unknown multicast packet filter on page 200• Displaying the status of unknown multicast packet filtering on page 201• Specifying a multicast MAC address to be allowed to flood all VLANs on page 201• Displaying the multicast MAC addresses for which flooding is allowed on page 202• Displaying IGMP cache information on page 203• Flushing the router table on page 203• Configuring IGMP selective channel block on page 204
Configuring IGMP snooping on a VLAN
About this taskEnable IGMP snooping on a VLAN to forward the multicast data to only those ports that aremembers of the group.
IGMP snooping is disabled by default.
Procedure
To enable IGMP snooping, enter the following from the VLAN Interface Configurationcommand mode:[default] [no] ip igmp snooping
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 191
OREnter the following from the Global Configuration command mode:[default] vlan igmp <vid> [snooping {enable | disable}]
Variable Definitions
Variable Valuedefault Disables IGMP snooping on the selected VLAN.
no Disables IGMP snooping on the selected VLAN.
enable Enables IGMP snooping on the selected VLAN.
disable Disables IGMP snooping on the selected VLAN.
Configuring IGMP send query on a VLAN
About this taskUse this procedure to enable IGMP send query on a snoop-enabled VLAN. When IGMPsnooping send query is enabled, the IGMP snooping querier sends out periodic IGMP queriesthat trigger IGMP report messages from the switch or host that wants to receive IP multicasttraffic. IGMP snooping listens to these IGMP reports to establish appropriate forwarding.
IGMP send query is disabled by default.
Prerequisites
You must enable snoop on the VLAN.
Procedure
To enable IGMP send query, enter the following command from the VLAN InterfaceConfiguration mode:ip igmp send-query
Configuring IGMP proxy on a VLAN
About this taskUse this procedure to enable IGMP proxy on a snoop-enabled VLAN. With IGMP proxyenabled, the switch consolidates incoming report messages into one proxy report for thatgroup.
IGMP proxy is disabled by default.
Command Line Interface Configuration
192 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Prerequisites
You must enable snoop on the VLAN.
Procedure
To enable IGMP proxy, enter the following from the VLAN Interface Configurationmode:[default] [no] ip igmp proxyOREnter the following from the Global Configuration command mode:[default] [no] vlan igmp <vid> [proxy {enable | disable}]
Variable Definitions
Variable Valuedefault Disables IGMP proxy on the selected VLAN.
no Disables IGMP proxy on the selected VLAN.
<vid> Specifies the VLAN ID.
enable Enables IGMP proxy on the selected VLAN.
disable Disables IGMP proxy on the selected VLAN.
Configuring the IGMP version on a VLAN
About this taskUse this procedure to configure the IGMP version running on the VLAN. You can specify theversion as IGMPv1, IGMPv2, or IGMPv3 (IGMPv3 is supported for IGMP snooping only; it isnot supported with PIM-SM). The default is IGMPv2.
Procedure
To configure the IGMP version, enter the following from the VLAN InterfaceConfiguration mode:[default] ip igmp version <1-3>
Variable Definitions
Variable Valuedefault Restores the default IGMP protocol version (IGMPv2).
<1-3> Specifies the IGMP version.
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 193
Configuring static mrouter ports on a VLAN
About this taskIGMP snoop considers the port on which the IGMP query is received as the active IGMPmulticast router (mrouter) port. By default, the switch forwards incoming IGMP MembershipReports only to the active mrouter port.
To forward the IGMP reports to additional ports, you can configure the additional ports as staticmrouter ports.
Procedure
To configure static mrouter ports on a VLAN (IGMPv1, IGMPv2, and IGMPv3 accordingto the supported version on the VLAN), enter the following from the VLAN InterfaceConfiguration mode:[default] [no] ip igmp mrouter <portlist>ORTo configure IGMPv1 or IGMPv2 static mrouter ports, enter the following from theGlobal Configuration command mode:[no] vlan igmp <vid> {v1-members | v2-members} [add | remove]<portlist>
Variable Definitions
Variable Valuedefault Removes all static mrouter ports.
no Removes the specified static mrouter port.
<portlist> Specifies the list of ports to add or remove as staticmrouter ports.
{v1-members | v2-members} Specifies whether the static mrouter ports areIGMPv1 or IGMPv2.
[add | remove] Specifies whether to add or remove the staticmrouter ports.
Displaying IGMP snoop, proxy, and mrouter configuration
About this taskUse this procedure to display the IGMP snoop, proxy, and mrouter configuration per VLAN.
Command Line Interface Configuration
194 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
To display IGMP snoop information, enter:show ip igmp snooping
Variable Definitions
Variable ValueVlan Indicates the Vlan ID.
Snoop Enable Indicates whether snoop is enabled (true) or disabled(false).
Proxy Snoop Enable Indicates whether IGMP proxy is enabled (true) or disabled(false).
Static Mrouter Ports Indicates the static mrouter ports in this VLAN that provideconnectivity to an IP multicast router.
Active Mrouter Ports Displays all dynamic (querier port) and static mrouter portsthat are active on the interface.
Mrouter Expiration Time Specifies the time remaining before the multicast router isaged out on this interface. If the switch does not receivequeries before this time expires, it flushes out all groupmemberships known to the VLAN. The Query MaxResponse Interval (obtained from the queries received) isused as the timer resolution.
Configuring IGMP parameters on a VLAN
About this taskUse this procedure to configure the IGMP parameters on a VLAN.
Important:The query interval, robustness, and version values must be the same as those configuredon the interface (VLAN) of the multicast router (IGMP querier).
Procedure
To configure IGMP parameters, enter the following from the VLAN InterfaceConfiguration mode:[default] ip igmp [last-member-query-interval<last-mbr-query-in>] [query-interval<query-int>] [query-max-response<query-max-resp>] [robust-value<robust-val>] [version<1-3>]OR
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 195
enter the following from the Global Configuration command mode:[default] vlan igmp <vid> [query-interval<query-int<] [robust-value<robust-val>]
Variable Definitions
Variable Valuedefault Sets the selected parameter to the default value. If no
parameters are specified, snoop is disabled and all IGMPparameters are set to their defaults.
<last-mbr-query-int> Sets the maximum response time (in 1/10 seconds) thatis inserted into group-specific queries sent in response toleave group messages. This parameter is also the timebetween group-specific query messages. This value isnot configurable for IGMPv1.Decreasing the value reduces the time to detect the lossof the last member of a group.The range is from 0–255, and the default is 10 (1 second).Avaya recommends configuring this parameter to valueshigher than 3. If a fast leave process is not required,Avaya recommends values above 10. (The value 3 isequal to 0.3 of a second, and 10 is equal to 1.0 second.)
<query-int> Sets the frequency (in seconds) at which host querypackets are transmitted on the VLAN.The range is 1–65535. The default value is 125seconds.
<query-max-resp> Specifies the maximum response time (in 1/10 seconds)advertised in IGMPv2 general queries on this interface.The range is 0–255. The default value is 100 (10seconds).
<robust-val> Specifies tuning for the expected packet loss of anetwork. This value is equal to the number of expectedquery packet losses for each serial query interval, plus 1.If you expect a network to lose query packets, you mustincrease the robustness value.Ensure that the robustness value is the same as theconfigured value on the multicast router (IGMP querier).The range is from 2 to 255, and the default is 2. Thedefault value of 2 means that one query for each queryinterval can be dropped without the querier aging out.
Command Line Interface Configuration
196 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Configuring the router alert option on a VLAN
About this taskUse this command to enable the router alert feature. This feature instructs the router to dropcontrol packets that do not have the router-alert flag in the IP header.
Important:To maximize your network performance, Avaya recommends that you set the router alertoption according to the version of IGMP currently in use: IGMPv1—Disable IGMPv2—Enable IGMPv3—Enable
Procedure
To configure the router alert option on a VLAN, enter the following from the VLANInterface Configuration mode:[default] [no] ip igmp router-alert
Variable Definitions
Variable Valuedefault Disables the router alert option.
no Disables the router alert option.
Displaying IGMP interface information
About this taskUse this procedure to display IGMP interface parameters.
Procedure
To display the IGMP interface information, enter:show ip igmp interface [vlan <vid>]OREnter:show vlan igmp <vid>
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 197
Job aid
The following table shows the field descriptions for the show ip igmp interfacecommand command.
Field DescriptionVLAN Indicates the VLAN on which IGMP is configured.
Query Intvl Specifies the frequency (in seconds) at which host querypackets are transmitted on the interface.
Vers Specifies the version of IGMP configured on thisinterface.
Oper Vers Specifies the version of IGMP running on this interface.
Querier Specifies the IP address of the IGMP querier on the IPsubnet to which this interface is attached.
Query MaxRsp T Indicates the maximum query response time (in tenths ofa second) advertised in IGMPv2 queries on this interface.
Wrong Query Indicates the number of queries received whose IGMPversion does not match the Interface version. You mustconfigure all routers on a LAN to run the same version ofIGMP. Thus, if queries are received with the wrong version,a configuration error occurs.
Joins Indicates the number of times a group membership wasadded on this interface.
Robust Specifies the robust value configured for expected packetloss on the interface.
LastMbr Query Indicates the maximum response time (in tenths of asecond) inserted into group-specific queries sent inresponse to leave group messages, and is also the amountof time between group-specific query messages. Use thisvalue to modify the leave latency of the network. A reducedvalue results in reduced time to detect the loss of the lastmember of a group. This does not apply if the interface isconfigured for IGMPv1.
Send Query Indicates whether the ip igmp send-query feature isenabled or disabled. Values are YES of NO. Default isdisabled.
The following table shows the field descriptions for the show vlan igmp command.
Field DescriptionSnooping Indicates whether snooping is enabled or disabled.
Command Line Interface Configuration
198 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Field DescriptionProxy Indicates whether proxy snoop is enabled or
disabled.
Robust Value Indicates the robust value configured for expectedpacket loss on the interface.
Query Time Indicates the frequency (in seconds) at which hostquery packets are transmitted on the interface.
IGMPv1 Static Router Ports Indicates the IGMPv1 static mrouter ports.
IGMPv2 Static Router Ports Indicates the IGMPv2 static mrouter ports.
Send Query Indicates whether the ip igmp send-query feature isenabled or disabled. Values are YES of NO. Defaultis disabled.
Displaying IGMP group membership information
About this taskDisplay the IGMP group information to show the learned multicast groups and the attachedports.
Procedure
To display IGMP group information, enter:show ip igmp group [count] [group <A.B.C.D>] [member-subnet<A.B.C.D>/<0-32>]OREnter:show vlan multicast membership <vid>
Variable Definitions
Variable Valuecount Displays the number of IGMP group
entries.
group <A.B.C.D> Displays group information for the specifiedgroup.
member-subnet <A.B.C.D>/<0-32 Displays group information for the specifiedmember subnet.
Job aidThe following table shows the field descriptions for the show ip igmp group command.
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 199
Field DescriptionGroup Address Indicates the multicast group address.
VLAN Indicates the VLAN interface on which the group exists.
Member Address Indicates the IP address of the IGMP receiver (host orIGMP reporter). The IP address is 0.0.0.0 if the type isstatic.
Expiration Indicates the time left before the group report expires. Thisvariable is updated upon receiving a group report.
Type Specifies the type of membership: static or dynamic.
In Port Identifies the member port for the group. This is the port onwhich group traffic is forwarded and in those case wherethe type is dynamic, it is the port on which the IGMP joinwas received.
The following table shows the field descriptions for the show vlan multicastmembership command.
Field DescriptionMulticast Group Address Indicates the multicast group address.
In Port Indicates the physical interface or a logical interface(VLAN) that received group reports from varioussources.
Configuring unknown multicast packet filter
About this taskThe default switch behavior is to flood all packets with unknown multicast addresses. Use thisprocedure to prevent the flooding of packets with unknown multicast addresses and enablethe forwarding of these packets to static mrouter ports only.
Procedure
To configure unknown multicast packet flooding, enter the following from the GlobalConfiguration mode:[no] [default] vlan igmp <vid> unknown-mcast-no-flood {enable |disable}
Variable Definitions
Variable Valueno Enables the flooding of multicast packets on the VLAN.
Command Line Interface Configuration
200 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Valuedefault Enables the flooding of multicast packets on the VLAN.
enable Prevents the flooding of multicast packets on theVLAN.
disable Enables the flooding of multicast packets on the VLAN.
Displaying the status of unknown multicast packet filtering
About this taskUse this procedure to display the status of unknown multicast filtering: enabled (no flooding)or disabled (flooding allowed).
Procedure
To display the unknown multicast flooding configuration, enter:show vlan igmp unknown-mcast-no-flood
Job aid
The following table shows the field descriptions for the show vlan igmp unknown-mcast-no-flood command.
Field DescriptionUnknown Multicast No-Flood Specifies the status of unknown multicast
filtering: enabled or disabled.
Specifying a multicast MAC address to be allowed to flood all VLANs
About this taskUse this procedure to allow particular unknown multicast packets to be flooded on all switchVLANs.
To add MAC addresses starting with 01.00.5E to the allow-flood table, you must specify thecorresponding multicast IP address. For instance, you cannot add MAC address01.00.5E.01.02.03 to the allow-flood table, but instead you must specify IP address224.1.2.3.
For all other types of MAC address, you can enter the MAC address directly to allowflooding.
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 201
Procedure
To allow particular unknown multicast packets to be flooded, enter the following fromthe Global Configuration mode:vlan igmp unknown-mcast-allow-flood {<H.H.H> |<mcast_ip_address>}
Variable Definitions
Variable Value<H.H.H> Specifies the multicast MAC address to be flooded.
Accepted formats are:
• H.H.H
• xx:xx:xx:xx:xx:xx
• xx.xx.xx.xx.xx.xx
• xx-xx-xx-xx-xx-xx
<mcast_ip_address> Specifies the multicast IP address to be flooded.
Displaying the multicast MAC addresses for which flooding is allowed
About this taskUse this procedure to display the multicast MAC addresses for which flooding is allowed onall switch VLANs.
Procedure
To display the multicast MAC addresses for which flooding is allowed, enter:show vlan igmp unknown-mcast-allow-flood
Job aid
The following table shows the field descriptions for the show vlan igmp unknown-mcast-allow-flood command.
Field DescriptionAllowed Multicast Addresses Indicates multicast addresses that can flood.
Command Line Interface Configuration
202 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Displaying IGMP cache information
About this taskDisplay the IGMP cache information to show the learned multicast groups in the cache andthe IGMPv1 version timers.
Note: Using the show ip igmp cache command may not display the expected results in someconfigurations. If the expected results are not displayed, use the show ip igmp group commandto view the information.
Procedure
To display the IGMP cache information, enter:show ip igmp cache
Job aid
The following table shows the field descriptions for the show ip igmp cache command.
Field DescriptionGroup Address Indicates the multicast group address.
Vlan ID Indicates the VLAN interface on which the groupexists.
Last Reporter Indicates the last IGMP host to join the group.
Expiration Indicates the group expiration time (in seconds).
V1 Host Timer Indicates the time remaining until the local routerassumes that no IGMP version 1 members exist onthe IP subnet attached to the interface. Uponhearing an IGMPv1 membership report, this valueis reset to the group membership timer.When the time remaining is nonzero, the localinterface ignores IGMPv2 leave messages that itreceives for this group.
Type Indicates whether the entry is learned dynamicallyor is added statically.
Flushing the router table
About this taskUse this procedure to flush the router table.
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 203
Procedure
To flush the router table, enter the following from the Global Configuration mode:ip igmp flush vlan <vid> {grp-member|mrouter}
Variable Definitions
Variable Value{grp-member|mrouter} Flushes the table specified by type.
Configuring IGMP selective channel block
About this taskIn certain deployment scenarios it might be required not to allow multicast streaming fromspecific group addresses to users connected to certain ports. With the IGMP selective channelblock feature this type of control can be implemented. When configured it will control the IGMPmembership of ports by blocking IGMP reports received from users on that port destined forthe specific group address/addresses. The filter can be configured to block a single multicastaddress or range of addresses.
This feature will work regardless of whether the switch is in Layer 2 IGMP snooping mode orthe full IGMP mode (PIM-SM enabled). It will also be applicable for IGMPv1 and v2.
Configuring IGMP selective channel block navigation
About this task
• Creating an IGMP profile on page 204• Deleting an IGMP profile on page 205• Applying the IGMP filter profile on interface on page 205• Removing a profile from an interface on page 205• Displaying an IGMP profile on page 206
Creating an IGMP profile
About this taskUse this procedure to create an IGMP profile.
Command Line Interface Configuration
204 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
1. From Global Configuration mode, enter the ip igmp profile <profilenumber (1-65535)> command.
2. Enter the deny command.
3. Enter the range <ip multicast address><ip multicast address>command.
Deleting an IGMP profile
About this taskUse this procedure to delete an IGMP profile.
Procedure
To delete an IGMP profile enter the following command from Global Configurationmode:no ip igmp profile <profile number (1-65535)>
Applying the IGMP filter profile on interface
About this taskUse this procedure to apply the IGMP filter profile on an interface.
Procedure
1. From Global Configuration mode enter the interface <interface-id>command.
2. Enter the ip igmp filter <profile number> command.
Removing a profile from an interface
About this taskUse this procedure to remove a profile from an interface.
Configuring IP routing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 205
Procedure
1. From Global Configuration mode enter the interface <interface-id>command.
2. Enter the no ip igmp filter <profile number> command.
Displaying an IGMP profile
About this taskUse this procedure to display an IGMP profile.
Procedure
To display an IGMP profile enter the following command from Global Configurationmode:show ip igmp profile <cr> or <profile number>
Configuring Access ListsAbout this taskThe CLI commands detailed in this section allow for the configuration and management ofaccess lists.
Navigation
• Assigning ports to an access list on page 206• Removing an access list assignment on page 207• Creating an IP access list on page 207• Removing an IP access list on page 208• Creating a Layer 2 access list on page 209• Removing a Layer 2 access list on page 210
Assigning ports to an access listAbout this taskAssign ports to an access list by performing this the procedure.
Command Line Interface Configuration
206 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
Assign ports to an access list by using the following command in Global Configurationmode.qos acl-assign port <port_list> acl-type {ip | l2} name <name>
Variable Definitions
Variable Valueport <port_list> Specifies the list of ports assigned to the specified access list.
acl-type {ip | l2} Specifies the type of access list used; IP or Layer 2.
name <name> Specifies the name of the access list to be used. Access listsmust be configured before ports can be assigned to them.
Removing an access list assignmentAbout this taskRemove an access list assignment by performing this procedure.
Procedure
Remove an access list assignment by using the following command from GlobalConfiguration mode.no qos acl-assign <aclassignid>
Creating an IP access listAbout this taskCreate an IP access list by performing this procedure.
Procedure
Create an access list by using the following procedure from Global Configurationmode.qos ip-acl name <name> [addr-type <addrtype>] [src-ip<source_ip>] [dst-ip <destination_ip>] [ds-field <dscp>][{protocol <protocol_type> | next_header <header>}] [src-port-min <port> src-port-max <port>] [dst-port-min <port> dst-port-
Configuring Access Lists
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 207
max <port>] [flow-id <flowid>] [drop-action {drop | pass}][update-dscp <0 - 63>] [update-1p <0 - 7>] [set-drop-prec {highdrop | low drop}] [block <block_name>]
Variable Definitions
Variable Valuename <name> Specifies the name assigned to this access list.
addr-type <addrtype> Specifies the IP address type to use for the access list.
src-ip <source_ip> Specifies the source IP address to use for this access list.
dst-ip <destination_ip> Specifies the destination IP address to use for this access list.
ds-field <dscp> Specifies the DSCP value to use for this access list.
{protocol <protocol_type>| next_header <header>}
Specifies the protocol type or IP header to use with this accesslist.
src-port-min <port> src-port-max <port>
Specifies the minimum and maximum source ports to use withthis access list. Both values must be specified.
dst-port-min <port> dst-port-max <port>
Specifies the minimum and maximum destination ports to usewith the access list. Both values must be specified.
flow-id <flowid> Specifies the flow ID to use with this access list.
drop-action {drop | pass} Specifies the drop action to use for this access list.
update-dscp <0 - 63> Specifies the DSCP value to update for this access list.
update-1p <0 - 7> Specifies the 802.1p value to update for this access list.
set-drop-prec {high drop |low drop}
Specifies the drop precedence to configure for this access list.
block <block_name> Specifies the block name to associate with the access list.
Removing an IP access listAbout this taskRemove an IP access list by performing this procedure.
Procedure
Remove an access list by using the following command from Global Configurationmode.
Command Line Interface Configuration
208 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
no qos ip-acl <aclid>
Creating a Layer 2 access listAbout this taskCreate a Layer 2 access list by performing this procedure.
Procedure
Create an access list by using the following command from Global Configurationmode.qos l2-acl name <name> [src-mac <source_mac_address>] [src-mac-mask <source_mac_address_mask>] [dst-mac<destination_mac_address>] [dst-mac-mask<destination_mac_address_mask>] [vlan-min <vid_min> vlan-max<vid_max>] [vlan-tag <vtag>] [ethertype <etype>] [priority<ieee1p_seq>] [drop-action {drop | pass}] [update-dscp <0 -63>] [update-1p <0 - 7>] [set-drop-prec {high-drop | low-drop}][block <block_name>]Note: Possible values for vlan-max are based on the binary value of vlan-min, and areobtained by replacing consecutive trailing zeros in this binary value with ones, startingat the right-most position. For example, if vlan-min = 200, then there are 4 possiblevalues for vlan-max: 11001000 (200) 11001001 (201) 11001011 (203) 11001111 (207)The value of vlan-max is vlan-min + 2n - 1, where n is the number of consecutive trailingzeros replaced.
Variable Definitions
Variable Valuename <name> Specifies the name assigned to this access list.
src-mac<source_mac_address>
Specifies the source MAC address to use for this access list.
src-mac-mask<source_mac_address_mask>
Specifies the source MAC address mask to use for this accesslist.
[dst-mac<destination_mac_address>]
Specifies the destination MAC address to use for this accesslist.
Configuring Access Lists
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 209
Variable Valuedst-mac-mask<destination_mac_address_mask>
Specifies the destination MAC address mask to use for thisaccess list.
vlan-min <vid_min> vlan-max <vid_max>
Specifies the minimum and maximum VLANs to use with thisaccess list. Both values must be specified.
vlan-tag <vtag> Specifies the VLAN tag to use with this access list.
ethertype <etype> Specifies the Ethernet protocol type to use with the accesslist.
priority <ieee1p_seq> Specifies the priority value to use with this access list.
drop-action {drop | pass} Specifies the drop action to use for this access list.
update-dscp <0 - 63> Specifies the DSCP value to update for this access list.
update-1p <0 - 7> Specifies the 802.1p value to update for this access list.
set-drop-prec {high-drop |low-drop}
Specifies the drop precedence to configure for this access list.
block <block_name> Specifies the block name to associate with the access list.
Removing a Layer 2 access listAbout this taskRemove a Layer 2 access list by performing this procedure.
Procedure
Remove an access list by using the following command from Global Configurationmode.no qos l2-acl <aclid>
Configuring Elements, Classifiers, and Classifier BlocksAbout this taskUse the CLI commands in this section to configure elements, classifiers, and classifierblocks.
Command Line Interface Configuration
210 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Navigation
• Configuring IP classifier element entries on page 211• Viewing IP classifier entries on page 212• Removing IP classifier entries on page 212• Adding Layer 2 elements on page 213• Viewing Layer 2 elements on page 214• Removing Layer 2 elements on page 214• Linking IP and L2 classifier elements on page 215• Removing classifier entries on page 215• Combining individual classifiers on page 216• Removing classifier block entries on page 217
Configuring IP classifier element entriesAbout this taskUse the following procedure to add and configure classifier entries.
Procedure
Add and configure classifier entries by using the following command from GlobalConfiguration mode.qos ip-element <cid> [addr-type <addrtype>] [ds-field <dscp>][dst-ip <dst-ip-info>] [dst-port-min <port>] [flow-id <flowid>][ip-flag <ip-flags>] [ipv4-options <no-opt | with-opt>] [next-header <nextheader>] [session-id] [src-ip <src-ip-info>] [src-port-min <port>] [tcp-control <tcp-flags>]
Variable Definitions
Variable Value<cid> Specifies the element ID, value ranges from 1–
55000.
addr-type <addrtype> Specifies the address type. Use the value ipv4 toindicate an IPv4 address or the value ipv6 to indicatean IPv6 address. The default value is ipv4.
ds-field <0-63> Specifies a 6-bit DSCP value; value ranges from 0–63.Default is ignore.
Configuring Elements, Classifiers, and Classifier Blocks
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 211
Variable Valuedst-ip <dst-ip-info> Specifies the source IP address and mask in the form
of a.b.c.d/x for IPv4, or x:x:x:x:x:x:x:x/z for IPv6.Default is 0.0.0.0.
dst-port-min <port> Specifies the L4 destination port minimum value.
flow-id <flowid> Specifies the IPv6 flow identifier.
ip-flag <ip-flags> Specifies the flags present in an IPv4 header.
ipv4-options <no-opt | with-opt> Specifies whether the Option field is present in thepacket header. Valid values are
• no-opt—indicates that only IPv4 packets withoutoptions will match this classifier element.
• with-opt—indicates that only IPv4 packets withoptions will match this classifier element.
next-header Specifies the IPv6 next header classifier criteria; rangeis 0–255.
src-ip <src-ip-info> Specifies the source IP address and mask in the formof a.b.c.d/x for IPv4, or x:x:x:x:x:x:x:x/z for IPv6.Default is 0.0.0.0.
session-id Specifies the session ID.
src-port-min <port> Specifies the L4 source port minimum value.
tcp-control <tcp-flags> Specifies the control flags present in an TCP header.
Viewing IP classifier entriesAbout this taskView IP classifier entries by performing this procedure.
Procedure
View IP classifier element entries by using the following commands from the PrivilegedEXEC Configuration mode.show qos ip-element [<1-65535>] [all] [system] [user]
Removing IP classifier entriesAbout this taskUse the following procedure to remove IP classifier entries.
Command Line Interface Configuration
212 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Note: An IP element that is referenced in a classifier cannot be deleted.
Procedure
Remove IP classifier entries by using the following command from GlobalConfiguration mode.no qos ip-element <1-55000>
Adding Layer 2 elementsAbout this taskUse the following procedure to add Layer 2 elements.
Note: A Layer 2 element referenced in a classifier cannot be deleted.
Procedure
Add Layer 2 elements by using the following command from the Global Configurationmode.qos l2-element <1-55000> [dst-mac <dst-mac>] [dst-mac-mask<dst-mac-mask>] [ethertype <etype>] [ivlan-min <vid-min>] [pkt-type <etherII | llc | snap>] [priority <ieee1p-seq>] [session-id <session-id>] [src-mac <src-mac>] [src-mac-mask <src-mac-mask>] [vlan-min <vid-min>] [vlan-tag <vtag>]
Variable Definitions
Variable Value<1-55000> Specifies the element ID; range is 1–55000.
dst-mac <dst-mac> Specifies the destination MAC element criteria.Valid format is H.H.H.
dst-mac-mask <dst-mac-mask> Specifies the destination MAC mask elementcriteria. Valid format is H.H.H.
ethertype <etype> Specifies the Ethernet type. Valid format is0xXXXX, for example, 0x0801. Default isignore.
ivlan-min <vid-min> Specifies the inner VLAN ID minimum valueelement criteria. Range is 1–4094.
pkt-type <etherII | llc | snap> Specifies the packet frame format.
Configuring Elements, Classifiers, and Classifier Blocks
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 213
Variable Value
• etherII—indicates that only Ethernet II formatframes match this classifier component.
• snap—indicates that only EEE 802 SNAPformat frames match this classifiercomponent.
• llc—indicates that only IEEE 802 LLC formatframes match this classifier component.
priority <ieee1p-seq> Specifies the 802.1p priority values; range from0–7 or all. Default is ignore.
session-id <session-id> Specifies the session ID.
src-mac <src-mac> Specifies the source MAC element criteria. Enterin the format H.H.H.
src-mac-mask <src-mac-mask> Specifies the source MAC mask element criteria.Valid format is H.H.H.
vlan-min <vid-min> Specifies the VLAN ID minimum value elementcriteria. Range is 1–4094.
vlan-tag <format> Specifies the packet format element criteria:
• untagged
• tagged
The default is Ignore.
Viewing Layer 2 elementsAbout this taskView Layer 2 elements by performing this procedure.
Procedure
View Layer 2 element entries by using the following commands from the PrivilegedEXEC Configuration mode.show qos l2-element [<1-65535>] [all] [system] [user]
Removing Layer 2 elementsAbout this taskUse the following procedure to delete Layer 2 element entries.
Command Line Interface Configuration
214 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
Delete element entries by using the following command from Global Configurationmode.no qos l2-element <1-55000>
Linking IP and L2 classifier elementsAbout this taskUse the following procedure to link IP and L2 classifier elements.
Note: A classifier that is referenced in a classifier block or installed policy cannot be deleted.
Procedure
Link elements by using the following command from Global Configuration mode.qos classifier <1-55000> set-id <1-55000> [name <WORD>]element-type {ip | l2 | system} element-id <1-55000>
Variable Definitions
Variable Valueclassifier <1-55000> Specifies the classifier ID; range is 1–55000.
set-id <1-55000> Specifies the classifier set ID; range is 1–55000.
name <WORD> Specifies the set label; maximum is 16 alphanumericcharacters.
element-type {ip| l2 |system} Specifies the element type; either ip or l2, or systemclassifier.
element-id <1-55000> Specifies the element ID; range is 1–55000.
Removing classifier entriesAbout this taskUse the following procedure to delete classifier entries.
Configuring Elements, Classifiers, and Classifier Blocks
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 215
Note: Each classifier can have only a single IP classifier element plus a single L2 classifierelement or system classifier element. However, a classifier can be created using only one IPclassifier element or only one L2 classifier element or only one system classifier element.
Procedure
Delete classifier entries by using the following command from Global Configurationmode.no qos classifier <1-55000>
Combining individual classifiersAbout this taskUse the following procedure to combine individual classifiers.
Note: A classifier block that is referenced in an installed policy cannot be deleted.
Procedure
Combine individual classifiers by using the following command from GlobalConfiguration mode.qos classifier-block <1-55000> block-number <1-55000> [name<WORD>]{set-id <1-55000> | set-name <WORD>} [{in-profile-action<1-55000> | in-profile-action-name <WORD>} | {meter <1-55000> |meter-name <WORD>}]
Variable Definitions
Variable Valueclassifier-block<1-55000> Specifies an the classifier block ID; range is 1–55000.
block-number <1-55000> Specifies the classifier block number; range is 1–55000.
name <WORD> Specifies the label for the classifier block; maximum is 16alphanumeric characters.
set-id <1-55000> Specifies the classifier set to be linked to the classifier block;range is 1–55000.
set-name <WORD> Specifies the classifier set name to be linked to the classifierblock; maximum is 16 alphanumeric characters.
in-profile-action<1-55000>
Specifies the in profile action to be linked to the filter block;range is 1–55000.
Command Line Interface Configuration
216 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Valuein-profile-action-name<WORD>
Specifies the in profile action name to be linked to the classifierblock; maximum is 16 alphanumeric characters.
meter <1-55000> Specifies the meter to be linked to the classifier block; rangeis 1–55000.
meter-name <WORD> Specifies the meter name to be linked to the classifier block;maximum is 16 alphanumeric characters.
Removing classifier block entriesAbout this taskUse the following procedure to delete classifier block entries.
Procedure
Delete classifier block entries by using the following command from GlobalConfiguration mode.no qos classifier-block <1-55000>
Configuring wired Quality of ServiceAbout this taskThis chapter discusses how to configure DiffServ and Quality of Service (QoS) parameters forpolicy-enabled networks.
Note: When the ignore value is used in QoS, the system matches all values for thatparameter.
Navigation
• Displaying QoS Parameters on page 218• Displaying QoS capability policy configuration on page 222• Configuring Access Lists on page 206• QoS Agent configuration on page 223• Configuring Default Buffering Capabilities on page 225• Configuring the CoS-to-Queue Assignments on page 226• Configuring QoS Interface Groups on page 227• Configuring DSCP and 802.1p and Queue Associations on page 229
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 217
• Configuring Elements, Classifiers, and Classifier Blocks on page 210• Configuring QoS system-element on page 232• Configuring QoS Actions on page 234• Configuring QoS Interface Action Extensions on page 236• Configuring QoS Meters on page 237• Configuring QoS Interface Shaper on page 239• Configuring QoS Policies on page 240• QoS Generic Filter set configuration on page 242• Configuring User Based Policies on page 244• Maintaining the QoS Agent on page 247• Configuring DoS Attack Prevention Package on page 251
Displaying QoS ParametersAbout this taskDisplay QoS parameters by performing this procedure.
Procedure
Display QoS parameters by using the following command from Privileged EXECmode.show qos { acl-assign <1 - 65535> | action [user | system | all| <1-65535>] | agent [details]| arp {spoofing [port] } | bpdu{blocker [port] } | capability [meter|shaper] | classifier[user | system | all | <1-65535>] | classifier-block [user |system | all |<1-65535> ] | dhcp {snooping [port] | spoofing[port] } | diag [unit] | dos {nachia [port] | sqlslam [port] |tcp-dnsport [port] | egressmap [ds| status]| if-action-extension [user | system | all | <1-65535>] | if-assign [port]| if-group | if-shaper [port] | ingressmap | ip-acl <1 - 65535>| ip-element [user | system | all | <1-65535>] | l2-acl <1 -65535> | l2-element [user | system | all | <1-65535>] | meter[user | system | all | <1-65535>] | nsna | policy [user | system| all | <1-65535>] | queue-set | queue-set-assignment |statistics <1-65535> | system-element [user | system | all |<1-65535>] | ubp | user-policy}
Command Line Interface Configuration
218 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Definitions
Variable Valueacl-assign <1 - 65535> Displays the specified access list assignment entry.
<1-65535>—Displays a particular entry.
action [<1-65535> | all |system | user]
Displays the base action entries. The applicable values are:
• <1-65535>—displays a particular entry.
• all—displays user-created, default, and system entries.
• system—displays only system entries.
• user—displays only user-created and default entries.
Default is all.
agent <details> Displays the global QoS parameters.details—displays the policy class support table.
arp spoofing Displays QoS ARP spoofing prevention settings. Thisparameter not available on 8100 Series.
bpdu blocker Displays QoS BPDU settings.blocker—displays QoS BPDU blocker settings.This parameter not available on 8100 Series.
capability [meter | shaper] Displays the current QoS meter and shaper capabilities ofeach interface. The applicable values are:
• meter—displays QoS port meter capabilities.
• shaper—displays QoS port shaper capabilities.
classifier [<1-65535> | all |system user]
Displays the classifier set entries. The applicable values are:
• <1-65535>—displays a particular entry.
• all—displays all user-created, default, and system entries.
• system—displays only system entries.
• user—displays only user-created and default entries.
Default is all.
classifier-block [<1-65535>| all | system | user]
Displays the classifier block entries. The applicable values are:
• <1-65535>—displays a particular entry.
• all—displays all user-created, default, and system entries.
• system—displays only system entries.
• user—displays only user-created and default entries.
Default is all.
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 219
Variable Valuedhcp [snooping | spoofing] Displays QoS DHCP settings. The applicable values are:
• snooping—displays QoS DHCP snooping settings.
• spoofing—displays QoS DHCP spoofing preventionsettings.
This parameter not available on 8100 Series.
diag [unit] Displays the diagnostics entries.unit <1-8>—displays diagnostic entries for particular unit
dos [nachia | sqlslam | tcp-dnsport | tcp-ftpport | tcp-synfinscan | xmas]
Displays QoS DoS settings. The applicable values are:
• nachia—displays QoS DoS Nachia settings.
• sqlslam—displays QoS DoS SQLSlam settings.
• tcp-dnsport—displays QoS DoS TCP DnsPort settings.
• tcp-ftpport—displays QoS DoS TCP FtpPort settings.
• tcp-synfinscan—displays QoS DoS TCP SynFinScansettings.
• xmas—displays QoS DoS Xmas settings.
This parameter not available on 8100 Series.
egressmap Displays the association between the DSCP and the 802.1ppriority and drop precedence.
if-action-extension[<1-65535> | all | system |user]
Displays the interface action extension entries. The applicablevalues are:
• <1-65535>—displays a particular entry.
• all—displays all user-created, default, and system entries.
• system—displays only system entries.
• user—displays only user-created and default entries.
Default is all.
if-assign [port] Displays the list of interface assignments.port—List of ports. Displays the configuration for particularports
if-group Displays the interface groups.
if-shaper [port] Displays the interface shaping parameters.port—List of ports. Displays the configuration for particularports
ingressmap Displays the 802.1p priority to DSCP mapping.
ip-acl <1 - 65535> Displays the specified IP access list assignment entry.
<1-65535>—displays a particular entry.
Command Line Interface Configuration
220 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Valueip-element [<1-65535> | all| system | user]
Displays the IP classifier element entries. The applicablevalues are:
• <1-65535>—displays a particular entry.
• all—displays all user-created, default, and system entries.
• system—displays only system entries.
• user—displays only user-created and default entries.
Default is all.
l2-acl <1 - 65535> Displays the specified Layer 2 access list assignment entry.
<1-65535>—displays a particular entry.
l2-element [<1-65535> | all| system | user]
Displays the Layer 2 classifier element entries. The applicablevalues are:
• <1-65535>—displays a particular entry.
• all—displays all user-created, default, and system entries.
• system—displays only system entries.
• user—displays only user-created and default entries.
Default is all.
meter [<1-65535> | all |system | user]
Displays the meter entries. The applicable values are:
• <1-65535>—displays a particular entry.
• all—displays all user-created, default, and system entries.
• system—displays only system entries.
• user—displays only user-created and default entries.
Default is all.
nsna [classifier | interface |name]
Displays QoS NSNA entries. The applicable values are:
• classifier—displays QoS NSNA classifier entries.
• interface—displays QoS NSNA interface entries.
• name—specifies the label to display a particular NSNAtemplate entry.
policy [<1-65535> | all |system | user]
Displays the policy entries. The applicable values are:
• <1-65535>—displays a particular entry.
• all—displays all user-created, default, and system entries.
• system—displays only system entries.
• user—displays only user-created and default entries.
Default is all.
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 221
Variable Valuequeue-set Displays the queue set configuration.
queue-set-assignment Displays the association between the 802.1p priority to that ofa specific queue.
statistics <1-65535> Displays the policy and filter statistics values.
<1-65535>—displays a particular entry.
system-element[<1-65535> | all | system |user]
Displays the system classifier element entries. The applicablevalues are:
• <1-65535>—displays a particular entry.
• all—displays all user-created, default, and system entries.
• system—displays only system entries.
• user—displays only user-created and default entries.
ubp [classifier | interface |name]
Displays QoS UBP entries. The applicable values are:
• classifier—displays QoS UBP classifier entries.
• interface—displays QoS UBP interface entries.
• name—specifies the label to display a particular UBPtemplate entry.
user-policy Displays QoS User Policy entries.
Displaying QoS capability policy configurationAbout this taskDisplay QoS meter and shaper capabilities for system ports by performing this procedure.
Procedure
Display QoS capability policy configuration by using the following command fromPrivileged EXEC mode:show qos capability {meter [port] | shaper [port]}
Command Line Interface Configuration
222 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Definitions
Variable Valuemeter [port] Displays granularity for committed rate, maximum committed
rate and maximum bucket that can be used on ports formeters.port—specifies list of ports. Displays the information forparticular ports
shaper [port] Displays granularity for committed rate, maximum committedrate and maximum bucket that can be used on ports forshapers.port—specifies list of ports. Displays the information forparticular ports
QoS Agent configurationAbout this taskThe CLI commands detailed in this section allow for the configuration and management of theQoS Agent.
Navigation
• Globally enabling and disabling QoS Agent support on page 223• Configuring a default queue set on page 224• Modifying default queue configuration on page 225
Globally enabling and disabling QoS Agent support
About this taskPerform this procedure to globally enable or disable QoS Agent support. The commands usedin this procedure are available in Global Configuration mode.
QoS Agent support is enabled by default. QoS Agent support cannot be disabled if QoSfunctionality is currently used by NSNA or UBP.
Procedure
1. Globally enable QoS Agent support using the following command:qos agent oper-mode [enable]OR
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 223
default qos agent [oper-mode]2. Globally disable QoS Agent support using the following commands:
qos agent oper-mode [disable]ORno qos agent oper-mode [enable]
Variable Definitions
Variable Valueenable Enables QoS Agent functionality for the system.
disable Disables QoS Agent functionality for the system.
Configuring a default queue set
About this taskUse the following procedure to specify the default queue set.
Note: The default qos agent command has the same result as the qos agent reset-defaultcommand.
Procedure
Configure the queue set by using the following command from Global Configurationmode.default qos agent [buffer | dos-attack-prevention | nt-mode |nvram-delay | queue-set | statistics-tracking | ubp]
Variable Definitions
Variable Valuebuffer Restores default QoS resource buffer allocation.
dos-attack-prevention Restores default QoS DoS Attack Prevention. This parameteris only available on the 5600 Series switch.
nt-mode Restores default QoS NT application traffic processing mode.
nvram-delay Restores default maximum time in seconds to writeconfiguration data to a nonvolatile storage.
queue-set Restores default QoS queue set.
statistics-tracking Restores default QoS statistics tracking support.
ubp Restores default QoS UBP support level.
Command Line Interface Configuration
224 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Job aid: Viewing the QoS agentAbout this taskThe following is an example for viewing the qos agent5530-24TFD(config)#show qos agent QoS Operational Mode: Enabled QoSNVRam Commit Delay: 10 seconds QoS Queue Set: 2 QoS Buffering: LargeQoS UBP Support Level: Low Security Local Data QoS Default StatisticsTracking: Aggregate QoS DOS Attack Prevention: Disabled Minimum TCPHeader Length: 20 Maximum IPv4 ICMP Length: 512 Maximum IPv6 ICMPLength: 512 QoS NT mode: Disabled
Modifying default queue configuration
About this taskUse the following procedure to modify the default queue configuration.
Note: The queue-set value sets the number of queues in a queue set for each port type. Thedefault value is 2.
Procedure
Modify the configuration by using the following command from Global Configurationmode.qos agent queue-set <1-8>
Configuring Default Buffering CapabilitiesAbout this taskUse the following CLI commands to display and modify the buffer allocation mode.
Navigation
• Configuring default QoS resource buffer on page 225• Modifying QoS resource buffer allocation on page 226
Configuring default QoS resource buffer
About this taskUse the following procedure to allocate the default QoS resource buffer.
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 225
Procedure
Restore the default the resource buffer by using the following command from GlobalConfiguration mode.default qos agent buffer
Modifying QoS resource buffer allocation
About this taskUse the following procedure to modify QoS resource buffer allocation.
Procedure
Modify resource buffer allocation by using the following command from GlobalConfiguration mode.qos agent buffer <regular | large | maximum>
Variable Definitions
Variable Valuebuffer Modifies the QoS resource buffer allocation. The
allowed buffer allocation modes for all QoS interfacesare as follows:
• regular
• large
• maximum
Note: The buffer mode determines the level of resourcesharing across interfaces sharing the same porthardware.
Configuring the CoS-to-Queue AssignmentsAbout this taskUse the following CLI commands to display and modify CoS-to-queue assignments.
Command Line Interface Configuration
226 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Configuring 802.1p priority values
About this taskUse the following procedure to associate the 802.1p priority values with a specific queue withina specific queue set. This association determines the egress scheduling treatment that trafficwith a specific 802.1p priority value receives.
Procedure
Configure priority values by using the following command from Global Configurationmode.qos queue-set-assignment queue-set <1-56> 1p <0-7> queue <1-8>
Variable Definitions
Variable Valuequeue-set <1-56> Specifies the queue-set, value ranges from 1–56.
1p <0-7> Specifies the 802.1p priority value for which the queueassociation is being modified; value ranges from 0–7.
queue <1-8> Specifies the queue within the identified queue set to assign the802.1p priority traffic at egress, value ranges from 1–8.
Configuring QoS Interface GroupsAbout this taskUse the CLI commands in this section to add or delete ports to or from an interface group, oradd or delete the interface groups themselves.
Navigation
• Configuring ports for an interface group on page 227• Removing ports from an interface group on page 228• Creating an interface group on page 228• Removing an interface group on page 229
Configuring ports for an interface group
About this taskUse the following procedure to add ports to a defined interface group.
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 227
Note: The system automatically removes the port from an existing interface group to assign itto a new interface group.
Procedure
Add ports by using the following command from Interface Configuration mode.qos if-assign [port <portlist>] name [<WORD>]
Variable Definitions
Variable Valueport <portlist> Specifies the ports to add to interface group.
name <WORD> Specifies name of interface group.
Removing ports from an interface group
About this taskUse the following procedure to delete ports from a defined interface group.
Note: Ports not associated with an interface are considered QoS-disabled and may not haveQoS operations applied until assigned to an interface group.
Procedure
Delete ports by using the following command from Interface Configuration mode.no qos if-assign [port <portlist>]
Creating an interface group
About this taskUse the following procedure to create interface groups.
Procedure
Create interface groups by using the following command from Global Configurationmode.qos if-group name <WORD> class <trusted | untrusted |unrestricted>
Command Line Interface Configuration
228 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Definitions
Variable Valuename <WORD> Specifies the name of the interface group; maximum is 32 US-
ASCII. Name must begin with a letter a..z or A..Z.
class <trusted | untrusted| unrestricted>
Defines a new interface group and specifies the class of trafficreceived on interfaces associated with this interface group:
• trusted
• untrusted
• unrestricted
Removing an interface group
About this taskUse the following procedure to delete interface groups.
Note 1: An interface group referenced by an installed policy cannot be deleted.
Note 2: An interface group associated with ports cannot be deleted.
Procedure
Delete interface groups by using the following command from Global Configurationmode.no qos if-group name <WORD>
Configuring DSCP and 802.1p and Queue AssociationsAbout this taskThis section contains procedures used to configure DSCP, 802.1p priority and queue setassociations.
Navigation
• Configuring DSCP to 802.1p priority on page 230• Restoring egress mapping entries to default on page 230• Configuring 802.1p priority to DSCP on page 231• Restoring ingress mapping entries to default on page 231
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 229
Configuring DSCP to 802.1p priority
About this taskUse the following procedure to configure DSCP-to-802.1p priority and drop precedenceassociations that are used for assigning these values at packet egress, based on the DSCPin the received packet.
Procedure
Configure priority by using the following command from Global Configuration mode.qos egressmap [name <WORD>] ds <0-63> 1p <0-7> dp <low-drop |high-drop>
Variable Definitions
Variable Valuename <WORD> Specifies the label for the egress mapping.
ds <0-63> Specifies the DSCP value used as a lookup key for 802.1ppriority and drop precedence at egress when appropriate; rangeis between 0 and 63.
1p <0-7> Specifies the 802.1p priority value associated with the DSCP;range is between 0 and 7.
dp <low-drop | high-drop> Specifies the drop precedence values associated with theDSCP:
• low-drop
• high-drop
Restoring egress mapping entries to default
About this taskUse the following procedure to reset the egress mapping entries to factory default values.
Procedure
Reset the entries by using the following command from Global Configuration mode.default qos egressmap
Command Line Interface Configuration
230 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Configuring 802.1p priority to DSCP
About this taskUse the following procedure to configure 802.1p priority-to-DSCP associations that are usedfor assigning default values at packet ingress based on the 802.1p value in the ingressingpacket.
Procedure
Configure priority by using the following command from Global Configuration mode.qos ingressmap [name <WORD>] 1p <0-7> ds <0-63>
Variable Definitions
Variable Valuename <WORD> Specifies the label for the ingress mapping.
1p <0-7> Specifies the 802.1p priority used as lookup key for DSCPassignment at ingress; range is between 0 and 7.
ds <0-63> Specifies the DSCP value associated with the target 802.1ppriority; range is between 0 and 63.
Restoring ingress mapping entries to default
About this taskUse the following procedure to reset the ingress mapping entries to factory default values.
Procedure
Reset the entries by using the following command from Global Configuration mode.default qos ingressmap
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 231
Configuring QoS system-elementAbout this taskNavigation
• Configuring system classifier element parameters on page 232• Viewing system classifier elements parameters on page 233• Removing system classifier element entries on page 233
Configuring system classifier element parameters
About this taskUse the following procedure to configure system classifier element parameters that may beused in QoS policies.
Procedure
Configure system classifier element parameters by using the following command fromGlobal Configuration mode.qos system-element <1-55000> [known-mcast | unknown-mcast |unknown-ucast] [pattern-format {tagged | untagged}] [pattern-ip-version {ipv4 | ipv6 | non-ip}] [pattern-data <WORD>pattern-mask <WORD>] [session-id]
Variable Definitions
Variable Value<1-55000> Specifies the system classifier element entry id; range
is 1–55000.
known-mcast Specifies the filter on known multicast destinationaddress.
unknown-mcast Specifies the filter on unknown multicast destinationaddress.
unknown-ucast Specifies the Filter on unknown unicast destinationaddress.
pattern-format { tagged | untagged } Specifies the format of data/mask pattern. Specifiesthe available values are:
Command Line Interface Configuration
232 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Value
• tagged— Data/mask pattern describes a taggedpacket
• untagged—Data/mask pattern describes anuntagged packet
pattern-data <WORD> Specifies the byte pattern data to filter on.Note: The format of the WORD string is in the form ofXX:XX:XX:....:XX.
pattern-mask <WORD> Specifies the byte pattern mask to filter on.Note: The format of the WORD string is in the form ofXX:XX:XX:....:XX.
pattern-ip-version Specifies the IP version of the pattern data or mask.
• ipv4—Filter IPv4 Header
• ipv6—Filter IPv6 Header
• non-ip—Filter non-ip packets
session-id Specifies the session ID.
Viewing system classifier elements parameters
About this taskView system classifier elements parameters by performing this procedure.
Procedure
View system classifier elements parameters by using the following commands fromthe Privileged EXEC Configuration mode.show qos system-element [<1-65535>] [all] [system] [user]
Removing system classifier element entries
About this taskUse the following procedure to remove system classifier element entries.
Procedure
Remove system classifier element entries by using the following command from GlobalConfiguration mode.
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 233
no qos system-element <1-55000>
Configuring QoS ActionsAbout this taskThe configuration of QoS actions directs the WC 8180 to take specific action on each packet.This section covers the following CLI commands.
Navigation
• Creating and updating QoS actions on page 234• Removing QoS actions on page 235
Creating and updating QoS actions
About this taskUse the following procedure to create and update QoS actions.
Note: Certain options can be restricted based on the policy associated with the specific action.An action that is referenced in a meter or an installed policy cannot be deleted.
Procedure
Create or update QoS actions by using the following command from GlobalConfiguration mode.qos action <10-55000> [name <WORD>] [drop-action <enable |disable | deferred-pass>] [update-dscp <0-63>] [update-1p{<0-7> | use-tos-prec | use-egress}] [set-drop-prec <low-drop |high-drop>] [action-ext <1-55000> | action-ext-name <WORD>]
Variable Definitions
Variable Value<10-55000> Specifies the QoS action; range is 10–55000.
name <WORD> Assigns a name to a QoS action with the designated actionID. Enter the name for the action; maximum is 16alphanumeric characters
drop-action<enable | disable| deferred-pass>
Specifies whether packets are dropped or not:
Command Line Interface Configuration
234 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Value
• enable—drop the traffic flow
• disable—do not drop the traffic flow
• deferred-pass—traffic flow decision deferred to otherinstalled policies
Default is deferred pass.Note: If you omit this parameter, the default value applies.
update-dscp <0-63> Specifies whether DSCP value are updated or leftunchanged; unchanged equals ignore. Enter the 6-bit DSCPvalue; range is 0 to 63.Default is ignore.
update-1p<0-7> Specifies whether 802.1p priority value are updated or leftunchanged; unchanged equals ignore:
• ieee1p—enter the value you want; range is 0 to 7
• use-egress—uses the egress map to assign value
• use-tos-prec—uses the type of service precedence toassign value.
Default is ignore.Note: Requires specification of update-dscp value.
set-drop-prec <low-drop |high-drop>
Specifies the drop precedence value:
• low-drop
• high-drop
Default is low-drop.
action-ext <1-55000> Specifies the action extension; range is 1–55000.
action-ext-name <WORD> Specifies a label for the action extension; maximum is 16alphanumeric characters.
Removing QoS actions
About this taskUse the following procedure to delete QoS action entries.
Note: An action cannot be deleted if referenced by a policy, classifier block, or meter.
Procedure
Delete QoS action entries by using the following command from Global Configurationmode.
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 235
no qos action <10-55000>
Configuring QoS Interface Action ExtensionsAbout this taskQoS interface action extensions direct the WC 8180 to take specific action on each packet.This section covers the following CLI commands.
Navigation
• Creating interface action extension entries on page 236• Removing interface action extension entries on page 237
Creating interface action extension entries
About this taskUse the following procedure to create interface action extension entries.
Note: An interface extension that is referenced in an action entry cannot be deleted.
Procedure
Create interface action extension entries by using the following command from GlobalConfiguration mode.qos if-action-extension <1-55000> [name <WORD>] {egress-ucast<port> | egress-non-ucast <port>}
Variable Definitions
Variable Value<1-55000> Specifies the QoS action. The range is 1–55000
name <WORD> Assigns a name to a QoS action with the designatedaction ID. Enter the name for the action; maximum is16 alphanumeric characters
egress-ucast <port> | egress-non-ucast <port>
Specifies redirection of unicast/non-unicast tospecified port.
Command Line Interface Configuration
236 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Removing interface action extension entries
About this taskUse the following procedure to remove interface action extension entries.
Procedure
Remove interface action extension entries by using the following command fromGlobal Configuration mode.no qos if-action-extension <1-55000>
Configuring QoS MetersAbout this taskUse the following CLI commands to set the meters, if you want to meter or police the traffic,configure the committed rate, burst rate, and burst duration.
Navigation
• Creating QoS meter entries on page 237• Removing QoS meter entries on page 238
Creating QoS meter entries
About this taskUse the following procedure to create QoS meter entries.
Procedure
Create QoS meter entries by using the following command from Global Configurationmode.qos meter <1-55000> [name <WORD>] committed-rate <64-10230000>{burst-size <burst-size> max-burst-rate <64-4294967295> [max-burst-duration <1-4294967295>]} {in-profile-action <1-55000> |in-profile-action-name <WORD>} {out-profile-action <1,9-55000>| out-profile-action-name <WORD>}
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 237
Variable Definitions
Variable Value<1-55000> Specifies the QoS meter; range is 1–55000.
name <WORD> Specifies name for meter; maximum is 16alphanumeric characters.
committed-rate <64-10230000> Specifies rate that traffic must not exceed for extendedperiods to be considered in-profile. Enter the rate inKb/s for in-profile traffic in increments of 1000 Kbits/sec; range is 64 to 10230000 Kbits/sec.
burst-size <4,8,16,...,16384> Committed burst size in Kilobytes. The value range is:4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, 4096,8192, 16384.
max-burst-rate <64-4294967295> Specifies the largest burst of traffic that can bereceived a given time for the traffic to be consideredin-profile. Used in calculating the committed burst size.Enter the burst size in Kb/s for in-profile traffic; rangeis 64 to 4294967295 Kbits/sec.
max-burst-duration<1-4294967295>
Specifies the amount of time that the largest burst oftraffic that can be received for the traffic to beconsidered in-profile. Used in calculating thecommitted burst size. Enter the burst duration in msfor in-profile traffic; range is 1–4294967295 ms.
in-profile-action <1-55000> Specifies the in-profile action ID; range is 1–55000.
in-profile-action-name <WORD> Specifies the in-profile action name.
out-profile-action <1,9-55000> Specifies the out-of-profile action ID; range is 1,9 to55000.
out-profile-action-name <word> Specifies the out of profile action name.
Removing QoS meter entries
About this taskUse the following procedure to delete QoS meter entries.
Note: A meter that is referenced in an installed policy or classifier block cannot be deleted.
Procedure
Remove QoS meter entries by using the following command from Global Configurationmode.no qos meter <1-55000>
Command Line Interface Configuration
238 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Configuring QoS Interface ShaperAbout this taskNavigation
• Configuring interface shaping on page 239• Disabling interface shaping on page 240
Configuring interface shaping
About this taskUse the following procedure to configure interface shaping.
Procedure
Configure interface shaping by using the following command from InterfaceConfiguration mode.qos if-shaper [port <portlist>] [name <WORD>] shape-rate<64-10230000> {burst-size <burst-size> max-burst-rate<64-4294967295> [max-burst-duration <1-4294967295>]}
Variable Definitions
Variable Valueburst-size <4,8,16, ..., 16384> Specifies the committed burst size in Kilobytes. The
value range is: 4, 8, 16, 32, 64, 128, 256, 512, 1024,2048, 4096, 8192, 16384.
port <portlist> Specifies the ports to configure shaping parameters.
name <WORD> Specifies name for if-shaper; maximum is 16alphanumeric characters.
shape-rate <64-10230000> Specifies the shaping rate in kilobits/sec; range is64-10230000 kilobits/sec.
max-burst-rate <64-4294967295> Specifies the largest burst of traffic that can bereceived a given time for the traffic to be consideredin-profile. Used in calculating the committed burst size.Enter the burst size in Kb/s for in-profile traffic; rangeis 64 to 4294967295 Kbits/sec.
max-burst-duration<1-4294967295>
Specifies the amount of time that the largest burst oftraffic that can be received for the traffic to beconsidered in-profile. Used in calculating the
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 239
Variable Valuecommitted burst size. Enter the burst duration in msfor in-profile traffic; range is 1–4294967295 ms.
Disabling interface shaping
About this taskUse the following procedure to disable interface shaping.
Procedure
Disable interface shaping by using the following command from Interface Configurationmode.no qos if-shaper [port <portlist>]
Configuring QoS PoliciesAbout this taskUse the following CLI commands to configure QoS policies.
Navigation
• Configuring QoS policies on page 240• Removing QoS policies on page 242
Configuring QoS policies
About this taskUse the following procedure to create and configure QoS policies.
Note: All components associated with a policy, including the interface group, element,classifier, classifier block, action, and meter, must be defined before referencing thosecomponents in a policy.
Procedure
Create a QoS policy by using the following command from Global Configurationmode.qos policy <1-55000> {enable|disable [name <WORD>] {port<port_list> | if-group <WORD>} clfr-type {classifier | block}{clfr-id <1-55000> | clfr-name <WORD>} {{in-profile-action<1-55000> | in-profile-action-name <WORD>} | meter <1-55000> |meter-name <WORD>}} [non-match-action <1-55000> | non-match-
Command Line Interface Configuration
240 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
action-name <WORD>] precedence <1-15> [track-statistics<individual | aggregate>]}
Variable Definitions
Variable Value<1-55000> Specifies the QoS policy; range is 1–55000.
enable|disable Enables or disables the QoS policy.
name <WORD> Specifies the name for the policy; maximum is 16alphanumeric characters.
port <portlist> Specifies the ports to which to directly apply thispolicy.
if-group <WORD> Specifies the interface group name to which this policyapplies; maximum number of characters is 32 US-ASCII. The group name must begin with a letter withinthe range a..z or A..Z.
clfr-type <classifier | block> Specifies the classifier type; classifier or block.
clfr-id <1-55000> Specifies the classifier ID; range is 1–55000.
clfr-name <WORD> Specifies the classifier name or classifier block name;maximum is 16 alphanumeric characters.
in-profile-action <1-55000> Specifies the action ID for in-profile traffic; range is 1–55000.
in-profile-action-name <WORD> Specifies the action name for in-profile traffic;maximum is 16 alphanumeric characters.
meter <1-55000> Specifies meter ID associated with this policy; rangeis 1–55000.
meter-name <WORD> Specifies the meter name associated with this policy;maximum of 16 alphanumeric characters.
non-match-action <1-55000> Specifies the action ID for non-match traffic; range is1–55000. This parameter is not applicable to 5600Series switches.
non-match-action-name <WORD> Specifies the action name for non-match traffic;maximum is 16 alphanumeric characters.
precedence <1-15> Specifies the precedence of this policy in relation toother policies associated with the same interfacegroup. Enter precedence number; range is 1–15.Note: Policies with a lower precedence value areevaluated after policies with a higher precedencenumber. Evaluation goes from highest value tolowest.
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 241
Variable Valuetrack-statistics <individual |aggregate>
Specifies statistics tracking on this policy, either:
• individual—statistics on individual classifiers
• aggregate—aggregate statistics
Removing QoS policies
About this taskUse the following procedure to disable QoS policy entries. Policies can be enabled using theqos policy <policynum> enable command.
Procedure
Remove QoS policy entries by using the following command from Global Configurationmode.no qos policy <1-55000>
QoS Generic Filter set configurationAbout this taskThis section contains procedures used to configure and manipulate a generic filter set.
Navigation
• Configuring a traffic profile set on page 242• Deleting a classifier, classifier block, or an entire filter set on page 246• Viewing filter descriptions on page 247
Configuring a traffic profile set
About this taskConfigure a traffic profile set by performing the following procedure.
Procedure
Use the following command to configure a traffic profile classifier entry.qos traffic-profile set port <port> name <name> [commited-rate<64-10230000>] [drop-nm-action <drop | pass>] [enable]
Command Line Interface Configuration
242 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
This command is used in the Global Configuration mode.
Variable Definitions
Variable Valueport <port> Specifies the ports to apply the traffic profile
to.
name <name> Specifies the name of the traffic profile.
commited-rate <64-10230000> Specifies the committed rate in Kilobits persecond.
drop-nm-action <drop | pass> Specifies the action to take when the packetis nonmatching. This action is applied to alltraffic that was not previously matched by thespecified filtering data. Options are drop(packet is dropped) and pass (packet is notdropped).
enable Enables the traffic profile.
Deleting a classifier, classifier block, or an entire filter set
About this taskDelete a filter classifier or set by performing this procedure.
Procedure
1. Delete a Traffic Profile classifier by using the following command from the GlobalConfiguration mode.no qos traffic-profile classifier name <classifier-name>
2. Delete a Traffic Profile set by using the following command from the GlobalConfiguration mode.no qos traffic-profile set {name <name> | port <port>}
Viewing filter descriptions
About this taskView filter descriptions by performing this procedure.
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 243
Procedure
1. View classifier entries by using the following commands from the Privileged EXECConfiguration mode.show qos traffic-profile classifierORshow qos traffic-profile classifier name <classifier name>
2. View the parameters for a specific set by using the following command from thePrivileged EXEC Configuration mode.show qos traffic-profile set <set name> port <port>
3. View ports and the filter sets assigned to those ports by using the followingcommand from the Privileged EXEC Configuration mode.show qos traffic-profile interface
Configuring User Based PoliciesAbout this taskUse the following procedure to configure User Based Policies.
Procedure
Configure User Based Policies by using the following command from the Globalconfiguration mode.qos ubpNote: To modify an entry in a filter set, you must delete the entry and add a new entrywith the desired modifications.
Variable Definitions
Variable Valueclassifier name [addr-type {ipv4|ipv6}] [block] [drop-action] [ds-field][dst-ip] [dst-mac] [dst-port-min][ethertype] [eval-order] [flow-id][next-header] [priority] [protocol][set-drop-prec] [src-ip] [src-mac][src-port-min] [update-1p] [update-dscp] [vlan-min] [ vlan-tag]
Creates the User Based Policy classifier entry.Optional parameters:
• addr-type {ipv4|ipv6} specifies the type of IP addressused by this classifier entry. The type is limited toIPv4 and IPv6 addresses.
• block specifies the label to identify access listelements that are of the same block.
Command Line Interface Configuration
244 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Value
• drop-action specifies whether or not to drop non-conforming traffic.
• ds-field specifies the value for the DiffServCodepoint (DSCP) in a packet.
• dst-ip specifies the IP address to match against thedestination IP address of a packet.
• dst-mac specifies the MAC address against whichthe MAC destination address of incoming packets iscompared.
• dst-port-min specifies the minimum value for thelayer 4 destination port number in a packet. dst-port-max must be terminated prior to configuringthis parameter.
• ethertype specifies a value indicating the version ofEthernet protocol being used.
• eval-order specifies the evaluation order for allelements with the same name.
• flow-id specifies the flow identifier for IPv6 packets.
• next-header specifies the IPv6 next-header value.Values are in the range 0-255.
• priority specifies a value for the 802.1p userpriority.
• protocol specifies the IPv4 protocol value.
• set-drop-prec specifies drop precendence
• src-ip specifies the IP address to match against thesource IP address of a packet.
• src-mac specifies the MAC source address ofincoming packets.
• src-port-min specifies the minimum value for theLayer 4 source port number in a packet. src-port-max must be terminated prior to configuringthis parameter.
• update-1p specifies an 802.1p value used to updateuser priority.
• update-dscp specifies a value used to update theDSCP field in an IPv4 packet.
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 245
Variable Value
• vlan-min specifies the minimum value for the VLANID in a packet. vlan-max must be terminated priorto configuring this parameter.
• vlan-tag specifies the type of VLAN tagging in apacket.
set name [commited-rate] [drop-nm-action] [drop-out-action] [max-burst-rate] [max-burst-duration][update-dscp-out-action] [set-priority]
Creates the User Based Policy set.Optional parameters:
• commited-rate specifies the commited rate inKbps.
• drop-nm-action specifies the action to take when thepacket is non-matching. This action is applied to alltraffic that was not previously matched by thespecified filtering data. Options are enable (packetis dropped) and disable (packet is not dropped).
• drop-out-action specifies the action to take when apacket is out-of-profile. This action is only applied ifmetering is being enforced, and if the traffic isdeemed out of profile based on the level of traffic andthe metering criteria. Options are enable (packetis dropped) and disable (packet is not dropped).
• max-burst-rate specifies the maximum number ofbytes allowed in a single transmission burst.
• max-burst-duration specifies the maximum burstduration in milliseconds.
• update-dscp-out-action specifies an updated DSCPvalue for an IPv4 packet for out of profile traffic..
• set-priority specifies the priority level of this filterset.
Deleting a classifier, classifier block, or an entire filter set
About this taskUse the following procedure to delete a classifier, classifier block, or filter set.
Note: You cannot reset QoS defaults if the EAP/NEAP UBP support references a QoS UBPfilter set.
Procedure
1. Delete an entire filter set by using the following command from the Globalconfiguration mode.
Command Line Interface Configuration
246 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
no qos ubp name <filter name>Note: You cannot delete a filter set while it is in use.
2. Delete a classifier by using the following command from the Global configurationmode.no qos ubp name <filter name> eval-order <value>
Viewing filter descriptions
About this taskUse the following procedure to view User-based Policy filter parameters, view parameters fora specific filter set, view ports and associated filter sets, and view classifier entries.
Procedure
1. View User Based Policy filter parameters by using the following command from thePrivileged EXEC configuration mode.show qos ubp
2. View the parameters for a specific filter set by using the following command fromthe Privileged EXEC configuration mode.show qos ubp name <filter name>
3. View ports and the filter sets assigned to those ports by using the followingcommand from the Privileged EXEC configuration mode.show qos ubp interface
4. View classifier entries by using the following command from the Privileged EXECconfiguration mode.show qos ubp classifier
Maintaining the QoS AgentAbout this taskUse the following CLI commands to maintain the QoS agent.
Navigation
• Resetting QoS to factory default state on page 248• Configuring QOS NT mode on page 248• Configuring QoS UBP support on page 249• Configuring QoS statistics tracking type on page 249
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 247
• Configuring NVRAM delay on page 250• Resetting NVRAM delay to default on page 250• Resetting the QoS agent on page 250
Resetting QoS to factory default state
About this taskUse the following procedure to delete all user-defined entries, remove all installed policies, andreset the system to its QoS factory default values.
Note 1: You cannot reset QoS defaults if the NSNA application references a QoS NSNA filterset.
Note 2: You cannot reset QoS defaults if the EAP/NEAP UBP support references a QoS UBPfilter set.
Procedure
Reset QoS to factory defaults by using the following command from GlobalConfiguration mode.qos agent reset-default
Configuring QOS NT mode
About this taskThis procedure describes how to configure the QoS Agent NT mode.
Procedure
Configure QoS NT mode by using the following command from Global Configurationmode.qos agent nt-mode [pure|mixed|disabled]
Variable Definitions
Variable Valuedisabled NT application traffic processing is disabled on all ports.
mixed NT application traffic processing enabled on all port with egress DSCPmapping.
pure NT application traffic processing enabled on all ports without egress DSCPmapping.
Command Line Interface Configuration
248 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Configuring QoS UBP support
About this taskUse the following procedure to configure the UBP support level.
Procedure
Configure the UBP support level by using the following command from GlobalConfiguration mode.qos agent ubp [disable|epm|high-security-local|low-security-local]
Variable Definitions
Variable Valuedisable QoS agent rejects information forwarded by other applications.
epm QoS Agent notifications generated for EPM based on userinformation forwarded by other applications.
high-security-local User may be rejected if resources needed to install the UBP filter setare not available.
low-security-local User may be accepted even if the UBP filter set could not beapplied.
Configuring QoS statistics tracking type
About this taskThis procedure describes the steps necessary to configure the type of statistics tracking usedwith QoS.
Procedure
Configure the QoS statistics tracking type by using the following command from GlobalConfiguration mode.qos agent statistics-tracking [aggregate|disable|individual]
Variable Definitions
Variable Valueaggregate Allocates a single statistics counter to track data for all classifiers
contained in the QoS policy being created.
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 249
Variable Valuedisable Disable statistics tracking.
individual Allocates individual statistics counters to track data for each classifiercontained in the QoS policy being created.
Configuring NVRAM delay
About this taskUse the following procedure to specify the maximum amount of time, in seconds, before non-volatile QoS configuration is written to non-volatile storage. Delaying NVRAM access can beused to minimize file input and output. This can aid QoS agent efficiency if a large amount ofQoS data is being configured.
Procedure
Configure NVRAM delay by using the following command from Global Configurationmode.qos agent nvram-delay <0-604800>Default is 10 seconds.
Resetting NVRAM delay to default
About this taskUse the following procedure to reset the NVRAM delay time to factory default.
Procedure
Reset NVRAM delay to default by using the following command from GlobalConfiguration mode.default qos agent nvram-delay
Resetting the QoS agent
About this taskUse the following procedure to delete all user-defined entries, remove all installed policies, andreset the system to its QoS factory default values.
Command Line Interface Configuration
250 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
Reset the QoS agent by using the following command from Global Configurationmode.default qos agent
Configuring DoS Attack Prevention PackageAbout this taskThis section contains procedures used to configure the DoS Attack Prevention Package(DAPP). This feature is only applicable to the 8100 Series switch.
Navigation
• Enabling DAPP on page 251• Configuring DAPP status tracking on page 251• Configuring DAPP minimum TCP header size on page 252• Configuring DAPP maximum IPv4 ICMP length on page 252• Configuring DAPP maximum IPv6 ICMP length on page 252
Enabling DAPP
About this taskThis procedure describes the steps necessary to enable DAPP.
Procedure
Enable DAPP by using the following command from Global Configuration mode:[no] qos agent dos-attack-prevention enableUse the no form of this command to disable.
Configuring DAPP status tracking
About this taskThis procedure describes how to configure DAPP status tracking.
Note: If adequate resources are not available to enable this feature the command will fail.
Configuring wired Quality of Service
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 251
Procedure
Enable DAPP status tracking by using the following command from GlobalConfiguration mode:qos agent dos-attack-prevention status-tracking [enable | max-ipv4-icmp | max-ipv6-icmp | min-tcp-header]
Configuring DAPP maximum IPv6 ICMP lengthAbout this taskThis procedure describes how to set the maximum IPv6 ICMP length used by DAPP.
Procedure
Set the maximum IPv6 ICMP length by using the following command from GlobalConfiguration mode:qos agent dos-attack-prevention max-ipv6-icmp <0-16383>
Configuring DAPP minimum TCP header size
About this taskThis procedure describes how to set the minimum TCP header size used by DAPP.
Procedure
Set the minimum TCP header size by using the following command from GlobalConfiguration mode:qos agent dos-attack-prevention min-tcp-header <0-255>
Configuring DAPP maximum IPv4 ICMP length
About this taskThis procedure describes how to set the maximum IPv4 ICMP length used by DAPP.
Procedure
Set the maximum IPv4 ICMP length by using the following command from GlobalConfiguration mode:qos agent dos-attack-prevention max-ipv4-icmp <0-1023>
Command Line Interface Configuration
252 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Configuring ServiceabilityAbout this taskThis chapter describes the methods and procedures necessary to configure RMON andIPFIX.
Navigation
• Configuring RMON with the CLI on page 253• Configuring IPFIX using CLI on page 259
Configuring RMON with the CLIAbout this taskThis section describes the CLI commands used to configure and manage RMON.
Navigation
• Viewing RMON alarms on page 253• Viewing RMON events on page 254• Viewing RMON history on page 254• Viewing RMON statistics on page 254• Setting RMON alarms on page 255• Deleting RMON alarm table entries on page 256• Configuring RMON event log and traps on page 256• Deleting RMON event table entries on page 257• Configuring RMON history on page 257• Deleting RMON history table entries. on page 258• Configuring RMON statistics on page 258• Disabling RMON statistics on page 258
Viewing RMON alarms
About this taskUse the following procedure to view RMON alarms.
Configuring Serviceability
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 253
Procedure
1. Enter Privileged Executive mode.
2. Use the show rmon alarm command to display information about RMONalarms.
Viewing RMON events
About this taskUse the following procedure to display information regarding RMON events.
Procedure
1. Enter Privileged Executive mode.
2. Enter the show rmon event command.
Viewing RMON history
About this taskUse this procedure to display information regarding the configuration of RMON history.
Procedure
1. Enter Privileged Executive mode.
2. Enter the show rmon history [<port>] command.
Variable Definitions
Variable Definition<port> The specified port number for which RMON
history settings is displayed.
Viewing RMON statistics
About this taskUse the following procedure to display information regarding the configuration of RMONstatistics.
Command Line Interface Configuration
254 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
1. Enter Privileged Executive mode.
2. Enter the show rmon stats command.
Setting RMON alarms
About this taskUse the following procedure to set
Procedure
1. Enter Global Configuration mode.
2. Enter the rmon alarm <1-65535> <WORD> <1-2147483647> {absolute |delta} rising-threshold <-2147483648-2147483647> [<1-65535>]falling-threshold <-2147483648-2147483647> [<1-65535>][owner <LINE>] command.
Variable Definitions
Parameter Description<1-65535> Unique index for the alarm entry.
<WORD> The MIB object to be monitored. This object identifier can be anEnglish name.
<1-2147483647> The sampling interval, in seconds.
absolute Use absolute values (value of the MIB object is compareddirectly with thresholds).
delta Use delta values (change in the value of the MIB object betweensamples is compared with thresholds).
rising-threshold<-2147483648-2147483647 > [<1-65535>]
The first integer value is the rising threshold value. The optionalsecond integer specifies the event entry to be triggered after therising threshold is crossed. If omitted, or if an invalid event entryis referenced, no event is triggered.
falling-threshold<-2147483648-2147483647 > [<1-65535>]
The first integer value is the falling threshold value. The optionalsecond integer specifies the event entry to be triggered after thefalling threshold is crossed. If omitted, or if an invalid event entryis referenced, no event is triggered.
[owner <LINE>] Specify an owner string to identify the alarm entry.
Configuring Serviceability
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 255
Deleting RMON alarm table entries
About this taskUse the following procedure to delete RMON alarm table entries.
Procedure
1. Enter Global Configuration mode.
2. Enter the no rmon alarm [<1-65535>] command.
Variable Definitions
Variable Definition[<1-65535>] The number assigned to the alarm. If no
number is selected, all RMON alarm tableentries are deleted.
Configuring RMON event log and traps
About this taskUse the following procedure to configure RMON event log and trap settings.
Procedure
1. Enter Global Configuration mode.
2. Enter the rmon event <1-65535> [log] [trap] [description <LINE>][owner <LINE>] command.
Variable Definitions
Parameter Description<1-65535> Unique index for the event entry.
[log] Record events in the log table.
[trap] Generate SNMP trap messages for events.
[description <LINE>] Specify a textual description for the event.
[owner <LINE>] Specify an owner string to identify the event entry.
Command Line Interface Configuration
256 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Deleting RMON event table entries
About this taskUse the following procedure to clear entries in the table.
Procedure
1. Enter Global Configuration mode.
2. Enter the no rmon event [<1-65535>] command to delete the entries.
Variable Definitions
Variable Definition[<1-65535>] Unique identifier of the event. If not given, all
table entries are deleted.
Configuring RMON history
About this taskUse the following procedure to configure RMON history settings.
Procedure
1. Enter Global Configuration mode.
2. Enter the rmon history <1-65535> <LINE> <1-65535> <1-3600>[owner <LINE>] command to configure the RMON history..
Variable Definitions
Parameter Description<1-65535> Unique index for the history entry.
<LINE> Specify the port number to be monitored.
<1-65535> The number of history buckets (records) to keep.
<1-3600> The sampling rate (how often a history sample is collected).
[owner <LINE>] Specify an owner string to identify the history entry.
Configuring Serviceability
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 257
Deleting RMON history table entries.
About this taskUse this procedure to delete RMON history table entries.
Procedure
1. Enter Global Configuration mode.
2. Enter the no rmon history [<1-65535>] command to delete the entries.
Variable Definitions
Variable Definition[<1-65535>] Unique identifier of the event. If not given, all
table entries are deleted.
Configuring RMON statistics
About this taskUse this procedure to configure RMON statistics settings.
Procedure
1. Enter Global Configuration mode.
2. Enter the rmon stats <1-65535> <LINE> [owner <LINE>] command toconfigure RMON statistics.
Variable Definitions
Parameter Description<1-65535> Unique index for the stats entry.
[owner <LINE>] Specify an owner string to identify the stats entry.
Disabling RMON statistics
About this taskUse this procedure to disable RMON statistics. If the variable is omitted, all entries in the tableare cleared.
Command Line Interface Configuration
258 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
1. Enter Global Configuration mode.
2. Enter the no rmon stats [<1-65535>] command to disable RMONstatistics.
Variable Definitions
Variable Definition<1-65535> Unique index for the statistics entry. If
omitted, all statistics are disabled.
Configuring IPFIX using CLIAbout this taskThis section describes the commands used in the configuration and management of IP FlowInformation Export (IPFIX) using the CLI.
Navigation
• Configuring IPFIX collectors on page 259• Enabling IPFIX globally on page 260• Configuring unit specific IPFIX on page 260• Enabling IPFIX on the interface on page 261• Enabling IPFIX export through ports on page 261• Deleting the IPFIX information for a port on page 262• Viewing the IPFIX table on page 262
Configuring IPFIX collectors
About this taskThe ip ipfix collector command is used to configure IPFIX collectors. IPFIX collectorsare used to collect and analyze data exported from an IPFIX compliant switch. In WLANRelease 1.1, the only external collector supported is NetQOS. At this time, up to two collectorscan be supported.
IPFIX data is exported from the switch in Netflow version 9 format. Data is exported using UDPport 9995.
IPFIX data is not load balanced when two collectors are in use. Identical information is sent toboth collectors.
Configuring Serviceability
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 259
Use the following procedure to configure the IPFIX collectors.
Procedure
1. Enter Global Configuration mode.
2. Use the ip ipfix collector <unit_number> <collector_ip_address>command to configure the IPFIX collector.
Variable Definitions
Parameter Description<unit_number> The unit number of the collector. Currently up to two collectors
are supported so the values 1 or 2 are valid.
<collector_ip_address> The IP address of the collector.
Enabling IPFIX globally
About this taskUse the following procedure to globally enable IPFIX on the switch.
Procedure
1. Enter Global Configuration mode.
2. Use the ip ipfix enable command to enable IPFIX on the switch.
Configuring unit specific IPFIX
About this taskUse the following command to configure unit specific IPFIX parameters.
Procedure
1. Enter Global Configuration mode.
2. Use the ip ipfix slot <unit_number> [aging-interval<aging_interval>] [export-interval <export_interval>][exporter-enable] [template-refresh-interval<template_refresh_interval>] [template-refresh-packets<template_refresh_packets>] command to enable IPFIX on the switch.
Command Line Interface Configuration
260 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Definitions
Parameter Description<unit_number> The unit number of the collector. Currently up to two collectors
are supported so the values 1 or 2 are valid.
<aging_interval> The IPFIX aging interval. This value is in seconds from 0 to2147400.
<export_interval> The IPFIX export interval. This interval is the value at whichIPFIX data is exported in seconds from 10 to 3600.
<template_refresh_interval>
The IPFIX template refresh interval. This value is in secondsfrom 300 to 3600.
<template_refresh_packets>
The IPFIX template refresh packet setting. This value is thenumber of packets from 10000 - 100000.
Enabling IPFIX on the interface
About this taskUse the following procedure to enable IPFIX on the interface.
Procedure
1. Enter Interface Configuration mode.
2. Use the ip ipfix enable command to enable IPFIX on the interface.
Enabling IPFIX export through ports
About this taskUse the following procedure to enable the ports exporting data through IPFIX.
Procedure
1. Enter Interface Configuration mode.
2. Use the ip ipfix port <port_list> command to enable IPFIX on theinterface.
Variable Definitions
Variable Definitionport-list Single or comma-separated list of ports.
Configuring Serviceability
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 261
Deleting the IPFIX information for a port
About this taskUse the following procedure to delete the collected IPFIX information for a port.
Procedure
1. Enter Privileged Executive mode.
2. Use the ip ipfix flush port <port_list> [export-and-flush]command to delete the collected IPFIX information for the port or ports.
Variable Definitions
Variable Definitionport-list Single or comma-separated list of ports.
export-and-flush Export data to a collector before it isdeleted.
Viewing the IPFIX table
About this taskUse the following procedure to display IPFIX data collected from the switch.
Procedure
1. Enter Privileged Executive mode.
2. Use the show ip ipfix table <unit_number> sort-by <sort_by>sort-order <sort_order> display <num_entries> command view theIPFIX data.
Variable Definitions
Variable Definition<unit_number> The unit number of the collector. Currently up to two collectors are
supported so the values 1 or 2 are valid.
<sort_by> The value on which the data is sorted. Valid options are:
• byte-count
• dest-addr
• first-pkt-time
Command Line Interface Configuration
262 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Definition
• last-pkt-time
• pkt-count
• port
• protocol
• source-addr
• TCP-UDP-dest-port
• TCP-UDP-src-port
• TOS
<sort_order> The order in which the data is sorted. Valid options are ascending anddescending.
<num_entries> The number of data rows to display. Valid options are:
• all
• top-10
• top-25
• top-50
• top-100
• top-200
Configuring diagnostics and graphingAbout this taskThis chapter describes the methods and procedures necessary to configure diagnostics andgraphing.
Navigation
• System diagnostics and statistics using CLI on page 263• Network monitoring configuration using CLI on page 267
System diagnostics and statistics using CLIAbout this taskThis chapter describes the procedures you can use to perform system diagnostics and gatherstatistics using CLI.
Configuring diagnostics and graphing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 263
Navigation
• Viewing port-statistics on page 264• Displaying port operational status on page 265• Validating port operational status on page 265• Showing port information on page 266
Viewing port-statistics
About this taskUse this procedure to view the statistics for the port on both received and transmitted traffic.
Procedure
1. Enter Global Configuration mode.
2. Enter the show port-statistics [port <portlist>] command.
Command Line Interface Configuration
264 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Definitions
Variable Definitionport <portlist> The ports to display statistics for. When no port list is
specified, all ports are shown.
Displaying port operational status
About this taskUse this procedure to display the port operational status.
Important:If you use a terminal with a width of greater than 80 characters, the output is displayed in atabular format.
Procedure
1. Enter Privileged Executive mode.
2. Enter the show interfaces [port list] verbose command. If you issuethe command with no parameters the port status is shown for all ports.
3. Observe the CLI output.
Validating port operational status
About this taskVLACP: Configure VLACP on port 1 from a 8100 series unit and on port 2 on 5000 series unit.Have a link between these 2 ports. When the show interfaces command is typed, VLACPstatus is up for port on the unit where the command is typed. Pull out the link from the otherswitch, VLACP status goes Down.
STP: After switch boots, type show interfaces command. STP Status is Listening (wait afew seconds and try again). STP Status becomes Learning.
After a while (15 seconds is the forward delay default value, only if you did not configure anothertime interval for STP forward delay), if you type show interfaces again, STP Status shouldbe forwarding.
Configuring diagnostics and graphing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 265
Showing port information
About this taskPerform this procedure to display port configuration information.
Procedure
1. Enter Privileged Executive mode.
2. Enter the show interfaces <portlist> config command.
3. Observe the CLI output.
Command Line Interface Configuration
266 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Network monitoring configuration using CLIAbout this taskThis section describes using CLI to view and configure network monitoring.
Navigation
• Viewing CPU utilization on page 268• Viewing memory utilization on page 268• Configuring the system log on page 269• Configuring remote logging on page 271• Configuring port mirroring on page 274• Displaying Many-to-Many port-mirroring on page 276• Configuring Many-to-Many port-mirroring on page 276• Disabling Many-to-Many port-mirroring on page 277
Configuring diagnostics and graphing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 267
Viewing CPU utilization
About this taskUse this procedure to view the CPU utilization
Procedure
1. Enter Privileged Executive mode.
2. Enter the show cpu-utilization command.
3. Observe the displayed information.
Viewing memory utilization
About this taskUse this procedure to view the memory utilization
Procedure
1. Enter Privileged Executive mode.
2. Enter the show memory-utilization command.
3. Observe the displayed information.
Command Line Interface Configuration
268 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Configuring the system log
About this taskThis section outlines the CLI commands used in the configuration and management of thesystem log.
Navigation
• Displaying the system log on page 269• Configuring the system log on page 269• Disabling the system log on page 270• Setting the system log to default on page 270• Clearing the system log on page 270
Displaying the system logAbout this taskUse this procedure to displays the configuration, and the current contents, of the system eventlog.
Procedure
Enter the show show logging [config] [critical] [serious][informational] [sort-reverse] command Privileged Executive mode.
Variable Definitions
Variable Valueconfig Display configuration of event logging.
critical Display critical log messages.
serious Display serious log messages.
informational Display informational log messages.
sort-reverse Display informational log messages in reversechronological order (beginning with most recent).
Configuring the system logAbout this taskUse this procedure to configure the system settings for the system event log.
Configuring diagnostics and graphing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 269
Procedure
Enter the logging [enable | disable] [level critical | serious |informational | none] [nv-level critical | serious | none]command Privileged Executive mode.
Variable Definitions
Variable Valueenable | disable Enables or disables the event log (default is
Enabled).
level critical | serious | informational| none
Specifies the level of logging stored in DRAM.
nv-level critical | serious | none Specifies the level of logging stored in NVRAM.
Disabling the system logAbout this taskUse this procedure to disable the system event log.
Procedure
Enter the no logging command in global configuration mode.
Setting the system log to defaultAbout this taskUse this procedure to default the system event log configuration.
Procedure
Enter the default logging command in global configuration mode.
Clearing the system logAbout this taskUse this procedure to clear all log messages in DRAM.
Procedure
Enter the clear logging system [non-volatile] [nv] [volatile]command in global configuration mode.
Command Line Interface Configuration
270 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Definitions
Variable Valuenon-volatile Clears log messages from NVRAM.
nv Clears log messages from NVRAM and DRAM.
volatile Clears log messages from DRAM.
Configuring remote logging
About this taskUse the CLI to configure remote logging. This section discusses the commands that enableremote logging.
Navigation
• Displaying logging on page 271• Enabling remote logging on page 271• Disabling remote logging on page 272• Setting the remote logging address on page 272• Clearing the remote server IP address on page 272• Setting the log severity on page 273• Resetting the severity level on page 273• Setting the default remote logging level on page 273
Displaying loggingAbout this taskUse this procedure to display the configuration and the current contents of the system eventlog.
Procedure
1. Enter Global Configuration mode.
2. Enter the show logging command to display the log.
Enabling remote loggingAbout this taskUse this procedure to enable remote logging. By default, remote logging is disabled.
Configuring diagnostics and graphing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 271
Procedure
1. Enter Global Configuration mode.
2. Enter the logging remote enable command to enable the use of a remotesyslog server.
Disabling remote loggingAbout this taskUse this procedure to disable remote logging.
Procedure
1. Enter Global Configuration mode.
2. Enter the no logging remote enable command to disable the use of a remotesyslog server.
Setting the remote logging addressAbout this taskUse this procedure to set the address of the remote server for the syslog.
Procedure
1. Enter Global Configuration mode.
2. Enter the logging remote address <A.B.C.D> command to disable the useof a remote syslog server.
Variable Definitions
Parameters and variables Description<A.B.C.D> Specifies the IP address of the remote server in
dotted-decimal notation. The default address is0.0.0.0.
Clearing the remote server IP addressAbout this taskUse this procedure to clear the IP address of the remote server.
Command Line Interface Configuration
272 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Procedure
1. Enter Global Configuration mode.
2. Enter the no logging remote address command to clear the IP address ofthe remote syslog server.
Setting the log severityAbout this taskUse this command to set the severity level of the logs sent to the remote server.
Procedure
1. Enter Global Configuration mode.
2. Enter the logging remote level {critical | informational |serious | none} command to set the severity level of the logs that will be sentto the server.
Variable Definitions
Parameters and variables Description{critical | serious | informational |none}
Specifies the severity level of the log messages to besent to the remote server:
• critical
• informational
• serious
• none
Resetting the severity levelAbout this taskUse this command to remove severity level setting
Procedure
1. Enter Global Configuration mode.
2. Enter the no logging remote level command to remove the severity level ofthe logs that will be sent to the server. The level is set to none.
Setting the default remote logging levelAbout this taskUse this procedure to set the remote logging level to default.
Configuring diagnostics and graphing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 273
Procedure
1. Enter Global Configuration mode.
2. Enter the default logging remote level command to sets the severity levelof the logs sent to the remote server. The default level is none.
Configuring port mirroring
About this taskPort mirroring can be configured with the CLI commands detailed in this section.
Navigation
• Displaying the port-mirroring configuration on page 274• Configure port-mirroring on page 274• Disabling port-mirroring on page 276
Displaying the port-mirroring configurationAbout this taskUse this procedure to display the existing port-mirroring configuration.
Procedure
1. Enter Privileged Executive mode.
2. Enter the show port-mirroring command to display the port-mirroringconfiguration.
Configure port-mirroringAbout this taskUse this procedure to set the port-mirroring configuration
Procedure
1. Enter Global Configuration mode.
2. Enter the port-mirroring mode {disable | Xrx monitor-port<portlist> mirror-ports <portlist> | Xtx monitor-port<portlist> mirror-ports <portlist> | ManytoOneRx monitor-port<portlist> mirror-ports <portlist> | ManytoOneTx monitor-port<portlist> mirror-port-X <portlist> | ManytoOneRxTx monitor-port <portlist> mirror-port-X <portlist> | XrxOrXtx monitor-port <portlist> mirror-port-X <portlist> | XrxOrYtx monitor-port <portlist> mirror-port-X <portlist> mirror-port-Y<portlist> | XrxYtxmonitor-port <portlist> mirror-port-X
Command Line Interface Configuration
274 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
<portlist> mirror-port-Y <portlist> | XrxYtxOrYrxXtx monitor-port <portlist> mirror-port-X <portlist> mirror-port-Y<portlist> | Asrc monitor-port <portlist> mirror-MAC-A<macaddr> | Adst monitor-port <portlist> mirror-MAC-A<macaddr> | AsrcOrAdst monitor-port <portlist> mirror-MAC-A<macaddr> | AsrcBdst monitor-port <portlist> mirror-MAC-A<macaddr> mirror-MAC-B <macaddr> | AsrcBdstOrBsrcAdstmonitor-port <portlist> mirror-MAC-A <macaddr> mirror-MAC-B<macaddr>} command to display the port-mirroring configuration.
Variable Definitions
Parameter Descriptiondisable Disables port-mirroring.
monitor-port Specifies the monitor port.
mirror-port-X Specifies the mirroring port X.
mirror-port-Y Specifies the mirroring port Y.
mirror-MAC-A Specifies the mirroring MAC address A.
mirror-MAC-B Specifies the mirroring MAC address B.
portlist Enter the port numbers.
ManytoOneRx Many to one port mirroring on ingress packets.
ManytoOneTx Many to one port mirroring on egress packets.
ManytoOneRxTx Many to one port mirroring on ingress and egresstraffic.
Xrx Mirror packets received on port X.
Xtx Mirror packets transmitted on port X.
XrxOrXtx Mirror packets received or transmitted on port X.
XrxYtx Mirror packets received on port X and transmitted onport Y. This mode is not recommended for mirroringbroadcast and multicast traffic.
XrxYtxOrXtxYrx Mirror packets received on port X and transmitted onport Y or packets received on port Y and transmittedon port X.
XrxOrYtx Mirror packets received on port X or transmitted onport Y.
macaddr Enter the MAC address in format H.H.H.
Asrc Mirror packets with source MAC address A.
Adst Mirror packets with destination MAC address A.
Configuring diagnostics and graphing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 275
Parameter DescriptionAsrcOrAdst Mirror packets with source or destination MAC
address A.
AsrcBdst Mirror packets with source MAC address A anddestination MAC address B.
AsrcBdstOrBsrcAdst Mirror packets with source MAC address A anddestination MAC address B or packets with sourceMAC address B and destination MAC address A.
Disabling port-mirroringAbout this taskUse this procedure to disable port-mirroring
Procedure
1. Enter Global Configuration mode
2. Enter the no port-mirroring command to disable port-mirroring.
Displaying Many-to-Many port-mirroringAbout this taskUse this procedure to display Many-to-Many port-mirroring settings
Procedure
1. Enter Privileged Executive mode
2. Enter the show port-mirroring command.
3. Observe the displayed information.
Configuring Many-to-Many port-mirroringAbout this taskUse this procedure to configure Many-to-Many port-mirroring
Procedure
1. Enter Global Configuration mode
2. Enter the port-mirroring <1-4> mode {disable | Adst | Asrc |AsrcBdst | AsrcBdstOrBsrcAdst | AsrcOrAdst | ManyToOneRx |ManyToOneRxTx | ManyToOneTx | Xrx | XrxOrXtx | XrxOrYtx |XrxYtx | XrxYtxOrYrxXtx | Xtx} command.
3. Enter the command from step 2 for up to four instances.
Command Line Interface Configuration
276 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
Variable Definitions
Variable Valuedisable Disable mirroring.
Adst Mirror packets with destination MAC addressA
Asrc Mirror packets with source MAC address A.
AsrcBdst Mirror packets with source MAC address Aand destination MAC address B.
AsrcBdstOrBsrcAdst Mirror packets with source MAC address Aand destination MAC address B or packetswith source MAC address B and destinationMAC address A.
AsrcOrAdst Mirror packets with source or destinationMAC address A.
ManyToOneRx Mirror many to one port mirroring on ingresspackets.
ManyToOneRxTx Mirror many to one port mirroring on ingressand egress packets.
ManyToOneTx Mirror many to one port mirroring on egresspackets.
Xrx Mirror packets received on port X.
XrxOrXtx Mirror packets received on port X andtransmitted on port Y.
XrxYtx Mirror packets received on port X andtransmitted on port Y.
XrxYtxOrYrxXtx Mirror packets received on port X andtransmitted on port Y or packets received onport Y and transmitted on port X.
Xtx Mirror packets received on port X ortransmitted on port Y
Disabling Many-to-Many port-mirroringAbout this taskUse this procedure to disable Many-to-Many port-mirroring
Configuring diagnostics and graphing
Avaya WLAN 8100 WC 8180 CLI Reference August 2011 277
Procedure
1. Enter Global Configuration mode
2. Enter the port-mirroring [<1-4>] mode disable or no port-mirroring [<1-4>] command to disable a specific instance.
3. Enter the no port-mirroring command to disable all instances.
Variable Definitions
Variable Definition<1-4> The port-mirroring instance.
Command Line Interface Configuration
278 Avaya WLAN 8100 WC 8180 CLI Reference August 2011Comments? infodev@avaya.com
top related