downloads.ins.dell.com - /manuals/all-products/esuprt ser stor net/esuprt networking/esuprt net wireless/
Index of /manuals/all-products/esuprt ser stor net/esuprt networking/esuprt net wireless/
Dell Networking W-Series ArubaOS 6.4.x
Command-Line Interface
Reference Guide
Copyright Information
© 2015 Aruba Networks, Inc. Aruba Networks trademarks include
, Aruba Networks®, Aruba
Wireless Networks®, the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management
System®. DellTM, the DELLTM logo, and PowerConnectTM are trademarks of Dell Inc.
All rights reserved. Specifications in this manual are subject to change without notice.
Originated in the USA. All other trademarks are the property of their respective owners.
Open Source Code
Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. Includes software from Litech Systems Design. The IF-MAP client library copyright 2011 Infoblox, Inc. All rights reserved. This product includes software developed by Lars Fenneberg, et al. The Open Source code used can be found at this site:
arubanetworks.com/open_source
Legal Notice
The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors' VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors.
0511698-00v1 | April 2015
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The ArubaOS Command-Line Interface
The Dell Networking W-Series ArubaOS 6.4.x command-line interface (CLI) allows you to configure and manage Dell controllers. The CLI is accessible from a local console connected to the serial port on the controllers or through a Telnet or Secure Shell (SSH) session from a remote management console or workstation.
Telnet access is disabled by default. To enable Telnet access, enter the telnet CLI command from a serial connection or an SSH session, or in the WebUI navigate to the Configuration > Management > General page.
What's New In ArubaOS 6.4.x
This section lists the commands introduced, modified, or deprecated in ArubaOS 6.4.x.
Commands in ArubaOS 6.4.3.0 New Commands
The following commands are introduced in ArubaOS 6.4.3.0:
Command aaa auth-survivability
Description This command configures authentication survivability on a controller.
amon msg-buffer-size
This command modifies the AMON packet size on the controller.
clear aaa auth-survivabilitycache
This command, introduced with this release, allows you to clear the data stored in the local Survival Server cache
crypto_local isakmp disableipcomp
This command disables IP compression on the master controller.
disable-whitelist-sync
This command disables whitelist synchronization with local or Cloud Services Controller on the master controller.
ip access-list route
This command configures an access control list (ACL) for policy-based packet routing.
ip nexthop-list
A next hop IP is the IP address of an adjacent router or device with layer-2 connectivity to the controller. Use this command to configure a next hop list, providing redundancy for the next hop devices by forwarding the traffic to a backup next hop device in case of failures.
ip probe
This command configures WAN health-check ping-probes for measuring WAN availability and latency.
pan-options
This command configures options to integrate a branch controller with a Palo Alto Networks (PAN) firewall
Dell Networking W-Series ArubaOS 6.4.x| User Guide
The ArubaOS Command-Line Interface | 3
Command routing-policy-map show ap debug radar-logs show ap debug radio-info show auth-survivability show branch show branch-config-group show branch-dhcp-pool show ip nexthop-list show local-userdb-branch
show log arm-user-debug show pan-gp show pan-options show wlan anyspot-profile wlan anyspot-profile
Description
This command associates a routing access control list (ACL) with a user role.
Displays the latest four RADAR event logs from the AP.
Displays the Wi-Fi radio debug logs from the AP driver.
This command displays the auth-survivability parameters that are configured in the local controller.
Shows configuration and DHCP address settings on a branch controller.
The output of this command shows configuration settings for a branch config group.
The output of this command shows a summary of DHCP pool information for branch controllers.
Display nexthop list settings for policy-based routing.
The output of this command lists the MAC address and assigned branch config group for branch controllers associated with that master.
This command displays a user's ARM debug logs.
This command displays Palo Alto Networks portal or gateway settings on a branch or local controller.
This command displays configured options to integrate a branch controller with a Palo Alto Networks (PAN) firewall.
The output of this command displays configuration settings for a WLAN anyspot profile.
This command configures the anyspot client probe suppression feature, which decreases network traffic by suppressing probe requests from clients attempting to locate and connect to other known networks.
Modified Commands
The following commands are modified in ArubaOS 6.4.3.0:
4 | The ArubaOS Command-Line Interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command aaa profile aaa authentication-server radius
activate airgroup airgroupservice ap system-profile
clear
cp-bandwidth-contract interface fastethernet | gigabitethernet
Description
The max-ip parameter is introduced.
The following parameters are introduced: l cppm l enable-radsec l radsec-client-cert-name l radsec-port l radsec-trusted-cacert-name l radsec-trusted-servercert-name
The sync parameter is introduced.
The policy parameter is introduced.
The autoassociate parameter is introduced.
The following new parameters are introduced: l ap-arp-attack-protection l mcast-aggr l mcast-aggr-allowed-vlan l ap-usb-power-override l shell-passwd l bkup-band l bkup-mode l bkup-password l ble-token l ble-url
l The clear counter tunnel interface limit was changed from 2147483647 to 16777215.
l The cli-policy all sub-parameter is introduced under the airgroup parameter.
l The global-credits statistics parameter is introduced. l The port-channel sub-parameter is introduced under the
counters parameter.
The unit of bandwidth contract traffic rate changed from Mbps or Kbps to pps. The range for pps is 164000.
l The bw-contract parameter is introduced l The bpduguard, point-to-point, and vlan parameters are
introduced as part of spanning-tree.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The ArubaOS Command-Line Interface | 5
Command interface port-channel interface tunnel
interface vlan
ip route show aaa authenticationserver radius
show aaa debug
show ap active show ap arm client-match history
show ap arm client-match summary
Description
The description parameter is introduced.
l The tunnel interface limit is changed from 2147483647 to 16777215.
l The <remote-node-master-ip> option is introduced as part of the tunnel destination parameter.
l The <cisco> option is introduced as part of the tunnel keepalive parameter.
l The access-group <name> parameter is introduced to associate the interface with an ACL.
l For the option-82 parameter, the ap-name [essid] subparameter is introduced.
The <nexthop> [<cost>] parameters is introduced, which supports routing using a next-hop list.
The following parameters are introduced: l enable-radsec l radsec-client-cert-name l radsec-port l radsec-trusted-cacert-name l radsec-trusted-servercert-name
The following parameters are introduced: l age l role The dev-id-cache sub-parameter is moved under the age parameter.
The Q flag is introduced in the output of this command.
The following parameters are introduced as part of this command output: l Station l Status/Roam Time/Mode l Signal l Band l Radio BSSID l AP Name Additionally, the advanced parameter is introduced.
The following parameters are introduced as part of this command output:
6 | The ArubaOS Command-Line Interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command
Description
l VHT Steer Moves l Moves l 11v Moves
show ap arm client-match unsupported
The following parameters are introduced as part of this command output: l Unsteerable Flags l Expiry Time l Total steers/successful
show ap arm neighbors
CLI Help text is introduced before the output table.
show ap arm scan-times
The following parameters are introduced under Group Scan Times: l channels l assign-time (ms) l scans-attempted l scans-rejected l scan-deferred l group-width l timer-tick
show ap arm virtual-beaconreport
The following parameters are introduced as part of this command output: l Active Voice l Steerable l Dual-Network Capable l VHT-Capable l EIRP
show ap bss-table
The n-anyspot forwarding-mode flag is introduced.
show ap virtual-beaconreport
The following parameters are introduced as part of this command output: l Steer attempts/success l Consecutive (Fails/BTM Rej/BTM Timeouts) l Client Device Type l Current State l Client Supported Channels l ESSID l Add Time
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The ArubaOS Command-Line Interface | 7
Command
show ap wired stats show cp-bwcontracts show datapath
show ip ospf show interface vlan show port stats show port status
show spantree show ucc call-info cdrs
Description
l EIRP l Flag l Active Media Sessions Additionally, the all parameter is introduced.
This command now displays results for both campus and Remote access points.
The CP bw contracts table now lists the traffic rate in packets/second instead of bits/second.
The following changes were introduced: l The compression parameter displays datapath compression
statistics. By default, the combined statistics for all CPUs are shown. l The output of the show datapath session command now supports the r flag,which indicates that the session was routed through a nexthop device defined by a nexthop-list. For more information, see ip nexthop-list. l The output of the show datapath cp-bwm command now displays the rate in pps.
The tunnel ID limit is changed from 2147483647 to 16777215.
The DHCP Option-82 AP name and ESSID are configured on this Interface parameter is introduced.
The PC # (port-channel) value is introduced under the Port column.
Following values are introduced: l The PC# (port-channel) value is introduced under the PortMode
column. l The PC (port-channel) value is introduced under the PortType
column. l Speed and Duplex columns are introduced.
The BpduGuard field is introduced as part of this command output.
The UCC-Band, MOS, and MOS-Band fields are introduced as part of the show ucc call-info cdrs command output. Following changes are made as part of the show ucc call-info cdrs cid <cid> command output: l Moved the UCC Score, Client Health, MOS parameters from the
CDR-Basic section to the Call Samples section heading. l Added a new Call Sample(per 60 secs) section heading. This
section displays the properties of media session like IP, port,
8 | The ArubaOS Command-Line Interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command
show ucc client-info
show ucc trace-buffer show user-table show vrrp show whitelist-db cpsec
Description
codec, DSCP, and WMM values. l Renamed the CDRS-Detail section heading to WLAN Quality-
Details. l Added a new End-to-End Quality-Details section heading. This
section displays the MOS, MOS band, delay, jitter, packet loss values. l Under the Call Samples section heading, added the MOS, MOSBand, End-to-End Delay(ms/Jitter(ms)/PktLoss(%) fields. Following changes are made as part of the show ucc call-info cdrs detail command output: l Removed the Src Port, Dest Port, Codec, DSCP, Orig DSCP, WMM-AC, Orig WMM-AC fields. l Merged the Delay(msec), Jitter(msec), and Packet Loss (%) fields to WLAN Delay(ms)/Jitter(ms)/PktLoss(%). l Added the MOS, MOS-Band, End-to-End Delay(ms)/Jitter(ms) /PktLoss(%) fields.
Following changes are made as part of the show ucc client-info details command output: l Renamed the Client Status Details section heading to Client
Status Details(Average) and removed the Avg word from all field headings. l Added the Client Name field. l Merged the Avg Delay(msec), Avg Jitter(msec), and Avg Packet Loss (%) fields to WLAN Delay(ms)/Jitter(ms)/PktLoss(%). l Added the End-to-End Delay(ms)/Jitter(ms)/PktLoss(%) field. l Renamed the Num CAC Denied field to CAC Denied. Following changes are made as part of the show ucc client-info sta <mac> command output: l Under the Station Report section heading, added the Client Name field. Removed the UCC-Score and Client Health fields. l Under the Active Calls section heading, added the UCC-Band, MOS, and MOS-Band fields. l Under the Call History section heading, added the UCC-Band, MOS, and MOS-Band fields.
The InCallQuality Update value is added under the Call Status field.
The detail sub-parameter is introduced as part of the ip parameter.
The holdtime parameter is introduced.
The ap-group and ap-name parameters were introduced as part of this command output.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The ArubaOS Command-Line Interface | 9
Command show whitelist-db cpsecstatus tunnel-group voice real-time-config vrrp whitelist-db cpsec add whitelist-db cpsec modify wlan virtual-ap
Description The Whitelist-sync is enabled parameter is introduced as part of the command output. The tunnel ID limit is changed from 2147483647 to 16777215. The default value is changed to enabled. The holdtime parameter is introduced. The ap-group and ap-name parameters are introduced. The ap-group and ap-name parameters are introduced. The wan-operation parameter is introduced.
Commands in ArubaOS 6.4.2.5 Modified Commands
The following commands are modified in ArubaOS 6.4.2.5:
Command
aaa authentication-server radius
Description The cppm parameter is introduced.
firewall
The optimize-dad-frames parameter is introduced.
show aaa authenticationserver radius
The CPPM credentials parameter is introduced.
show firewall
The Optimize Duplicate Address Detection frames parameter is introduced.
show running-config
The default dot1x high-watermark and dot1x low-watermark values were removed from the show running-config command.
show web-server
The Enable bypass captive portal landing page parameter is introduced.
tar
The show dot1x watermark history is added as part of the
techsupport.log file.
web-server profile
The bypass-cp-landing-page parameter is introduced.
10 | The ArubaOS Command-Line Interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Commands in ArubaOS 6.4.2.4 Modified Commands
The following commands are modified in ArubaOS 6.4.2.4:
Command show dot1x watermark
Description The table parameter is introduced.
Commands in ArubaOS 6.4.2.3 Modified Commands
The following commands are modified in ArubaOS 6.4.2.3:
Command ids general-profile
Description
The following parameters are introduced: l packet-snr-threshold l frame-types-for-rssi l max-monitored-stations l max-unassociated-stations
rf arm-profile
The cm-dot11v parameter is introduced.
show ids general-profile
The following parameters are introduced as part of this command output: l Packet SNR Threshold l Frame Types for RSSI calculation l Max Monitored Stations l Max Unassociated Stations
show tunnel-group
The Type parameter is introduced as part of this command output.
show web-server
The profile and statistics parameters were introduced.
tunnel-group
The mode parameter is introduced.
web-server profile
The web-server command is renamed to web-server profile. The following parameters are introduced: l tlsv1.1 l tlsv1.2
Deprecated Commands
The following commands are deprecated in ArubaOS 6.4.2.3:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The ArubaOS Command-Line Interface | 11
Command web-server profile
Description The sslv3 sub-parameter is deprecated.
Commands in ArubaOS 6.4.2.0 New Commands
The following commands are introduced in ArubaOS 6.4.2.0:
Command ap-lacp-striping-ip
Description
This command defines an AP LACP LMS map information profile that maps a GRE striping IP address to an existing LMS-IP address, allowing W-AP220 Series and W-AP270 Series AP to form a tunnel to a backup controller in the event of a controller failover.
kernel coredump
This command enables the controller to capture the snapshot of the working memory of the control plane when the control plane has terminated abnormally.
show web-cc
This command display information about web content (web-cc) classification settings, category and reputation types, classification statistics and bandwidth contracts.
web-cc
This command defines global bandwidth contracts for HTTP traffic matching a predefined web content category or reputation type.
Modified Commands
The following commands are modified in ArubaOS 6.4.2.0:
Command ap-rename
Description
The service-tag parameter is introduced to identify an AP with its service tag.
ap-regroup
The service-tag parameter is introduced to identify an AP with its service tag.
ap system-profile
l The gre-striping-ip parameter is deprecated. GRE striping IP settings are defined using the ap-lacp-striping-ip command.
l The system-message-frequency parameter now accepts a value in the range of 1-3600 seconds.
clear
l The web-cc cache and web-cc stats parameters are introduced, to clear the web content classification category cache and statistics.
l The datapath web-cc parameter is introduced, to clear datapath web content classification statistics.
12 | The ArubaOS Command-Line Interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command firewall
ip access-list session provision-ap rf dot11g-radio-profile
show ap database show ap debug lacp show ap debug systemstatus
show ap details show datapath
Description
l The web-cc parameter is introduced. This parameter enables web content classification for all HTTP traffic. Once enabled, ArubaOS enforces ACLs and bandwidth policies associated with web content categories or reputation levels.
l The web-cc-cache-miss-drop parameter is introduced. Issue this command to allow the controller to drop any packets that do not match any web content category or reputation levels in the controller's internal web content cache.
The web-cc-category and web-cc-reputation parameters are introduced. Use these parameters to define a session ACL for traffic matching a web content category or reputation level.
The service-tag parameter was introduced under reprovision parameter.
The very-high-throughput-rates-enable parameter is introduced. This command enables very high throughput (VHT) rates on the 2.4 GHz band through the addition of VHT Modulation and Coding Scheme values 8 and 9, providing 256-QAM modulation and encoding that allows for 600 Mbit/sec performance over 802.11n networks. VHT rates are supported on W-AP220 Series access points on both 20 and 40 MHz channels.
The output of this command can display: l an s flag to indicate that the AP is enabled with a striping IP
address. l the service tag of an AP.
If a GRE striping IP address is configured in the ap-lacp-striping-ip profile, the output of this command displays the GRE striping IP address.
The format of the System Status Script output is changed to the following: function-name(line-num): new-total-drops/total-drops newpriority-drops/total-priority-drops Example: wlc_dotxstatus(40576): 5034/3231117 4272/1907873 This change helps to determine if priority (voice or video) frames are dropped from the AP Wi-Fi driver drop-list. NOTE: The System Status Script is displayed for W-AP200 Series and W-AP220 Series access points only.
The output of this command can display the service tag of an AP.
l The session web-cc parameter is introduced. This command displays web-content category information about the session.
l The web-cc parameter is introduced. This command parameter displays web-content classification table information, including the
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The ArubaOS Command-Line Interface | 13
Command show firewall show provisioning-ap-list user-role
wlan ssid-profile
Description
web content category ID, reputation score, and URL.
The following parameters are introduced as part of this command output: l Web Content Classification l Web Content Cache Miss Drop
The output of this command can display the service tag of an AP.
l The web-cc-category and web-cc-reputation parameters are introduced. Use these parameters to create a user role that applies a bandwidth contract to the specified web content category or reputation level.
l The web-cc disable parameter is introduced to disable web content classification for this particular user-role.
The description of the multicast-rate parameter is changed to denote the rate for video multicast frames.
Deprecated Commands
The following commands are deprecated in ArubaOS 6.4.2.0:
Command ap system-profile
Description
The gre-striping-ip parameter is deprecated. GRE striping IP settings are defined using the ap-lacp-striping-ip command.
Commands in ArubaOS 6.4.1.0 New Commands
The following commands are introduced in ArubaOS 6.4.1.0:
Command ap regulatory activate
Description
This command activates a specified Regulatory Cert and pushes it to APs associated to the controller.
ap regulatory reset
This commanded deactivates and clears the currently activated Regulatory Cert from APs associated to the controller.
file syncing profile
This command is used to configure the file syncing profile on the controller.
show ap regulatory
This command displays the currently active Regulatory Cert on the controller.
14 | The ArubaOS Command-Line Interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command show file syncing profile
Description
This command displays the file syncing configuration on the controller.
Modified Commands
The following commands are modified in ArubaOS 6.4.1.0:
Command aaa profile
Description The user-idle-timeout parameter now accepts a value of 0.
airgroup
l The Chromecast service is renamed to DIAL. l The googlecast service is introduced.
firewall
The following new sub-parameters are introduced: l arp l grat-arp
ipv6 firewall
The valid range for the following parameters is changed to <116384>: l ping l session l tcp-syn
rf arm-profile
The default values for the following parameters are changed: l cm-band-g-max-signal l cm-sticky-snr l cm-sticky-min-signal l cm-lb-client-thresh
show airgroup status
l The Chromecast service is renamed to DIAL. l The googlecast service is introduced.
show airgroupservice
l The Chromecast service is renamed to DIAL. l The googlecast service is introduced.
show ap arm client-match restriction-table
Following parameters are introduced as part of this command ouput: l PS deauth l Probe(home/scan/bc_ssid) l Auth(home/scan) l Radio Bssid
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The ArubaOS Command-Line Interface | 15
Command
show ap blacklist-clients show datapath
show firewall show switches show whitelist-db cpsec show whitelist-db rap user-role
Description
The following parameters are modified as part of this command output: l Time last restricted l Restricted(Cur/Last) l Time since last restricted
The following reason codes are introduced: l ARP-attack l gratuitous-ARP-attack
The following parameters are introduced as part of the show datapath frame command output: l Excessive ARP Requests l Excessive Gratuitous ARP Requests The acl id <ACL-id> parameter has been added. This command displays acl-id related information. The acl {[ap-name <apname> | ip-addr <ip-address>] name <acl-name> type <acltype>} command retrieves ACL related details from an access point using the access point's name or ip-address.
The following parameters are introduced as part of this command output: l Blacklist Grat ARP attack client l Blacklist ARP attack client l Monitor ARP attack l Monitor Gratuitous ARP attack
The regulatory parameter was added.
The following new parameters are introduced as part of this command output: l cert-type l page l start l state
The following new parameters are introduced as part of this command output: l apgroup l apname l fullname
The check-for-accounting parameter is introduced as part of this command ouput.
16 | The ArubaOS Command-Line Interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Commands in ArubaOS 6.4.0.0 New Commands
The following commands are introduced in the ArubaOS 6.4.0.0:
Command airgroup static mdns-record
Description
This command enables an administrator to add mDNS static records to cache using the following methods: Group mDNS static records Individual mDNS static records
app lync traffic-control
This command creates a traffic control profile that allows the controller to recognize and prioritize a specific type of Lync traffic in order to apply QoS through the Lync Application Layer Gateway (ALG).
dpi
This command configures Deep-Packet Inspection and the global
bandwidth contract for an application or application category for
the AppRF feature.
iap trusted-branch-db
This command configures an IAP-VPN branch as trusted.
pan active-profile
This command activates a configured PAN profile.
pan profile
This command is used to configure a PAN profile.
show aaa load-balance statistics
This command displays the load balancing statistics for RADIUS servers.
show lldp interface
This command displays the LLDP interfaces information.
show lldp neighbor
This command displays information about LLDP peers.
show lldp statistics
This command displays the LLDP statistics information.
show iap detailed-table
This command displays the details of all the branches terminating at the controller.
show pan active-profile
This command displays the currently active PAN profile.
show pan-options
This command displays all configured PAN profiles.
show pan state
This command displays the current status of associated PAN firewalls.
show pan statistics
This command displays PAN profile statistics.
show sso idp-profile
This command displays the configured SSO IDP profiles.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The ArubaOS Command-Line Interface | 17
Command show ucc call-info cdrs
Description
This command displays the Call Detailed Report (CDR) statistics for Unified Communication and Collaboration (UCC).
show ucc client-info
This command displays the UCC client status and CDR statistics.
show ucc configuration
This command displays the UCC configuration in the controller.
show ucc statistics
This command displays the UCC call statistics in the controller.
show ucc trace-buffer
This command displays the UCC call message trace buffer for Lync, SCCP, and SIP ALGs. Events such as establishing voice, video, desktop sharing, and file transfer are recorded.
sso idp-profile
This command creates an SSO profile.
wlan hotspot advertisementprofile
This command configures a WLAN advertisement profile for an 802.11u public access service provider.
wlan hotspot anqp-3gpp-nwkprofile
This profile defines information for a 3rd Generation Partnership Project (3GPP) Cellular Network for hotspots that have roaming relationships with cellular operators.
wlan hotspot anqp-domainname-profile
This command defines the domain name to be sent in an Access Network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
wlan hotspot anqp-ip-addr-availprofile
This command defines available IP address types to be sent in a Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
wlan hotspot anqp-nai-realmprofile
This command defines a Network Access Identifier (NAI) realm whose information can be sent as an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
wlan hotspot anqp-nwk-authprofile
This command configures an ANQP Network Authentication profile to define authentication type being used by the hotspot network.
wlan hotspot anqp-roam-consprofile
This command configures the Roaming Consortium OI information to be sent in an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
wlan hotspot anqp-venue-nameprofile
This command defines venue information be sent in an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
wlan hotspot h2qp-conncapability-profile
This command defines a Hotspot 2.0 Query Protocol (H2QP) profile that advertises hotspot protocol and port capabilities.
18 | The ArubaOS Command-Line Interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command wlan hotspot h2qp-op-cl-profile
Description
This command defines a Hotspot 2.0 Query Protocol (H2QP) profile that defines the Operating Class to be sent in the ANQP IE.
wlan hotspot h2qp-operatorfriendly-name-profile
This command defines a Hotspot 2.0 Query Protocol (H2QP) operator-friendly name profile. The operator-friendly name configured in this profile is a free-form text field that can identify the operator and also something about the location.
wlan hotspot h2qp-wan-metricsprofile
This command creates a Hotspot 2.0 Query Protocol (H2QP) profile that specifies the hotspot WAN status and link metrics.
wlan hotspot hs2-profile
This command configures a hotspot profile for an 802.11u public access service provider.
Modified Commands
The following commands are modified in ArubaOS 6.4.0.0:
Command airgroup
Description The dlna and mdns parameters are introduced.
aaa authentication captiveportal
The url-hash-key parameter is introduced.
aaa authentication-server radius
The called-station-id parameter is introduced.
aaa authentication via authprofile
The pan-integration parameter is introduced.
aaa authentication vpn
The pan-integration parameter is introduced.
aaa profile
The multiple-server-accounting and download-role parameters are introduced.
The pan-integration parameter is introduced.
aaa server-group
The load-balance parameter is introduced.
clear
The lldp parameter is introduced.
The Server and User options are introduced under airgroup parameter.
crypto dynamic-map
The disable/enable parameters are introduced.
crypto isakmp policy
The disable/enable and no parameters are introduced.
firewall
The following parameters are added:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The ArubaOS Command-Line Interface | 19
Command
Description
l allow-stun l dpi l stall-crash
ha
The following parameters are introduced to support the high
availability inter-controller heartbeat, controller oversubscription
and state synchronization features.
l heartbeat:
l heartbeat-interval
l heartbeat-threshold
l over-subscription
l pre-shared-key
l state-sync
interface fastethernet | gigabitethernet
The lldp parameter is introduced.
interface vlan
The dhcp parameter for configuring dynamic host configuration protocol for IPv6 is introduced.
interface tunnel
Tunnel destination ipv6, tunnel mode gre ipv6, tunnel source ipv6, parameters are introduced.
ip access-list session
The redirect parameter is introduced under action. The app, and appcategory parameters are introduced under service.
ip igmp
The ssm-range parameter is introduced.
ipv6 mld
The ssm-range parameter is introduced.
ipv6 route
The vlan parameter is introduced.
ntp server
The IPv6 parameter is introduced.
show aaa authentication-server radius
The called-station-id parameter is introduced as part of this command output.
show airgroup
The dlna and mdns parameters are introduced as part of the following command outputs:
l show airgroup blocked-queries
l show airgroup blocked-service-id
l show airgroup internal-state statistics
The dlna, mdns , and verbose parameters are introduced as part of the following command outputs:
20 | The ArubaOS Command-Line Interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command
show airgroupservice show app lync traffic-control show datapath
show ipv6 interface show ipv6 mld config show ipv6 mld group show ntp peer show ntp servers show ntp status
Description
l show airgroupservice l show airgroup servers l show airgroup users The dlna, mdns , and static parameters are introduced as part of the show airgroup cache entries command output.
The dlna, mdns, and verbose parameters are introduced as part of this command output.
The profile-name parameter is introduced as part of this command output.
The following parameters are introduced as part of this command output: l dpi l session dpi l session ipv6 dpi l session session-id dpi
The tunnel parameter is introduced as part of this command output.
The ssm-range parameter is introduced as part of this command output.
The mode and age parameters are introduced.
The IPv6 parameter is introduced.
Flags indicating the status of the server, are introduced.
The following parameters are introduced as part of this command output: l time since restart l packets received l packets processed l current version l previous version l declined l access denied l bad length or format l bad authentication l rate exceeded
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The ArubaOS Command-Line Interface | 21
Command show voice real-time-analysis
show vrrp snmp-server user-role
vrrp web-server profile wlan ssid-profile
Description
The following new parameters are introduced as part of this command output: l Jitter(D)(usec) l UCC Score
The ipv6, stats, and summary parameters are introduced as part of this command output.
The IPv6 parameter is introduced.
The following parameters are introduced: l bandwidth-contract app l bandwidth-contract appcategory l bandwidth-contract exclude l traffic-control-profile l sso
The IPv6 parameter is introduced.
The idp-certificate parameter is introduced.
l The mfp-capable and mfp-required parameters are added. l The eapol-rate-opt parameter is enabled by default.
Deprecated Commands
The following commands are deprecated in ArubaOS 6.4.0.0:
Command
app lync traffic-control (deprecated)
Description
This command is deprecated and replaced by app lync trafficcontrol <profile-name>.
interface tunnel
The checksum parameter is deprecated.
show voice real-time-analysis
The following parameters are deprecated as part of this command output: l Jitter(U)(msec) l rvalue(U) l Pkt-loss(U)(%) l Delay(U)(usec) l Jitter(D)(msec) l rvalue(D)
22 | The ArubaOS Command-Line Interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
About this Guide
This guide describes the Dell Networking W-Series ArubaOS 6.4.x command syntax. The commands in this guide are listed alphabetically.
The following information is provided for each command:
l Command Syntax--The complete syntax of the command. l Description--A brief description of the command. l Syntax--A description of the command parameters, including license requirements for specific parameters
if needed. The applicable ranges and default values, if any, are also included. l Usage Guidelines--Information to help you use the command, including: prerequisites, prohibitions, and
related commands. l Example--An example of how to use the command. l Command History--The version of ArubaOS in which the command was first introduced. Modifications and
changes to the command are also noted. l Command Information--This table describes any licensing requirements, command modes and platforms
for which this command is applicable. For more information about available licenses, see the Licenses chapter of the Dell Networking W-Series ArubaOS 6.4.x User Guide.
Connecting to the Controller
This section describes how to connect to the controller to use the CLI.
Serial Port Connection
The serial port is located on the front panel of the controller. Connect a terminal or PC/workstation running a terminal emulation program to the serial port on the controller to use the CLI. Configure your terminal or terminal emulation program to use the following communication settings.
Baud Rate 9600
Data Bits 8
Parity None
Stop Bits 1
Flow Control None
The Dell W-7200 Series controller supports baud rates between 9600 and 115200.
Telnet or SSH Connection
Telnet or SSH access requires that you configure an IP address and a default gateway on the controller and connect the controller to your network. This is typically performed when you run the Initial Setup on the controller, as described in the Dell Networking W-Series ArubaOS 6.4.x Quick Start Guide. In certain deployments, you can also configure a loopback address for the controller; see interface loopback on page 473 for more information.
Configuration changes on Master Controllers
Some commands can only be issued when connected to a master controller. If you make a configuration change on a master controller, all connected local controllers will subsequently update their configurations as well. You can manually synchronize all of the controllers at any time by saving the configuration on the master controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The ArubaOS Command-Line Interface | 23
CLI Access
When you connect to the controller using the CLI, the system displays its host name followed by the login prompt. Log in using the admin user account and the password you entered during the Initial Setup on the controller (the password displays as asterisks). For example: (host) User: admin Password: *****
When you are logged in, the user mode CLI prompt displays. For example: (host) >
User mode provides only limited access for basic operational testing such as running ping and traceroute.
Certain management functions are available in enable (also called "privileged") mode. To move from user mode to enable mode requires you to enter an additional password that you entered during the Initial Setup (the password displays as asterisks). For example: (host) > enable Password: ******
When you are in enable mode, the > prompt changes to a pound sign (#): (host) #
Configuration commands are available in config mode. Move from enable mode to config mode by entering configure terminal at the # prompt: (host) # configure terminal Enter Configuration commands, one per line. End with CNTL/Z
When you are in basic config mode, (config) appears before the # prompt: (host) (config) #
There are several other sub- command modes that allow users to configure individual interfaces, subinterfaces, loopback addresses, GRE tunnels and cellular profiles. For details on the prompts and the available commands for each of these modes, see Appendix A: Command Modes on page 2370.
Command Help
You can use the question mark (?) to view various types of command help. When typed at the beginning of a line, the question mark lists all the commands available in your current mode or sub-mode. A brief explanation follows each command. For example: (host) > ?
enable logout ping traceroute
Turn on Privileged commands Exit this session. Any unsaved changes are lost. Send ICMP echo packets to a specified IP address. Trace route to specified IP address.
When typed at the end of a possible command or abbreviation, the question mark lists the commands that match (if any). For example:
(host) > c?
clear clock configure copy
Clear configuration Configure the system clock Configuration Commands Copy Files
24 | The ArubaOS Command-Line Interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
If more than one item is shown, type more of the keyword characters to distinguish your choice. However, if only one item is listed, the keyword or abbreviation is valid and you can press tab or the spacebar to advance to the next keyword.
When typed in place of a parameter, the question mark lists the available options. For example:
(host) # write ? erase file memory terminal <cr>
Erase and start from scratch Write to a file in the file system Write to memory Write to terminal
The <cr> indicates that the command can be entered without additional parameters. Any other parameters are optional.
Command Completion
To make command input easier, you can usually abbreviate each key word in the command. You need type only enough of each keyword to distinguish it from similar commands. For example:
(host) # configure terminal
could also be entered as:
(host) # con t
Three characters (con) represent the shortest abbreviation allowed for configure. Typing only c or co would not work because there are other commands (like copy) which also begin with those letters. The configure command is the only one that begins with con.
As you type, you can press the spacebar or tab to move to the next keyword. The system then attempts to expand the abbreviation for you. If there is only one command keyword that matches the abbreviation, it is filled in for you automatically. If the abbreviation is too vague (too few characters), the cursor does not advance and you must type more characters or use the help feature to list the matching commands.
Deleting Configuration Settings
Use the no command to delete or negate previously-entered configurations or parameters.
l To view a list of no commands, type no at the enable or config prompt followed by the question mark. For example: (host) (config) # no?
l To delete a configuration, use the no form of a configuration command. For example, the following command removes a configured user role: (host) (config) # no user-role <name>
l To negate a specific configured parameter, use the no parameter within the command. For example, the following commands delete the DSCP priority map for a priority map configuration: (host) (config) # priority-map <name> (host) (config-priority-map) # no dscp priority high
Saving Configuration Changes
Each Dell controller contains two different types of configuration images.
l The running-config holds the current controller configuration, including all pending changes which have yet to be saved. To view the running-config, use the following command: (host) # show running-config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The ArubaOS Command-Line Interface | 25
l The startup config holds the configuration which will be used the next time the controller is rebooted. It contains all the options last saved using the write memory command. To view the startup-config, use the following command: (host) # show startup-config
When you make configuration changes via the CLI, those changes affect the current running configuration only. If the changes are not saved, they will be lost after the controller reboots. To save your configuration changes so they are retained in the startup configuration after the controller reboots, use the following command in enable mode:
(host) # write memory Saving Configuration...
Saved Configuration
Both the startup and running configurations can also be saved to a file or sent to a TFTP server for backup or transfer to another system.
Commands That Reset the Controller or AP
If you use the CLI to modify a currently provisioned and running radio profile, those changes take place immediately; you do not reboot the controller or the AP for the changes to affect the current running configuration. Certain commands, however, automatically force the controller or AP to reboot. You may want to consider current network loads and conditions before issuing these commands, as they may cause a momentary disruption in service as the unit resets. Note also that changing the lms-ip parameter in an AP system profile associated with an AP group will cause all APs in that AP group to reboot.
Table 1: Reset Commands Commands that Reset an AP
Commands that Reset a Controller
l ap-regroup
l ap-rename
l apboot
l provision-ap
l ap wired-ap-profile <profile> forward-mode {bridge|splittunnel|tunnel}
l wlan virtual-ap <profile-name> {aaa-profile <profilename> |forward-mode {tunnel|bridge|splittunnel|decrypt-tunnel} |ssid-profile <profile-name>|vlan <vlan>...}
l ap system-profile <profile> {bootstrap-threshold <number> |lms-ip <ipaddr> |}
l wlan ssid-profile <profile-name> {battery-boost|denybcast|essid|opmode|strict-svp |wepkey1 <key> |wepkey2 <key>|wepkey3 <key>|wepkey4 <key>|weptxkey <index> |wmm |wmm-be-dscp <besteffort>|wmm-bk-dscp <background>|wmm-ts-min-inactint <milliseconds>|wmm-vi-dscp <video>|wmm-vo-dscp <voice>|wpa-hexkey <psk> |wpa-passphrase <string> }
l wlan dotllk <profile-name> {bcn-measurementmode|dot11k-enable|force-dissasoc
l reload
26 | The ArubaOS Command-Line Interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Typographic Conventions
The following conventions are used throughout this manual to emphasize important concepts:
Table 2: Text Conventions Type Style Italic s
Description
This style is used to emphasize important terms and to mark the titles of books.
Boldface
This style is used to emphasize command names and parameter options when mentioned in the text.
Commands
This fixed-width font depicts command syntax and examples of commands and command output.
<angle brackets>
In the command syntax, text within angle brackets represents items that you should replace with information appropriate to your specific situation. For example:
ping <ipaddr>
In this example, you would type "ping" at the system prompt exactly as shown, followed by the IP address of the system to which ICMP echo packets are to be sent. Do not type the angle brackets.
[square brackets]
In the command syntax, items enclosed in brackets are optional. Do not type the brackets.
{Item_A|Item_B}
In the command examples, single items within curled braces and separated by a vertical bar represent the available choices. Enter only one choice. Do not type the braces or bars.
{ap-name <ap-name>}|{ipaddr <ip-addr>}
Two items within curled braces indicate that both parameters must be entered together. If two or more sets of curled braces are separated by a vertical bar, like in the example to the left, enter only one choice Do not type the braces or bars.
Command Line Editing
The system records your most recently entered commands. You can review the history of your actions, or reissue a recent command easily, without having to retype it.
To view items in the command history, use the up arrow key to move back through the list and the down arrow key to move forward. To reissue a specific command, press Enter when the command appears in the command history. You can even use the command line editing feature to make changes to the command prior to entering it. The command line editing feature allows you to make corrections or changes to a command without retyping. Table 1 lists the editing controls. To use key shortcuts, press and hold the Ctrl button while you press a letter key.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The ArubaOS Command-Line Interface | 27
Table 3: Line Editing Keys Key
Ctrl A Ctrl B or the left arrow Ctrl D Ctrl E Ctrl F or the right arrow Ctrl K Ctrl N or the down arrow Ctrl P or up arrow Ctrl T
Ctrl U Ctrl W
Ctrl X
Effect Home Back Delete Right End Forward Delete Right Next Previous Transpose Clear Delete Word Delete Left
Description Move the cursor to the beginning of the line. Move the cursor one character left.
Delete the character to the right of the cursor. Move the cursor to the end of the line. Move the cursor one character right.
Delete all characters to the right of the cursor. Display the next command in the command history. Display the previous command in the command history. Swap the character to the left of the cursor with the character to the right of the cursor. Clear the line. Delete the characters from the cursor up to and including the first space encountered. Delete all characters to the left of the cursor.
Specifying Addresses and Identifiers in Commands
This section describes addresses and other identifiers that you can reference in CLI commands.
28 | The ArubaOS Command-Line Interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Table 4: Addresses and Identifiers Address/Identifier Description
IP address
For any command that requires entry of an IP address to specify a network entity, use IPv4 network address format in the conventional dotted decimal notation (for example, 10.4.1.258).
Netmask address
For subnet addresses, specify a netmask in dotted decimal notation (for example, 255.255.255.0).
Media Access Control (MAC) address
For any command that requires entry of a device's hardware address, use the hexadecimal format (for example, 00:05:4e:50:14:aa).
Service Set Identifier (SSID)
A unique character string (sometimes referred to as a network name), consisting of no more than 32 characters. The SSID is case-sensitive (for example, WLAN-01).
Basic Service Set Identifier (BSSID)
This entry is the unique hard-wireless MAC address of the AP. A unique BSSID applies to each frequency-- 802.11a and 802.11g--used from the AP. Use the same format as for a MAC address.
Extended Service Set Identifier (ESSID)
Typically the unique logical name of a wireless network. If the ESSID includes spaces, you must enclose the name in quotation marks.
Fast Ethernet or Gigabit Ethernet interface
Any command that references a Fast Ethernet or Gigabit Ethernet interface requires that you specify the corresponding port on the controller in the format <slot>/<port>:
<slot> is always 1, except when referring to interfaces on the W-6000 controller(slots 0-3).
The <port> parameter refers to the network interfaces that are embedded in the front panel of the W-3000 Series controller, or a W-6000M3 controller module installed in a W-6000 controller chassis. Port numbers start at 0 from the left-most position.
Use the show port status command to obtain the interface information currently available from a controller.
Contacting Dell
Table 5: Contact Information Web Site Support
Main Website
dell.com
Contact Information
dell.com/contactdell
Support Website
dell.com/support
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The ArubaOS Command-Line Interface | 29
Web Site Support Documentation Website
dell.com/support/manuals
30 | The ArubaOS Command-Line Interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa alias-group (deprecated)
aaa alias-group clone <group> no ... set vlan condition essid|location equals <operand> set-value <set-value-string>
Description
This command configured an aaa alias with set of VLAN derivation rules that could speed up user rule derivation processing for deployments with a very large number of user derivation rules.
Command History
Version ArubaOS 6.3
Description Command introduced.
ArubaOS 6.4
Command deprecated.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa alias-group (deprecated) | 31
aaa auth-survivability
aaa auth-survivability cache-lifetime enable server-cert
Description
This command configures Authentication Survivability on a controller.
Syntax
Parameter
Description
cache-lifetime <hrs>
This parameter specifies the lifetime in hours for the cached access credential in the local Survival Server. When the specified cache-lifetime expires, the cached access credential is deleted from the controller.
The valid range is from 1 to 72 hours.
Default 24 hours
enable server-cert
This parameter controls whether to use the Survival Server when no other servers in the server group are in-service.
This parameter also controls whether to store the user access credential in the Survival Server when it is authenticated by an external RADIUS or LDAP server in the server group. Authentication Survivability is enabled or disabled on each controller.
NOTE: Authentication survivability will not activate if the Authentication Server Dead Time is configured as 0
This parameter allows you to view the name of the server certificate used by the local Survival Server. The local Survival Server is provided with a default server certificate from AOS. The customer server certificate must be imported into the controller first, and then you can assign the server certificate to the local Survival Server.
NOTE: In the deployment environment, it is recommended that you switch to a customer server certificate.
Disabled --
Usage Guidelines
Use this command to configure authentication survivability on a standalone, local, or master controller. To configure authentication survivability on a branch controller, you must use the Smart Config WebUI. On the branch controller, navigate to Configuration > BRANCH > Smart Config.
Command History
Version ArubaOS 6.4.3.0
Description Command introduced.
32 | aaa auth-survivability
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms W-7000 Series
Licensing Base operating system
Command Mode Enable or Config mode on controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa auth-survivability | 33
aaa authentication captive-portal
aaa authentication captive-portal <profile> apple-cna-bypass auth-protocol mschapv2|pap|chap black-list <black-list> clone <source-profile> default-guest-role <role> default-role <role> enable-welcome-page guest-logon ip-addr-in-redirection <ipaddr> login-page <url> logon-wait {cpu-threshold <percent>}|{maximum-delay <seconds>}|{minimum-delay <seconds>} logout-popup-window max-authentication-failures <number> no ... protocol-http redirect-pause <seconds> redirect-url <url> server-group <group-name> show-acceptable-use-policy show-fqdn single-session switchip-in-redirection-url <ipaddr> url-hash-key <key> user-idle-timeout user-logon user-vlan-in-redirection-url <vlan> welcome-page <url> white-list <white-list>
Description
This command configures a Captive Portal authentication profile.
Syntax
Parameter apple-cna-bypass
<profile>
authentication-protocol mschapv2|pap|chap
Description
Enable this knob to bypass Apple CNA on iOS devices such as iPad, iPhone, and iPod. You need to perform Captive Portal authentication from browser.
Range --
Default
Name that identifies an instance of -- the profile. The name must be 1-63 characters.
"default"
This parameter specifies the type of authentication required by this profile, PAP is the default authentication type.
mschap pap v2
pap
chap
34 | aaa authentication captive-portal
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter black-list
clone default-guest-role default-role <role>
enable-welcomepage guest-logon ipaddr-in-redirection-url <ipaddr>
login-page <url>
Description
Range
Name of an existing black list on an -- IPv4 or IPv6 network destination. The black list contains websites (unauthenticated) that a guest cannot access.
Specify a netdestination host or subnet to add that netdestination to the captive portal blacklist.
If you have not yet defined a netdestination, use the CLI command netdestination to define a destination host or subnet before you add it to the blacklist.
Default --
Name of an existing Captive Portal
--
--
profile from which parameter
values are copied.
Role assigned to guest.
--
guest
Role assigned to the Captive Portal -- user when that user logs in. When both user and guest logons are enabled, the default role applies to the user logon; users logging in using the guest interface are assigned the guest role.
guest
Displays the configured welcome page before the user is redirected to their original URL. If this option is disabled, redirection to the web URL happens immediately after the user logs in.
enabled/ disabled
enabled
Enables Captive Portal logon without authentication.
enabled/ disabled
disabled
Sends the controller's interface IP
--
--
address in the redirection URL
when external captive portal
servers are used. An external
captive portal server can
determine the controller from
which a request originated by
parsing the `switchip' variable in the
URL. This parameter requires the
Public Access license.
URL of the page that appears for
--
the user logon. This can be set to
any URL.
/auth/index. html
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication captive-portal | 35
Parameter logon-wait
Description
Range
Configure parameters for the logon wait interval.
1-100
Default 60%
cpu-threshold <percent>
CPU utilization percentage above which the logon wait interval is applied when presenting the user with the logon page.
1-100
60%
maximum-delay <seconds>
Maximum time, in seconds, the user will have to wait for the logon page to pop up if the CPU load is high. This works in conjunction with the Logon wait CPU utilization threshold parameter.
1-10
10 seconds
minimum-delay <seconds>
Minimum time, in seconds, the user will have to wait for the logon page to pop up if the CPU load is high. This works in conjunction with the Logon wait CPU utilization threshold parameter.
1-10
5 seconds
logout-popupwindow
Enables a pop-up window with the Logout link that allows the user to log out. If this option is disabled, the user remains logged in until the user timeout period has elapsed or the station reloads.
enabled/ disabled
enabled
max-authentication-failures Maximum number of
0-10
0
<number>
authentication failures before the
user is blacklisted.
no
Negates any configured
--
--
parameter.
protocol-http
Use HTTP protocol on redirection to the Captive Portal page. If you use this option, modify the captive portal policy to allow HTTP traffic.
enabled/ disabled
disabled (HTTPS is used)
redirect-pause <secs>
Time, in seconds, that the system remains in the initial welcome page before redirecting the user to the final web URL. If set to 0, the welcome page displays until the user clicks on the indicated link.
1-60
10 seconds
redirect-url <url>
URL to which an authenticated user --
--
will be directed. This parameter
must be an absolute URL that
begins with either http:// or
https://.
36 | aaa authentication captive-portal
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter server-group <group-name>
Description
Range
Name of the group of servers used -- to authenticate Captive Portal users. See aaa server-group on page 125.
Default --
show-fqdn
Allows the user to see and select the fully-qualified domain name (FQDN) on the login page. The FQDNs shown are specified when configuring individual servers for the server group used with captive portal authentication.
enabled disabled
disabled
show-acceptable-use-policy
Show the acceptable use policy page before the login page.
enabled disabled
disabled
single-session
Allows only one active user session -- at a time.
disabled
switchip-in-redirection-url
Sends the controller's IP address in the redirection URL when external captive portal servers are used. An external captive portal server can determine the controller from which a request originated by parsing the `switchip' variable in the URL.
enabled disabled
disabled
url-hash-key <key>
Issue this command to hash the
--
redirection URL using the specified
key.
disabled
user-idle-timeout
The user idle timeout for this
--
profile. Specify the idle timeout
value for the client in seconds. Valid
range is 30-15300 in multiples of
30 seconds. Enabling this option
overrides the global settings
configured in the AAA timers. If this
is disabled, the global settings are
used.
disabled
user-logon
Enables Captive Portal with authentication of user credentials.
enabled disabled
enabled
user-vlan-in-redirection-url <ipaddr>
Add the user VLAN in the redirection URL. This parameter requires the Public Access license.
enabled disabled
disabled
user-vlan-redirection-url
Sends the user's VLAN ID in the
--
--
redirection URL when external
captive portal servers are used.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication captive-portal | 37
Parameter welcome-page <url>
white-list <white-list>
Description
Range
URL of the page that appears after
--
logon and before redirection to the
web URL. This can be set to any
URL.
Name of an existing white list on an -- IPv4 or IPv6 network destination. The white list contains authenticated websites that a guest can access. If you have not yet defined a netdestination, use the CLI command netdestination to define a destination host or subnet before you add it to the whitelist.
Default /auth/welcome .html
--
Usage Guidelines
You can configure the Captive Portal authentication profile in the base operating system or with the Next Generation Policy Enforcement Firewall (PEFNG) license installed. When you configure the profile in the base operating system, the name of the profile must be entered for the initial role in the AAA profile. Also, when you configure the profile in the base operating system, you cannot define the default-role.
Example
The following example configures a Captive Portal authentication profile that authenticates users against the controller's internal database. Users who are successfully authenticated are assigned the auth-guest role.
To create the auth-guest user role shown in this example, the PEFNG license must be installed in the controller. aaa authentication captive-portal guestnet
default-role auth-guest user-logon no guest-logon server-group internal
Command History
Version ArubaOS 3.0
Description Command introduced.
ArubaOS 6.0
The max-authentication-failures parameter no longer requires a license.
ArubaOS 6.1
The sygate-on-demand, black-list and white-list parameters were added.
ArubaOS 6.2
the auth-protocol parameter was added, and the user-chap parameter was deprecated.
ArubaOS 6.3
The user-idle-timeout parameter was introduced.
ArubaOS 6.4
The url-hash-key parameter was introduced.
38 | aaa authentication captive-portal
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system, except for noted parameters
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication captive-portal | 39
aaa authentication dot1x
aaa authentication dot1x {<profile>|countermeasures} ca-cert <certificate> cert-cn-lookup clear clone <profile> delete-keycache eapol-logoff enforce-suite-b-128 enforce-suite-b-192 framed-mtu <mtu> heldstate-bypass-counter <number> ignore-eap-id-match ignore-eapolstart-afterauthentication machine-authentication blacklist-on-failure|{cache-timeout <hours>}|enable| {machine-default-role <role>}|{user-default-role <role>} max-authentication-failures <number> max-requests <number> multicast-keyrotation no ... opp-key-caching reauth-max <number> reauth-server-termination-action reauthentication server {server-retry <number>|server-retry-period <seconds>} server-cert <certificate> termination {eap-type <type>}|enable|enable-token-caching|{inner-eap-type (eap- gtc|eapmschapv2)}|{token-caching-period <hours>} timer {idrequest_period <seconds>}|{mkey-rotation-period <seconds>}|{quiet-period <seconds>}|{reauth-period <seconds>}|{ukey-rotation-period <seconds>}|{wpa- groupkeydelay <seconds>}|{wpa-key-period <milliseconds>}|wpa2-key-delay <milliseconds> tls-guest-access tls-guest-role <role> unicast-keyrotation use-session-key use-static-key validate-pmkid voice-aware wep-key-retries <number> wep-key-size {40|128} wpa-fast-handover wpa-key-retries <number> xSec-mtu <mtu>
Description
This command configures the 802.1X authentication profile.
40 | aaa authentication dot1x
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Syntax
Parameter <profile> clear countermeasures
ca-cert <certificate> cert-cn-lookup
delete-keycache eapol-logoff enforce-suite-b-128 enforce-suite-b-192
Description
Name that identifies an instance of the profile. The name must be 1-63 characters.
Range --
Clear the Cached PMK, Role
--
and VLAN entries. This
command is available in
enable mode only.
Scans for message integrity
--
code (MIC) failures in traffic
received from clients. If there
are more than 2 MIC failures
within 60 seconds, the AP is
shut down for 60 seconds.
This option is intended to slow
down an attacker who is
making a large number of
forgery attempts in a short
time.
CA certificate for client
--
authentication. The CA
certificate needs to be loaded
in the controller.
If you use client certificates
--
for user authentication,
enable this option to verify
that the certificate's common
name exists in the server.
This parameter is disabled by
default.
Delete the key cache entry
--
when the user entry is deleted.
Enables handling of EAPOL-
--
LOGOFF messages.
Configure Suite-B 128 bit or more security level
authentication enforcement
Configure Suite-B 192 bit or more security level
authentication enforcement
Default "default" -- disabled
-- --
disabled disabled disabled disabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication dot1x | 41
Parameter framed-mtu <MTU> heldstate-bypass-counter <number>
ignore-eap-idmatch ignore-eapol start-afterauthentication machine-authentication
blacklist-on-failure cache-timeout <hours> enable
machine-default-role <role>
Description
Sets the framed MTU attribute sent to the authentication server.
Range
5001500
(This parameter is applicable 0-3 when 802.1X authentication is terminated on the controller, also known as AAA FastConnect.) Number of consecutive authentication failures which, when reached, causes the controller to not respond to authentication requests from a client while the controller is in a held state after the authentication failure. Until this number is reached, the controller responds to authentication requests from the client even while the controller is in its held state.
Ignore EAP ID during
--
negotiation.
Ignores EAPOL-START
--
messages after
authentication.
(For Windows environments only) These parameters set machine authentication:
NOTE: This parameter requires the PEFNG license.
Blacklists the client if machine -- authentication fails.
The timeout, in hours, for machine authentication.
1-1000
Select this option to enforce
--
machine authentication
before user authentication. If
selected, either the machine-
default-role or the user-
default-role is assigned to the
user, depending on which
authentication is successful.
Default role assigned to the
--
user after completing only
machine authentication.
Default 1100 0
disabled disabled
disabled 24 hours (1 day) disabled
guest
42 | aaa authentication dot1x
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter user-default-role <role>
max-authentication-failures <number>
max-requests <number> multicast-key rotation no opp-key-caching
reauth-max <number> reauth-server-termination-action
Description
Default role assigned to the user after 802.1X authentication.
Range --
Number of times a user can
0-5
try to login with wrong
credentials after which the
user is blacklisted as a
security threat. Set to 0 to
disable blacklisting, otherwise
enter a non-zero integer to
blacklist the user after the
specified number of failures.
Maximum number of times ID requests are sent to the client.
1-10
Enables multicast key rotation --
Negates any configured
--
parameter.
Enables a cached pairwise
--
master key (PMK) derived
with a client and an
associated AP to be used
when the client roams to a
new AP. This allows clients
faster roaming without a full
802.1X authentication.
NOTE: Make sure that the wireless client (the 802.1X supplicant) supports this feature. If the client does not support this feature, the client will attempt to renegotiate the key whenever it roams to a new AP. As a result, the key cached on the controller can be out of sync with the key used by the client.
Maximum number of reauthentication attempts.
1-10
Specifies the termination-action attribute from the server.
Default guest 0 (disable d)
5 disabled -- enabled
3
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication dot1x | 43
Parameter reauthentication
reload-cert server server-retry <number> server-retry-period <seconds> server-cert <certificate> termination
eap-type <type> enable
Description
Range
Select this option to force the -- client to do a 802.1X reauthentication after the expiration of the default timer for reauthentication. (The default value of the timer is 24 hours.) If the user fails to reauthenticate with valid credentials, the state of the user is cleared.
If derivation rules are used to classify 802.1X-authenticated users, then the reauthentication timer per role overrides this setting.
Default disabled
Reload Certificate for 802.1X
--
--
termination. This command is
available in enable mode only.
Sets options for sending authentication requests to the authentication server group.
Maximum number of
0-3
3
authentication requests that
are sent to server group.
Server group retry interval, in seconds.
5-65535
5 seconds
Server certificate used by the --
--
controller to authenticate
itself to the client.
Sets options for terminating 802.1X authentication on the controller.
The Extensible Authentication Protocol (EAP) method, either EAP-PEAP or EAP-TLS.
eappeap/ eap-tls
eappeap
Enables 802.1X termination
--
on the controller.
disabled
44 | aaa authentication dot1x
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
enable-token -caching
Description
Range
If you select EAP-GTC as the
--
inner EAP method, you can
enable the controller to cache
the username and password
of each authenticated user.
The controller continues to
reauthenticate users with the
remote authentication server,
however, if the authentication
server is not available, the
controller will inspect its
cached credentials to
reauthenticate users.
Default disabled
inner-eap-type eap-gtc|eap-mschapv2
When EAP-PEAP is the EAP method, one of the following inner EAP types is used:
EAP-Generic Token Card (GTC): Described in RFC 2284, this EAP method permits the transfer of unencrypted usernames and passwords from client to server. The main uses for EAP-GTC are one-time token cards such as SecureID and the use of LDAP or RADIUS as the user authentication server. You can also enable caching of user credentials on the controller as a backup to an external authentication server.
EAP-Microsoft Challenge Authentication Protocol version 2 (MS-CHAPv2): Described in RFC 2759, this EAP method is widely supported by Microsoft clients.
eapgtc/eapmschap v2
eapmschap v2
token-caching-period <hours>
If you select EAP-GTC as the inner EAP method, you can specify the timeout period, in hours, for the cached information.
(any)
24 hours
timer
Sets timer options for 802.1X authentication:
idrequestperiod <seconds>
Interval, in seconds, between identity request retries.
1-65535
5 seconds
mkey-rotation-period <seconds>
Interval, in seconds, between multicast key rotation.
60864000
1800 seconds
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication dot1x | 45
Parameter quiet-period <seconds> reauth-period <seconds>
ukey-rotation-period <seconds> wpa-groupkey -delay <milliseconds> wpa-key-period <milliseconds> wpa2-key-delay <milliseconds> tls-guest-access tls-guest-role <role>
unicast-keyrotation use-session-key use-static-key
Description
Range Default
Interval, in seconds, following failed authentication.
1-65535
30 seconds
Interval, in seconds, between reauthentication attempts, or specify server to use the server-provided reauthentication period.
60864000
86400 seconds (1 day)
Interval, in seconds, between unicast key rotation.
60864000
900 seconds
Interval, in milliseconds, between unicast and multicast key exchanges.
0-2000
0 ms (no delay)
Interval, in milliseconds, between each WPA key exchange.
10005000
1000 ms
Set the delay between EAPSuccess and unicast key exchange.
1-2000
0 ms (no delay)
Enables guest access for EAP- -- TLS users with valid certificates.
disabled
User role assigned to EAP-TLS -- guest.
NOTE: This parameter requires the PEFNG license.
guest
Enables unicast key rotation.
--
disabled
Use RADIUS session key as
--
the unicast WEP key.
disabled
Use static key as the
--
unicast/multicast WEP key.
disabled
46 | aaa authentication dot1x
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter validate-pmkid
voice-aware wep-key-retries <number> wep-key-size wpa-fast-handover wpa-key-retries xSec-mtu <mtu>
Description
Range
This parameter instructs the
--
controller to check the
pairwise master key (PMK) ID
sent by the client. When this
option is enabled, the client
must send a PMKID in the
associate or reassociate
frame to indicate that it
supports OKC or PMK caching;
otherwise, full 802.1X
authentication takes place.
(This feature is optional, since
most clients that support OKC
and PMK caching do not send
the PMKID in their association
request.)
Enables rekey and
--
reauthentication for VoWLAN
clients.
NOTE: The Next Generation Policy Enforced Firewall license must be installed.
Number of times WPA/WPA2
1-5
key messages are retried.
Dynamic WEP key size, either 40 or 128 bits.
40 or 128
Enables WPA-fast-handover.
--
This is only applicable for
phones that support WPA and
fast handover.
Set the number of times WPA/WPA2 Key Messages are retried. The supported range is 1-10 retries, and the default value is 3.
1-10
Sets the size of the MTU for xSec.
10241500
Default disabled
enabled
3 128 bits disabled 3 1300 bytes
Usage Guidelines
The 802.1X authentication profile allows you to enable and configure machine authentication and 802.1X termination on the controller (also called "AAA FastConnect").
In the AAA profile, specify the 802.1X authentication profile, the default role for authenticated users, and the server group for the authentication.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication dot1x | 47
Examples
The following example enables authentication of the user's client device before user authentication. If machine authentication fails but user authentication succeeds, the user is assigned the restricted "guest" role: aaa authentication dot1x dot1x
machine-authentication enable machine-authentication machine-default-role computer machine-authentication user-default-role guest
The following example configures an 802.1X profile that terminates authentication on the controller, where the user authentication is performed with the controller's internal database or to a "backend" non-802.1X server: aaa authentication dot1x dot1x
termination enable
Command History
Version ArubaOS 3.0
Description Command introduced.
ArubaOS 6.1
The cert-cn-lookup, enforce-suite-b-128 and enforce-suite-b-192 parameters were introduced.
ArubaOS 6.3.1.2
The delete-keycache parameter was introduced.
Command Information
Platforms All platforms
Licensing
Base operating system. The voice-aware parameter requires the PEFNG license
Command Mode Config mode on master controllers
48 | aaa authentication dot1x
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication mac
aaa authentication mac <profile> case upper|lower clone <profile> delimiter {colon|dash|none} max-authentication-failures <number> no ... reauthentication timer reauth period {<ra-period>|server}
Description
This command configures the MAC authentication profile.
Syntax
Parameter <profile>
Description
Range Default
Name that identifies an instance of the
--
profile. The name must be 1-63 characters.
"default"
case
The case (upper or lower) used in the MAC string sent in the authentication request. If there is no delimiter configured, the MAC address in lower case is sent in the format xxxxxxxxxxxx, while the MAC address in upper case is sent in the format XXXXXXXXXXXX.
upper lower
lower
clone <profile>
Name of an existing MAC profile from which parameter values are copied.
--
--
delimiter
Delimiter (colon, dash, or none) used in the MAC string.
colon dash none
none
max-authentication-failures <number>
Number of times a client can fail to authenticate before it is blacklisted. A value of 0 disables blacklisting.
0-10
0 (disabled)
no
Negates any configured parameter.
--
--
reauthentication
timer reauth period <ra-period>|server
Use this parameter to enable or disable reauthentication.
Disabled
<ra-period> specifies the period between reauthentication attempts in seconds. The server parameter specifies the server-provided reauthentication interval.
60864000 seconds
86400 seconds (1 day)
Usage Guidelines
MAC authentication profile configures authentication of devices based on their physical MAC address. MACbased authentication is often used to authenticate and allow network access through certain devices while
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication mac | 49
denying access to all other devices. Users may be required to authenticate themselves using other methods, depending upon the network privileges.
Example
The following example configures a MAC authentication profile to blacklist client devices that fail to authenticate. aaa authentication mac mac-blacklist
max-authentication-failures 3
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.3.1.8
The max-authentication-failures parameter was allowed in the base operating system. In earlier versions of ArubaOS, the max-authenticationfailures parameter required the Wireless Intrusion Protection license
ArubaOS 6.3
The reauthentication and timer reauth period parameters were introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
50 | aaa authentication mac
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication mgmt
aaa authentication mgmt default-role {guest-provisioning|location-api-mgmt|network-operations|no-access|readonly|root} enable no ... server-group <group>
Description
This command configures authentication for administrative users.
Syntax
Parameter default-role
default guest-provisioning location-api-mgmt network-operations no-access
read-only enable
mchapv2 no server-group <group>
Description
Range
Select a predefined management role to -- assign to authenticated administrative users:
Default superuser role
--
Guest provisioning role
--
Location API role
--
Network operations role
--
No commands are accessible for this
--
role
Read-only role
--
Enables authentication for administrative users. Enable MSCHAPv2
Negates any configured parameter.
enabled| disabled
enabled| disabled
--
Name of the group of servers used to
--
authenticate administrative users. See
aaa server-group on page 125.
Default default
-- -- -- -- --
-- disabled disabled -- default
Usage Guidelines
If you enable authentication with this command, users configured with the mgmt-user command must be authenticated using the specified server-group.
You can configure the management authentication profile in the base operating system or with the PEFNG license installed.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication mgmt | 51
Example
The following example configures a management authentication profile that authenticates users against the controller's internal database. Users who are successfully authenticated are assigned the read-only role. aaa authentication mgmt
default-role read-only server-group internal
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.2
The network-operations role was introduced.
ArubaOS 3.3
The location-api-mgmt role was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
52 | aaa authentication mgmt
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication-server internal
aaa authentication-server internal use-local-switch
Description
This command specifies that the internal database on a local controller be used for authenticating clients.
Usage Guidelines
By default, the internal database in the master controller is used for authentication. This command directs authentication to the internal database on the local controller where you run the command.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication-server internal | 53
aaa authentication-server ldap
aaa authentication-server ldap <server> admin-dn <name> admin-passwd <string> allow-cleartext authport <port> base-dn <name> clone <server> enable filter <filter> host <ipaddr> key-attribute <string> max-connection <number> no ... preferred-conn-type ldap-s|start-tls|clear-text timeout <seconds>
Description
This command configures an LDAP server.
Starting from ArubaOS 6.4, a maximum of 128 LDAP servers can be configured on the controller.
Syntax
Parameter <server>
Description Name that identifies the server.
Range --
Default --
admin-dn <name>
Distinguished name for the admin user
--
--
who has read/search privileges across all
of the entries in the LDAP database (the
user does not need write privileges but
should be able to search the database and
read attributes of other users in the
database).
admin-passwd <string> Password for the admin user.
--
--
allow-cleartext
Allows clear-text (unencrypted) communication with the LDAP server.
enable d| disable d
disabled
authport <port>
Port number used for authentication. Port
1-
389
636 will be attempted for LDAP over SSL,
65535
while port 389 will be attempted for SSL
over LDAP, Start TLS operation and clear
text.
base-dn <name>
Distinguished Name of the node which
--
--
contains the entire user database to use.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication-server ldap | 54
Parameter clone <server>
Description
Name of an existing LDAP server configuration from which parameter values are copied.
Range --
Default --
enable
Enables the LDAP server.
--
filter <filter>
Filter that should be applied to search of
--
the user in the LDAP database. The default
filter string is (objectclass=*).
(objectclass=*)
host <ip-addr>
IP address of the LDAP server, in dotted-
--
--
decimal format.
key-attribute <string> Attribute that should be used as a key in
--
search for the LDAP server. For Active
Directory, the value is sAMAccountName.
sAMAccountNa me
max-connection no
Maximum number of simultaneous non-
--
--
admin connections to an LDAP server.
Negates any configured parameter.
--
--
preferred-conn-type timeout <seconds>
Preferred connection type. The default order of connection type is:
1. ldap-s
2. start-tls
3. clear-text
The controller will first try to contact the LDAP server using the preferred connection type, and will only attempt to use a lower-priority connection type if the first attempt is not successful.
NOTE: You enable the allow-cleartext option before you select clear-text as the preferred connection type. If you set cleartext as the preferred connection type but do not allow clear-text, the controller will only use ldap-s or start-tls to contact the LDAP server.
ldap-s
start-tls
cleartext
Timeout period of a LDAP request, in seconds.
1-30
ldap-s 20 seconds
Usage Guidelines
You configure a server before you can add it to one or more server groups. You create a server group for a specific type of authentication (see aaa server-group on page 125).
Example
The following command configures and enables an LDAP server: aaa authentication-server ldap ldap1
host 10.1.1.243
55 | aaa authentication-server ldap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
base-dn cn=Users,dc=1m,dc=corp,dc=com admin-dn cn=corp,cn=Users,dc=1m,dc=corp,dc=com admin-passwd abc10 key-attribute sAMAccountName filter (objectclass=*) enable
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication-server ldap | 56
aaa authentication-server radius
aaa authentication-server radius <rad_server_name> acctport <port> authport <port> called-station-id type {ap-group | ap-macaddr | ap-name | ipaddr | macaddr | vlan-id} [delimiter {colon | dash | none}] [include-ssid {enable |disable}] clone <server> cppm username <username> password <password> enable enable-ipv6 enable-radsec host <ipaddr>|<FQDN> key <psk> mac-delimiter [colon | dash | none | oui-nic] mac-lowercase nas-identifier <string> nas-ip <ipaddr> nas-ip6 <ipv6-adrress> no radsec-client-cert-name <name> radsec-port <radsec-port> radsec-trusted-cacert-name <radsec-trusted-ca> radsec-trusted-servercert-name <name> retransmit <number> service-type-framed-user source-interface vlan <vlan> ip6addr <ipv6addr> timeout <seconds> use-ip-for-calling-station use-md5
Description
This command configures a RADIUS server.
Starting from ArubaOS 6.4, a maximum of 128 RADIUS servers can be configured on the controller.
Syntax
Parameter <rad_server_name>
acctport <port>
authport <port>
Description
Range Default
Name that identifies --
--
the server.
Accounting port on the server.
165535
1813
Authentication port on the server
165535
1812
57 | aaa authentication-server radius
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter called-station-id type {ap-group | ap-macaddr | ap-name | ipaddr | macaddr | vlan-id}
clone <server> cppm username <username> password <password>
enable enable-ipv6 enable-radsec
Description
Range
Configure this
--
parameter to be sent
with the RADIUS
attribute Called
Station ID for
authentication and
accounting requests.
The called-stationid parameter can be configured to include AP group, AP MAC address, AP name, controller IP, controller MAC address, or user vlan.
The default value is controller MAC address.
Default macaddr
Name of an existing
--
--
RADIUS server
configuration from
which parameter
values are copied.
Configure the CPPM
--
--
username and
password. The
controller
authenticating to
CPPM is enhanced to
use configurable
username and
password instead of
support password.
The support
password is
vulnerable to attacks
as the server
certificate presented
by CPPM server is
not validated.
Enables the RADIUS
--
--
server.
Enables the RADIUS
--
--
server in IPv6 mode.
Enables RadSec for
--
--
RADIUS data
transport over
TCP and TLS.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication-server radius | 58
Parameter host
<ipaddr> <FQDN>
Description
Range Default
Identify the RADIUS
--
--
server either by its IP
address or fully
qualified domain
name.
IPv4 or IPv6 address
--
--
of the RADIUS
server.
Fully qualified
--
--
domain name
(FQDN) of the
RADIUS server. The
maximum supported
length is 63
characters.
key <psk>
mac-delimiter [colon | dash | none | oui-nic] mac-lowercase nas-identifier <string> nas-ip <ip-addr>
Shared secret
--
between the
controller and the
authentication
server. The
maximum length is
128 characters.
Send MAC address
--
with user-defined
delimiter.
Send MAC addresses -- as lowercase.
Network Access
--
Server (NAS)
identifier to use in
RADIUS packets.
NAS IP address to
--
send in RADIUS
packets.
--
none -- -- --
59 | aaa authentication-server radius
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
Range Default
You can configure a "global" NAS IP address that the controller uses for communications with all RADIUS servers. If you do not configure a server-specific NAS IP, the global NAS IP is used. To set the global NAS IP, enter the ip radius nas-ip <ipaddr> command.
nas-ip6 <ipv6-address>
NAS IPv6 address to send in RADIUS packets.
You can configure a "global" NAS IPv6 address that the controller uses for communications with all RADIUS servers. If you do not configure a server-specific NAS IPv6, the global NAS IPv6 is used. To set the global NAS IPv6, enter the ipv6
radius nas-ip6
<ipv6-address> command.
no
Negates any
--
--
configured
parameter.
radsec-client-cert <radsec-client-cert>
Configures a RadSec --
--
client certificate on
the RADIUS server to
identify and
authenticate clients.
radsec-port <radsec-port>
Designates a RadSec port for RADIUS data transport.
165535
2083
radsec-trusted-cacert-name <radsec-trusted-ca> Designates a
--
--
Certificate Authority
to sign RadSec
certificates.
radsec-trusted-servercert-name <radsec-trusted- Designates a trusted
--
--
ca>
RadSec server cer-
tificate.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication-server radius | 60
Parameter retransmit <number>
Description
Range Default
Maximum number of 0-3
3
retries sent to the
server by the
controller before the
server is marked as
down.
service-type-framed-user
Send the service-
--
type as FRAMED-
USER instead of
LOGIN-USER. This
option is disabled by
default
disabled
source-interface vlan <vlan> ip6addr <ipv6addr> This option
--
--
associates a VLAN
interface with the
RADIUS server to
allow the server-
specific source
interface to override
the global
configuration.
l If you associate a Source Interface (by entering a VLAN number) with a configured server, then the source IP address of the packet will be that interface's IP address.
l If you do not associate the Source Interface with a configured server (leave the field blank), then the IP address of the global Source Interface will be used.
l If you want to configure an IPv6 address for the Source Interface, specify the IPv6 address for the ip6addr parameter.
61 | aaa authentication-server radius
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter timeout <seconds>
use-ip-for-calling-station use-md5
Description
Range Default
Maximum time, in seconds, that the controller waits before timing out the request and resending it.
1-30
5 second s
Use an IP address
--
instead of a MAC
address for calling sta-
tion IDs. This option is
disabled by default.
disable d
Use MD5 hash of
--
cleartext password.
disable d
Usage Guidelines
You configure a server before you can add it to one or more server groups. You create a server group for a specific type of authentication (see aaa server-group on page 125).
Example
The following command configures and enables a RADIUS server: aaa authentication-server radius radius1
host 10.1.1.244 key qwERtyuIOp enable
Command History
Version ArubaOS 3.0
Modification Command introduced.
ArubaOS 6.0
RADIUS server can be identified by its qualified domain name (FQDN).
ArubaOS 6.1
The source-interface parameter was added.
ArubaOS 6.3
l The mac-delimiter parameter was introduced.
l The enable-ipv6 and nas-ip6 parameters were introduced. An IPv6 host address can be specified for the host parameter.
l The ipv6 addr parameter was added.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication-server radius | 62
Version ArubaOS 6.4 ArubaOS 6.4.2.5 ArubaOS 6.4.3.0
Modification The called-station-id parameter was introduced.
The cppm parameter was introduced.
l The enable-radsec parameter was introduced. l The radsec-client-cert, radsec-port, and radsec-trusted-ca
parameters were introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
63 | aaa authentication-server radius
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication-server tacacs
aaa authentication-server tacacs <server> clone <server> enable host <host> key <psk> no ... retransmit <number> session-authorization tcp-port <port> timeout <seconds>
Description
This command configures a TACACS+ server.
Starting from ArubaOS 6.4, a maximum of 128 TACACS servers can be configured on the controller.
Syntax
Parameter <server>
Description Name that identifies the server.
Range --
clone <server>
Name of an existing TACACS server
--
configuration from which parameter values
are copied.
enable
Enables the TACACS server.
--
host <host>
IPv4 or IPv6 address of the TACACS server.
--
key
Shared secret to authenticate communication --
between the TACACS+ client and server.
no
Negates any configured parameter.
--
retransmit <number>
Maximum number of times a request is
0-3
retried.
session-authorization Enables TACACS+ authorization.Session-
--
authorization turns on the optional
authorization session for admin users.
tcp-port <port>
TCP port used by the server.
1-65535
timeout <timeout>
Timeout period of a TACACS request, in seconds.
1-30
Default -- --
-- -- -- 3 disabled
49 20 seconds
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication-server tacacs | 64
Usage Guidelines
You configure a server before you can add it to one or more server groups. You create a server group for a specific type of authentication (see aaa server-group on page 125).
Example
The following command configures, enables a TACACS+ server and enables session authorization:
aaa authentication-server tacacs tacacs1 clone default host 10.1.1.245 key qwERtyuIOp enable session-authorization
Command History
Version ArubaOS 3.0
Description Command introduced.
ArubaOS 6.0
session-authorization parameter was introduced.
ArubaOS 6.3
IPv6 support was added for TACACS server. You can now specify an IPv6 host address for the host parameter.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
65 | aaa authentication-server tacacs
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication-server windows
aaa authentication-server windows <windows_server_name> clone <source> domain <domain> enable host <ipaddr> no
Description
This command configures a windows server for stateful-NTLM authentication.
Syntax
Parameter <windows_server_name>
clone <source> domain <domain> enable host <ipaddr> no
Description Name of the windows server. You will use this name when you add the windows server to a server group. Name of a Windows Server from which you want to make a copy. The Windows domain for the authentication server. Enables the Windows server. IP address of the Windows server. Delete command.
Usage Guidelines
You must define a Windows server before you can add it to one or more server groups. You create a server group for a specific type of authentication (see aaa server-group on page 125). Windows servers are used for stateful-NTLM authentication.
Example
The following command configures and enables a windows server: aaa authentication-server windows IAS_1
host 10.1.1.245 enable
Command History
This command was available in ArubaOS 3.4.1
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication-server windows | 66
67 | aaa authentication-server windows
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication stateful-dot1x
aaa authentication stateful-dot1x default-role <role> enable no ... server-group <group> timeout <seconds>
Description
This command configures 802.1X authentication for clients on non-Dell APs.
Syntax
Parameter default-role <role>
Description
Role assigned to the 802.1X user upon login. NOTE: The PEFNG license must be installed.
Range --
enable
Enables 802.1X authentication for clients on
--
non-Dell APs. Use no enable to disable
stateful 8021.X authentication.
no
Negates any configured parameter.
--
server-group <group> Name of the group of RADIUS servers used to -- authenticate the 802.1X users. See aaa server-group on page 125.
timeout <seconds>
Timeout period, in seconds.
1-20
Default guest enabled
-- --
10 seconds
Usage Guidelines
This command configures 802.1X authentication for clients on non-Dell APs. The controller maintains user session state information for these clients.
Example
The following command assigns the employee user role to clients who successfully authenticate with the server group corp-rad: aaa authentication stateful-dot1x
default-role employee server-group corp-rad
Command History
This command was introduced in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication stateful-dot1x | 68
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
69 | aaa authentication stateful-dot1x
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication stateful-dot1x clear
aaa authentication stateful-dot1x clear
Description
This command clears automatically-created control path entries for 802.1X users on non-Dell APs.
Syntax
No parameters.
Usage Guidelines
Run this command after changing the configuration of a RADIUS server in the server group configured with the aaa authentication stateful-dot1x command. This causes entries for the users to be created in the control path with the updated configuration information.
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication stateful-dot1x clear | 70
aaa authentication stateful-kerberos
aaa authentication stateful-kerberos <profile-name> clone default-role <role> enable server-group <server-group> timeout <timeout>
Description
This command configures stateful Kerberos authentication.
Syntax
Parameter clone
Description
Create a copy of an existing stateful Kerberos profile
default-role
Select an existing role to assign to authenticated users.
server-group <server-group> Name of a server group.
timeout <timeout>
Amount of time, in seconds, before the request times out.
Range --
Default --
--
guest
--
1-20 seconds
default
10 seconds
Example
(host)(config) # aaa authentication stateful-kerberos default default-role guest timeout 10 server-group internal
Command History
Command introduced in ArubaOS 3.4.3
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
71 | aaa authentication stateful-kerberos
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication stateful-ntlm
aaa authentication stateful-ntlm <profile-name> clone default-role <role> enable server-group <server-group> timeout <timeout>
Description
This command configures stateful NT LAN Manager (NTLM) authentication.
Syntax
Parameter clone
Description
Range
Create a copy of an existing stateful NTLM -- profile
default-role
Select an existing role to assign to
--
authenticated users.
no
Negates any configured parameter.
--
server-group <server-group> Name of a server group.
--
timeout <timeout>
Amount of time, in seconds, before the request times out.
1-20 seconds
Default --
guest
-- default 10 seconds
Usage Guidelines
NT LAN Manager (NTLM) is a suite of Microsoft authentication and session security protocols. You can use a stateful NTLM authentication profile to configure a controller to monitor the NTLM authentication messages between clients and an authentication server. The controller can then use the information in the Server Message Block (SMB) headers to determine the client's username and IP address, the server IP address and the client's current authentication status. If the client successfully authenticates via an NTLM authentication server, the controller can recognize that the client has been authenticated and assign that client a specified user role. When the user logs off or shuts down the client machine, the user will remain in the authenticated role until the user's authentication is aged out.
The Stateful NTLM Authentication profile requires that you specify a server group which includes the servers performing NTLM authentication, and a default role to be assigned to authenticated users. For details on defining a windows server used for NTLM authentication, see aaa authentication-server windows.
Example
The following example configures a stateful NTLM authentication profile that authenticates clients via the server group "Windows1." Users who are successfully authenticated are assigned the "guest2" role.
aaa authentication stateful-ntlm default-role guest2 server-group Windows1
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication stateful-ntlm | 72
Command History
Command introduced in ArubaOS 3.4.1
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
73 | aaa authentication stateful-ntlm
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication via auth-profile
aaa authentication via auth-profile <profile> auth-protocol {mschapv2|pap} cert-cn-lookup clone <source> default-role <default-role> desc <description> max-authentication-failures <max-authentication-failures> no pan-integration radius-accounting <server_group_name> rfc-3576-server <rfc-server> server-group <server-group>
Description
This command configures the VIA authentication profile.
Syntax
Parameter auth-protocol {mschapv2|pap}
cert-cn-lookup
clone <source>
default-role <default-role>
desc <description>
Description Default
Authentication PAP protocol support for VIA authentication; MSCHAPv2 or PAP
Check certificate common name against AAA server.
Enabled
Name of an existing profile from which configuratio n values are copied.
Name of the default VIA authenticati on profile.
Description
-
of this
profile for
reference.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication via auth-profile | 74
Parameter max-authentication-failures <max-authentication-failures>
pan-integration
Description Default
Number of
3
times VIA
will prompt
user to login
due to
incorrect
credentials.
After the
maximum
authenticati
on attempts
failures VIA
will exit.
Requires IP
-
mapping at
Palo Alto
Network.
radius-accounting <server_group_name>
Server
-
group for
RADIUS
accounting.
rfc-3576-server <rfc-server> server-group <server-group>
Configures
-
the RFC
3576 server.
Server
-
group
against
which the
user is
authenticate
d.
Usage Guidelines
Use this command to create VIA authentication profiles and associate user roles to the authentication profile.
Example
(host) (config) #aaa authentication via auth-profile default (host) (VIA Authentication Profile "default") #auth-protocol mschapv2 (host) (VIA Authentication Profile "default") #default-role example-via-role (host) (VIA Authentication Profile "default") #desc "Default VIA Authentication Profile" (host) (VIA Authentication Profile "default") #server-group "via-server-group"
75 | aaa authentication via auth-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 5.0 ArubaOS 6.3
Description Command introduced. The auth-protocol parameter was added.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication via auth-profile | 76
aaa authentication via connection-profile
aaa authentication via connection-profile <profile> admin-logoff-script admin-logon-script allow-user-disconnect allow-whitelist-traffic auth_domain_suffix auth-profile <auth-profile> auth_doman_suffix auto-launch-supplicant auto-login auto-upgrade banner-message-reappear-timeout <mins> client-logging client-netmask <client-netmask> client-wlan-profile <client-wlan-profile> position <position> clone controllers-load-balance csec-gateway-url <URL> csec-http-ports <comma separated port numbers> dns-suffix-list <dns-suffix-list> domain-pre-connect enable-csec enable-fips enable-supplicant ext-download-url <ext-download-url> ike-policy <ike-policy> ikev2-policy ikev2-proto ikev2auth ipsec-cryptomap map <map> number <number> ipsecv2-cryptomap lockdown-all-settings max-reconnect-attempts <max-reconnect-attempts> minimized max-timeout <value> minimized no save-passwords server split-tunneling suiteb-crypto support-email tunnel user-idle-timeout validate-server-cert whitelist windows-credentials
Description
This command configures the VIA connection profile.
77 | aaa authentication via connection-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Syntax
Parameter admin-logoff-script admin-logon-script allow-user-disconnect allow-whitelist-traffic auth_domain_suffix
auto-launch-supplicant auth-profile <auth-profile> admin-logoff-script
admin-logon-script
auto-login
Description Enables VIA logoff script.
Default Disabled
Enables VIA logon script.
Disabled
Enable or disable users to disconnect their VIA sessions.
Enabled
If enabled, this feature will block network access until the VIA VPN connection is established.
Disabled
Enables a domain suffix on -- VIA Authentication, so client credentials are sent as domainname\username instead of just username.
Allows you to connect automatically to a configured WLAN network.
Disabled
This is the list of VIA
--
authentication profiles
that will be displayed to
users in the VIA client.
Specify the name of the
--
script that must be
executed when the VIA
connection is
disconnected. The script
must reside on the user /
client system.
Specify the name of the
--
script that must be
executed when the VIA
connection is established.
The script must reside on
the user / client system.
Enable or disable VIA client to auto login and establish a secure connection to the controller.
Enabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication via connection-profile | 78
Parameter auto-upgrade
banner-message-reappear-timeout client-logging client-netmask <client-netmask> client-wlan-profile <client-wlan-profile>
position <position> clone controllers-load-balance
Description
Default
Enable or disable VIA client to automatically upgrade when an updated version of the client is available on the controller.
Enabled
Timeout value, in minutes, after which the user session will end and the VIA Login banner message reappears.
1440 minutes
Enable or disable VIA client to auto login and establish a secure connection to the controller.
Enabled
The network mask that has to be set on the client after the VPN connection is established.
255.255.255.2 55
A list of VIA client WLAN
--
profiles that needs to be
pushed to the client
machines that use
Windows Zero Config
(WZC) to configure or
--
manage their wireless
networks.
Create a copy of
--
connection profile from
an another VIA
connection profile.
Enable this option to allow the VIA client to failover to the next available selected randomly from the list as configured in the VIA Servers option. If disabled, VIA will failover to the next in the sequence of ordered list of VIA Servers.
Disabled
79 | aaa authentication via connection-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter server
addr <addr> <internal-ip <internal-ip> desc <description> csec-gateway-url csec-http-ports
domain-preconnect
dns-suffix-list <dns-suffix-list>
enable-csec
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
Default
l Address: This is the
--
public IP address or
the DNS hostname of
the VIA controller.
Users will connect to
remote server using
--
this IP address or the
hostname.
l Internal IP Address:
This is the IP address
of any of the VLAN
--
interface IP addresses
belongs to this
controller.
l Description: This is a
--
human-readable
description of the
controller.
Specify the content
--
security service providers
URL here. You must
provide a fully qualified
domain name.
Specify the ports
--
(separated by comma)
that will be monitored by
the content security
service provider.
Do not add space before or after the comma.
Enable this option to allow users with lost or expired passwords to establish a VIA connection to corporate network. This option authenticates the user's device and establishes a VIA connection that allows users to reset credentials and continue with corporate access.
Enabled
The DNS suffix list (comma separated) that has be set on the client once the VPN connection is established.
.
None
Use this option to enable -- the content security service.
aaa authentication via connection-profile | 80
Parameter enable-fips
enable-supplicant ext-download-url <ext-download-url> ike-policy <ike-policy> ikev2-policy ikev2-proto ikev2auth
ipsec-cryptomap map <map> number <number>
ipsecv2-cryptomap lockdown-all-settings
81 | aaa authentication via connection-profile
Description
Default
Enable the VIA (Federal Information Processing Standard) FIPS module so VIA checks for FIPS compliance during startup.
Disabled
If enabled, VIA starts in bSec mode using L2 suite-b cryptography. This option is disabled by default.
Disabled
End users will use this
--
URL to download VIA on
their computers.
List of IKE policies that the -- VIA Client has to use to connect to the controller.
List of IKE V2 policies that -- the VIA Client has to use to connect to the controller
Enable this to use IKEv2 protocol to establish VIA sessions.
Disabled
Use this option to set the IKEv2 authentication method. By default user certificate is used for authentication. The other supported methods are EAP-MSCHAPv2, EAP-TLS. The EAP authentication is done on an external RADIUS server.
User Certificates
List of IPsec crypto maps --
that the VIA client uses to
connect to the controller.
These IPsec Crypto Maps -- are configured in the CLI
using the crypto-local
ipsec-map <ipsec-
--
map-name> command.
List of IPSec V2 crypto
--
maps that the VIA client
uses to connect to the
controller.
Allows you to lockdown all user configured settings.
Disabled.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
max-reconnect-attempts <max-reconnect-attempts>
The maximum number of re-connection attempts by the VIA client due to authentication failures.
Default 3
max-timeout value <value>
The maximum time (minutes) allowed before the VIA session is disconnected.
1440 min
minimized
Use this option to keep
--
the VIA client on a
Microsoft WIndows
operating system
minimized to system tray.
save-passwords
Enable or disable users to save passwords entered in VIA.
Enabled
server split-tunneling
Configure VIA servers.
Enable or disable split
off
tunneling.
l If enabled, all traffic to the VIA tunneled networks will go through the controller and the rest is just bridged directly on the client.
l If disabled, all traffic will flow through the controller.
suiteb-crypto
Use this option to enable Suite-B cryptography. See RFC 4869 for more information about Suite-B cryptography.
Disabled
support-email
The support e-mail address to which VIA users will send client logs.
None
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication via connection-profile | 82
Parameter tunnel address <address>
address <address> netmask <netmask> user-idle-timeout
validate-server-cert whitelist addr
addr <addr> netmask <netmask> description <description> windows-credentials
Description
Default
A list of network
--
destination (IP address
and netmask) that the VIA
client will tunnel through
the controller. All other
--
network destinations will
be reachable directly by
the VIA client. Enter
tunneled IP address and
--
its netmask.
The user idle timeout for this profile. Specify the idle timeout value for the client in seconds. Valid range is 30-15300 in multiples of 30 seconds. Enabling this option overrides the global settings configured in the AAA timers. If this is disabled, the global settings are used.
disabled
Enable or disable VIA from validating the server certificate presented by the controller.
Enabled
Specify a hostname or IP
--
address and network mask
to define a whitelist of users
allowed to access the net-
workif the allow-whitelist-
traffic option is enabled
Host name of IP address of -- a client
Netmask, in dotted decimal -- format
(Optional) description of the -- client
Enable or disable the use of the Windows credentials to login to VIA. If enabled, the SSO (Single Sign-on) feature can be utilized by remote users to connect to internal resources.
Enabled
Usage Guidelines
Issue this command to create a VIA connection profile. A VIA connection profile contains settings required by VIA to establish a secure connection to the controller. You can configure multiple VIA connection profiles. A VIA
83 | aaa authentication via connection-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
connection profile is always associated to a user role and all users belonging to that role will use the configured settings. If you do not assign a VIA connection profile to a user role, the default connection profile is used.
Example
The following example shows a simple VIA connection profile:
(host) (config) #aaa authentication via connection-profile "via" (host) (VIA Connection Profile "via") #server addr 202.100.10.100 internal-ip 10.11.12.13 desc "VIA Primary" position 0 (host) (VIA Connection Profile "via") #auth-profile "default" position 0 (host) (VIA Connection Profile "via") #tunnel address 10.0.0.0 netmask 255.255.255.0 (host) (VIA Connection Profile "via") #split-tunneling (host) (VIA Connection Profile "via") #windows-credentials (host) (VIA Connection Profile "via") #client-netmask 255.0.0.0 (host) (VIA Connection Profile "via") #dns-suffix-list mycorp.com (host) (VIA Connection Profile "via") #dns-suffix-list example.com (host) (VIA Connection Profile "via") #support-email via-support@example.com
Command History
Release ArubaOS 5.0
Modification Command introduced
ArubaOS 6.1
The following commands were introduced: l admin-logon-script l admin-logoff-script l ikev2-policy l ikev2-proto l ikev2-auth l ipsecv2-crypto l minimized l suiteb-crypto
ArubaOS 6.1.3.2 ArubaOS 6.2
The auth_domain_suffix parameter was introduced.
The following commands were introduced: l allow-whitelist-traffic l banner-message-reappear-timeout l controllers-load-balancing l enable-fips l enable-supplicant l whitelist
ArubaOS 6.3
The user-idle-timeout parameter was introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication via connection-profile | 84
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
85 | aaa authentication via connection-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication via global-config
aaa authentication via global-config no ssl-fallback-enable
Description
The global config option allows to you to enable SSL fallback mode. If the SSL fallback mode is enabled the VIA client will use SSL to create a secure connection.
Syntax
Parameter no ssl-fallback-enable
Description
Disable SSL fallback option
Use this option to enable an SSL fallback connection.
Default -- Disabled
Example
(host) (config) #aaa authentication via global-config
Command History
Command introduced in 5.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication via global-config | 86
aaa authentication via web-auth
aaa authentication via web-auth default auth-profile <auth-profile> position <position> clone <source> no
Description
A VIA web authentication profile contains an ordered list of VIA authentication profiles. The web authentication profile is used by end users to login to the VIA download page (https://<server-IP-address>/via) for downloading the VIA client. Only one VIA web authentication profile is available. If more than one VIA authentication profile is configured, users can view this list and select one during the client login.
Syntax
Parameter auth-profile <auth-profile>
position <position>
Description
The name of the VIA authentication profile
The position of the profile to specify the order of selection.
Default -- --
clone <source>
Duplicate an existing authentication profile.
--
Example
(host) (config) #aaa authentication via web-auth default (host) (VIA Web Authentication "default") #auth-profile default position 0
Command History
Command introduced in 5.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
87 | aaa authentication via web-auth
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication vpn
aaa authentication vpn <profile-name> cert-cn-lookup clone <source> default-role <guest> export-route max-authentication-failures <number> no ... pan-integration radius-accounting server-group <group> user-idle-timeout
Description
This command configures VPN authentication settings.
Syntax
Parameter <profile-name>
cert-cn-lookup
clone <source> default-role <role> export-route
Description
Default
There are three VPN profiles: default,
--
default-rap or default-cap.
This allows users to use different AAA servers for VPN, RAP and CAP clients.
NOTE: The default and default-rap profiles are configurable. The default-cap profile is not configurable and is predefined with the default settings.
If you use client certificates for user
--
authentication, enable this option to verify
that the certificate's common name exists
in the server. This parameter is enabled by
default in the default-cap and default-rap
VPN profiles, and disabled by default on all
other VPN profiles.
Copies data from another VPN
--
authentication profile. Source is the profile
name from which the data is copied.
Role assigned to the VPN user upon login. NOTE: This parameter requires the Policy Enforcement Firewall for VPN Users (PEFV) license.
Exports a VPN IP address as a route to the external world. See the show ip ospf command to view the link-state advertisement (LSA) types that are generated.
guest enabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication vpn | 88
Parameter
Description
Default
max-authentication-failures <number>
Maximum number of authentication failures before the user is blacklisted. The supported range is 1-10 failures. A value of 0 disables blacklisting.
NOTE: This parameter requires the RFProtect license.
0 (disabled)
no
Negates any configured parameter.
--
pan-integration radius-accounting < server-group <group>
Require IP mapping at Palo Alto Networks fire- disabled walls.
Configure server group for
--
RADIUS accounting
Name of the group of servers used to authenticate VPN users. See aaa servergroup on page 125.
internal
user-idle-timeout
The user idle timeout for this profile.
--
Specify the idle timeout value for the client
in seconds. Valid range is 30-15300 in
multiples of 30 seconds. Enabling this
option overrides the global settings
configured in the AAA timers. If this is
disabled, the global settings are used.
Usage Guidelines
This command configures VPN authentication settings for VPN, RAP and CAP clients.Use the vpdn group command to configure Layer-2 Tunneling Protocol and Internet Protocol Security (L2TP/IPsec) or a Point-toPoint Tunneling Protocol (PPTP) VPN connection. (See vpdn group l2tp on page 2213.)
Example
The following command configures VPN authentication settings for the default-rap profile:
aaa authentication vpn default-rap default-role guest clone default max-authentication-failures 0 server-group vpn-server-group
The following message appears when a user tries to configure the non-configurable default-cap profile:
(host) (config) #aaa authentication vpn default-cap Predefined VPN Authentication Profile "default-cap" is not editable
The following example describes the steps to use the CLI to configure a VPN for Cisco Smart Card Clients using certificate authentication and IKEv1, where the client is authenticated against user entries added to the internal database:
(host)(config) #aaa authentication vpn default server-group internal
(host)(config) #no crypto-local isakmp xauth
89 | aaa authentication vpn
Dell Networking W-Series ArubaOS 6.4.x | User Guide
(host)(config) #vpdn group l2tp enable client dns 101.1.1.245
(host)(config) #ip local pool sc-clients 10.1.1.1 10.1.1.250
(host)(config) #crypto-local isakmp server-certificate MyServerCert (host)(config) #crypto-local isakmp ca-certificate TrustedCA
(host)(config) #crypto isakmp policy 1 authentication rsa-sig
The following command configures client entries in the internal database in enable mode: (host)(config) #local-userdb add username <name> password <password> The following example configures a VPN for XAuth IKEv1 clients in config mode using a username and password: (host)(config) #aaa authentication vpn default
server-group internal
crypto-local isakmp xauth
(host)(config) #vpdn group l2tp enable client dns 101.1.1.245
(host)(config) #ip local pool pw-clients 10.1.1.1 10.1.1.250
(host)(config) #crypto isakmp key 0987654 address 0.0.0.0 netmask 0.0.00
(host)(config) #crypto isakmp policy 1 authentication pre-share
Enter the following command in enable mode to configure client entries in the internal database: (host)(config) #local-userdb add username <name> password <password>
Command History
Version ArubaOS 3.0
Description Command introduced.
ArubaOS 5.0
The default-cap and default-rap profiles were introduced.
ArubaOS 6.1
The cert-cn-lookup parameter was introduced.
ArubaOS 6.3
The user-idle-timeout parameter was introduced.
ArubaOS 6.3.1
The export-route parameter was introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication vpn | 90
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system, except for noted parameters.
The default-role parameter requires the Policy Enforcement Firewall for VPN Users (PEFV) license.
Config mode on master controllers
91 | aaa authentication vpn
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication wired
aaa authentication wired no ... profile <aaa-profile>
Description
This command configures authentication for a client device that is directly connected to a port on the controller.
Syntax
Parameter no
Description Negates any configured parameter.
profile <aaa-profile>
Name of the AAA profile that applies to wired authentication. This profile must be configured for a Layer-2 authentication, either 802.1X or MAC. See aaa profile on page 114.
Usage Guidelines
This command references an AAA profile that is configured for MAC or 802.1X authentication. The port on the controller to which the device is connected must be configured as untrusted.
Example
The following commands configure an AAA profile for dot1x authentication and a wired profile that references the AAA profile: aaa profile sec-wired
dot1x-default-role employee dot1x-server-group sec-svrs aaa authentication wired profile sec-wired
Related Commands
Command vlan
Description
Assign an AAA profile to an individual VLAN to enable role-based access for wired clients connected to an untrusted VLAN or port on the controller.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication wired | 92
aaa authentication wispr
aaa authentication wispr agent string clone default-role <role> logon-wait {cpu-threshold <cpu-threshold>}|{maximum-delay <maximum-delay>}|{minimum-delay <minimum-delay>} no ... max-authentication-failures server-group <server-group> wispr-location-id-ac <wispr-location-id-ac> wispr-location-id-cc <wispr-location-id-cc> wispr-location-id-isocc <wispr-location-id-isocc> wispr-location-id-network <wispr-location-id-network> wispr-location-name-location <wispr-location-name-location> wispr-location-name-operator-name <wispr-location-name-operator>
Description
This command configures WISPr authentication with an ISP's WISPr RADIUS server.
Syntax
Parameter agent string
clone default-role logon-wait
CPU-threshold <cpu-threshold>
Description
User Agent String to be registered for use in WISPR Profile. Max User Agent String len: 32 characters.Max number of User Agent string: 32.
Copy data from another WISPr Authentication Profile.
Default role assigned to users that complete WISPr authentication.
Configure the CPU utilization threshold that will trigger logon wait maximum and minimum times
Percentage of CPU utilization at which the maximum and minimum login wait times are enforced. Range: 1100%.Default: 60%.
max-authentication-failures
Maximum auth failures before user is blacklisted. Range: 0-10. Default: 0.
93 | aaa authentication wispr
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter maximum-delay <maximum-delay>
minimum-delay <minimum-delay>
wispr-location-id-ac <wispr-location-id-ac> wispr-location-id-cc <wispr-location-id-cc>
Description
If the controller's CPU utilization has surpassed the CPU-threshold value, the maximum-delay parameter defines the minimum number of seconds a user will have to wait to retry a login attempt. Range: 1-10 seconds. Default: 10 seconds.
If the controller's CPU utilization has surpassed the CPU-threshold value, the minimum-delay parameter defines the minimum number of seconds a user will have to wait to retry a login attempt. Range: 1-10 seconds. Default: 5 seconds.
The E.164 Area Code in the WISPr Location ID.
The 1-3 digit E.164 Country Code in the WISPr Location ID.
wispr-location-id-isocc <wispr-location-id-isocc>
The ISO Country Code in the WISPr Location ID.
wispr-location-id-network <wispr-location-id-network>
The SSID/network name in the WISPr Location ID.
wispr-location-name-location <wispr-location-name-location>
A name identifying the hotspot location. If no name is defined, the default ap-name is used.
wispr-location-name-operator-name <wispr-location-name-operator>
A name identifying the hotspot operator.
Usage Guidelines
WISPr authentication allows a "smart client" to remain authenticated on the network when they roam between Wireless Internet Service Providers, even if the wireless hotspot uses an ISP for which the client may not have an account.
If you are hotstpot operator using WISPr authentication, and a client that has an account with your ISP attempts to access the Internet at your hotspot, then your ISP's WISPr AAA server authenticates that client directly, and allows the client access on the network. If, however, the client only has an account with a partner ISP, then your ISP's WISPr AAA server will forward that client's credentials to the partner ISP's WISPr AAA server for authentication. Once the client has been authenticated on the partner ISP, it will be authenticated on your hotspot's own ISP, as per their service agreements. Once your ISP sends an authentication message to the controller, the controller assigns the default WISPr user role to that client.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa authentication wispr | 94
ArubaOS supports the following smart clients, which enable client authentication and roaming between hotspots by embedding iPass Generic Interface Specification (GIS) redirect, proxy, authentication and logoff messages within HTLM messages to the controller.
l iPass l Bongo l Trustive l weRoam l AT&T
A WISPr authentication profile includes parameters to define RADIUS attributes, the default role for authenticated WISPr users, maximum numbers of authenticated failures and logon wait times. The WISPrLocation-ID sent from the controller to the WISPr RADIUS server will be the concatenation of the ISO Country Code, E.164 Country Code, E.164 Area Code and SSID/Zone parameters configured in this profile.
The parameters to define WISPr RADIUS attributes are specific to the RADIUS server your ISP uses for WISPr authentication; contact your ISP to determine these values. You can find a list of ISO and ITU country and area codes at the ISO and ITU websites www.iso.org and http://www.itu.int.
A Boingo smart client uses a NAS identifier in the format <CarrierID>_<VenueID> for location identification. To support Boingo clients, you must also configure the NAS identifier parameter in the Radius server profile for the WISPr server
Example
The following commands configure an WISPr authentication profile: aaa authentication wispr
default-role authuser max-authentication-failures 5 server-group wispr1 wispr-location-id-ac 408 wispr-location-id-cc 1 wispr-location-id-isocc us wispr-location-id-network <wispr-location-id-network> wispr-location-name-location <wispr-location-name-location> wispr-location-name-operator-name <wispr-location-name-location>
Command History
This command was available in ArubaOS 3.4.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
95 | aaa authentication wispr
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa bandwidth-contract
aaa bandwidth-contract <name> {kbits <kbits>|mbits <mbits>}
Description
This command configures a bandwidth contract.
Syntax
Parameter <name> kbits <bits>
mbits <bits>
Description
Name that identifies this bandwidth contract.
Limit the traffic rate for this bandwidth contract to a specified number of kilobits per second.
Limit the traffic rate for this bandwidth contract to a specified number of megabits per second.
Range -- 256-2000000
1-2000
Usage Guidelines
You can apply a configured bandwidth contract to a user role or to a VLAN. When you apply a bandwidth contract to a user role (see user-role on page 2190), you specify whether the contract applies to upstream traffic (from the client to the controller) or downstream traffic (from the controller to the client). You can also specify whether the contract applies to all users in a specified user role or per-user in a user role.
When you apply a bandwidth contract to a VLAN (see interface vlan on page 490), the contract limits multicast traffic and does not affect other data. This is useful because an AP can only send multicast traffic at the rate of the slowest associated client. Thus excessive multicast traffic will fill the buffers of the AP, causing frame loss and poor voice quality. Generally, every system should have a bandwidth contract of 1 Mbps or even 700 Kbps and it should be applied to all VLANs with which users are associated, especially those VLANs that pass through the upstream router. The exception are VLANs that are used for high speed multicasts, where the SSID is configured without low data rates.
Example
The following commands configure a set of bandwidth contracts, then apply those contracts to all upstream and downstream traffic except for the echo, icmp, iperf, icmp6, and synflood applications, and the web, streaming, peer-to-peer, unified-communication, and tunneling application categories.
(host) (config) #aaa bandwidth-contract up-256k-1 kbits 256 (host) (config) #aaa bandwidth-contract up-512k-1 kbits 512 (host) (config) #aaa bandwidth-contract up-1m-1 mbits 1 (host) (config) #aaa bandwidth-contract up-5m-1 mbits 5 (host) (config) #aaa bandwidth-contract up-10m-1 mbits 10 (host) (config) #aaa bandwidth-contract up-20m-1 mbits 20 (host) (config) #aaa bandwidth-contract up-50m-1 mbits 50 (host) (config) #aaa bandwidth-contract up-100m-1 mbits 100 (host) (config) #aaa bandwidth-contract up-500m-1 mbits 500 (host) (config) #aaa bandwidth-contract up-1000m-1 mbits 1000 (host) (config) #aaa bandwidth-contract dw-256k-1 kbits 256 (host) (config) #aaa bandwidth-contract dw-512k-1 kbits 512 (host) (config) #aaa bandwidth-contract dw-1m-1 mbits 1 (host) (config) #aaa bandwidth-contract dw-5m-1 mbits 5
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa bandwidth-contract | 96
(host) (config) #aaa bandwidth-contract dw-10m-1 mbits 10 (host) (config) #aaa bandwidth-contract dw-20m-1 mbits 20 (host) (config) #aaa bandwidth-contract dw-50m-1 mbits 50 (host) (config) #aaa bandwidth-contract dw-100m-1 mbits 100 (host) (config) #aaa bandwidth-contract dw-500m-1 mbits 500 (host) (config) #aaa bandwidth-contract dw-1000m-1 mbits 1000 (host) (config) #interface gigabitethernet 0/0/1 (host) (config-if) #bandwidth-contract up-100m-1 upstream (host) (config-if) #bandwidth-contract dw-500m-1 downstream (host) (config-if) #bandwidth-contract app echo up-256k-1 upstream (host) (config-if) #bandwidth-contract app echo dw-256k-1 downstream (host) (config-if) #bandwidth-contract app icmp up-256k-1 upstream (host) (config-if) #bandwidth-contract app icmp dw-256k-1 downstream (host) (config-if) #bandwidth-contract app echo up-512k-1 upstream (host) (config-if) #bandwidth-contract app echo dw-512k-1 downstream (host) (config-if) #bandwidth-contract app iperf up-1m-1 upstream (host) (config-if) #bandwidth-contract app iperf dw-5m-1 downstream (host) (config-if) #bandwidth-contract appcategory web up-10m-1 upstream (host) (config-if) #bandwidth-contract appcategory web dw-20m-1 downstream (host) (config-if) #bandwidth-contract appcategory streaming up-1m-1 upstream (host) (config-if) #bandwidth-contract appcategory streaming dw-5m-1 downstream (host) (config-if) #bandwidth-contract appcategory peer-to-peer up-1m-1 upstream (host) (config-if) #bandwidth-contract appcategory peer-to-peer dw-1m-1 downstream (host) (config-if) #bandwidth-contract exclude app icmp6 (host) (config-if) #bandwidth-contract exclude app synflood (host) (config-if) #bandwidth-contract exclude appcategory unified-communication (host) (config-if) #bandwidth-contract exclude appcategory tunneling
Related Commands
Command
Description
interface fastethernet | gig- Apply a bandwidth contract to downstream or
abitethernet
upstream traffic on a specified interface
show aaa bandwidth-contracts
Use this command to view contracts to limit traffic for a user or VLAN.
Mode Config Mode
Enable mode
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
97 | aaa bandwidth-contract
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa derivation-rules
aaa derivation-rules user <name> no ... set {aaa-profile|role|vlan} condition <rule-type> <attribute> <value> set-value {<role>|<vlan>} [description <rule description>][position <number>]
Description
This command configures rules which assigns a AAA profile, user role or VLAN to a client based upon the client's association with an AP. A user role cannot be assigned by an AAA derivation rule unless the controller has an installed PEFNG license.
Syntax
Parameter <name> no set {role|vlan} condition <rule-type>
<attribute><value>
Description
Name that identifies this set of user derivation rules.
Negates a configured rule.
Specify whether the action of the rule is to set the role or the VLAN.
Condition that should be checked to derive role/VLAN
For a rule that sets an AAA profile, use the user-vlan rule type. For a role or VLAN user derivation rule, select one of the following rules: l bssid: BSSID of access point. l dhcp-option: Use DHCP signature matching to assign a role or VLAN. l dhcp-option-77: Enable DHCP packet processing. l encryption-type: Encryption method used by station. l essid: ESSID of access point. l location: user location (ap name). l macaddr: MAC address of user. NOTE: If you use the dhcp-option rule type, best practices are to enable the enforce-dhcp option in the AAA profile referenced by AP group's Virtual AP profile.
Specify one of the following conditions: l contains: Check if attribute contains the string in the <value>
parameter. l ends-with: Check if attribute ends with the string in the <value>
parameter. l equals: Check if attribute equals the string in the <value> parameter. l not-equals: Check if attribute is not equal to the string in the <value>
parameter. l starts-with: Check if attribute starts with the string in the <value>
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa derivation-rules | 98
Parameter
Description
parameter.
set-value <role>|<vlan> Specify the user role or VLAN ID to be assigned to the client if the above condition is met.
description
Describes the user derivation rule. This parameter is optional and has a 128 character maximum.
position
Position of this rule relative to other rules that are configured.
Usage Guidelines
The user role can be derived from attributes from the client's association with an AP. User-derivation rules are executed before the client is authenticated.
You configure the user role to be derived by specifying condition rules; when a condition is met, the specified user role is assigned to the client. You can specify more than one condition rule; the order of rules is important as the first matching condition is applied. You can also add a description of the rule.
The table below describes the conditions for which you can specify a user role or VLAN.
Rule Type
bssid: Assign client to a role or VLAN based upon the BSSID of AP to which client is associating.
Condition
Value
One of the following: l contains l ends with l equals l does not equal l starts with
MAC address (xx:xx:xx:xx:xx:xx)
dhcp-option: Assign client to a role or VLAN based upon the DHCP signature ID.
One of the following: l equals l starts with
DHCP signature ID.
Note: This string is not case sensitive.
dhcp-option-77: Assign client to a role or VLAN based upon the user class identifier returned by DHCP server.
equals
string
encryption-type: Assign client to a role or VLAN based upon the encryption type used by the client.
One of the following: l equals l does not equal
l Open (no encryption) l WPA/WPA2 AES l WPA-TKIP (static or dynamic) l Dynamic WEP l WPA/WPA2 AES PSK l Static WEP l xSec
99 | aaa derivation-rules
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Rule Type
Condition
Value
essid: Assign client to a role or VLAN based upon the ESSID to which the client is associated
One of the following:
l contains
l ends with
l equals
l does not equal
l starts with
l value of (does not take string; attribute value is used as role)
string
location: Assign client to a role or VLAN based upon the ESSID to which the client is associated
One of the following: l equals l does not equal
string
macaddr: MAC address of the client
One of the following: l contains l ends with l equals l does not equal l starts with
MAC address (xx:xx:xx:xx:xx:xx)
The device identification feature allows you to assign a user role or VLAN to a specific device type by identifying a DHCP option and signature for that device. If you create a user rule with the DHCP-Option rule type, the first two characters in the Value field must represent the hexadecimal value of the DHCP option that this rule should match, while the rest of the characters in the Value field indicate the DHCP signature the rule should match. To create a rule that matches DHCP option 12 (host name), the first two characters of the in the Value field must be the hexadecimal value of 12, which is 0C. To create a rule that matches DHCP option 55, the first two characters in the Value field must be the hexadecimal value of 55, which is 37.
The following table describes some of the DHCP options that are useful for assigning a user role or VLAN.
DHCP Option 12
Description Host name
Hexidecimal Equivalent 0C
55
Parameter Request List
37
60
Vendor Class Identifier
3C
81
Client FQDN
51
To identify DHCP strings used by an individual device, access the command-line interface in config mode and issue the following command to include DHCP option values for DHCP-DISCOVER and DHCP-REQUEST frames in the controller's log files:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa derivation-rules | 100
logging level debugging network process dhcpd
Now, connect the device you want to identify to the network, and issue the CLI command show log network. The sample below is an example of the output that may be generated by this command.
Be aware that each device type may not have a unique DHCP fingerprint signature. For example, devices from different manufacturers may use vendor class identifiers that begin with similar strings. If you create a DHCP-Option rule that uses the starts-with condition instead of the equals condition, the rule may assign a role or VLAN to more than one device type.
(host) (config) #show log network all | include DISCOVER Feb 26 02:50:34 :202534: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1: DISCOVER 00:19:d2:01:0b:84 Options 74:01 3d:010019d2010b84 0c:736861626172657368612d39393730 3c:4d53465420352e30 37:010f03062c2e2f1f21f92b Feb 26 02:50:42 :202534: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1: DISCOVER 00:19:d2:01:0b:84 Options 74:01 3d:010019d2010b84 0c:736861626172657368612d39393730 3c:4d53465420352e30 37:010f03062c2e2f1f21f92b Feb 26 02:50:42 :202534: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1: DISCOVER 00:19:d2:01:0b:84 Options 74:01 3d:010019d2010b84 0c:736861626172657368612d39393730 3c:4d53465420352e30 37:010f03062c2e2f1f21f92b Feb 26 02:53:03 :202534: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan10: DISCOVER 00:26:c6:52:6b:7c Options 74:01 3d:010026c6526b7c 0c:41525542412d46416c73653232 3c:4d53465420352e30 37:010f03062c2e2f1f21f92b 2b:dc00 ...
(host) (config) #show log network all| include REQUEST Feb 26 02:53:04 :202536: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan10: REQUEST 00:26:c6:52:6b:7c reqIP=10.10.10.254 Options 3d:010026c6526b7c 36:0a0a0a02 0c:41525542412d46416c73653232 51:00000041525542412d46416c736532322e73757279612e636f6d 3c:4d53465420352e30 37:010f03062c2e2f1f21f92b 2b:dc0100 Feb 26 02:53:04 :202536: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan10: REQUEST 00:26:c6:52:6b:7c reqIP=10.10.10.254 Options 3d:010026c6526b7c 36:0a0a0a02 0c:41525542412d46416c73653232 51:00000041525542412d46416c736532322e73757279612e636f6d 3c:4d53465420352e30 37:010f03062c2e2f1f21f92b 2b:dc0100 Feb 26 02:56:02 :202536: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan10: REQUEST 00:26:c6:52:6b:7c reqIP=10.10.10.254 Options 3d:010026c6526b7c 0c:41525542412d46416c73653232 51:00000041525542412d46416c736532322e73757279612e636f6d 3c:4d53465420352e30 37:010f03062c2e2f1f21f92b 2b:dc0100
Examples
The following command sets the client's user role to "guest" if the client associates to the "Guest" ESSID. The rule description indicates that is was created for special customers.
aaa derivation-rules user derive1 set role condition essid equals Guest set-value guest description createdforspecialcustomers
The example rule shown below sets a user role for clients whose host name (DHCP option 12) has a value of 6C6170746F70, which is the hexadecimal equivalent of the ASCII string "laptop". The first two digits in the Value field are thehexadecimal value of 12 (which is 0C), followed by the specific signature to be matched
aaa derivation-rules user device-role set role condition dhcp-option equals 0C6C6170746F70 set-value laptop_role
101 | aaa derivation-rules
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 3.0 ArubaOS 6.0 ArubaOS 6.1
Description Command introduced. Description parameter was introduced. DHCP-Option rule type was introduced.
Command Information
Platforms All platforms
Licensing
Base operating system. The PEFNG license must be installed for a user role to be assigned.
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa derivation-rules | 102
aaa dns-query-interval
aaa dns-query-interval <minutes>
Description
Configure how often the controller should generate a DNS request to cache the IP address for a RADIUS server identified via its fully qualified domain name (FQDN).
Syntax
Parameter <minutes>
Description
Specify, in minutes, the interval between DNS requests sent from the controller to the DNS server. By default, DNS requests are sent every 15 minutes. Range: 1-1440 minutes
Usage Guidelines
If you define a RADIUS server using the FQDN of the server rather than its IP address, the controller will periodically generate a DNS request and cache the IP address returned in the DNS response. Issue this command to configure the frequency of these requests.
Example
This command configures a DNS query interval of 30 minutes. (host) # aaa dns-query-interval 30
Related Commands
To view the current DNS query interval, issue the command show aaa dns-query-interval.
Command History
This command was available in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on local and master controllers
103 | aaa dns-query-interval
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa inservice
aaa inservice <server-group> <server>
Description
This command designates an "out of service" authentication server to be "in service".
Syntax
Parameter <server-group> <server>
Description Server group to which this server is assigned. Name of the configured authentication server.
Usage Guidelines
By default, the controller marks an unresponsive authentication server as "out of service" for a period of 10 minutes (you can set a different time limit with the aaa timers dead-time command). The aaa inservice command is useful when you become aware that an "out of service" authentication server is again available before the dead-time period has elapsed. You can use the aaa test-server command to test the availability and response of a configured authentication server.
Example
The following command sets an authentication server to be in service: aaa inservice corp-rad rad1
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa inservice | 104
aaa ipv6 user add
aaa ipv6 user add <ipv6addr> authentication-method {dot1x|stateful-dot1x} mac <macaddr> name <username> profile <aaa-profile> role <role>
Description
This command manually assigns a user role or other values to a specified IPv6 client.
Syntax
Parameter <ipv6addr> authentication-method
dot1x stateful-dot1x mac <macaddr> name <username> profile <aaa-profile> role <role>
Description IPv6 address of the user to be added. Authentication method for the client. 802.1X authentication. Stateful 802.1X authentication. MAC address of the client. Name of the client. AAA profile for the client. User role for the client.
Usage Guidelines
This command should only be used for troubleshooting issues with a specific IPv6 client. This command allows you to manually assign a client to a role. For example, you can create a role "debugging" that includes a policy to mirror session packets to a specified destination for further examination, then use this command to assign the "debugging" role to a specific client. Use the aaa ipv6 user delete command to remove the client or device from the role.
Note that issuing this command does not affect ongoing sessions that the client may already have. For example, if a client is in the "employee" role when you assign them to the "debugging" role, the client continues any sessions allowed with the "employee" role. Use the aaa ipv6 user clear-sessions command to clear ongoing sessions.
Example
The following commands create a role that logs HTTPS traffic, then assign the role to a specific IPv6 client:
ip access-list session ipv6-log-https any any svc-https permit log
user-role ipv6-web-debug
105 | aaa ipv6 user add
Dell Networking W-Series ArubaOS 6.4.x | User Guide
session-acl ipv6-log-https
In enable mode: aaa ipv6 user add 2002:d81f:f9f0:1000:e409:9331:1d27:ef44 role ipv6-web-debug
Command History
This command was available in ArubaOS 3.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa ipv6 user add | 106
aaa ipv6 user clear-sessions
aaa ipv6 user clear-sessions <ipaddr>
Description
This command clears ongoing sessions for the specified IPv6 client.
Syntax
Parameter <ipaddr>
Description IPv6 address of the client.
Usage Guidelines
This command clears any ongoing sessions that the client already had before being assigned a role with the aaa ipv6 user add command.
Example
The following command clears ongoing sessions for an IPv6 client: aaa user clear-sessions 2002:d81f:f9f0:1000:e409:9331:1d27:ef44
Command History
This command was available in ArubaOS 3.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
107 | aaa ipv6 user clear-sessions
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa ipv6 user delete
aaa ipv6 user delete {<ipaddr>|all|mac <macaddr>|name <username>|role <role>}
Description
This command deletes IPv6 clients, users, or roles.
Syntax
Parameter <ipv6addr> all mac name role
Description IPv6 address of the client to be deleted. Deletes all connected IPv6 clients. MAC address of the IPv6 client to be deleted. Name of the IPv6 client to be deleted. Role of the IPv6 client to be deleted.
Usage Guidelines
This command allows you to manually delete clients, users, or roles. For example, if you used to the aaa ipv6 user add command to assign a user role to an IPv6 client, you can use this command to remove the role assignment.
Example
The following command a role: aaa ipv6 user delete role web-debug
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa ipv6 user delete | 108
aaa ipv6 user logout
aaa ipv6 user logout <ipaddr>
Description
This command logs out an IPv6 client.
Syntax
Parameter <ipv6addr>
Description IPv6 address of the client to be logged out.
Usage Guidelines
This command logs out an authenticated IPv6 client. The client must reauthenticate.
Example
The following command logs out an IPv6 client: aaa user logout 2002:d81f:f9f0:1000:e409:9331:1d27:ef44
Command History
This command was available in ArubaOS 3.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
109 | aaa ipv6 user logout
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa log
[no] aaa log
Description
Enable per-user log files for AAA events.
Syntax
No parameters
Usage Guidelines
By default, logging is always enabled. Issue the no aaa log command to disable per-user logging and reenable it again using the command aaa log. The W-7200 Series controllerssupport 1KB of log files per user for up to 32,000 users, and W-6000and W-3600 controllers support 1KB of log files per user for up to 16,000 users.
Example
The example below enables per-user AAA log files. (host)(config) #aaa log
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms
W-6000, W-3600 and W7200 Series controllers
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa log | 110
aaa password-policy mgmt
aaa password-policy mgmt enable no password-lock-out password-lock-out-time password-max-character-repeat. password-min-digit password-min-length password-min-lowercase-characters password-min-special-character password-min-special-character password-min-uppercase-characters password-not-username
Description
Define a policy for creating management user passwords.
Syntax
Parameter enable
Description enable the password management policy
password-lock-out
The number of failed attempts within a 3 minute window that causes the user to be locked out for the period of time specified by the password-lockout-time parameter.
Range: 0-10 attempts. By default, the password lockout feature is disabled, and the default value of this parameter is 0 attempts.
password-lock-out-time
The number of minutes a user who has exceeded the maximum number of failed password attempts is locked out of the network. After this period has passed, the lockout is cleared without administrator intervention.
Range: 1 min to 1440 min (24 hrs). Default: 3.
NOTE: When a management user gets locked out, that event is logged in the controller log file. The management user lockout warning message can have any one of the following warning IDs.
l 125060 = Password policy locked out a management user created via the mgmt-user command in the serial console CLI.
l 125061 = Password policy locked out a management user created via the WebUI or the mgmt-user command in the Telnet/SSH CLI.
l 133109 = Password policy locked out a management user created via the local-userdb command in the CLI.
password-max-characterrepeat
The maximum number of consecutive repeating characters allowed in a management user password.
Range: 0-10 characters. By default, there is no limitation on the numbers of character that can repeat within a password, and the parameter has a default value of 0 characters.
111 | aaa password-policy mgmt
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter password-min-digit
Description
The minimum number of numeric digits required in a management user password. Range: 0-10 digits. By default, there is no requirement for numerical digits in a password, and the parameter has a default value of 0.
password-min-length
The minimum number of characters required for a management user password
Range: 6-64 characters. Default: 6.
password-min-lowercasecharacters
The minimum number of lowercase characters required in a management user password.
Range: 0-10 characters. By default, there is no requirement for lowercase letters in a password, and the parameter has a default value of 0.
password-min-specialcharacters
The minimum number of special characters (!, @, #, $, %, ^, &, *, <, >, {, }, [, ], :, ., comma, |, +, ~, ` ) in password. Range: 0-10 special characters.
Default: 0 (minimum number of special character required is disabled by default, The following ( ')', '(' ;, -, space, =, /, ?) are dis-allowed).
password-min-specialcharacter
The minimum number of special characters required in a management user password.
Range: 0-10 characters. By default, there is no requirement for special characters in a password, and the parameter has a default value of 0. See Usage Guidelines below for a list of allowed and disallowed special characters
password-min-uppercasecharacters
The minimum number of uppercase characters required in a management user password.
Range: 0-10 characters. By default, there is no requirement for uppercase letters in a password, and the parameter has a default value of 0.
password-not-username Password cannot be the management users' current username or the username spelled backwards.
Usage Guidelines
By default, the password for a management user has no requirements other than a minimum length of 6 alphanumeric or special characters.You do not need to configure a different management user password policy unless your company enforces a best practices password policy for management users with root access to network equipment.
The table below lists the special characters allowed and not allowed in any management
Example
The following command sets a management password policy that requires the password to have a minimum of nine characters, including one numerical digit and one special character:
aaa password-policy mgmt enable password-min-digit 1 password-min-length 9 password-min-special-characters 1
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa password-policy mgmt | 112
Related Commands
Command
Description
show aaa password-policy mgmt Use show aaa password-policy mgmt to show the current management password policy
Mode Enable mode
Command History
This command was available in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
113 | aaa password-policy mgmt
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa profile
aaa profile <profile> authentication-dot1x <dot1x-profile> authentication-mac <mac-profile> clone <profile> devtype-classification dot1x-default-role <role> dot1x-server-group <group> download-role enforce-dhcp initial-role <role> l2-auth-fail-through mac-default-role <role> mac-server-group <group> max-ip ipv4 wireless <max_ipv4_users> multiple-server-accounting no ... pan-integration radius-accounting <group> radius-interim-accounting rfc-3576-server <ipaddr> sip-authentication-role <role> user-derivation-rules <profile> user-idle-timeout wired-to-wireless-roam xml-api-server <ipaddr>
Description
This command configures the authentication for a WLAN.
Syntax
Parameter <profile>
Description
Default
Name that identifies this instance of the profile. The name must be 1-63 characters.
"default"
authentication-dot1x <dot1x-profile> Name of the 802.1X authentication profile
--
associated with the WLAN. See aaa
authentication dot1x on page 40.
authentication-mac <mac-profile>
Name of the MAC authentication profile
--
associated with the WLAN. See aaa
authentication mac on page 49.
clone <profile>
Name of an existing AAA profile
--
configuration from which parameter values
are copied.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa profile | 114
Parameter devtype-classification
Description
Default
The device identification feature can automatically identify different client device types and operating systems by parsing the User-Agent strings in a client's HTTP packets. When the devtype-classification parameter is enabled, the output of the show user and show user-table commands shows each client's device type, if that client device can be identified.
enabled
dot1x-default-role <role>
Configured role assigned to the client after 802.1X authentication. If derivation rules are present, the role assigned to the client through these rules take precedence over the default role.
NOTE: This parameter requires the PEFNG license.
guest
dot1x-server-group <group>
Name of the server group used for 802.1X
--
authentication. See aaa server-group on
page 125.
enforce-dhcp
When you enable this option, clients must complete a DHCP exchange to obtain an IP address. Best practices are to enable this option, when you use the aaa derivationrules command to create a rule with the DHCP-Option rule type. This parameter is disabled by default.
disabled
download-role initial-role <role>
Enables role download from ClearPass Policy disabled Manager (CPPM) if not defined.
Role for unauthenticated users.
logon
l2-auth-fail-through
To select different authentication method if one fails
disabled
mac-default-role <role> mac-server-group group
Configured role assigned to the user when the device is MAC authenticated. If derivation rules are present, the role assigned to the client through these rules take precedence over the default role.
NOTE: This parameter requires the PEFNG license.
Name of the server group used for MAC authentication. See aaa server-group on page 125.
guest --
max-ip ipv4 wireless <max_ipv4_users> Control the number of IPv4 addresses that
2
can be associated to single wireless user.
Range: 1-32
115 | aaa profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
multiple-server-accounting no pan-integration radius-accounting <group> radius-interim-accounting
rfc-3576-server <ip-addr>
sip-authentication-role <role> user-derivation-rules <profile>
Description
Default
WARNING: Increasing the max-ip limit may prevent the system from scaling to maximum users on all master/local controllers. For more information, refer to Usage Guidelines for max-ip ipv4 wireless on page 118.
If enabled, the controller sends RADIUS accounting to all servers in RADIUS accounting server group.
disabled
Negates any configured parameter.
--
The profile requires mapping at a Palo Alto Networks (PAN) firewall
disabled
Name of the server group used for RADIUS -- accounting. See aaa server-group on page 125.
By default, the RADIUS accounting feature sends only start and stop messages to the RADIUS accounting server. Issue the interim-radius-accounting command to allow the controller to send Interim-Update messages with current user statistics to the server at regular intervals.
disabled
IP address of a RADIUS server that can
--
send user disconnect, session timeout and
change-of-authorization messages, as
described in RFC 3576, "Dynamic
Authorization Extensions to Remote Dial In
User Service (RADIUS)". See aaa rfc-3576-
server on page 123.
NOTE: This parameter requires the PEFNG license.
Configured role assigned to a session initiation protocol (SIP) client upon registration.
NOTE: This parameter requires the PEFNG license.
guest
User attribute profile from which the user
--
role or VLAN is derived.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa profile | 116
Parameter user-idle-timeout
wired-to-wireless-roam xml-api-server <ip-addr>
Description
Default
The user idle timeout for this profile. Specify the idle timeout value for the client in seconds. A value of 0, deletes the user immediately after disassociation from the wireless network. Valid range is 30-15300 in multiples of 30 seconds. Enabling this option overrides the global settings configured in the AAA timers. If this is disabled, the global settings are used.
disabled
Keeps user authenticated when roaming from the wired side of the network.
enabled
IP address of a configured XML API server.
--
See aaa xml-api on page 145.
NOTE: This parameter requires the PEFNG license.
Usage Guidelines
The AAA profile defines the user role for unauthenticated users, the default user role for MAC or 802.1X authentication, and user derivation rules. The AAA profile contains the authentication profile and authentication server group.
There are predefined AAA profiles available, default-dot1x, default-mac-auth, and default-open. These profiles have the parameter values shown in the following table.
Parameter authentication-dot1x authentication-mac dot1x-default-role dot1x-server-group initial-role mac-default-role
mac-server-group radius-accounting rfc-3576-server
default-dot1x default N/A authenticated N/A logon guest
default N/A N/A
defaultmac-auth
N/A
defaultopen
N/A
default
N/A
guest
guest
N/A
N/A
logon
logon
authenticate d
guest
default
default
N/A
N/A
N/A
N/A
117 | aaa profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter user-derivation-rules wired-to-wireless roam
default-dot1x N/A enabled
defaultmac-auth
N/A
enabled
defaultopen
N/A
enabled
Usage Guidelines for max-ip ipv4 wireless
Changing the max-ip ipv4 wireless parameter from the default value is recommended for special deployments. If your WLAN has multiple device IP associated to single MAC address, you can increase the this value from the default value of 2.
The default value is 2 IPv4 users per wireless user. Total number of IPv4 users created can be a maximum of two times the license. If you configure 32 max-ip IPv4 users , total number of IPv4 users is 32 times the license. This can prevent the controller from scaling to the maximum limit of IP users. Total number of IPv4 users should be scaled down to offset this issue.
Increasing the value of the max-ip ipv4 wireless parameter may increase the look-up time due to an increase in the creation and deletion of IPv4 users on the controller. In a deployment where there is Captive Portal and 802.1X authentication implemented, increasing the number of IPv4 users can further deplete performance.
Example
The following command configures an AAA profile that assigns the "employee" role to clients after they are authenticated using the 802.1X server group "radiusnet". aaa profile corpnet
dot1x-default-role employee dot1x-server-group radiusnet
Command History
Version ArubaOS 3.0
Description Command introduced.
ArubaOS 3.4.1
License requirements changed in ArubaOS 3.4.1, so the sipauthentication-role parameter required the Policy Enforcement Firewall license instead of the Voice Services Module license required in earlier versions.
ArubaOS 6.1
The radius-interim-accounting, devtype-classification and enforcedhcp parameters were introduced.
ArubaOS 6.3
The user-idle-timeout parameter was introduced.
ArubaOS 6.4
The multiple-server-accounting and download-role parameters were introduced.
ArubaOS 6.4.1.0
The user-idle-timeout parameter now accepts a value of 0.
ArubaOS 6.4.3.0
The max-ip parameter was introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa profile | 118
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system, except for noted parameters
Config mode on master controllers
119 | aaa profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa query-user
aaa query-user <ldap-server-name> <user-name>
Description
Troubleshoot an LDAP authentication failure by verifying that the user exists in the ldap server database.
Syntax
Parameter <ldap-server-name> <user-name>
Description Name of an LDAP server. Name of a user whose LDAP record you want to view.
Usage Guidelines
If the Admin-DN binds successfully but the wireless user fails to authenticate, issue this command to troubleshoot whether the problem is with the wireless network, the controller, or the ldap server. The aaa query-user <ldap_server_name> <username> command to makes the controller send a search query to find the user. If that search fails in spite of the user being in the LDAP database, it is most probable that the base DN where the search was started was not correct. In such case, it is advisable to make the base DN at the root of the ldap tree.
Example
The example below shows part of the output for an LDAP record for the username JDOE.
(host) #aaa query-user eng JDOE objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: John Doe sn: Doe userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012H\011\333K userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012]\350\346F userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012\023\001\017\240 userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012\031\224/\030 userCertificate: 0\202\005~0\202\004f\240\003\002\001\002\002\012\031\223\246\022 userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012\037\177\374\305 givenName: JDE distinguishedName: CN=John Doe,CN=Users,DC=eng,DC=net instanceType: 4 whenCreated: 20060516232817.0Z whenChanged: 20081216223053.0Z displayName: John Doe uSNCreated: 24599 memberOf: CN=Cert_Admins,CN=Users,DC=eng,DC=net memberOf: CN=ATAC,CN=Users,DC=eng,DC=net uSNChanged: 377560 department: eng name: John Doe ...
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa query-user | 120
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
121 | aaa query-user
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa radius-attributes
aaa radius-attributes add <attribute> <attribute-id> {date|integer|ipaddr|string} [vendor <name> <vendor-id>]
Description
This command configures RADIUS attributes for use with server derivation rules.
Syntax
Parameter
Description
add <attribute> <attribute-id>
Adds the specified attribute name (alphanumeric string), associated attribute ID (integer), and type (date, integer, IP address, or string).
date
Adds a date attribute.
integer
Adds a integer attribute.
ipaddr
Adds a IP address attribute.
string
Adds a string attribute.
vendor
(Optional) Display attributes for a specific vendor name and vendor ID.
Usage Guidelines
Add RADIUS attributes for use in server derivation rules. Use the show aaa radius-attributes command to display a list of the current RADIUS attributes recognized by the controller. To add a RADIUS attribute to the list, use the aaa radius-attributes command.
Example
The following command adds the VSA "Dell-User-Role": aaa radius-attributes add Dell-User-Role 1 string vendor Dells 14823
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa radius-attributes | 122
aaa rfc-3576-server
aaa rfc-3576-server <ipaddr> clone <source> key <psk> no ...
Description
This command configures a RADIUS server that can send user disconnect, session timeout, and change-ofauthorization (CoA) messages, as described in RFC 3576, "Dynamic Authorization Extensions to Remote Dial In User Service (RADIUS)".
Syntax
Parameter <ipaddr> clone <source>
key <psk>
no
Description IP address of the server.
Name of an existing RFC 3576 server configuration from which parameter values are copied.
Shared secret to authenticate communication between the RADIUS client and server.
Negates any configured parameter.
Usage Guidelines
The disconnect, session timeout and change-of-authorization messages sent from the server to the controller contains information to identify the user for which the message is sent. The controller supports the following attributes for identifying the users who authenticate with a RFC 3576 server:
l user-name: Name of the user to be authenticated l framed-ip-address: User's IP address l calling-station-id: Phone number of a station that originated a call l accounting-session-id: Unique accounting ID for the user session.
If the authentication server sends both supported and unsupported attributes to the controller, the unknown or unsupported attributes will be ignored. If no matching user is found the controller will send a 503: Session Not Found error message back to the RFC 3576 server.
Example
The following command configures an RFC 3576 server: aaa rfc-3576-server 10.1.1.245
clone default key P@$$w0rD;
123 | aaa rfc-3576-server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands
Command
Description
aaa profilerfc-3576-server <ip-addr> Associate an RFC-3576 server to a AAA profile.
show aaa state user
View information for a user whose session timeout is altered by a RFC 3576 server.
Command History
Version ArubaOS 3.0 ArubaOS 6.3
Description
Command introduced
Introduced support for session timeout messages from the RFC 3576 server.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa rfc-3576-server | 124
aaa server-group
aaa server-group <group> allow-fail-through auth-server <name> [match-authstring contains|equals|starts-with <string>] [match<string>] [position <number>] [trim-fqdn] clone <group> load-balance no ... set role|vlan condition <attribute> contains|ends-with|equals|not-equals|starts-with <string> set-value <set-value-str> [position <number>]
fqdn
Description
This command allows you to add a configured authentication server to an ordered list in a server group, and configure server rules to derive a user role, VLAN ID or VLAN name from attributes returned by the server during authentication.
Syntax
Parameter <group> allow-fail-through
auth-server <name> match-authstring
contains
Description
Default
Name that identifies the server group. The name must be -- 32 characters or less.
When this option is configured, an authentication failure with the first server in the group causes the controller to attempt authentication with the next server in the list. The controller attempts authentication with each server in the ordered list until either there is a successful authentication or the list of servers in the group is exhausted.
disabled
Name of a configured authentication server.
--
This option associates the authentication server with a
--
match rule that the controller can compare with the
user/client information in the authentication request. With
this option, the user/client information in the
authentication request can be in any of the following
formats:
<domain>\<user>
<user>@<domain>
host/<pc-name>.<domain>
An authentication request is sent to the server only if there is a match between the specified match rule and the user/client information.You can configure multiple match rules for an authentication server.
contains: The rule matches if the user/client information -- contains the specified string.
125 | aaa server-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter equals starts-with match-fqdn <string>
position <number> trim-fqdn
clone load-balance no set role|vlan
condition contains ends-with equals
Description
The rule matches if the user/client information exactly matches the specified string.
Default --
The rule matches if the user/client information starts with -- the specified string.
This option associates the authentication server with a
--
specified domain. An authentication request is sent to the
server only if there is an exact match between the
specified domain and the <domain> portion of the user
information sent in the authentication request. With this
option, the user information must be in one of the
following formats:
<domain>\<user>
<user>@<domain>
Position of the server in the server list. 1 is the top.
(last)
This option causes the user information in an
--
authentication request to be edited before the request is
sent to the server. Specifically, this option:
removes the <domain>\ portion for user information in the <domain>\<user> format
removes the @<domain> portion for user information in the <user>@<domain> format
Name of an existing server group from which parameter
--
values are copied.
Enables load-balancing functionality.
--
Negates any configured parameter.
--
Assigns the client a user role, VLAN ID or VLAN name
--
based on attributes returned for the client by the
authentication server. Rules are ordered: the first rule
that matches the configured condition is applied.
VLAN IDs and VLAN names cannot be listed together.
Attribute returned by the authentication server.
--
The rule is applied if and only if the attribute value
--
contains the specified string.
The rule is applied if and only if the attribute value ends
--
with the specified string.
The rule is applied if and only if the attribute value equals
--
the specified string.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa server-group | 126
Parameter not-equals starts-with set-value value-of
Description
The rule is applied if and only if the attribute value is not equal to the specified string.
Default --
The rule is applied if and only if the attribute value begins
--
with the specified string.
User role or VLAN applied to the client when the rule is
--
matched.
Sets the user role or VLAN to the value of the attribute
--
returned. The user role or VLAN ID returned as the value
of the attribute must already be configured on the
controller when the rule is applied.
Usage Guidelines
You create a server group for a specific type of authentication or for accounting. The list of servers in a server group is an ordered list, which means that the first server in the group is always used unless it is unavailable (in which case, the next server in the list is used). You can configure servers of different types in a server group, for example, you can include the internal database as a backup to a RADIUS server. You can add the same server to multiple server groups. There is a predefined server group "internal" that contains the internal database.
Example
The following command configures a server group "corp-servers" with a RADIUS server as the main authentication server and the internal database as the backup. The command also sets the client's user role to the value of the returned "Class" attribute. aaa server-group corp-servers
auth-server radius1 position 1 auth-server internal position 2 set role condition Class value-of load-balance
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.4
The load-balance parameter was added.
.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
127 | aaa server-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa sygate-on-demand (deprecated)
aaa sygate-on-demand remediation-failure-role <role>
Description
This command configures the user role assigned to clients that fail Sygate On-Demand Agent (SODA) remediation.
Command History
Version ArubaOS 3.0
Description Command introduced
ArubaOS 3.4
Command deprecated
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa sygate-on-demand (deprecated) | 128
aaa tacacs-accounting
aaa tacacs-accounting server-group <group> command {action|all|configuration|show} mode {enable|disable}
Description
This command configures reporting of commands issued on the controller to a TACACS+ server group.
Syntax
Parameter
Description
server-group <group>
The TACACS server group to which the reporting is sent.
Range --
command
The types of commands that are reported to the -- TACACS server group.
action
Reports action commands only.
--
all
Reports all commands.
--
configuration
Reports configuration commands only
--
show
Reports show commands only
--
mode
Enables accounting for the server group.
enable/ disable
Default --
--
-- -- -- -- disable d
Usage Guidelines
You must have previously configured the TACACS+ server and server group (see aaa authentication-server tacacs on page 64 and aaa server-group on page 125).
Example
The following command enables accounting and reporting of configuration commands to the server-group "tacacs1": aaa tacacs-accounting server-group tacacs1 mode enable command configuration
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
129 | aaa tacacs-accounting
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa tacacs-accounting | 130
aaa test-server
aaa test-server {mschapv2|pap} <server> <username> <passwd>
Description
This command tests a configured authentication server.
Syntax
Parameter mschapv2 pap <server> <username> <passwd>
Description Use MSCHAPv2 authentication protocol. Use PAP authentication protocol. Name of the configured authentication server. Username to use to test the authentication server. Password to use to test the authentication server.
Usage Guidelines
This command allows you to check a configured RADIUS authentication server or the internal database. You can use this command to check for an "out of service" RADIUS server.
Example
The following commands adds a user in the internal database and verifies the configuration: local-userdb add kgreen lkjHGfds aaa test-server pap internal kgreen lkjHGfds
Authentication successful
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
131 | aaa test-server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa timers
aaa timers dead-time <minutes> idle-timeout <time> [seconds] logon-lifetime <0-255> stats-timeout <time> [seconds]
Description
This command configures the timers that you can apply to clients and servers.
Syntax
Parameter dead-time <minutes>
Description
Range
Maximum period, in minutes, that the controller considers an unresponsive authentication server to be "out of service".
This timer is only applicable if there are two or more authentication servers configured on the controller. If there is only one authentication server configured, the server is never considered out of service and all requests are sent to the server.
If one or more backup servers are configured and a server is unresponsive, it is marked as out of service for the dead time; subsequent requests are sent to the next server on the priority list for the duration of the dead time. If the server is responsive after the dead time has elapsed, it can take over servicing requests from a lower-priority server; if the server continues to be unresponsive, it is marked as down for the dead time.
0-50
Default 10 minutes
idle-timeout <1-15300>
Maximum number of minutes after which a client is considered idle if there is no user traffic from the client.
The timeout period is reset if there is a user traffic. If there is no IP traffic in the timeout period or there is no 802.11 traffic as indicated in the station ageout time that is set in the wlan ssid profile, the client is aged out. Once the timeout period has expired, the user is removed immediately and no ping request is sent. If the seconds parameter is not specified, the value defaults to minutes.
1 to 255 minutes (30 to 15300 second s)
5 minutes (300 seconds)
logon-lifetime
Maximum time, in minutes, that unauthenticated clients are allowed to remain logged on.
0-255
5 minutes
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa timers | 132
Parameter stats-timeout
Description
User Interim stats timeout value. If the secondssparameter is not specified, the value defaults to minutes.
Range Default
5-10 minutes ( 300 to 600 second s)
10 minutes
(600 seconds)
Usage Guidelines
These parameters can be left at their default values for most implementations.
Example
The following command changes the idle time to 10 minutes: aaa timers idle-timeout 10
Related Commands
(host) (config) #show aaa timers (host) (config) #show datapath user table
Command History
Version ArubaOS 3.0
Description Command introduced
ArubaOS 3.4
Idle timeout values and defaults changed
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
133 | aaa timers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa trusted-ap
aaa trusted-ap <macaddr>
Description
This command configures a trusted non-Dell AP.
Syntax
Parameter <macaddr>
Description MAC address of the AP
Usage Guidelines
This command configures a non-Dell AP as a trusted AP.
Example
The following command configures a trusted non-Dell AP: aaa trusted-ap 00:40:96:4d:07:6e
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa trusted-ap | 134
aaa user add
aaa user add <ipaddr> [<nusers>] [authentication-method {dot1x|mac|stateful-dot1x|vpn| web}] [mac-addr <macaddr>] [name <username>] [profile <aaa_profile>] [role <role>]
Description
This command manually assigns a user role or other values to a specified client or device.
Syntax
Parameter <ipaddr> <nusers> authentication-method
dot1x mac-addr stateful-dot1x vpn web mac <macaddr> name <username> profile <aaa_profile> role <role>
Description IP address of the user to be added. Number of users to create starting with <ipaddr>. Authentication method for the user. 802.1X authentication. MAC authentication. Stateful 802.1X authentication. VPN authentication. Captive portal authentication. MAC address of the user. Name for the user. AAA profile for the user. Role for the user.
Usage Guidelines
This command should only be used for troubleshooting issues with a specific client or device. This command allows you to manually assign a client or device to a role. For example, you can create a role "debugging" that includes a policy to mirror session packets to a specified destination for further examination, then use this command to assign the "debugging" role to a specific client. Use the aaa user delete command to remove the client or device from the role.
Note that issuing this command does not affect ongoing sessions that the client may already have. For example, if a client is in the "employee" role when you assign them to the "debugging" role, the client continues any sessions allowed with the "employee" role. Use the aaa user clear-sessions command to clear ongoing sessions.
135 | aaa user add
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Example
The following commands create a role that logs HTTPS traffic, then assign the role to a specific client: ip access-list session log-https
any any svc-https permit log user-role web-debug
session-acl log-https In enable mode: aaa user add 10.1.1.236 role web-debug
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa user add | 136
aaa user clear-sessions
aaa user clear-sessions <ipaddr>
Description
This command clears ongoing sessions for the specified client.
Syntax
Parameter <ip-addr>
Description IP address of the user.
Usage Guidelines
This command clears any ongoing sessions that the client already had before being assigned a role with the aaa user add command.
Example
The following command clears ongoing sessions for a client: aaa user clear-sessions 10.1.1.236
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa user clear-sessions | 138
aaa user delete
aaa user delete {<ipaddr>|all|mac <macaddr>|name <username>|role <role>}
Description
This command deletes clients, users, or roles.
Syntax
Parameter <ipaddr> all mac name role
Description IP address of the client to be deleted. Deletes all connected clients. MAC address of the client to be deleted. Name of the client to be deleted. Role of the client to be deleted.
Usage Guidelines
This command allows you to manually delete clients, users, or roles. For example, if you used to the aaa user add command to assign a user role to a client, you can use this command to remove the role assignment.
Example
The following command a role: aaa user delete role web-debug
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
139 | aaa user delete
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa user fast-age
aaa user fast-age
Description
This command enables fast aging of user table entries.
Syntax
No parameters.
Usage Guidelines
When this feature is enabled, the controller actively sends probe packets to all users with the same MAC address but different IP addresses. The users that fail to respond are purged from the system. This command enables quick detection of multiple instances of the same MAC address in the user table and removal of an "old" IP address. This can occur when a client (or an AP connected to an untrusted port on the controller) changes its IP address.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa user fast-age | 140
aaa user logout
aaa user logout <ipaddr>
Description
This command logs out a client.
Syntax
Parameter <ipaddr>
Description IP address of the client to be logged out.
Usage Guidelines
This command logs out an authenticated client. The client must reauthenticate.
Example
The following command logs out a client: aaa user logout 10.1.1.236
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
141 | aaa user logout
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa user monitor
aaa user monitor <ipaddr>|off
Description
This command checks to see whether an authenticated user's attributes differ from those in the SOS.
Syntax
Parameter <ipaddr> off
Description IP address of the user whose attributes are being checked. Disable aaa user monitoring
Usage Guidelines
This command installs a timer that polls the SOS every 60 seconds and checks the following: l L3 ACLs l Upstream bandwidth contract l Downstream bandwidth contract
Example
The following command checks user SOS attributes: aaa user monitor 10.1.1.236
Command History
This command was introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa user monitor | 142
aaa user purge-log
aaa user purge-log
Description
This clear aaa user log files
Syntax
No parameters
Usage Guidelines
Per-user log files for AAA events can be used for troubleshooting issues with a specific client or device. This command clears log information for deleted users.
Example
aaa user purge log
Command History
This command was available in ArubaOS 6.3
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
143 | aaa user purge-log
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa user stats-poll
aaa user stats-poll <secs>
Description
This command enables user statistics polling. If enabled, ArubaOS will poll user data verify that user information in the controller datapath is in synchronization with the data in the controller's authentication module.
Syntax
Parameter <secs>
Description
This command enables user statistics polling, and defines the time interval between polls. The supported range is 60-600 seconds.
Example
The following command enables user statistics polling with an interval of 10 minutes: aaa user stats-poll 600
Command History
This command was introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa user stats-poll | 144
aaa xml-api
aaa xml-api server <ipaddr> clone <server> default-authentication-role <role> key <key> no ...
Description
This command configures an external XML API server.
Syntax
Parameter server
Description IP address of the external XML API server.
clone
Name of an existing XML API server configuration from which parameter values are copied.
key
Preshared key to authenticate communication between the
controller and the XML API server.
default-authentication-role <role> Name of the role to be assigned to users after completing XML server authorization.
no
Negates any configured parameter.
Usage Guidelines
XML API is used for authentication and subscriber management from external agents. This command configures an external XML API server. For example, an XML API server can send a blacklist request for a client to the controller. The server configured with this command is referenced in the AAA profile for the WLAN (see aaa profile on page 114). Contact your Dell representative for more information about using the XML API.
Example
The following configures an XML API server: aaa xml-api server 10.210.1.245
key qwerTYuiOP
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing PEFNG license
Command Mode Config mode on master controllers
145 | aaa xml-api
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Dell Networking W-Series ArubaOS 6.4.x | User Guide
aaa xml-api | 146
activate
activate sync|{whitelist download}
Description
This command synchronizes a branch controller whitelist or remote AP whitelist on the controller with the Activate whitelist database.
Syntax
Parameter sync
whitelist download
Description
Execute the activate sync command to immediately synchronize the list of branch controllers on the Activate server with the branch controller whitelist on the master controller. By default, this list is synchronized every hour.
Issue this command to enable the synchronization the list of branch controllers on the Activate server with the branch controller whitelist on the master controller.
Usage Guidelines
Use this command to synchronize the controller's remote AP whitelist or branch controller whitelist with the cloud-based Activate service. The controller and the Activate server must have layer-3 connectivity to communicate.
Example
The following example synchronizes the Activate whitelist with the remote AP whitelist on the controller: (host)(config)# activate whitelist download
Related Commands
Parameter
activate-servicewhitelist
Description
This command configures the profile that allows the controller to synchronize its remote AP whitelist from the cloud-based Activate service.
Command History
Release ArubaOS 6.4 ArubaOS 6.4.3.0
Modification Command introduced. The sync parameter is introduced.
147 | activate
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
activate | 148
activate-service-whitelist
activate-service-whitelist add-only interval <days> no ... password <password username <username> whitelist-enable
Description
This command configures the profile that allows the controller to integrate with the Dell Activate cloud-based services to track, provision and update your remote APs.
Syntax
Parameter add-only
interval <days>
no password <password> username <username> whitelist-enable
Description
Allow only addition or modification of entries to the Activate remote AP whitelist database. This parameter is enabled by default. If this setting is disabled, the activate-whitelist-download command can both add and remove entries from the Activate database.
Number of days between the automatic synchronization of the controller remote AP whitelist entries with the Activate whitelist. The supported range is 1-7 days, and the default value is 1 day.
Removes or disables an existing parameter.
Activate user password
Activate username
Issue this command to enable secure AP whitelist synchronization with the Activate service. This feature is disabled by default.
Usage Guidelines
Use this command to configure the credentials to synchronize the remote AP whitelist with an Activate server. The controller and the Activate server must have layer-3 connectivity to communicate.
Example
The following example enables the Activate whitelist service on the controller: (host)(config)# activate-service-whitelist (host)(activate-service-whitelist) #username user2 password pA$$w0rd whitelist-enable
Related Commands
Parameter activate
Description
This command synchronizes the remote AP whitelist on the controller from the cloud-based Activate service.
149 | activate-service-whitelist
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
This command was introduced in ArubaOS 6.3
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
activate-service-whitelist | 150
adp
adp discovery {disable|enable} igmp-join {disable|enable} igmp-vlan <vlan>
Description
This command configures the Aruba Discovery Protocol (ADP).
Syntax
Parameter discovery igmp-join
igmp-vlan
Description
Range
Enables or disables ADP on the controller.
enabled/ disabled
Enables or disables sending of Internet Group Management Protocol (IGMP) join requests from the controllers.
enabled/ disabled
VLAN to which IGMP reports are sent.
--
Default enabled
enabled
0 (default route VLAN used)
Usage Guidelines
Dell APs send out periodic multicast and broadcast queries to locate the master controller. If the APs are in the same broadcast domain as the master controller and ADP is enabled on the controller, the controller automatically responds to the APs' queries with its IP address. If the APs are not in the same broadcast domain as the master controller, you need to enable multicast on the network. You also need to make sure that all routers are configured to listen for IGMP join requests from the controller and can route the multicast packets. Use the show adp config command to verify that ADP and IGMP join options are enabled on the controller.
Example
The following example enables ADP and the sending of IGMP join requests on the controller: adp discovery enable igmp-join enable
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
151 | adp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
airgroup
airgroup server-refresh <mac> test-server <name> <macaddr> active-domain <STRING> active-wireless-discovery {disable|enable} cppm-server {aaa {no|rfc-3576-server <rfc3576_server>|rfc3576_udp_port <rfc3576_udp_ port>|server-dead-time <server-dead-time>|server-group <server-group>}|enforceregistration|query-interval <1..24>} disable dlna {disable|enable} domain <STRING> enable global-credits <query packets> <response packets> ipv6 location-discovery {disable|enable} mdns {disable|enable} policy <mac> {grouplist {STRING|add|remove}|location{ap-fqln|ap-group|ap-name}|no {grouplist|location {ap-fqln|ap-group|ap-name}|rolelist|userlist}|rolelist {STRING|add|remove}|userlist {STRING|add|remove}} service <STRING> {disable|enable} static <mdns-record> vlan <NUMBER>
Description
This command configures AirGroup global settings, domain, and active-domain parameters.
Syntax
Parameter server-refresh <mac>
Description
Range
Sends refresh packet to refresh
--
the cache for a AirGroup server.
<mac> is the MAC address of the
AirGroup server.
Default --
test-server <name> <macaddr>
Tests the AirGroup RADIUS
--
--
server. <name> is the name of
the RADIUS server and
<macaddr> is the MAC address
of the RADIUS server.
active-domain <STRING>
active-wirelessdiscovery {disable|enable}
Configures an AirGroup active-
--
domain for an AirGroup cluster.
NOTE: This parameter is available only in Config mode.
Disables/Enables wireless
--
discovery.
If wireless discovery is enabled, controller actively sends refresh requests to discover wireless servers.
-- disable
Dell Networking W-Series ArubaOS 6.4.x | User Guide
airgroup | 152
Parameter
Description
Range
If wireless discovery is disabled, the controller sends refresh requests to wired AirGroup servers only.
This parameter is available on the master controller only. The master controller pushes this AirGroup configuration to all the applicable local controllers.
NOTE: This parameter is available only in Config mode.
cppm-server {aaa {no|rfc-3576-server <rfc3576_server>|rfc3576_udp_port
Configures the following settings -- in the AirGroup AAA profile:
no: Delete command.
<rfc3576_udp_ port>|server-dead-time <server-dead-
rfc-3576-server <rfc3576_ server>: Configure RFC 3576 server IP address.
time>|server-group <server-group>}|enforceregistration|query-interval <1..24>}
rfc3576_udp_port <rfc3576_ udp_port>: Configure the UDP port number.
server-dead-time <serverdead-time>: Server dead time in minutes. To disable the server dead time, set the value to 0.
server-group <server-group>: Name of the server group.
This parameter is available on the master controller only. The master controller pushes this AirGroup configuration to all the applicable local controllers.
enforce-registration: Forces the AirGroup servers to register with CPPM.
This parameter is available on the master controller only. The master controller pushes this AirGroup configuration to all the applicable local controllers.
query-interval <1..24>: Configures the CPPM query interval, in hours, with the controller.
This parameter is available on the master controller only. The master controller pushes this AirGroup configuration to all the applicable local controllers.
NOTE: This parameter is available only in Config mode.
Default
server-dead-time: 10
153 | airgroup
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
disable dlna {disable|enable} domain <STRING>
enable global-credits <query packets> <response packets>
ipv6 location-discovery {disable|enable}
Description
Range Default
queryinterval : 1 -- 24 hours
Disables AirGroup on the
--
controller.
NOTE: This parameter is available only in Config mode.
Disables/Enables AirGroup
--
DLNA support on the controller.
NOTE: This parameter is available only in Config mode.
Configures the AirGroup domain. --
This parameter is available on the master controller only. The master controller pushes this AirGroup configuration to all the applicable local controllers.
NOTE: This parameter is available only in Config mode.
Enables AirGroup on the
--
controller.
NOTE: This parameter is available only in Config mode.
Configures the controller to restrict the excess mDNS query and response packets generated in an AirGroup network, by assigning tokens. The controller processes these mDNS packets based on the token value. The controller rejects the packets beyond the token limit. The token renews every 15 seconds. The renewal time is not a configurable parameter.
NOTE: This parameter is available only in Config mode.
15 -- 15000
Disables/Enables IPv6 support for -- AirGroup.
NOTE: This parameter is available only in Config mode.
Disables/Enables location
--
discovery.
-- disable --
-- 150
disable enable
Dell Networking W-Series ArubaOS 6.4.x | User Guide
airgroup | 154
Parameter
Description
Range
If enabled, an AirGroup user can see shared devices based on the proximity of the user.
This parameter is available on the master controller only. The master controller pushes this AirGroup configuration to all the applicable local controllers.
NOTE: This parameter is available only in Config mode.
mdns {disable|enable}
Disables/Enables AirGroup
--
mDNS support on the controller.
NOTE: This parameter is available only in Config mode.
policy <mac> {grouplist {STRING|add|remove} |location{ap-fqln|apgroup|ap-name}|no {grouplist|location {ap-fqln|ap-group|apname} |rolelist|userlist} |rolelist {STRING|add|remove} |userlist {STRING|add|remove}}
Configures the following policy
--
for an AirGroup server:
grouplist {STRING|add|remove}: Configures shared group-name for the AirGroup server.
location{ap-fqln|ap-group|apname}: Configures shared location for the AirGroup server.
no {grouplist|location {apfqln|ap-group|ap-name} |rolelist|userlist}: Delete command.
rolelist {STRING|add|remove}: Configures shared role-name for the AirGroup server.
userlist {STRING|add|remove}: Configures shared user-name for the AirGroup server.
<mac>: MAC address of AirGroup server.
NOTE: This parameter is available only in Config mode.
service <STRING> {disable|enable}
Disables/Enables an AirGroup
--
service on the controller.
<STRING> is the name of the
AirGroup service.
NOTE: This parameter is available only in Config mode.
Default
disable --
Services enabled by default: l AirPlay l AirPrint l DIAL Services disabled by default: l iTunes
155 | airgroup
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
static <mdns-record> vlan <NUMBER> {allow|disallow}
Description
Range
Configures static mDNS record. For -- more information, see airgroup static mdns-record on page 160
NOTE: This parameter is available only in Config mode.
Configures allowed/disallowed VLAN ID.
NOTE: This parameter is available only in Config mode.
1-- 4049
Default l RemoteMgmt l Sharing l Chat l googlecast l allowall l DLNA Media l DLNA Print --
--
Usage Guidelines
Starting from ArubaOS 6.4, AirGroup is disabled by default. For the remaining global parameters, see the command syntax.
Example
Access the controller's command-line interface and use the following command to enable the AirGroup Global Setting: (host) #airgroup server-refresh <mac> (host) #airgroup test-server <name> <macaddr> (host) (config) #airgroup enable (host) (config) #airgroup dlna enable (host) (config) #airgroup mdns enable (host) (config) #airgroup cppm-server enforce-registration (host) (config) #airgroup query-interval 10 (host) (config) #airgroup location-discovery enable (host) (config) #airgroup active-wireless-discovery enable
Use the following command to enable the allowall service: (host) (config) #airgroup service allowall enable
Use the following command to enable AirGroup access to devices in a specific VLAN: (host) (config) #airgroup vlan 5 disallow
Related Commands
Command show airgroup
Description
This command displays AirGroup global settings, domain, active-domain, and more AirGroup configuration information on the controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
airgroup | 156
Command History
Release ArubaOS 6.3 ArubaOS 6.4 ArubaOS 6.4.1.0
ArubaOS 6.4.3.0
Modification Command introduced. The static <mdns-record> parameter was introduced. l The Chromecast service was renamed to DIAL. l The googlecast service was introduced. The policy parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
The following commands are available only in Enable mode:
l (config) # airgroup server-refresh <mac> MAC-address
l (config) # airgroup test-server <name> <mac> MAC-address
Configuration mode on master and local controllers NOTE: Few configuration parameters are available on the master controller only. For more information, see Syntax table description.
157 | airgroup
Dell Networking W-Series ArubaOS 6.4.x | User Guide
airgroupservice
airgroupservice <STRING> autoassociate {apfqln|apgroup|apname} description <STRING> disallow-role <STRING> disallow-vlan <1..4094> id <STRING> no
Description
This command defines an AirGroup service on the master controller. The master controller pushes this AirGroup configuration to all the applicable local controllers.
Syntax
Parameter
Description
airgroupservice <STRING> Name of the AirGroup service.
Range Default
--
--
autoassociate
Auto associates AirGroup server to service
{apfqln |apgroup|apname}
--
--
description <STRING>
Description of the AirGroup service.
--
--
disallow-role <STRING>
User Role restricted from accessing the service.
--
--
disallow-vlan <1..4094>
User VLAN restricted from accessing the service.
1--
--
4094
id
An AirGroup service ID is the name of a Bonjour
--
--
service offered by a Bonjour-enabled device or
application. Bonjour defines service ID strings
using the following format:
_<servicename>._<protocol>.local
Example: _airplay._tcp.local
The service ID string is case sensitive and should be entered without any modification, with the exception of the .local portion of the service ID which is optional.
no
Use this command to delete or negate previously- --
--
entered configurations or parameters.
Example
The following example configures the iPhoto service with access to the _dpap._tcp service ID to share photos across MacBooks: (host) (config) #airgroupservice iPhoto
Dell Networking W-Series ArubaOS 6.4.x | User Guide
airgroupservice | 158
(host) (config-airgroupservice) #description "Share Photos" (host) (config-airgroupservice) #id _dpap._tcp
Related Commands
Command show airgroupservice
Description
This command displays the service details of all AirGroup services in the controller.
Command History:
Release ArubaOS 6.3 ArubaOS 6.4.3.0
Modification Command introduced. The autoassociate parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Configuration mode on master controllers
159 | airgroupservice
Dell Networking W-Series ArubaOS 6.4.x | User Guide
airgroup static mdns-record
airgroup static mdns-record ptr <mac_addr> <mdns_id> <domain_name> [server_ipaddr] srv <port> <priority> <weight> <host_name> a <ipv4addr> aaaa <ipv6addr> txt <text> no...
Description
This command configures group static mDNS records.
Syntax
Parameter ptr Mac_addr mdns_id <STRING>
Domain_name <STRING> Server_ipaddr <STRING> srv
port priority weight host_name <STRING> a
Description
Range
Default
Specifies the PTR (Pointer) record --
--
that is used for DNS-Service Dis-
covery
MAC address of the server.
--
--
Specifies the AirGroup mDNS ser- String can
--
vice ID, that is the name of a Bon- include the fol-
jour service offered by a Bonjour- lowing char-
enabled device or application.
acters:
Bonjour defines mDNS service ID strings using the following format:
0-9, a-z, A-Z, and '-'
_<sevicename>._ protocol.local
Example: _airplay._tcp.local
Specify the name of the domain. 1 to 128 char-
--
acters
IP address of the server.
--
--
Specifies the SRV (Service)
--
--
record that is used for mapping a
DNS domain name to a specified
list of DNS host servers.
Port value of the static mDNS
0 to 65535
--
record.
Priority of the static mDNS record. 0 to 65535
--
Weight of the static mDNS record. 0 to 65535
--
Host name of the mDNS static
1 to 63 char-
--
record.
acters.
Specifies the A (Address) record
--
--
that is used for mapping a
Dell Networking W-Series ArubaOS 6.4.x | User Guide
airgroup static mdns-record | 160
Parameter
ipv4addr aaaa
ipv6addr text server_ipaddr no
Description
Range
Default
Domain Name System (DNS) domain name to an IP address that is used by a host.
IPv4 address of the server.
--
--
Specifies the AAAA (IPv6
--
--
address) record. This is used for
mapping host names to an IP
address of the host.
IPv6 address of the server.
--
--
Specifies the TEXT record for human-readable text in a DNS record.
Specifies the IP address of the AirGroup server.
Negates any configured parameter.
1-255 characters. --
--
--
--
--
Usage Guidelines
The Administrator can create the static records using the following methods: l Group mDNS static records l Individual mDNS static records After creating a PTR record, the controller enters into the AirGroup record configuration mode, allowing you to add SRV, A, AAAA, and TXT records. After creating a PTR, SRV, TXT, A, and AAAA static record, use the show airgroup cache entries command to view and verify the records created. You can view only the static records in the output of the show airgroup cache entries static command.
Example
Group mDNS Static Records
You can create a group of mDNS records for a device. This section describes how to create static records of a server as a group using the CLI.
Creating a PTR Record Use the following command to create a PTR record: (config) # airgroup static mdns-record ptr <mac_addr> <mdns_id> <domain_name> [server_ipaddr] (config-airgroup-record) #
After creating a PTR record, controller displays the (config-airgroup-record) # prompt and you can create SRV, A, AAAA, and TXT records under this prompt.
After creating a PTR, SRV, TXT, A, and AAAA static record, you can use the show airgroup cache entries command to view and verify the records created. You can view only the static records in the output of the show airgroup cache entries static command.
161 | airgroup static mdns-record
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The following example creates a PTR record: (host) (config) #airgroup static mdns-record ptr 9c:20:7b:cd:ec:41 "_airplay._tcp" "Apple TV ( 9)._airplay._tcp.local" 10.15.121.240
The following example shows the PTR record was created: (host) (config-airgroup-record) #show airgroup cache entries Cache Entries ------------Name Type Class TTL Origin Expiry Last Update ---- ---- ----- --- ------ ------ ----------_airplay._tcp.local PTR IN 4500 10.15.121.240 static N/A Num Cache Entries:1
Creating an SRV Record Use the following command to create an SRV record: (config-airgroup-record) # srv <port> <priority> <weight> <host_name>
The following example creates an SRV record: (host) (config-airgroup-record) #srv 7000 0 0 Apple-TV-mbabu-9.local
The following example shows the SRV record was created: (host) (config-airgroup-record) #show airgroup cache entries Cache Entries ------------Name Type Class TTL Origin Expiry ---- ---- ----- --- ------ -----_airplay._tcp.local PTR IN 4500 10.15.121.240 static Apple TV (9)._airplay._tcp.local SRV/NBSTAT IN 120 10.15.121.240 static Num Cache Entries:2
Creating an A Record Use the following command to create an A record: (config-airgroup-record) #a <ipv4addr>
You can create/delete an A record if a corresponding SRV record is available.
The following example creates an A record: (host) (config-airgroup-record) #a 10.15.121.240
The following example shows the A record was created: (host) (config-airgroup-record) #show airgroup cache entries Cache Entries ------------Name Type Class TTL Origin Expiry Last Update ---- ---- ----- --- ------ ------ ----------_airplay._tcp.local PTR IN 4500 10.15.121.240 static N/A Apple TV (9)._airplay._tcp.local SRV/NBSTAT IN 120 10.15.121.240 static N/A Apple-TV-mbabu-9.local A IN 120 10.15.121.240 static N/A Num Cache Entries:3
Creating an AAAA Record Use the following command to create an AAAA record: (config-airgroup-record) #aaaa <ipv6addr>
Dell Networking W-Series ArubaOS 6.4.x | User Guide
airgroup static mdns-record | 162
You can create/delete an AAAA record if a corresponding SRV record is available.
The following example creates an AAAA record:
(host) (config-airgroup-record) #aaaa fe80::9e20:7bff:fecd:ec41
The following example shows the AAAA record was created:
(host) (config-airgroup-record) #show airgroup cache entries static Cache Entries ------------Name Type Data Origin ---- ---- ---- -----_airplay._tcp.local PTR Apple\032TV\032\0409\041._airplay._tcp.local 10.15.121.240 Apple TV (9)._airplay._tcp.local SRV/NBSTAT Apple-TV-mbabu-9.local port:7000 10.15.121.240 Apple-TV-mbabu-9.local A 10.15.121.240 10.15.121.240 Apple-TV-mbabu-9.local AAAA fe80::9e20:7bff:fecd:ec41 10.15.121.240 Num Cache Entries:4
Creating a Text Record
Use the following command to create a text record:
(config-airgroup-record) #txt <text>
The following example creates a text record:
(host) (config-airgroup-record) #txt "deviceid=9C:20:7B:CD:EC:41"
The following example shows the text record was created:
(host) (config-airgroup-record) #show airgroup cache entries static Cache Entries ------------Name Type Data Origin ---- ---- ---- -----_airplay._tcp.local PTR Apple\032TV\032\0409\041._airplay._tcp.local 10.15.121.240 Apple TV (9)._airplay._tcp.local SRV/NBSTAT Apple-TV-mbabu-9.local port:7000 10.15.121.240 Apple-TV-mbabu-9.local A 10.15.121.240 10.15.121.240 Apple-TV-mbabu-9.local AAAA fe80::9e20:7bff:fecd:ec41 10.15.121.240 Apple TV (9)._airplay._tcp.local TXT deviceid=9C:20:7B:CD:EC:41 10.15.121.240 Num Cache Entries:5
Individual Static mDNS Records
You can create individual static records independently for each record type.
Creating an Individual SRV Record
Use the following command to configure an individual SRV record:
airgroup static mdns-record srv <mac_addr> <domain_name> <port> <priority> <weight> <host_ name> [ server_ipaddr]
The following example creates an SRV record:
(host) (config) #airgroup static mdns-record srv 9c:20:7b:cd:ec:41 "9C207BCDEC41@Apple TV mbab u._raop._tcp.local" 5000 0 0 Apple-TV-mbabu-4.local 10.15.121.240
The following example shows the SRV record created:
(host) (config) #show airgroup cache entries Cache Entries ------------Name Type Class TTL Origin Expiry Last Update ---- ---- ----- --- ------ ------ ----------_airplay._tcp.local PTR IN 4500 10.15.121.240 static N/A
163 | airgroup static mdns-record
Dell Networking W-Series ArubaOS 6.4.x | User Guide
9C207BCDEC41@Apple TV mbabu._raop._tcp.local SRV/NBSTAT IN 120 10.15.121.240 static N/A Num Cache Entries:2
Creating an Individual Text Record
Use the following command to configure an individual TEXT record:
airgroup static mdns-record txt <mac_addr> <domain_name> <text> [server_ipaddr]
The following example creates a TEXT record:
(host) (config) #airgroup static mdns-record txt 9c:20:7b:cd:ec:41 "Apple TV mbabu (4)._airpla y._tcp.local" "features=0x5a7ffff7" 10.15.121.240
The following example shows the TEXT record was created:
Cache Entries ------------Name Type Class TTL Origin Expiry Last Update ---- ---- ----- --- ------ ------ ----------_airplay._tcp.local PTR IN 4500 10.15.121.240 static N/A 9C207BCDEC41@Apple TV mbabu._raop._tcp.local SRV/NBSTAT IN 120 10.15.121.240 static N/A Apple TV mbabu (4)._airplay._tcp.local TXT IN 4500 10.15.121.240 static N/A Num Cache Entries:3
Creating an Individual A Record
Use the following command to configure an individual A record:
airgroup static mdns-record a <mac_addr> <host_name> <ipv4addr> [server_ipaddr]
The following example creates an A record:
(host) (config) #airgroup static mdns-record a 9c:20:7b:cd:ec:41 Apple-TV-mbabu-4.local 10.15.121.240
The following example shows the A record was created:
Cache Entries ------------Name Type Class TTL Origin Expiry Last Update ---- ---- ----- --- ------ ------ ----------_airplay._tcp.local PTR IN 4500 10.15.121.240 static N/A 9C207BCDEC41@Apple TV mbabu._raop._tcp.local SRV/NBSTAT IN 120 10.15.121.240 static N/A Apple TV mbabu (4)._airplay._tcp.local TXT IN 4500 10.15.121.240 static N/A Apple-TV-mbabu-4.local A IN 120 10.15.121.240 static N/A Num Cache Entries:4
Creating an Individual AAAA Record
Use the following command to configure an individual AAAA record:
airgroup static mdns-record aaaa <mac_addr> < host_name> <ipv6addr> [server_ipaddr]
The following example creates an individual AAAA record:
(host) (config) #airgroup static mdns-record aaaa 9c:20:7b:cd:ec:41 Apple-TV-mbabu-4.local fe8 0::9e20:7bff:fecd:ec41
The following example shows the AAAA record created:
Cache Entries ------------Name Type Class TTL Origin Expiry Last Update ---- ---- ----- --- ------ ------ ----------_airplay._tcp.local PTR IN 4500 10.15.121.240 static N/A 9C207BCDEC41@Apple TV mbabu._raop._tcp.local SRV/NBSTAT IN 120 10.15.121.240 static N/A Apple TV mbabu (4)._airplay._tcp.local TXT IN 4500 10.15.121.240 static N/A Apple-TV-mbabu-4.local A IN 120 10.15.121.240 static N/A Apple-TV-mbabu-4.local AAAA IN 120 10.15.121.240 static N/A Num Cache Entries:5
Dell Networking W-Series ArubaOS 6.4.x | User Guide
airgroup static mdns-record | 164
You can delete the mDNS records by appending no at the beginning of the command. Ensure that the [server_ ipaddr] parameter is not added while deleting mDNS records.
Command History
Release ArubaOS 6.4
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode
165 | airgroup static mdns-record
Dell Networking W-Series ArubaOS 6.4.x | User Guide
am
am scan <ipaddr> <channel> [bssid <bssid>] am test <ipaddr> {suspect-rap bssid <bssid> match-type <match-type> match-method <method>|wired-mac {add|remove {bssid <bssid>|enet-mac <enet-mac>} mac <mac>}
Description
These commands enable channel scanning or testing for the specified air monitor.
Syntax
Parameter scan <channel> bssid test suspect-rap match-type match-method wired-mac
enet-mac mac
Description IP address of the air monitor to be scanned.
Range --
Channel to which the scanning is tuned. Set to 0 -- to enable scanning of all channels.
BSSID of the air monitor.
--
IP address of the air monitor to be tested.
--
Tests suspect-rap feature.
--
Match type.
eth-wm | ap-wm | ethgw-wm
Match method.
equal | plus-one | minus-one
Tests the rogue AP classification feature.
--
Specifies the Wired MAC table.
Specifies the Ethernet MAC table.
--
Specifies the MAC entry to add/remove from
--
either the Wired MAC table or the Ethernet MAC
table.
Usage Guidelines
These commands are intended to be used with an AP that is configured as an air monitor. You should not use the am test command unless instructed to do so by a Dell representative.
Example
The following command sets the air monitor to scan all channels: (host) (config) #am scan 10.1.1.244 0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
am | 166
Command History:
Release ArubaOS 3.0 ArubaOS 3.3.1
Modification Command introduced Support for the wired-mac and associated parameters was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master controllers
167 | am
Dell Networking W-Series ArubaOS 6.4.x | User Guide
amon msg-buffer-size
amon msg-buffer-size <msg-buffer-size>
Description
This command modifies the size of AMON packets on the controller.
Syntax
Parameter
<msg-buffersize>
Description
This command modifies the size of AMON packets on the controller.
Range
1280-40960 bytes
Default 1400 bytes
Example
The following command caps the AMON message size at 1500 bytes: (host)(config) #amon msg-buffer-size 1500
Command History
Version ArubaOS 6.4.3.0
Description Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
amon msg-buffer-size | 168
ap authorization-profile
ap authorization-profile <profile> authorization-group <profile>
Description
This command defines a temporary configuration profile for remote APs that are not yet authorized on the network.
Syntax
Parameter
Description
authorization-profile <profile>
Name of this instance of the profile. The name must be 163 characters.
authorization-group <profile>
Name of a configuration profile to be assigned to the group unauthorized remote APs.
Range --
--
Default "default"
"NoAuthApGrou p"
Usage Guidelines
The AP authorization-profile specifies which configuration should be assigned to a remote AP that has been provisioned but not yet authenticated at the remote site. By default, these yet-unauthorized APs are put into the temporary AP group authorization-group and assigned the predefined profile NoAuthApGroup. This configuration allows a user to connect to an unauthorized remote AP via a wired port then enter a corporate username and password. Once a valid user has authorized the remote AP, the AP will be permanently marked as authorized on the network and will will then download the configuration assigned to that AP by it's permanent AP group.
Example
The following command creates a new authorization profile with a non-default configuration for unauthorized remote APs: ap authorization-profile default2
authorization-group NoAuthApGroup2
Command History
Release ArubaOS 5.0
Modification Command introduced
169 | ap authorization-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap authorization-profile | 170
ap debug advanced-stats
ap debug advanced-stats {ap-name <ap-name>}|{ ip-addr <ip-addr>}|{ ip6-addr <ip-addr>} {net80211}|{radio 1|0} enable|disable
Description
Issue this command under the supervision of Dell technical support to enable the collection and display of advanced AP debugging information.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr> ip6-addr <ip6-addr> net80211
radio 1|0 enable disable
Description
Name of the AP for which you want to record advanced debugging information.
IP address of the AP for which you want to record advanced debugging information.
IPv6 address of the AP for which you want to record advanced debugging information.
Include this parameter to enable or disable the collection of advanced statistics for transmitted and received frames, and information about packets per second statistics for different frame types.
Include this parameter to enable or disable the collection of advanced radio driver statistics for the specified radio.
Enable the collection of advanced radio troubleshooting statistics.
Disable the collection of advanced radio troubleshooting statistics.
Usage Guidelines
The additional information collected when advanced net80211 or radio statistics are enabled on an AP appears in the output of the show ap debug radio-stats command.
Command History
Release ArubaOS 6.3
Modification Command introduced
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
171 | ap debug advanced-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap debug client-trace start
ap debug client-trace start {ap-name <ap-name>}|{ip-addr <ip>}|{ip6-addr <ip6>} mac <client-mac> [length-range <max>|[length-range <min>}
Description
Use this command to trace management packets from a client MAC address.
Syntax
Parameter ap-name <ap-name>
Description Name of the AP.
ip-addr <ip-addr>
IPv4 address of the AP.
ip6-addr <ip6-addr> IPv6 address of the AP.
mac <client-mac> length-range <max> length-range <min>
MAC address of the client.. data packet max length. data packet min length.
Usage Guidelines
This command should only be used under the guidance of Dell technical support. .
Related Commands
Command
Description
ap debug client-trace Use this command to stop tracing management packets from a client MAC address. stop
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms W-6000M3 controllers
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap debug client-trace start | 172
ap debug client-trace stop
ap debug client-trace stop {ap-name <ap-name>}|{ip-addr <ip>}|{ip6-addr <ip6>} mac <client-mac>
Description
Use this command to stop tracing management packets from a client MAC address.
Syntax
Parameter ap-name <ap-name>
Description Name of the AP.
ip-addr <ip-addr>
IPv4 address of the AP.
ip6-addr <ip6-addr> IPv6 address of the AP.
mac <client-mac>
MAC address of the client..
Usage Guidelines
This command should only be used under the guidance of Dell technical support.
Related Commands
Command
Description
ap debug client-trace Use this command to trace management packets from a client MAC address. start
show ap debug client-trace
Use this command to show counts of different types of management data frames traced from a client MAC address
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms W-6000M3 controllers
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
173 | ap debug client-trace stop
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap debug dot 11r remove-key
ap debug dot 11r remove-key <sta-mac> [ap-name <ap-name> | ip-addr <ip-addr>]
Description
This command removes the r1 key from an AP.
Syntax
Parameter <sta-mac>
Description MAC address of the client.
ap-name <ap-name> Name of the AP.
ip-addr <ip-addr> IP address of the AP.
Usage Guidelines
Use this command to remove an r1 key from an AP when the AP does not have a cached r1 key during Fast BSS Transition roaming.
Examples
You can use the following command to remove an r1 key from an AP when the AP does not have a cached r1 key during Fast BSS Transition roaming. (host) #ap debug dot11r remove-key <sta-mac> ap-name <ap-name> | ip-addr <ip-addr> (host) #ap debug dot11r remove-key 00:50:43:21:01:b8 ap-name MAcage-105-GL Execute the following command to check if the r1 key is removed from the AP:
(host) #show ap debug dot11r state ap-name MAcage-105-GL Stored R1 Keys -------------Station MAC Mobility Domain ID Validity Duration R1 Key ----------- ------------------ ----------------- ------
Related Commands
To check if the r1 key is removed from an AP, use the show ap debug dot11r state command:
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap debug dot 11r remove-key | 174
ap debug radio-event-log
ap debug radio-event log [start|stop] [ap-name <name>|ip-addr <ip-addr>|ip6-addr <ip6-addr>] radio <0|1> size <size-of-log> events [all|ani|rcfind|rcupdate|rx|size|text|tx] [hex <hexformat>]
Description
Start and stops packet log capture of radio events for debugging purposes, and sends a log file of the events to a dump server when logging stops.
Syntax
Parameter start stop ap-name <ap-name> ip-addr <ip-addr> ip6-addr <ip6-addr> radio 1|0 size <size-of-log> events
hex <hexformat)
hex
Description
Start Wi-Fi packet log capture
Stop Wi-Fi packet log capture and send a log file of the events to a dump server.
Name of the AP for which you want to capture packet log events.
IPv4 address of the AP for which you want to capture packet log events.
IPv6 address of the for which you want to capture packet log events.
Include this parameter to start or stop packet log capture for the specified radio.
Specify the maximum radio log size, in bytes. The supported range is 102410485760 bytes (1KB-10MB), and the default log size is 3145728 bytes (3MB).
Specify the type of radio events you want to capture in the log file. l all: Capture all of the following types of radio events. l ani Adaptive Noise Immunity control events l rcfind: Transmission (Tx) control event l rcupdate: Transmission (Tx) rate update event l rx: Received (Rx) status register event l text: Text record event l tx: Transmission (Tx) control and Tx status register event
(Optional) Specify the radio event type in hexadecimal format l 0x10: Adaptive Noise Immunity control events l 0x4: Transmission (Tx) control event l 0x8: Transmission (Tx) rate update event l 0x2: Received (Rx) status register event l 0X20: Text record event l 0x1: Transmission (Tx) control and Tx status register event
Specify the radio event type in hex format.
175 | ap debug radio-event-log
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
l all: Capture all of the following types of radio events. l ani Adaptive Noise Immunity control events l rcfind: Transmission (Tx) control event l rcupdate Transmission (Tx) rate update event in radio l rx: Received (Rx) status register event in radio l tx: Transmission (Tx) control and Tx status register event in radio
Example
The following commands starts and stops a Wi-Fi radio event log: (host)(config)#ap debug radio-event-log start ap-name 6c:f3:7f:c6:71:90 radio 0 events all (host)(config)#ap debug radio-event-log stop ap-name 6c:f3:7f:c6:71:90 radio 0
Related Commands
show ap debug radio-event-log status
Command History
Release ArubaOS 6.2
Modification Command introduced
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap debug radio-event-log | 176
ap debug radio-registers dump
ap debug radio-registers dump [ap-name <name>|ip-addr <ip-addr>|ip6-addr <ip6-addr>] [filename <filename> {all|interrupt|qcu |radio}]
Description
This command allows you to collect all or specific radio register information into a separate file.
Syntax
Parameter ap-name ip-addr ip6-addr filename
all interrupt qcu radio
Description Name of Access Point Collect radio register information for this specific AP radio. Collect radio register information for the AP assigned to this ipv6 address. Name of file where information is collected. All registers interrupted. Interrupt related registers. Collect QCU information. Radio ID (0 or 1)
Usage Guidelines
This command collects specified radio-register information for debugging purposes, dumps the registers into a local file, and will automatically transfer the file to the dump-server that is configured in 'ap-system-profile.'
Example
The following command collects all radio registers from myap1 into a file called myradioregfile.: #ap debug radio-registers dump ap-name myap1 filename myradioregfile all
Command History
Introduced in ArubaOS 6.2.
Command Information
Platforms 802.11n-capable APs
Licensing Base operating system
Command Mode Enable mode on master controllers
177 | ap debug radio-registers dump
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap enet-link-profile
ap enet-link-profile <profile> clone <profile> dot3az duplex {auto|full|half} no ... speed {10|100|1000|auto}
Description
This command configures an AP Ethernet link profile.
Syntax
Parameter <profile> clone dot3az
duplex no speed
Description
Name of this instance of the profile. The name must be 1-63 characters.
Range --
Default
"defaul t"
Name of an existing Ethernet Link profile
--
--
from which parameter values are copied.
Enable support for the 803.az Energy Efficient Ethernet (EEE) standard, which allows the APs to consume less power during periods of low data activity.
Only W-AP130 Series APs support this feature. If this feature is enabled for an APs group, any APs in the group that do not support 803.az will ignore this setting.
disable d
The duplex mode of the Ethernet interface, either full, half, or auto-negotiated.
full/half/auto
auto
Negates any configured parameter.
--
--
The speed of the Ethernet interface, either 10 Mbps, 100 Mbps, 1000 Mbps (1 Gbps), or auto-negotiated.
10/100/1000/auto auto
Usage Guidelines
This command configures the duplex and speed of the Ethernet port on the AP. The configurable speed is dependent on the port type.
Example
The following command configures the Ethernet link profile for full-duplex and 100 Mbps: ap enet-link-profile enet
duplex full speed 100
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap enet-link-profile | 178
Command History
Release ArubaOS 3.0 ArubaOS 3.3 ArubaOS 6.2
Modification Command introduced Support for 1000 Mbps (1 Gbps) Ethernet port speed was introduced. Support for the dot3az parameter was introduced.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode Config mode on master controllers
179 | ap enet-link-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap flush-r1-on-new-r0
ap·flush-r1-on-new-r0 {enable|disable}
Description
Use this command to enable or disable flushing of R1 keys, when R0 is updated for d-tunnel or bridge mode.
Syntax
Parameter enable disable
Description Enable flushing of R1 keys. Disable flushing of R1 keys.
Example
The following example enables flushing of R1 keys. (host) (config) #ap flush-r1-on-new-r0 enable The following command displays the status of flushing of R1 keys. (host) (config) #show flush-r1-on-new-r0 Fast Roaming flush-r1-on-new-r0:enable
Command History
Release ArubaOS 6.3
Modification Command introduced
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode Enable mode or Config mode.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap flush-r1-on-new-r0 | 180
ap image-preload
ap image-preload activate all-aps|specific-aps add {ap-group <ap-group> | ap-name <ap-name>} cancel clear-all delete {ap-group <ap-group> | ap-name <ap-name>} [partition <part-num>] [max-downloads <max-downloads>]
Description
Configure APs to preload a new software image from a W-3600 or W-6000M3 controller before the controller starts actively running the new image.
Syntax
Parameter activate
all-aps specific-aps add ap-group <group> ap-name <name> cancel
clear-all delete
ap-group <group>
Description
Issue the ap image-preload activate command to activate this feature, allowing APs in the preload list to start downloading their new image from the controller.
All APs will be allowed to pre download the image.
Only APs in the preload list will be allowed to preload the image.
Add individual APs or AP groups to the list of APs allowed to preload the image.
Add a group of APs to the preload list.
Add an individual AP to the preload list.
Cancel the AP preload and clear the preload list. Any APs downloading a new image at the time this command is issued will continue to download the file.
Clear all APs from the preload list.
Delete an individual AP or AP group from the preload list. NOTE: This command may be issued before or after preloading is activated. If it is executed after preloading has already been activated, any APs downloading a new image at the time this command is issued will continue to download the file. APs that are still waiting to preload will be removed from the preload list.
Remove the specified group of APs from the preload list
181 | ap image-preload
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter ap-name <name>
Description Remove an individual AP from the preload list
partition <partition-num>
Specify the partition from which the APs should download their images. By default, the APs will preload images from the controller's default boot partition.
max-downloads <max-downloads>
Specify the maximum number of APs that can simultaneously download their image from the controller. The default value is ten APs.
Usage Guidelines
The AP image preload feature minimizes the downtime required for a controller upgrade by allowing the APs associated to a W-3400, W-3600 or W-6000M3 controller to download the new images before the controller actually starts running the new version.
This feature allows you to select the maximum number of APs that are allowed to preload the new software image at any one time, thereby reducing the possibility that the controller may get overloaded or that network traffic may be impacted by all APs on the controller attempting to download a new image at once.
APs can continue normal operation while they are downloading their new software version. When the download completes, the AP sends a message to the controller, informing it that the AP has either successfully downloaded the new software version, or that the preload has failed for some reason. If the download fails, the AP will retry the download after a brief waiting period.
You can allow every AP on a controller to preload a new software version, or also create a custom list of AP groups or individual APs that can use this feature. If a new AP associates to the controller while the AP image download feature is active, the controller will check that AP's name and group to see if it appears in the preload list. If an AP is on the list, (and does not already have the specified image in its Flash memory) that AP will start preloading its image.
Example
The following command enables the image preload feature and adds the APs in the AP groups corp1 and corp2 to the preload list. ap image-preload activate specific-aps
add ap-group corp1 add ap-group corp2
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap image-preload | 182
ap-lacp-striping-ip
ap-lacp-striping-ip aplacp-enable no striping-ip <ip-addr> lms <ip-addr>
Description
Define an AP LACP LMS map information profile that maps a GRE striping IP address to an existing LMS-IP address.
Syntax
Parameter aplacp-enable
Description Issue this command to enable LACP IP striping. This feature is disabled by default
no ...
Issue this command to negate any setting or return a configured parameter it to its default value.
striping-ip <ip> lms <ip-addr>
Specify an IPv4 address for the 802.11g radio of the controller to allow LACPenabled switches to send traffic for the two controller radios on different links. Recommended value for this parameter is lms <ip-addr>+1. NOTE: In ArubaOS 6.3.1.0 - 6.4.1.0, LACP striping is configured using the ap system profile <profile> gre-striping-ip command.
The LMS IP address to which a GRE striping IP address is associated.
Usage Guidelines
The AP LACP LMS map information profile is a local profile that maps a LMS IP address (defined in the AP system profile) to a GRE striping IP address. If a W-AP220 Series or W-AP270 Series access point fails over to a standby or backup controller, the AP LACP LMS map information profile on the new controller defines the IP address that the AP uses to terminate 802.11.g radio tunnels on the new controller. This feature allows WAP220 Series or W-AP270 Series access points to form a 802.11.g radio tunnel to a backup controller the event of a controller failover, even if the backup controller is in a different L3 network.
In ArubaOS 6.4.1 and previous releases, the GRE striping IP address was defined in the global AP system profile, which did not allow APs to maintain GRE striping tunnels if the AP failed over to a backup controller in a different L3 network.
If your topology includes a backup controller you must define GRE striping IP settings in the active and the backup controller.
Example
The following example enables this feature and maps a GRE striping IP address to the LMS-IP address 192.0.2.0:
(host) (config) # ap-lacp-striping-ip (host) (AP LACP LMS map information)#aplacp-enable (host) (AP LACP LMS map information)#striping-ip 192.0.2.2 lms 192.0.2.1
183 | ap-lacp-striping-ip
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands
The following show commands display information about the settings defined in the AP LACP LMS map information profile: l show ap-lacp-striping-ip: displays all settings defined in AP LACP LMS map information profile. l show ap database: the output of this command displays an s flag to indicate that the AP is enabled with a
striping IP address. l show ap debug lacp: the output of this command displays the AP's striping IP address, as defined in the AP
LACP LMS map information profile.
Command History
Release ArubaOS 6.4.2.0
Modification Command introduced.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap-lacp-striping-ip | 184
ap lldp med-network-policy-profile
ap lldp med-network-policy-profile <profile> application-type guest-voice|guest-voice-signaling|softphone-voice|streaming-video|videoconferencing|video-signaling|voice|voice-signaling clone <profile> dscp <dscp> l2-priority <l2-priority> no ... tagged vlan <vlan>
Description
Define an LLDP MED network policy profile that defines DSCP values and L2 priority levels for a voice or video application.
Syntax
Parameter application-type
Description
Specify the type of application that this profile manages.
Range -
guest-voice
Use this application type if the AP services a
-
separate voice network for guest users and visitors.
guest-voice-signaling
Use this application type if the AP is part of a
-
network that requires a different policy for guest
voice signaling than for guest voice media. Do not
use this application type if both the same network
policies apply to both guest voice and guest voice
signaling traffic.
softphone-voice streaming-video
video-conferencing
Use this application type if the AP supports voice
-
services using softphone software applications on
devices such as PCs or laptops.
Use this application type if the AP supports
-
broadcast or multicast video or other streaming
video services that require specific network policy
treatment. This application type is not
recommended for video applications that rely on
TCP with buffering.
Use this application type of the AP supports video
-
conferencing equipment that provides real-time,
interactive video/audio services.
185 | ap lldp med-network-policy-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter video-signaling
Description
Use this application type if the AP is part of a network that requires a different policy for video signaling than for the video media. Do not use this application type if both the same network policies apply to both video and video signaling traffic.
Range -
voice voice-signaling
Use this application type if the AP services IP
-
telephones and other appliances that support
interactive voice services.
NOTE: This is the default application type.
Use this application type if the AP is part of a
-
network that requires a different policy for voice
signaling than for the voice media. Do not use this
application type if both the same network policies
apply to both voice and voice signaling traffic.
clone <profile>
Make a copy of an existing profile by specifying that profile name.
dscp
Select a Differentiated Services Code Point (DSCP) priority value for the specified application type by specifying a value from 0-63, where 0 is the lowest priority level and 63 is the highest priority.
0-63 Default is 0
l2-priority <L2-priority>
Select a 802.1p priority level for the specified application type, by specifying a value from 0-7, where 0 is the lowest priority level and 7 is the highest priority.
0-7 Default is 0
no ...
Issue this command to negate any setting or return a configured parameter it to its default value.
tagged vlan <vlan>
Specifies if the policy applies to a to a VLAN that is tagged with a VLAN ID or untagged. The default value is untagged.
NOTE: When an LLDP-MED network policy is defined for use with an untagged VLAN, then the L2 priority field is ignored and only the DSCP value is used.
Default is untagged
Specify a VLAN by VLAN ID (0-4094) or VLAN name.
Default is 0
Usage Guidelines
LLDP-MED (media endpoint devices) is an extension to LLDP that supports interoperability between VoIP devices and other networking clients. LLDP-MED network policy discovery lets end-points and network devices advertise their VLAN IDs (e.g. voice VLAN), priority levels, and DSCP values. ArubaOS supports a maximum of eight LLDP -MED Network Policy profiles.
Creating an LLDP MED network policy profile does not apply the configuration to any AP or AP interface or interface group. To apply the LLDP-MED network policy profile, you must associate it to an LLDP profile, then apply that LLDP profile to an AP wired port profile.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap lldp med-network-policy-profile | 186
Example
The following commands create a LLDP MED network policy profile for streaming video applications and marks streaming video as high-priority traffic. (host) (config) ap lldp med-network-policy-profile vid-stream (host) (AP LLDP-MED Network Policy Profile "vid-stream") dscp 48 (host) (AP LLDP-MED Network Policy Profile "vid-stream")l2-priority 6 (host) (AP LLDP-MED Network Policy Profile "vid-stream")tagged (host) (AP LLDP-MED Network Policy Profile "vid-stream")vlan 10 (host) (AP LLDP-MED Network Policy Profile "vid-stream")!
Next, the LLDP MED network policy profile is assigned to an LLDP profile, and the LLDP profile is associated with an AP wired-port profile. (host) (config) ap lldp profile video1 (host) (AP LLDP Profile "video1")lldp-med-network-policy-profile vid-stream (host) (AP LLDP Profile "video1")! (host) (config)ap wired-port-profile corp2 (host) (AP wired port profile "corp2")lldp-profile video1
Command History
This command was introduced in ArubaOS 6.2.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode Config mode on master controllers
187 | ap lldp med-network-policy-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap lldp profile
ap lldp profile <profile> clone <profile> dot1-tlvs port-vlan|vlan-name dot3-tlvs link-aggregation|mac|mfs|power lldp-med-network-policy-profile <profile> lldp-med-tlvs capabilities|inventory|network-policy no ... optional-tlvs capabilities|management-address|port-description|system-description|systemname receive transmit transmit-hold <transmit-hold> transmit-interval <transmit-interval>
Description
Define an LLDP profile that specifies the type-length-value (TLV) elements to be sent in LLDP PDUs.
Syntax
Parameter clone <profile> dot1-tlvs
port-vlan vlan-name dot3-tlvs link-aggregation mac mfs
Description
Make a copy of an existing LLDP profile.
Specify which of the following 802.1 TLVs the AP will send in LLDP PDUs. By default, the AP will send all 802.1 TLVs.
Transmit the LLDP 802.1 port VLAN TLV. If the native VLAN is configured on the port, the port-vlan TLV will send that value, otherwise it will send a value of "0".
Transmit the LLDP 802.1 VLAN name TLV. The AP sends a value of "Unknown" for VLAN 0, or "VLAN <number>" for non-zero VLAN numbers.
Specify which of the following 802.3 TLVs the AP will send in LLDP PDUs. By default, the AP will send all 802.3 TLVs.
Transmit the 802.3 link aggregation TLV to indicate that link aggregation is not supported.
Transmit the 802.3 MAC/PHY Configuration/Status TLV to indicate the AP interface's duplex and bit rate capacity and current duplex and bit rate settings.
Transmit the 802.3 Maximum Frame Size (MFS) TLV to show the AP's maximum frame size capability.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap lldp profile | 188
Parameter
Description
power
Transmit the 802.3 Power Via media dependent interface (MDI) TLV to show the power support capabilities of the AP interface.
NOTE: This parameter is supported by the WIAP3WNP and W-AP130 Series only.
lldp-med-network-policy-profile <profile> Specify the LLDP MED Network Policy profile to be associated with this LLDP profile.
lldp-med-tlvs
Specify which of the following LLDP-MED TLVs the AP will send in LLDP PDUs. The AP will not send any LLDP-MED TLVs by default.
capabilities
Transmit the LLDP-MED capabilities TLV. The AP will automatically send this TLV if any of the other LLDPMED TLVs are enabled.
inventory network-policy optional-tlvs
Transmit the LLDP-MED inventory TLV. NOTE: An AP can't send this TLV unless it also sends the LLDP-MED capabilities TLV.
Transmit the LLDP-MED network-policy TLV. NOTE: An AP can't send this TLV unless it also sends the LLDP-MED capabilities TLV.
Specify which of the following optional TLVs the AP will send in LLDP PDUs.
capabilities
Transmit the system capabilities TLV to indicate which capabilities are supported by the AP.
management-address
Transmit a TLV that indicates the AP's management IP address, in either IPv4 or IPV6 format.
port-description
Transmit a TLV that gives a description of the AP's wired port in an alphanumeric format.
system-description
Transmit a TLV that describes the AP's model number and software version
system-name
Transmit a TLV that sends the AP name or wired MAC address.
receive
Issue this command to enable LLDP PDU reception. This parameter is enabled by default.
transmit
Issue this command to enable LLDP PDU transmission. This parameter is enabled by default.
189 | ap lldp profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter transmit-hold <transmit-hold>
transmit-interval <transmit-interval>
Description
Enter a value from 1-100. This value is multiplied by the transmit interval to determine the number of seconds to cache learned LLDP information before that information is cleared.
If the transmit-hold value is at the default value of 4, and the transmit interval is at its default value of 30 seconds, then learned LLDP information will be cached for 4 x 30 seconds, or 120 seconds.
The interval between LLDP TLV transmission seconds. The supported range is 1-3600 seconds and the default value is 30 seconds.
Usage Guidelines
Link Layer Discovery Protocol (LLDP), is a Layer-2 protocol that allows network devices to advertise their identity and capabilities on a LAN. Wired interfaces on Dell APs support LLDP by periodically transmitting LLDP Protocol Data Units (PDUs) comprised of type-length-value (TLV) elements. Use this command to specify which TLVs should be sent by the AP interface associated with the LLDP profile.
Example
The following command configures an LLDP profile allows the AP interface to send the port-vlan and vlanname TLVs. ap lldp profile 8021TLVs
dot1-tlvs port-vlan dot1-tlvs vlan-name
Command History
This command was introduced in ArubaOS 6.2.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap lldp profile | 190
ap mesh-cluster-profile
ap mesh-cluster-profile <profile> clone <profile> cluster <name> no ... opmode [opensystem | wpa2-psk-aes] rf-band {a | g} wpa-hexkey <wpa-hexkey> wpa-passphrase <wpa-passphrase>
Description
This command configures a mesh cluster profile used by mesh nodes.
Syntax
Parameter <profile> clone cluster
no opmode
Description
Name of this instance of the profile. The name must be 1-63 characters.
Range --
Default "default"
Name of an existing mesh cluster profile from
--
--
which parameter values are copied.
Indicates the mesh cluster name. The name can -- have a maximum of 32 characters, and is used as the MSSID for the mesh cluster. When you first create a new mesh cluster profile, the profile uses the default cluster name "Dellmesh". Use the cluster parameter to define a new, unique MSSID before you assign APs or AP groups to the mesh cluster profile.
NOTE: If you want a mesh cluster to use WPA2PSK-AES encryption, do not use spaces in the mesh cluster name, as this may cause errors in mesh points associated with that mesh cluster.
To view existing mesh cluster profiles, use the CLI command show ap mesh-cluster-profile.
"Dell-mesh"
Negates any configured parameter.
--
--
Configures one of the following types of data encryption.
l opensystem--No authentication or encryption.
l wpa2-psk-aes--WPA2 with AES encryption using a pershared key.
Best practices are to select wpa2-psk-aes and use the wpa-passphrase parameter to select a passphrase. Keep the passphrase in a safe place.
opensystem
wpa2-pskaes
opensystem
191 | ap mesh-cluster-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter rf-band
wpa-hexkey wpa-passphrase
Description
Configures the RF band in which multiband mesh nodes should operate: a = 5 GHz g = 2.4 GHz Best practices are to use 802.11a radios for mesh deployments.
Range
a g
Configures a WPA pre-shared key.
--
Sets the WPA password that generates the PSK. --
Default a
-- --
Usage Guidelines
Mesh cluster profiles are specific to mesh nodes (APs configured for mesh) and provide the framework of the mesh network. You must define and configure the mesh cluster profile before configuring an AP to operate as a mesh node. You can configure multiple mesh cluster profiles to be used within a mesh cluster. You must configure different priority levels for each mesh cluster profile. See ap-group or ap-name for more information about priorities. Cluster profiles, including the "default" profile, are not applied until you provision your APs for mesh.
Example
The following command configures a mesh cluster profile named "cluster1" for the mesh cluster "headquarters:" ap mesh-cluster-profile cluster1
cluster headquarters
Related Commands
To view a complete list of mesh cluster profiles and their status, use the following command: show ap mesh-cluster-profile To view the settings of a specific mesh cluster profile, use the following command:
show ap mesh-cluster-profile <name>
Command History
This command was introduced in ArubaOS 3.2.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap mesh-cluster-profile | 192
ap mesh-ht-ssid-profile
ap mesh-ht-ssid-profile <profile-name> 40MHz-enableba-amsdu-enable 80MHz-enable clone <source> high-throughput-enable ldpc legacy-stations max-rx-a-mpdu-size max-tx-a-mpdu-size max-tx-a-msdu-count-be max-tx-a-msdu-count-bg max-tx-a-msdu-count-vi max-tx-a-msdu-count-vo max-vht-mpdu-size min-mpdu-start-spacing mpdu-agg no short-guard-intvl-20Mhz short-guard-intvl-40Mhz short-guard-intvl-80Mhz stbc-rx-streams stbc-tx-streams supported-mcs-set temporal-diversity
Description
This command configures a mesh high-throughput SSID profile used by mesh nodes.
Syntax
Parameter <profile-name>
40MHz-enable 80MHz-enable ba-amsdu-enable
Description
Range
Enter the name of an existing mesh highthroughput SSID profile to modify that profile, or enter a new name or create a new mesh high-throughput profile. The mesh high-throughput profile can have a maximum of 32 characters.
To view existing high-throughput SSID radio profiles, use the command show ap meshradio-profile.
Enable or disable the use of 40 MHz channels. This parameter is enabled by default.
Enable or disable the use of 80 MHz channels.
Enable/Disable Receive AMSDU in BA negotiation.
Default default
enabled enabled enabled
193 | ap mesh-ht-ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter clone <source>
Description
Copy configuration information from a source profile into the currently selected profile
Range
high-throughput-enable
Enable or disable high-throughput (802.11n) features
on this SSID. This parameter is enabled by default.
Default enabled
ldpc legacy-stations max-rx-a-mpdu-size max-tx-a-mpdu-size max-tx-a-msdu-count-be max-tx-a-msdu-count-bg max-tx-a-msdu-count-vi
If enabled, the AP will advertise Low-density Parity Check (LDPC) support. LDPC improves data transmission over radio channels with high levels of background noise.
Allow or disallow associations from legacy (non-HT) stations. By default, this parameter is enabled (legacy stations are allowed).
Maximum size of a received aggregate MPDU, in bytes.
8191, 16383, 32767, 65535
Maximum size of a transmitted aggregate MPDU, in bytes.
1576 65535
Maximum number of MSDUs in a TX AMSDU on best-effort AC. TX-AMSDU disabled if 0.
0 - 15
Maximum number of MSDUs in a TX AMSDU on background. TX-AMSDU disabled if 0.
0 - 15
Maximum number of MSDUs in a TX AMSDU on video AC. TX-AMSDU disabled if 0.
0 - 15
enabled enabled
2 2 2
max-tx-a-msdu-count-vo Maximum number of MSDUs in a TX A-
0 - 15
0
MSDU on voice AC. TX-AMSDU disabled if 0.
max-vht-mpdu-size
Maximum size of a VHT MPDU.
3895, 7991, 11454
11454
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap mesh-ht-ssid-profile | 194
Parameter min-mpdu-start-spacing
Description
Range
Minimum time between the start of adjacent MPDUs within an aggregate MPDU, in microseconds.
0 (No restriction on MDPU start spacing), .25 µsec, .5 µsec, 1 µsec, 2 µsec, 4 µsec
Default 0 µsec
mpdu-agg
Enable or disable MAC protocol data unit (MPDU) aggregation.
High-throughput mesh APs are able to send aggregated MAC protocol data units (MDPUs), which allow an AP to receive a single block acknowledgment instead of multiple ACK signals. This option, which is enabled by default, reduces network traffic overhead by effectively eliminating the need to initiate a new transfer for every MPDU.
enabled
short-guard-intvl-20Mhz
Enable or disable use of short (400ns) guard interval for W-AP130 Series APs in 20 MHz mode.
A guard interval is a period of time between transmissions that allows reflections from the previous data transmission to settle before an AP transmits data again. An AP identifies any signal content received inside this interval as unwanted inter-symbol interference, and rejects that data.
The 802.11n standard specifies two guard intervals: 400ns (short) and 800ns (long). Enabling a short guard interval can decrease network overhead by reducing unnecessary idle time on each AP. Some outdoor deployments, may, however require a longer guard interval. If the short guard interval does not allow enough time for reflections to settle in your mesh deployment, inter-symbol interference values may increase and degrade throughput.
This parameter is enabled by default.
enabled
short-guard-intvl-40Mhz
Enable or disable use of short (400ns) guard interval in 40 MHz mode.
A guard interval is a period of time between transmissions that allows reflections from the previous data transmission to settle before an AP transmits data again. An AP identifies any signal content received inside this interval as unwanted inter-symbol interference, and rejects that data.
enabled
195 | ap mesh-ht-ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
Range
The 802.11n standard specifies two guard intervals: 400ns (short) and 800ns (long). Enabling a short guard interval can decrease network overhead by reducing unnecessary idle time on each AP. Some outdoor deployments, may, however require a longer guard interval. If the short guard interval does not allow enough time for reflections to settle in your mesh deployment, inter-symbol interference values may increase and degrade throughput.
This parameter is enabled by default.
short-guard-intvl-80Mhz
Enable or disable use of short (400ns) guard interval in 80 MHz mode.
A guard interval is a period of time between transmissions that allows reflections from the previous data transmission to settle before an AP transmits data again. An AP identifies any signal content received inside this interval as unwanted inter-symbol interference, and rejects that data.
The 802.11n standard specifies two guard intervals: 400ns (short) and 800ns (long). Enabling a short guard interval can decrease network overhead by reducing unnecessary idle time on each AP. Some outdoor deployments, may, however require a longer guard interval. If the short guard interval does not allow enough time for reflections to settle in your mesh deployment, inter-symbol interference values may increase and degrade throughput.
This parameter is enabled by default.
stbc-rx-streams
Controls the maximum number of spatial
0-1
streams usable for STBC reception. 0
disables STBC reception, 1 uses STBC for
MCS 0-7. Higher MCS values are not
supported. (Supported on the W-AP90
series, W-AP130 Series, W-AP68, W-AP175
and W-AP105 only. The configured value will
be adjusted based on AP capabilities.)
stbc-tx-streams
Controls the maximum number of spatial
0-1
streams usable for STBC transmission. 0
disables STBC transmission, 1 uses STBC
for MCS 0-7. Higher MCS values are not
supported. (Supported on W-AP90 series, W-
AP175, W-AP130 Series and W-AP105 only.
The configured value will be adjusted based
on AP capabilities.)
Default enabled
1 1
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap mesh-ht-ssid-profile | 196
Parameter supported-mcs-set
temporal-diversity
Description
Range
A list of Modulation Coding Scheme (MCS) values or ranges of values to be supported on this SSID. The MCS you choose determines the channel width (20MHz vs. 40MHz) and the number of spatial streams used by the mesh node.
The default value is 1-15; the complete set of supported values. To specify a smaller range of values, enter a hyphen between the lower and upper values. To specify a series of different values, separate each value with a comma.
Examples:
2-10
1,3,6,9,12
Range: 0-15.
1-15
Shows if temporal diversity has been enabled or disabled. When this feature is enabled and the client is not responding to 802.11 packets, the AP will launch two hardware retries; if the hardware retries are not successful then it attempts software retries.
Default 1-15
disabled
Guidelines
The mesh high-throughput profile defines settings unique to 802.11n-capable, high-throughput APs. If none of the APs in your mesh deployment are 802.11n-capable APs, you do not need to configure a highthroughput SSID profile. If you modify a currently provisioned and running high-throughput SSID profile, your changes take effect immediately. You do not reboot the controller or the AP.
Example
The following command configures a mesh high-throughput SSID profile named "HT1" and sets some nondefault settings for MAC protocol data unit (MPDU) aggregation: (host) (config) #ap mesh-ht-ssid-profile HT1
max-rx-a-mpdu-size 32767 max-tx-a-mpdu-size 32767 min-mpdu-start-spacing .25
Related Commands
To view a complete list of mesh high-throughput SSID profiles and their status, use the following command: (host) (config) #show ap mesh-ht-ssid-profile To view the settings of a specific mesh radio profile, use the following command:
197 | ap mesh-ht-ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
(host) (config) #show ap mesh-ht-ssid-profile <name>
Command History
Version ArubaOS 3.4
Description Command introduced
ArubaOS 6.1
The short-guard-intvl-20Mhz, ldpc, stbc-rx-streams and stbc-rxstreams parameters were introduced.
ArubaOS 6.3
The following parameters were introduced. l txbf-comp-steering l txbf-delayed-feedback l txbf-explicit-enable l txbf-immediate-feedback l txbf-noncomp-steering l txbf-sounding-interval
ArubaOS 6.4.3
The following parameters were introduced. l 80MHz-enable l max-tx-a-msdu-count-be l max-tx-a-msdu-count-bg l max-tx-a-msdu-count-vi l max-tx-a-msdu-count-vo l max-vht-mpdu-size l short-guard-intvl-80Mhz l vht-enable l vht-supported-mcs-map l vht-txbf-explicit-enable l vht-txbf-sounding-interval
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap mesh-ht-ssid-profile | 198
ap mesh-radio-profile
ap mesh-radio-profile <profile> a-tx rates [6|9|12|18|24|36|48|54] allowed-vlans <vlan-list> children <children> clone <profile> eapol-rate-opt g-tx rates [1|2|5|6|9|11|12|18|24|36|48|54] heartbeat-threshold <count> hop-count <hop-count> link-threshold <count> max-retries <max-retries> mesh-ht-ssid-profile mesh-mcast-opt mesh-survivability metric-algorithm {best-link-rssi|distributed-tree-rssi} mpv <vlan-id> no ... reselection-mode {reselect-anytime|reselect-never|startup-subthreshold| subthreshold-only} rts-threshold <rts-threshold>
Description
This command configures a mesh radio profile used by mesh nodes.
Syntax
Parameter <profile> allowed-vlans
<vlan-list> a-tx rates
children
Description
Name of this instance of the profile. The name must be 1-63 characters.
Range --
Default "default"
Specify a list of VLAN IDs that can be used by a mesh link on APs associated with this mesh radio profile
A comma-separated list of VLAN IDs. You can also specify a range of VLAN IDs using a dash (for example, 14095)
Indicates the transmit rates for the 802.11a radio.
The AP attempts to use the highest transmission rate to establish a mesh link. If a rate is unavailable, the AP goes through the list and uses the next highest rate.
6, 9, 12, 18, 24, 36, 48, 54 Mbps
6, 9, 12, 18, 24, 36, 48, 54 Mbps
Indicates the maximum number of
1-64
64
children a mesh node can accept.
199 | ap mesh-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter clone eapol-rate-opt g-tx rates
heartbeatthreshold hop-count link-threshold
mesh-ht-ssid-profile max-retries mesh-mcast-opt
Description
Range
Name of an existing mesh radio profile from which parameter values are copied.
Default
Use a more conservative rate for more reliable delivery of EAPOL frames.
enabled disabled
disabled
Indicates the transmit rates for the 802.11b/g radio.
The AP attempts to use the highest transmission rate to establish a mesh link. If a rate is unavailable, the AP goes through the list and uses the next highest rate.
1, 2, 5, 6, 9, 11, 12, 18, 24, 36, 48, 54
1, 2, 5, 6, 9, 11, 12, 18, 24, 36, 48, 54 Mbps
Indicates the maximum number of
1-255
10
heartbeat messages that can be lost
between neighboring mesh nodes.
Indicates the maximum hop count from
1-32
8
the mesh portal.
Indicates the minimal RSSI value. If the
hardware
12
RSSI value is below this threshold, the link dependent
may be considered a sub-threshold link. A
sub-threshold link is a link whose average
RSSI value falls below the configured
threshold.
If this occurs, the mesh node may try to find a better link on the same channel and cluster (only neighbors on the same channel are considered).
The supported threshold is hardware dependent, with a practical range of 1090.
High-throughput SSID Profile for the mesh feature.
default
Maximum number of times a mesh node can re-send a packet.
0-15
4 times
Enables or disables scanning of all active stations currently associated to a mesh point to select the lowest transmission rate based on the slowest connected mesh child.
When enabled, this setting dynamically adjusts the multicast rate to that of the slowest connected mesh child. Multicast frames are not sent if there are no mesh children.
enabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap mesh-radio-profile | 200
Parameter
mesh-survivability
metricalgorithm
best-linkrssi
distributedtree-rssi
mpv no reselection-mode
reselect-anytime
Description
Best practices are to use the default value.
Range
Default
Allow mesh points and portals to become -- active even if the controller cannot be reached by bridging LAN traffic. This is a beta feature that is disabled by default; it should not be enabled unless you are instructed to do so by Dell technical suppport.
distributedtreerssi
Specifies the algorithm used by a mesh
--
node to select its parent.
Best practices are to use the default value distributed-tree-rssi.
distributedtreerssi
Selects the parent with the strongest RSSI, --
--
regardless of the number of children a
potential parent has.
Selects the parent based on link-RSSI and --
--
node cost based on the number of
children.
This option evenly distributes the mesh points over high quality uplinks. Low quality uplinks are selected as a last resort.
This parameter is experimental and reserved for future use.
0-4094
0 (disabled)
Negates any configured parameter.
--
--
Specifies the method used to find a better mesh link.
Best practices are to use the default value startup-subthreshold.
(see below)
startup-sub threshold
Mesh points using the reselect-anytime
--
--
reselection mode perform a single
topology readjustment scan within 9
minutes of startup and 4 minutes after a
link is formed. If no better parent is found,
the mesh point returns to its original
parent. This initial scan evaluates more
distant mesh points before closer mesh
points, and incurs a dropout of 5-8
seconds for each mesh point.
201 | ap mesh-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
Range
After the initial startup scan is completed, connected mesh nodes evaluate mesh links every 30 seconds. If a mesh node finds a better uplink, the mesh node connects to the new parent to create an improved path to the mesh portal.
reselect-never
Connected mesh nodes do not evaluate
--
other mesh links to create an improved
path to the mesh portal.
startup-subthreshold Mesh points using the startup-
--
subthreshold reselection mode perform
a single topology readjustment scan
within 9 minutes of startup and 4 minutes
after a link is formed. If no better parent is
found, the mesh point returns to its
original parent. This initial startup scan
evaluates more distant mesh points
before closer mesh points, and incurs a
dropout of 5-8 seconds for each mesh
point. After that time, each mesh node
evaluates alternative links if the existing
uplink falls below the configured threshold
level (the link becomes a sub-threshold
link). Best practices are to use the default
startup-subthreshold value.
Starting with ArubaOS 3.4.1, if a mesh point using the startup-subthreshold mode reselects a more distant parent because its original, closer parent falls below the acceptable threshold, then as long as that mesh point is connected to that more distant parent, it will seek to reselect a parent at the earlier distance (or less) with good link quality. For example, if a mesh point disconnects from a mesh parent 2 hops away and subsequently reconnects to a mesh parent 3 hops away, then the mesh point will continue to seek a connection to a mesh parent with both an acceptable link quality and a distance of two hops or less, even if the more distant parent also has an acceptable link quality.
subthreshold-only
Connected mesh nodes evaluate
--
alternative links only if the existing uplink
becomes a sub-threshold link.
NOTE: Starting with ArubaOS 3.4.1, if a mesh point using the subthreshold-only mode reselects a more distant parent because its original, closer parent falls below the acceptable threshold, then as long as that mesh point is connected to that more distant parent, it will seek to reselect a parent at the earlier distance (or less) with good link quality. For example, if a
Default -- --
--
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap mesh-radio-profile | 202
Parameter rts-threshold
Description
mesh point disconnects from a mesh parent 2 hops away and subsequently reconnects to a mesh parent 3 hops away, then the mesh point will continue to seek a connection to a mesh parent with both an acceptable link quality and a distance of two hops or less, even if the more distant parent also has an acceptable link quality.
Range
Defines the packet size sent by mesh nodes. Mesh nodes transmitting frames larger than this threshold must issue request to send (RTS) and wait for other mesh nodes to respond with clear to send (CTS) to begin transmission. This helps prevent mid-air collisions.
256-2,346
Default 2,333 bytes
Usage Guidelines
Mesh radio profiles are specific to mesh nodes (APs configured for mesh) and determine the radio frequency/channel used by mesh nodes to establish mesh links and the path to the mesh portal. You can configure multiple radio profiles; however, you select and deploy only one radio profile per mesh cluster. Radio profiles, including the "default" profile, are not active until you provision your APs for mesh. If you modify a currently provisioned and running radio profile, your changes take place immediately. You do not reboot the controller or the AP.
Example
The following command creates a mesh radio profile named "radio2" and associates a mesh high-throughput profile named meshHT1: (host) (config) #ap mesh-radio-profile radio2
mesh-ht-ssid-profile meshHT1
Related Commands
To view a complete list of mesh radio profiles and their status, use the following command: (host) (config) #show ap mesh-radio-profile To view the settings of a specific mesh radio profile, use the following command: (host) (config) #show ap mesh-radio-profile <name>
Command History
Release ArubaOS 3.2
Modification Command introduced.
ArubaOS 3.2.0.x, 3.3.1.x
The tx-power default increased from 14 to 30 dBm.
ArubaOS 3.3
The heartbeat-threshold default increased from 5 to 10 heartbeat messages.
203 | ap mesh-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Release ArubaOS 3.3.2 ArubaOS 3.4
ArubaOS 6.1
Modification
The mesh-mcast-opt parameter was introduced.
The mesh-ht-ssid-profile parameter was introduced The 11a-portal-channel, 11g-portal-channel, beacon-period and txpower parameters were deprecated. These settings can now be configured via the rf dot11a-radio-profile and rf dot11g-radio-profile commands.
The eapol-rate-opt parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap mesh-radio-profile | 204
ap provisioning-profile
ap provisioning-profile <profile> ap-poe-power-optimization {disabled | enabled} apdot1x-passwd apdot1x-username cellular_nw_preference 3g-only|4g-only|advanced|auto clone link-priority-cellular link-priority-ethernet master clear|{set <masterstr>} no pppoe-passwd pppoe-service-name pppoe-user remote-ap reprovision uplink-vlan <uplink-vlan> usb-dev usb-dial usb-init usb-modeswitch -v <default_vendor> -p <default_product> -V <target_vendor> -P <target_ product> -M <message_content> usb-passwd usb-power-mode auto| enable|disable usb-tty usb-tty-control usb-type usb-user
Description
This command defines a provisioning profile for an AP or group of APs.
Syntax
Parameter
Description
Default Range
ap-poe-power-optimization Enabling optimization minimizes the POE draw of the AP. disable -- Enabling optimization may disable some parts of the AP. d Disabling ensures all features are enabled.
l enabled: AP operates in normal mode.
l disabled: USB and Ethernet port (eth1) are shut down on AP.
apdot1x-passwd
Password of the AP to authenticate to 802.1X using PEAP --
--
apdot1x-username
Username of the AP to authenticate to 802.1X using
--
--
PEAP
cellular_nw_preference
The cellular network preference setting allows you to select auto
--
g-only|4g-only|
how the modem should operate.
advanced|auto
l auto (default): In this mode, modem firmware will
205 | ap provisioning-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
Default Range
clone <source>
control the cellular network service selection; so the cellular network service failover and fallback is not interrupted by the remote AP (RAP).
l 3g_only: Locks the modem to operate only in 3G.
l 4g_only: Locks the modem to operate only in 4G.
advanced: The RAP controls the cellular network service selection based on an Received Signal Strength Indication (RSSI) threshold-based approach. Initially the modem is set to the default auto mode. This allows the modem firmware to select the available network. The RAP determines the RSSI value for the available network type (for example 4G), checks whether the RSSI is within required range, and if so, connects to that network. If the RSSI for the modem's selected network is not within the required range, the RAP will then check the RSSI limit of an alternate network (for example, 3G), and reconnect to that alternate network. The RAP will repeat the above steps each time it tries to connect using a 4G multimode modem in this mode. The RAP determines the RSSI value for the available network type (for example 4G), checks whether the RSSI is within required range, and if so, connects to that network.. If the RSSI for the modem's selected network is not within the required range, the RAP will then check the RSSI limit of an alternate network (for example, 3G), and reconnect to that alternate network. The RAP will repeat the above steps each time it tries to connect using a 4G multimode modem in this mode.
Clone an existing ap provisioning profile
--
--
link-priority-cellular <link-priority-cellular>
Set the priority of the cellular uplink. By default, the cellular uplink is a lower priority than the wired uplink; making the wired link the primary link and the cellular link the secondary or backup link.
Configuring the cellular link with a higher priority than your wired link priority will set your cellular link as the primary controller link.
0-255
0
link-priority-ethernet
Set the priority of the wired uplink. Each uplink type has
0-255
0
<link-priority-ethernet> an associated priority; wired ports having the highest
priority by default.
master
Change the FQDN or IP address for the master controller.
--
--
set <masterstr>
Specify the or IP address or FQDN for the master controller.
--
--
clear
Clear the definition for the master controller in this profile.
--
--
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap provisioning-profile | 206
Parameter no
Description Negates any configured parameter.
Default Range
--
--
pppoe-passwd
Point-to-Point Protocol over Ethernet (PPPoE) password
--
--
for the AP.
pppoe-servicename
pppoe-user
PPPoE service name for the AP. PPPoE username for the AP.
--
--
--
--
remote-ap
Specifies that the profile is to be associated with a remote AP using certificates.
--
--
reprovision
Provisions one or more APs with the values in the provisioning profile.
--
--
reset-bootinfo
Restores factory default provisioning parameters to the
--
--
specified AP.
NOTE: This parameter can only be used on the master controller.
uplink-vlan <uplink-vlan>
If you configure an uplink VLAN on an AP connected to a port in trunk mode, the AP sends and receives frames tagged with this VLAN on its Ethernet uplink.
By default, an AP has an uplink vlan of 0, which disables this feature.
0(
0
disable
d) to
4095
NOTE: If an AP is provisioned with an uplink VLAN, it must be connected to a trunk mode port or the AP's frames will be dropped.
usb-dev
The USB device identifier.
--
--
usb-dial
The dial string for the USB modem. This parameter only
--
--
needs to be specified if the default string is not correct.
usb-init
The initialization string for the USB modem. This
--
--
parameter only needs to be specified if the default string
is not correct.
usb-modeswitch
USB cellular devices on remote APs typically register as
--
--
-v <default_vendor>
modems, but may occasionally register as a mass-
-p <default_product>
storage device. If a remote AP cannot recognize its USB
-V <target_vendor>
cellular modem, use the usb-modeswitch command to
-P <target_product>
specify the parameters for the hardware model of the
-M <message_content>
USB cellular data-card.
NOTE: You must enclose the entire modeswitch parameter string in quotation marks.
usb-passwd
A PPP password, if provided by the cellular service provider
--
--
usb-power-mode auto|
Set the USB power mode to control the power to the USB
--
--
207 | ap provisioning-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter enable|disable usb-tty usb-tty-control usb-type
usb-user
Description port.
Default Range
The TTY device path for the USB modem. This parameter --
--
only needs to be specified if the default path is not
correct.
The TTY device control path for the USB modem. This
--
--
parameter only needs to be specified if the default path
is not correct.
Specify the USB driver type.
--
l acm: Use ACM driver
l airprime: Use Airprime driver
l beceem-wimax: Use Beceem driver for 4G-WiMAX
l ether: Use CDC Ether driver for direct IP 4G device
l hso: Use HSO driver for newer Option
l none: Disable 3G or 2G network on USB
l option: Use Option driver
l pantech-3g: Same as "pantech-uml290" - to support upgrade
l pantech-uml290: Use Pantech USB driver for UML290 device
l ptumlusbnet: Use Pantech USB driver for 4G device
l rndis: Use a RNDIS driver for a 4G device
l sierra-evdo: Use EVDO Sierra Wireless driver
l sierra-gsm: Use GSM Sierra Wireless driver
l sierrausbnet:Use SIERRA Direct IP driver for 4G device
l storage: Use USB flash as storage device for storing RAP certificates
none
The PPP username provided by the cellular service provider
--
--
Usage Guidelines
The AP provisioning profile allows you to define a set of provisioning parameters to an AP group. These settings can be saved or assigned to an AP group via the command ap-group <group> provisioning-profile <profile>.
In order to enable cellular uplink for a remote AP (RAP), the RAP must have the device driver for the USB data card and the correct configuration parameters. ArubaOS includes device drivers for the most common hardware types, but you can use the usb commands in this profile to configure a RAP to recognize and use an unknown USB modem type.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap provisioning-profile | 208
Related Commands
Command provision-ap
Description
Change provisioning parameters for an individual AP. This command does not save the provisioning parameters settings in a reusable profile.
Example
The following commands create a provisioning profile named profile_branch, in which the cellular link is the primary uplink because it has a higher priority than the Ethernet link:
(host) (config) #ap provision-profile profile_branch link-priority-cellular 2 link-priority-ethernet 1 usb-type acm usb-modeswitch "-v 0x106c -p 0x3b06 -V 0x106c -P 0x3717 -M 5534243b82e238c24000000800008ff020000000000000000000000000000"
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.4
Introduced support for the following parameters: l usb-dev l usb-dial l usb-init l usb-passwd l usb-tty l usb-type l usb-user l link-priority-cellular l link-priority-ethernet
ArubaOS 6.0
The uplink-vlan parameter was introduced.
ArubaOS 6.1
The following new parameters were introduced for provisioning APs for 802.1X authentication:
l apdot1x-passwd
l apdot1x-username The following new parameters were introduced for provisioning Remote APs using USB modems:
l usb-modeswitch
l 4g-usb-type
209 | ap provisioning-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Release ArubaOS 6.2.1.0
ArubaOS 6.3 ArubaOS 6.3.1 ArubaOS 6.3.1.10 ArubaOS 6.3.1.11
Modification
the cellular_nw_preference parameter was introduced for provisioning multi-mode modems, and the 4g-usb-type parameter was deprecated. Specify a 2/3G or 4G modem type using the usb-type parameter.
The sierrausbnet and storage usb-type parameters were introduced.
The rndis parameter was introduced.
The ap-power-mode parameter was introduced.
The ap-power-mode parameter was renamed to ap-poe-poweroptimization.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap provisioning-profile | 210
ap packet-capture
ap packet-capture [open-port|close-port] <port>
ap packet-capture raw-start [<ap-name|ip-addr|ip6-addr>] <target-ip> <target-port> <format> radio <0|1> channel <channel> maxlen <maxlen>
ap packet-capture interactive [<ap-name|ip-addr|ip6-addr>] <filter-spec> <target-ip> <targetport> radio <0|1> channel <channel>
ap packet-capture [clear|stop|pause|resume][<ap-name|ip-addr|ip6-addr>] <pcap-id> radio <0|1>
show ap packet-capture status <ap-name|ip-addr|ip6-addr>
Description
These commands manage WiFi packet capture (PCAP) on Dell APs. The WiFi packets are encapsulated in a UDP header and sent to a client running a packet analyzer like Wildpacket's Airopeek, Omnipeek, or Wireshark.
Syntax
Parameter open-port close-port raw-start
<ipaddr> <target-ipaddr> <target-port> <format>
channel maxlen
Description (CPSEC CAPs and RAPs only) Enable or allow access to this UDP port on the AP for packet capture purposes. (CPSEC CAPs and RAPs only) Close or disallow access to this UDP port on the AP for packet capture purposes.
Stream packets from the driver to a client running the packet analyzer.
IP address of the AP.
IP address of the client running the packet analyzer.
UDP port number on the client station where the captured packets are sent.
Specify a number to indicate one of the following formats for captured packets: l 0 : pcap l 1 : peek l 2 : airmagnet l 3 : pcap+radio header l 4 : ppi
(Optional/Applicable only in Air Monitor mode) Number of a radio channel to tune into to capture packets.
(Optional) Limit the length of 802.11 frames to include in the capture to a specified maximum.
211 | ap packet-capture
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter interactive
<filter-spec> clear pause stop resume
<pcap-id>
Description Start an interactive packet capture session between an AP and a client running a packet analyzer. Packet Capture filter specification. See Usage Guidelines for details. Clears the packet capture session. Pause a packet capture session. Stop a packet capture session. Resume a packet capture session. ID of the PCAP session.
Usage Guidelines
These commands direct an AP to send WiFi packet captures to a client packet analyzer utility such as Airmagnet, Wireshark and so on, on a remote client.
Before using these commands, you need to start the packet analyzer utility on the client and open a capture window for the port from which you are capturing packets. The packet analyzer cannot be used to control the flow or type of packets sent from APs.
The packet analyzer processes all packets. However, you can apply display filters on the capture window to control the number and type of packets being displayed. In the capture window, the time stamp displayed corresponds to the time that the packet is received by the client and is not synchronized with the time on the AP.
Filter specification (used in ap packet-capture interactive) supports the following: - type (beacon/rts/cts/data/ack/ctrl/mgmt/all) - sta (mac address) - bss (mac address) - da (mac address) - sa (mac address) - dir (tods, fromds) - retry (1, 0) - frag (1, 0) - wep (1, 0)
Filter spec examples: (type eq beacon) or ((sta eq 000000010203) and (dir eq tods)) (type == data) && ((sta = 000000010203) || (sta == 000000010203)) (type != beacon) (wep nq 1)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap packet-capture | 212
(type eq all)
Examples
The following command starts a raw packet capture session for the AP ly115 on radio 0, and sends the packets to the client at 10.64.102.4 on port 5000. (host) (config) #ap packet-capture raw-start ap-name ly115 10.64.102.4 5000 0 radio 0 Packet capture has started for pcap-id:1
The following commands start an interactive packet capture session for the AP ap1.
#ap packet-capture open-port 5555
#ap packet-capture interactive ap-name ap1 "type eq all" 192.168.0.3 5555 radio 0
The output of the command in the example below displays packet capture session statistics for the AP ap1. In this example, the output has been divided into multiple sections to better fit on the pages of this document. In the actual command-line interface, it will appear in a single, long table.
#show ap packet-capture status ap-name ap1
Packet Capture Sessions at ap1, IP 10.3.44.167
----------------------------------------------
pcap-id filter
type
intf
channel max-pkts
------- ------
----
----
------- --------
1
type eq all interactive 6c:f3:7f:ba:65:70 153
0
max-pkt-size num-pkts status
url target
Radio ID
------------ -------- ------
------
------
65536
3759
in-progress 192.168.0.3/5555 0
Related Commands
To view the status of outstanding packet capture (pcap) sessions, use show ap packet capture.
Command History
Version ArubaOS3.0
Change Command Introduced
ArubaOS3.4
The maxlen parameter was introduced, and the pcap start command deprecated.
ArubaOS6.2
Name changed from pcap to ap packet capture.
213 | ap packet-capture
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Works in Access Point, Air Monitor, and Spectrum Monitor modes on all AP models in enable mode.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap packet-capture | 214
ap process restart
ap process restart {ap-name <ap-name>}|{ip-addr <ip>}|{ip6-addr <ip6>}
Description
Use this command to restart the AP process of a particular AP.
Syntax
Parameter ap-name <ap-name>
Description Name of the AP.
ip-addr <ip-addr>
IPv4 address of the AP.
ip6-addr <ip6-addr> IPv6 address of the AP.
Usage Guidelines
This command should only be used under the guidance of Dell technical support.
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms Available on all platforms.
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
215 | ap process restart
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap regulatory activate
ap regulatory activate <filename>
Description
This command activates the specified Regulatory-Cert.
Syntax
None.
Parameter <filename>
Description Name of the Regulatory-Cert to be activated.
Default --
Usage Guidelines
Use this command to activate a new Regulatory-Cert to your configuration.
Related Commands
To view the current Regulatory-Cert, use the show ap regulatory command. To view the supported channels, use the show ap allowed-channels country-code command.
Command History
Release ArubaOS 6.4.1
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap regulatory activate | 216
ap regulatory-domain-profile
ap regulatory-domain-profile <profile> clone <profile> country-code <code> no ... valid-11a-40mhz-channel-pair <valid-11a-40mhz-channel-pair> valid-11a-80mhz-channel-group <valid-11a-80mhz-channel-group> valid-11a-channel <num> valid-11g-40mhz-channel-pair <valid-11g-40mhz-channel-pair> valid-11g-channel <num>
Description
This command configures an AP regulatory domain profile.
Syntax
Parameter <profile>
Description
Name of this instance of the profile. The name must be 1-63 characters.
Default --
clone
Name of an existing regulatory domain profile
from which parameter values are copied.
--
country-code
Code that represents the country in which the APs will operate. The country code determines the 802.11 wireless transmission spectrum.
Improper country code assignment can disrupt wireless transmissions. Most countries impose penalties and sanctions for operators of wireless networks with devices set to improper country codes.
country code configured on the master controller during initial setup
no
Negates any configured parameter.
--
valid-11a-40mhz -channel-pair
Specify a channel pair valid for 40 MHz operation in the 802.11a frequency band for the specified regulatory domain. The two channels must be separated by a dash.
Example:
36-40
44-48
52-56
country code determines supported channel pairs
Note: Changing the country code causes the valid channel lists to be reset to the defaults for the country.
valid-11a-80mhzchannel-group
This parameter defines which 80MHz channels on -- the "a" band are available for assignment by ARM
and for controller to randomly assign if the user has
not specified a channel. The channel numbers
217 | ap regulatory-domain-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter valid-11achannel
valid-11g-40mhz -channel-pair
valid-11gchannel
Description
below correspond to channel center frequency.
Enter a single 802.11a channel number for 20 MHz operation within the specified regulatory domain.
Default
country code determines supported channels Note: Changing the country code causes the valid channel lists to be reset to the defaults for the country.
Specify a channel pair valid for 40 MHz operation in the 802.11g frequency band for the specified regulatory domain. The two channels must be separated by a dash.
Example:
1-5
2-6
7-11
country code determines supported channel pairs
Note: Changing the country code causes the valid channel lists to be reset to the defaults for the country.
Enter a single 802.11g channel number for 20 MHz operation within the specified regulatory domain.
country code determines supported channels
Note: Changing the country code causes the valid channel lists to be reset to the defaults for the country.
Usage Guidelines
This profile configures the country code and valid channels for operation of APs. The list of valid channels only affects the channels that may be selected by ARM or by the controller when no channel is configured. Channels that are specifically configured in the AP radio settings profile (see rf dot11a-radio-profile or rf dot11g-radioprofile) must be valid for the country and the AP model.
A controller shipped to certain countries, such as the U.S. and Israel, cannot terminate APs with regulatory domain profiles that specify different country codes from the controller. For example, if a controller is designated for the U.S., then only a regulatory domain profile with the "US" country code is valid; setting APs to a regulatory domain profile with a different country code will result in the radios not coming up. For controllers in other countries, you can mix regulatory domain profiles on the same controller; for example, one controller can support APs in Japan, Taiwan, China, and Singapore.
In order for an AP to boot correctly, the country code configured in the AP regulatory domain profile must match the country code of the LMS. If none of the channels supported by the AP have received regulatory approval by the country whose country code you selected, the AP will revert to Air Monitor mode.
Examples
The following command configures the regulatory domain profile for APs in Japan:
(host) (config) #ap regulatory-domain-profile rd1 country-code JP
The following command configures a regulatory domain profile for APs in the United States and specifies that the channel pair of 36 and 40, is allowed for 40 MHz mode of operation on the 5 GHz frequency band:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap regulatory-domain-profile | 218
(host) (config) #ap regulatory-domain-profile usa1 country-code US valid-11a-40mhz-channel-pair 36-40
The following command configures a regulatory domain profile for APs in the United States and specifies that the channel pair of 5 and 1, is allowed for 40 MHz mode of operation on the 2.4 GHz frequency band: (host) (config) #ap regulatory-domain-profile usa1
country-code US valid-11g-40mhz-channel-pair 1-5
Related Commands
To view the supported channels, use the show ap allowed-channels command.
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.3
Support for the IEEE 802.11n standard, including channel pairs for 40 MHz mode of operation, was introduced.
ArubaOS 5.0
The valid-11a-40mhz-channel-pair and valid-11g-40mhz-channel-pair parameters no longer support the + and - parameters that allowed you to define a primary and backup channel within the channel pair.
ArubaOS 6.3
Support for the valid-11a-80mhz-channel-group parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
219 | ap regulatory-domain-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap regulatory reset
ap regulatory reset
Description
This command returns the controller to the factory default Regulatory-Cert.
Syntax
None.
Usage Guidelines
Use this command to return the controller to the .factory default regulatory information.
Related Commands
To view the current Regulatory-Cert, use the show ap regulatory command. To view the supported channels, use the show ap allowed-channels country-code command.
Command History
Release ArubaOS 6.4.1
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap regulatory reset | 220
ap snmp-profile (deprecated)
Description
This command configures an SNMP profile for APs.
Command History
Version ArubaOS 3.0
Modification Command introduced
ArubaOS 3.4
Command deprecated
221 | ap snmp-profile (deprecated)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap snmp-user-profile (deprecated)
ap snmp-user-profile <profile> auth-passwd <password> auth-prot {md5|none|sha} clone <profile> no ... priv-passwd <password> user-name <name>
Description
This command configures an SNMPv3 user profile for APs.
Command History
Version ArubaOS 3.0
Modification Command introduced
ArubaOS 3.4
Command deprecated
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap snmp-user-profile (deprecated) | 222
ap spectrum clear-webui-view-settings
ap spectrum clear-webui-view-settings
Description
Clear a saved spectrum dashboard view.
Syntax
no parameters
Usage Guidelines
Saved spectrum view preferences may not be backwards compatible with the spectrum analysis dashboard in earlier versions of ArubaOS. If you downgrade to an earlier version of ArubaOS and your client is unable to load a saved spectrum view in the spectrum dashboard, access the CLI in enable mode and issue this command to delete the saved spectrum views and display default view settings in the spectrum dashboard.
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing RF Protect license
Command Mode
Enable mode on master or local controllers
223 | ap spectrum clear-webui-view-settings
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap spectrum local-override
no override ap-name <ap-name> spectrum-band 2ghz|5ghz
Description
Convert an AP or AM into a spectrum monitor by adding it to the spectrum local-override list.
Syntax
Parameter
Description
Range
override ap-name <ap-name> name of an AP whose
--
radio should be converted
to a spectrum monitor
radio
Default --
spectrum band
Spectrum band or portion of the band to be monitored by the spectrum monitor radio
2GHz (channels 1-14)
5GHz(channels 36-64, 100140 and 149-165).
2Ghz
Usage Guidelines
There are two ways to change an AP that supports the spectrum monitor feature into a spectrum monitor. You can assign that AP to a 802.11a and 802.11g radio profile that is already set to spectrum mode, or you can temporarily change the AP into a spectrum monitor using a local spectrum override profile. When you use a local spectrum override profile to override an AP's mode setting, that AP will begin to operate as a spectrum monitor, but will remain associated with its previous 802.11a and 802.11g radio profiles. If you change any parameter (other than the overridden mode parameter) in the spectrum monitor's 802.11a or 802.11 radio profiles, the spectrum monitor will immediately update with the change. When you remove the local spectrum override, the spectrum monitor will revert back to its previous mode, and remain assigned to the same 802.11a and 802.11 radio profiles as before.
For a list of APs that can be converted into a spectrum monitor or hybrid AP, refer to the Spectrum Analysis chapter of the Dell Networking W-Series ArubaOS 6.4.x User Guide.
Related Commands
Command
show ap spectrum localoverride
Description
Mode
This command shows a list of AP radios currently converted to spectrum monitors via the spectrum local-override list
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap spectrum local-override | 224
Command History
Release ArubaOS 6.0
Modification Command introduced
ArubaOS 6.2
The spectrum-band parameter supports a 5ghz value, allowing an AP to monitor the entire 5 Ghz radio band. Previous versions of ArubaOS supported 5ghz-lower, 5ghz-middle and 5ghz-upper settings.
Command Information
Platforms All platforms
Licensing RF Protect license
Command Mode Config mode on master controllers
225 | ap spectrum local-override
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap system-profile
ap system-profile <profile> aeroscout-rtls-server ip-or-dns <ipaddr-or-dns> port <port> include-unassoc-sta {disable|enable} am-scan-rf-band [a|all|g] ap-arp-attack-protection mcast-aggr mcast-aggr-allowed-vlan <vlan-list> ap-usb-power-override bkup-band all|a|g bkup-lms-ip <ipaddr> bkup-lms-ipv6 <ipaddr> bkup-mode static|dynamic|off bkup-password <password>\ ble-token <string> ble-url <url> lms-ping-interval bootstrap-threshold <number> clone <profile> dns-domain <domain> double-encrypt dump-server <server> gre-striping-ip heartbeat-dscp <number> heartbeat-in <secs> led-mode normal|off lms-hold-down-period <seconds> lms-ip <ipaddr> lms-ipv6 <ipaddr> lms-preemption maintenance-mode max-request-retries <number> mtu <bytes> native-vlan-id <vlan> no ... number_ipsec_retries rap-bw-total rap-bw-resv-1 rap-bw-resv-2 rap-bw-resv-3 rap-dhcp-default-router <ipaddr> rap-dhcp-dns-server <ipaddr> rap-dhcp-lease <days> rap-dhcp-pool-end <ipaddr> rap-dhcp-pool-netmask <netmask> rap-dhcp-pool-start <ipaddr> rap-dhcp-server-id <ipaddr> rap-dhcp-server-vlan <vlan> rap-gre-mtu rap-local-network-access request-retry-interval <seconds> rf-band <band> rtls-server ip-or-dns <ipaddr-ordns> port <port> key <key> station-message-frequency <seconds> include-unassoc-sta session-acl <acl> shell-passwd <password> spanning-tree syscontact <name> telnet
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap system-profile | 226
Description
This command configures an AP system profile.
Syntax
Parameter <profile> aeroscout-rtlsserver
am-scan-rf-band a g all
ap-arp-attack-protection
mcast-aggr mcast-aggr-allowed-vlan <vlan-list>
Description
Range
Name of this instance of the
--
profile. The name must be 1-63
characters.
Enables the AP to send RFID
--
tag information to an
AeroScout real-time asset
location (RTLS) server.
RTLS station reporting includes information for APs and the clients that the AP has detected. If you include the include-unassoc-sta parameter, the station reports will also include information about clients not associated to any AP. By default, unassociated clients are not included in station reports.
Scanning band for multiple RF radios
a, g, all
Set the scanning band to
--
802.11a only
Set the scanning band to
--
802.11g only
Set the scanning band to apply -- to all bands
Drop ARP packets coming from -- wired or wireless clients with AP gateway IP address. In other words, disallow ARP attack from un-trusted ports.
Enable multicast aggregation
--
at AP.
Enable list of VLANs where
--
AP multicast aggregation is
allowed.
Default "default" --
all all all all enabled
disabled disabled
227 | ap system-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter ap-usb-power-override
ip-or-dns port bkup-band a|all|g bkup-lms-ip bkup-lms-ipv6
bkup-mode dynamic|off|static
bkup-password <bkup-password> ble-token
Description
Range
Enabling override enables the
--
USB port of the AP with POE AT
power.
NOTE: This parameter is applicable for W-AP205H access point only.
IP address or the DNS of the
--
AeroScout server to which
location reports are sent.
Default disabled
--
Port number on the AeroScout --
--
server to which location
reports are sent.
Band on which the controller
802.11a, all
all
broadcasts the backup ESSID.
bands or
802.11g
In multi-controller networks,
--
--
specifies the IP address of a
backup to the IP address
specified with the lms-ip
parameter.
In multi-controller ipv6
--
--
networks, specifies the IPv6
address of a backup to the IPv6
address specified with the lms-
ipv6 parameter.
This parameter allows AP console access using a backup ESSID, allowing users to access an AP console after the AP has disconnected from the controller. When the AP advertises a backup ESSID in either static or dynamic mode, a user is able to access and debug the AP remotely through a virtual AP.
Select dynamic or static to enable this feature and select the mode by which the controller broadcasts the backup ESSID. This feature is disabled by default.
dynamic|off|static off
Allows client access to adjust the --
--
band and mode settings for the
backup ESSID.
The Bluetooth Low Energy (BLE) --
--
endpoint authorization token is a
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap system-profile | 228
Parameter
ble-url bootstrapthreshold
clone dns-domain double-encrypt
dump-server gre-striping-ip 229 | ap system-profile
Description
text string of 1-255 characters used by the BLE to authorize to and securelty communicate with the Beacon Management Console. This token is unique for each deployment.
Range
URL of the server to which the
--
BLE sends monitoring data.
Number of consecutive missed heartbeats on a GRE tunnel (heartbeats are sent once per second on each tunnel) before an AP rebootstraps. On the controller, the GRE tunnel timeout is 1.5 x bootstrapthreshold; the tunnel is torn down after this number of seconds of inactivity on the tunnel.
1-65535
Name of an existing AP system -- profile from which parameter values are copied.
Name of domain that is
--
resolved by corporate DNS
servers. Use this parameter
when configuring split tunnel.
This parameter applies only to -- remote APs. Use double encryption for traffic to and from a wireless client that is connected to a tunneled SSID.
When enabled, all traffic is reencrypted in the IPsec tunnel. When disabled, the wireless frame is only encapsulated inside the IPsec tunnel.
All other types of data traffic between the controller and the AP (wired traffic and traffic from a split-tunneled SSID) are always encrypted in the IPsec tunnel.
(For debugging purposes.)
--
Specifies the server to receive
a core dump generated when
an AP process crashes.
Specify an IPv4 address for the
--
802.11g radio of the controller to
allow LACP enabled switches to
Default -- 8
-- -- disabled
-- --
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
heartbeat-dscp
heartbeat-in <secs>
led-mode normal off
lms-hold-downperiod lms-ip
Description
Range
send traffic for the two controller radios on different links. Recommended value for this parameter is <LMS-IP_addr>+1.
NOTE: This parameter is deprecated in ArubaOS 6.4.2.0.
Define the DSCP value of AP heartbeats.
Use this feature to prioritize AP heartbeats and prevent the AP from losing connectivity with the controller over high-latency or
low-bandwidth WAN connections.
0-63
Set the interval between heartbeat messages between a remote or campus AP and its associated controller. An increase in the heartbeat interval increases the time it will take for an AP to detect the loss in connectivity to the controller, but can reduce internet bandwidth consumed by a remote AP.
1-60 secs
The operating mode for the AP LEDs. This option is available on all 802.11n indoor AP platforms.
Display LEDs in normal mode.
Turn off all LEDs.
Time, in seconds, that the primary LMS must be available before an AP returns to that LMS after failover.
1-3600
In multi-controller networks,
--
this parameter specifies the IP
address of the local
management switch (LMS)--
the Dellcontroller--which is
responsible for terminating
user traffic from the APs, and
processing and forwarding the
traffic to the wired network.
This can be the IP address of
the local or master controller.
Default 0 1 sec normal 600 seconds --
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap system-profile | 230
Parameter
lms-ipv6
lms-ping-interval
lms-preemption maintenancemode 231 | ap system-profile
Description
Range
When using redundant controllers as the LMS, set this parameter to be the VRRP IP address to ensure that APs always have an active IP address with which to terminate sessions.
Default
NOTE: If the LMS-IP is blank, the access point will remain on the controller that it finds using methods like DNS or DHCP. If an IP address is configured for the LMS IP parameter, the AP will be immediately redirected to the controller at that address.
In multi-controller ipv6
--
networks, specifies the IPv6
address of the local
management switch (LMS)--
the controller--which is
responsible for terminating
user traffic from the APs, and
processing and forwarding the
traffic to the wired network.
This can be the IP address of
the local or master controller.
When using redundant controllers as the LMS, set this parameter to be the VRRP IP address to ensure that APs always have an active IP address with which to terminate sessions.
Specifies the interval at which application level ping needs to be sent to primary controller to check the reachability. Applicable only for RAP.
NOTE: If this parameter is changed, UDP session timeout on an intermediate router which performs NATing should be set accordingly. The preferred timeout value is (lms-pinginterval + 30sec).
10-60 seconds
Automatically reverts to the
--
primary LMS IP address when
it becomes available.
-- 20 seconds disabled
Enable or disable AP maintenance mode.
disabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
max-request-re tries
mtu native-vlan-id no number-ipsec-retries
rap-bw-total rap-bw-resv-1 rap-bw-resv-2 rap-bw-resv-3
Description
Range
This setting is useful when deploying, maintaining, or upgrading the network.
If enabled, APs stop flooding unnecessary traps and syslog messages to network management systems or network operations centers when deploying, maintaining, or upgrading the network. The controller still generates debug syslog messages if debug logging is enabled.
Maximum number of times to retry AP-generated requests, including keepalive messages. After the maximum number of retries, the AP either tries the IP address specified by the bkup-lms-ip (if configured) or reboots.
1-65535
MTU, in bytes, on the wired link for the AP.
1024-1578
Native VLAN for bridge mode
--
virtual APs (frames on the
native VLAN are not tagged
with 802.1q tags).
Negates any configured
--
parameter.
The number of times the AP will attempt to recreate an IPsec tunnel with the master controller before the AP will reboot. A value of 0 disables the reboot.
1-1000
This is the total reserved uplink -- bandwidth (in Kilobits per second).
Session ACLs with uplink
--
bandwidth reservation in
kilobits per second. You can
specify up to three session ACLs to reserve uplink
--
bandwidth. The sum of the
three uplink bandwidths should
not exceed the rap-bw-total --
value.
Default
10
-- 1 -- 85 -- -- -- --
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap system-profile | 232
Parameter rap-dhcpdefault-router rap-dhcp-dnsserver rap-dhcp-lease
rap-dhcp-poolend
rap-dhcp-poolnetmask
rap-dhcp-poolstart
rap-dhcp-server-id
Description
IP address for the default DHCP router.
IP address of the DNS server.
Range --
--
The amount of days that the assigned IP address is valid for the client. Specify the lease in <days>.
0 indicates the IP address is always valid; the lease does not expire.
0-30
Configures a DHCP pool for
--
remote APs. This is the last IP
address of the DHCP pool.
Configures a DHCP pool for
--
remote APs. This is the
netmask used for the DHCP
pool.
Configures a DHCP pool for
--
remote APs. This is the first IP
address of the DHCP pool.
IP address used as the DHCP
--
server identifier.
Default 192.168.11.1 192.168.11.1 0
192.168.11.2 54 255.255.255. 0
192.168.11.2
192.168.11.1
rap-dhcp-server-vlan
rap-gre-mtu rap-local-network-access
VLAN ID of the remote AP
--
--
DHCP server used if the
controller is unavailable. This
VLAN enables the DHCP server
on the AP (also known as the
remote AP DHCP server VLAN).
If you enter the native VLAN ID,
the DHCP server is
unavailable.
Configures the maximum size of the GRE packets exchanged between a RAP and the controller.
1024-1578 bytes 1200 bytes
Enable or disable local network -- access across VLANs in a Remote-AP.
disabled
233 | ap system-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
request-retryinterval
Description
Range
Interval, in seconds, between the first and second retries of AP-generated requests. If the configured interval is less than 30 seconds, the interval for subsequent retries is increased up to 30 seconds.
1-65535
rf-band
For APs that support both a
a/g
and b/g RF bands, RF band in
which the AP should operate:
l g = 2.4 GHz
l a = 5 GHz
rtls-server
Enables the AP to send RFID
--
tag information to an RTLS
server.
ip-or-dns
IP address or the DNS of the
--
RTLS server to which location
reports are sent.
port
Port number on the server to
--
which location reports are
sent.
key
Shared secret key.
--
station-message-frequency Indicates how often packets are sent to the server.
1-3600
include-unassoc-sta
session-acl shell-passwd
RTLS station reporting includes -- information for APs and the clients that the AP has detected. If you include theinclude-unassoc-sta parameter, the station reports will also include information about clients not associated to any AP. By default, unassociated clients are not included in station reports.
Session ACL configured with
--
the ip access-list session
command.
NOTE: This parameter requires the PEFNG license.
Sets a username and
--
password for the AP console.
spanning-tree
Enables the spanning-tree pro-
--
tocol.
Default 10 seconds
g
-- -- -- -- 30 seconds disabled
-- 1500 bytes disabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap system-profile | 234
Parameter syscontact
telnet
Description
SNMP system contact information.
Range --
Enable or disable telnet to the
--
AP.
Default --
disabled
Usage Guidelines
The AP system profile configures AP administrative operations, such as logging levels.
Example
For deployments running ArubaOS 6.3.1.x-6.4.1.x, execute the following commands to configure the LACP parameters (LMS IP and the GRE striping IP) on an AP system profile. (host) (config) #ap system-profile LACP (host) (AP system profile "LACP") #lms-ip 192.0.2.1 (host) (AP system profile "LACP") #gre-striping-ip 192.0.2.2
For deployments running ArubaOS 6.4.2.x and later, execute the following commands to configure LACP and AP LACP LMS map information settings. (host) (config) #ap system-profile LACP (host) (AP system profile "LACP") #lms-ip 192.0.2.1 (host) (AP system profile "LACP") #exit (host) (config) #ap-lacp-striping-ip (host) (AP LACP LMS map information) #striping-ip 192.0.2.2 lms 192.0.2.1 (host) (AP LACP LMS map information) #aplacp-enable
For more information on configuring LACP support, including important pre-deployment considerations and troubleshooting information, refer to the ArubaOS User Guide.
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.2
Support for additional RTLS servers and remote AP enhancements was introduced.
ArubaOS 3.3.2
l Maintenance-mode parameter was introduced. l Multiple remote AP DHCP server enhancements were introduced. l Support for RFprotect server and backup server configuration was
introduced. l The mms-rtls-server parameter was deprecated in ArubaOS 3.3.2.
ArubaOS 5.0
The master-ip, rfprotect-server-ip and rfprotect-bkup-server parameters were deprecated.
ArubaOS 6.0
Added support for the option to set the RF scanning band (am-scan-rf-band).
235 | ap system-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Release ArubaOS 6.2 ArubaOS 6.2.1.3 ArubaOS 6.3
ArubaOS 6.3.1 ArubaOS 6.4.2.0
ArubaOS 6.4.3.0
Modification
The keepalive-interval parameter was deprecated.
The default number of IPsec retries defined by number_ipsec_retries was reduced from 360 to 85.
The root-ap parameter was deprecated. This parameter identifies the root AP in a hierarchy of Remote APs.
l The aeroscout-rtls-server include-unassoc-sta parameter was introduced.
l The spanning-tree and heartbeat-in parameters were introduced. l The rtls-serverip and aeroscout-rtls-server ip parameters were modified
to rtls-server ip-or-dns and aeroscout-rtls-server ip-or-dns.
The gre-striping-ip parameter was introduced.
The gre-striping-ip parameter was deprecated. GRE striping IP settings are defined using the ap-lacp-striping-ip command. The system-message-frequency parameter now accepts a value in the range of 1-3600 seconds.
The following new parameters were introduced: l ap-arp-attack-protection l mcast-aggr l mcast-aggr-allowed-vlan l ap-usb-power-override l shell-passwd l bkup-band l bkup-mode l bkup-password l ble-token l ble-url
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system, except for noted parameters
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap system-profile | 236
ap wipe out flash
ap wipe out flash ap-name <ap-name> ip-addr <ip-addr>
Description
Overwrite the entire AP compact flash, destroying its contents (including the current image file).
Syntax
Parameter ap-name
ip-addr
Description
Wipe out the flash of the AP with the specified name.
Range --
Wipe out the flash of the AP with the specified IP -- address.
Default --
--
Usage Guidelines
Use this command only under the supervision of Dell technical support. If you delete the current image in the AP's flash memory, the AP will not function until you reload another image.
Command History
This command was introduced in ArubaOS 3.3.2.
Command Information
Platforms
All platforms running ArubaOS 3.3.2.x-FIPS or later.
Licensing Base operating system
Command Mode Config mode on master controllers
237 | ap wipe out flash
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap wired-ap-profile
ap wired-ap-profile <profile> broadcast clone <profile> forward-mode {bridge|split-tunnel|tunnel} no ... switchport access vlan <vlan> | {mode access|trunk} |trunk {allowed vlan <list>| add <list> | except <list> | remove <list>}| native vlan <vlan> trusted wired-ap-enable
Description
This command configures a wired AP profile.
Syntax
Parameter <profile> broadcast clone forward-mode
tunnel
bridge
split-tunnel
Description
Name of this instance of the profile. The name must be 1-63 characters.
Forward broadcast traffic to this tunnel.
Name of an existing wired AP profile from which parameter values are copied.
This parameter controls whether data is tunneled to the controller using generic routing encapsulation (GRE), bridged into the local Ethernet LAN (for remote APs), or a combination thereof depending on the destination (corporate traffic goes to the controller, and Internet access remains local). All forwarding modes support band steering, TSPEC/TCLAS enforcement, 802.11k and station blacklisting.
In this default forwarding mode, the AP handles all 802.11 association requests and responses, but sends all 802.11 data packets, action frames and EAPOL frames over a GRE tunnel to the controller for processing. The controller removes or adds the GRE headers, decrypts or encrypts 802.11 frames and applies firewall rules to the user traffic as usual.
802.11 frames are bridged into the local Ethernet LAN. When a remote AP or campus AP is in bridge mode, the AP handles all 802.11 association requests and responses, encryption/decryption processes, and firewall enforcement. The 802.11e and 802.11k action frames are also processed by the AP, which then sends out responses as needed.
An AP in bridge mode supports only the 802.1X authentication type. NOTE: Virtual APs in bridge mode using static WEP should use key slots 2-4 on the controller. Key slot 1 should only be used with Virtual APs in tunnel mode.
802.11 frames are either tunneled or bridged, depending on the destination (corporate traffic goes to the controller, and Internet access remains local). An AP in split-tunnel mode supports only the 802.1X authentication type.
An AP in split-tunnel forwarding mode handles all 802.11 association requests and responses, encryption/decryption, and firewall enforcement. The 802.11e and 802.11k action frames are also processed by the AP, which then sends out responses as needed.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap wired-ap-profile | 238
Parameter no
Description
NOTE: Virtual APs in split-tunnel mode using static WEP should use key slots 2-4 on the controller. Key slot 1 should only be used with Virtual APs in tunnel mode.
Negates any configured parameter.
switchport
Configures the switching mode characteristics for the port.
access
The VLAN to which the port belongs. The default is VLAN 1.
mode
The mode for the port, either access or trunk mode. The default is access mode.
trunk allowed
Allows multiple VLANs on the port interface. You must define this parameter using VLAN IDs or VLAN names VLAN IDs and VLAN names cannot be listed together.
trunk native
The native VLAN for the port (frames on the native VLAN are not tagged with 802.1q tags).
trusted
Sets port as either trusted or untrusted. The default setting is untrusted.
wired-ap-enable
Enables the wired AP. The wired AP is disabled by default.
Usage Guidelines
This command is only applicable to Dell APs that support a second Ethernet port. The wired AP profile configures the second Ethernet port (enet1) on the AP.
For mesh deployments, this command is applicable to all Dell APs configured as mesh nodes. If you are using mesh to join multiple Ethernet LANs, configure and enable bridging on the mesh point Ethernet port.
Mesh nodes only support bridge mode and tunnel mode on their wired ports (enet0 or enet1). Split tunnel mode is not supported.
Use the bridge mode to configure bridging on the mesh point Ethernet port. Use tunnel mode to configure secure jack operation on the mesh node Ethernet port.
When configuring the Ethernet ports on APs with multiple Ethernet ports, note the following requirements:
l If configured as a mesh portal, connect enet0 to the controller to obtain an IP address. The wired AP profile controls enet1.Only enet1 supports secure jack operation.
l If configured as a mesh point, the same wired AP profile will control both enet0 and enet1.
Example
The following command configures the enet1 port on a multi-port AP as a trunk port: (host) (config) #ap wired-ap-profile wiredap1
switchport mode trunk switchport trunk allowed 4,5
239 | ap wired-ap-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 3.0 ArubaOS 3.2 ArubaOS 6.0
Modification Command introduced The split-tunnel forwarding mode was introduced. Wired ports on campus APs support bridge forwarding mode.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system, except for noted parameters
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap wired-ap-profile | 240
ap wired-port-profile
ap wired-port-profile <profile> aaa-profile <profile> authentication-timeout <seconds> clone enet-link-profile <profile> lldp-profile <profile> no rap-backup shutdown spanning-tree wired-ap-profile <profile>
Description
This command configures a wired port profile.
Syntax
Parameter aaa-profile <profile>
Description
Name of a AAA profile to be used by devices connecting to the AP's wired port.
authentication-timeout
Authentication timeout value, in seconds, for devices connecting the AP's wired port. The supported range is 1-65535 seconds, and the default value is 20 seconds.
clone <profile>
Create a new AP wired port profile based upon the values of an existing profile.
enet-link-profile <profile>
Specify an Ethernet link profile to be used by devices associated with this wired port profile. The Ethernet link profile defines the duplex value and speed to be used by the port.
lldp-profile <profile> no
Specify an LLDP profile to be used by devices associated with this wired port profile. The LLDP profile specifies the type-length-value (TLV) elements to be sent in LLDP PDUs.
Negates any defined parameter
rap-backup
Use the rap-backup parameter to use the wired port on a Remote AP for local connectivity and troubleshooting when the AP cannot reach the controller. If the AP is not connected to the controller, no firewall policies will be applied when this option is enabled. (The AAA profile will be applied when the AP is connected to controller).
shutdown
Disable the wired AP port.
spanning-tree wired-ap-profile <profile>
Enables the spanning-tree protocol.
Name of a wired AP profile to be used by devices connecting the AP's wired port. The wired AP profile defines the forwarding mode and switchport values used by the port.
241 | ap wired-port-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Usage Guidelines
This command is only applicable to APs with Ethernet ports. Issue this command to enable or disable the wired port, define an AAA profile for wired port devices, and associate the port with an ethernet link profile that defines its speed and duplex values.
Example
The following command defines a AAA profile for wired port devices: (host) (config) #ap wired-port-profile wiredport1
aaa-profile default-open authentication-timeout 30 wired-ap-profile wiredap1
Command History
Release ArubaOS 6.0
Modification Command introduced
ArubaOS 6.3
The spanning-tree parameter was added.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system, except for noted parameters
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap wired-port-profile | 242
apboot
apboot {all [global|local]|ap-group <group> [global|local]|ap-name <name>|ip-addr <ipaddr>|wired-mac <macaddr>}
Description
This command reboots the specified APs.
Syntax
Parameter all global local
ap-group global local
ap-name ip-addr wired-mac
Description Reboot all APs. Reboot APs on all controllers. Reboot only APs registered on this controller. This is the default. Reboot APs in a specified group. Reboot APs on all controllers. Reboot only APs registered on this controller. This is the default. Reboot the AP with the specified name. Reboot the AP at the specified IP address. Reboot the AP at the specified MAC address.
Default all global local
ap-group global local
ap-name ip-addr wired-mac
Usage Guidelines
You should not normally need to use this command as APs automatically reboot when you reprovision them. Use this command only when directed to do so by your Dell representative.
Example
The following command reboots a specific AP: (host)(config)# apboot ap-name Building3-Lobby
Command History
This command was introduced in ArubaOS 3.0.
243 | apboot
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
apboot | 244
apconnect
apconnect {ap-name <name>|bssid <bssid>|ip-addr <ipaddr>} parent-bssid <bssid>
Description
This command instructs a mesh point to disconnect from its current parent and connect to a new parent.
Syntax
Parameter ap-name <name> bssid <bssid> ip-addr <ipaddr> parent-bssid <bssid>
Description Specify the name of the mesh point to be connected to a new parent. Specific the BSSID of the mesh point to be connected to a new parent. Specific the IP address of the mesh point to be connected to a new parent. BSSID of the parent to which the mesh point should connect.
Usage Guidelines
To maintain a mesh topology created using the apconnect command, Dell suggests setting the mesh reselection-mode to reselect-never, otherwise the normal mesh reselection mechanisms could break up the selected topology.
Example
The following command connects the mesh point "meshpoint1" to a new parent with the specified BSSID. (host) (config) #apconnect ap-name meshpoint1 parent-bssid 00:12:6d:03:1c:f1
Related Commands
Command
ap mesh-radioprofilereselectionmodereselect-never
Description
Use this command to prevent the AP from reselecting a new parent.
Mode
Enable or Config mode
Command History
This command was introduced in ArubaOS 3.4.1
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master controllers
245 | apconnect
Dell Networking W-Series ArubaOS 6.4.x | User Guide
apdisconnect
apdisconnect {ap-name <name>|bssid <bssid>|ip-addr <ipaddr>}
Description
This command disconnects a mesh point from its parent.
Syntax
Parameter ap-name bssid ip-addr
Description Specifies the name of the parent AP. Specifies the BSSID of the parent AP. Specifies the IP address of the parent AP.
Usage Guidelines
Each mesh point learns about the mesh portal from its parent (a mesh node that is part of the path to the mesh portal). This command directs a mesh point to disassociate from its parent. The mesh point will attempt to associate with another neighboring mesh node, if available. The old parent is not eligible for re-association for 60 seconds after disconnection.
Example
The following command disconnects a specific mesh point from its parent: (host) (config) #apdisconnect ap-name meshpoint1
Related Commands
Command apconnect
Description
This command connects a mesh point to a new specified parent.
Mode Enable or Config mode
Command History
This command was introduced in ArubaOS 3.2
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
apdisconnect | 246
apflash [deprecated]
apflash all|{ap-group <group>}|{ap-name <name>}|{ip-addr <ipaddr>}|{wired-mac <macaddr>} global|local [backup-partition] [server <ipaddr>]
Description
This command reflashes the specified AP. Starting with ArubaOS 6.1, this command can only be run by Dell Technical Support or users in support mode.
Command History
Version ArubaOS 3.0
Description Command introduced
ArubaOS 6.0
The global and local parameters were introduced.
ArubaOS 6.1
Command deprecated
Dell Networking W-Series ArubaOS 6.4.x | User Guide
apflash [deprecated] | 248
ap-group
ap-group <group> ap-system-profile <profile> authorization-profile <profile> clone <profile> dot11a-radio-profile <profile> dot11a-traffic-mgmt-profile <profile> dot11g-radio-profile <profile> dot11g-traffic-mgmt-profile <profile> enet0-port-profile <profile> enet1-port-profile <profile> enet2-port-profile <profile> enet3-port-profile <profile> enet4-port-profile <profile> event-thresholds-profile <profile> ids-profile <profile> mesh-cluster-profile <profile> priority <priority> mesh-radio-profile <profile> no ... regulatory-domain-profile <profile> rf-optimization-profile <profile> virtual-ap <profile> voip-cac-profile <profile>
Description
This command configures an AP group.
Syntax
Parameter <group>
ap-system-profile
authorization-profile clone dot11a-radio-profile
Description
Range
Name that identifies the AP group. The
--
name must be 1-63 characters.
NOTE: You cannot use quotes (") in the AP group name.
Configures AP administrative operations, -- such as logging levels. See ap systemprofile on page 226.
Restrictive group for unauthorized AP.
--
Name of an existing AP group from which -- profile names are copied.
Configures 802.11a radio settings and
--
load balancing for the AP group; contains
the ARM profile. See rf dot11a-radio-
profile on page 752.
Default "default"
"default" -- -- "default"
249 | ap-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
dot11a-traffic-mgmt-profile
Configures bandwidth allocation. See wlan traffic-management-profile on page 2334.
Range --
dot11g-radio-profile
Configures 802.11g radio settings and
--
load balancing for the AP group; contains
the ARM profile. See rf dot11a-radio-
profile on page 752.
dot11g-traffic-mgmt-profile Configures bandwidth allocation. See
--
wlan traffic-management-profile on page
2334.
enet0-port-profile
Configures the duplex and speed of the
--
Ethernet interface 0 on the AP. For
information on how these profiles are
defined, see ap wired-port-profile on
page 241.
enet1-port-profile
Configures the duplex and speed of the
--
Ethernet interface 1 on the AP. For
information on how these profiles are
defined, see ap wired-port-profile on
page 241.
enet2-port-profile
Configures the duplex and speed of an
--
Ethernet interface 2 on the AP. These
profiles are defined using the command
ap wired-port-profile on page 241.
enet3-port-profile
Configures the duplex and speed of an
--
Ethernet interface 3 on the AP. These
profiles are defined using the command
ap wired-port-profile on page 241.
enet4-port-profile
Configures the duplex and speed of an
--
Ethernet 4 interface on the AP. For
information on how these profiles are
defined, see ap wired-port-profile on
page 241.
event-thresholds-profile
Configures Received Signal Strength
--
Indication (RSSI) metrics. See rf event-
thresholds-profile on page 776.
ids-profile
Configures Dell's Intrusion Detection
--
System (IDS). See ids profile on page 439.
Default -- "default" -- "default"
"default"
"default" "default" "default"
"default" "default"
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap-group | 250
Parameter mesh-cluster-profile
priority
mesh-radio-profile
no regulatory-domain-profile rf-optimization-profile virtual-ap voip-cac-profile
Description
Range
Configures the mesh cluster profile for
--
mesh nodes that are members of the AP
group. There is a "default" mesh cluster
profile; however, it is not applied until you
provision the mesh node. See ap mesh-
cluster-profile on page 191.
Configures the priority of the mesh cluster profile. If more than two mesh cluster profiles are configured, mesh points use this number to identify primary and backup profile(s).
The lower the number, the higher the priority.
1-16
Configures the 802.11g and 802.11a
--
radio settings for mesh nodes that are
members of the AP group. See ap mesh-
ht-ssid-profile on page 193.
Commands to configure mesh for outdoor APs require the Outdoor Mesh license.
Negates any configured parameter.
--
Configures the country code and valid
--
channels. See ap regulatory-domain-
profile on page 217.
Configure coverage hole and interference -- detection. See rf optimization-profile on page 782.
One or more profiles, each of which
--
configures a specified WLAN. See wlan
virtual-ap on page 2341.
Configures voice over IP (VoIP) call
--
admission control (CAC) options. See
wlan voip-cac-profile on page 2354.
This parameter requires the PEFNG license.
Default "default"
1
"default"
-- "default" "default" "default" "default"
Usage Guidelines
AP groups are at the top of the configuration hierarchy. An AP group collects virtual AP definitions and configuration profiles, which are applied to APs in the group.
Example
The following command configures a virtual AP profile to the "default" AP group: (host)(config) #ap-group default
virtual-ap corpnet
251 | ap-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands
View AP group settings using the command show ap-group.
Command History:
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.2
Support for the mesh parameters was introduced
ArubaOS 3.4.1
The voip-cac-profile parameter required the PEF license.
ArubaOS 5.0
The voip-cac-profile parameter requires the PEFV license.
ArubaOS 6.0
The enet-port-profile parameters parameters were introduced.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system, except for noted parameters
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap-group | 252
ap-leds
ap-leds {all | ap-group <ap-group> | ap-name <ap-name> | ip-addr <ip address> | wired-mac <mac address>} {global blink|normal}|{local blink|normal}
Description
This command allows you to set the behavior of an AP's LEDs.
Syntax
Parameter all
Description Controls the LED behavior for all APs
ap-group <ap-group>
Controls the LED behavior for APs in the specified group
ap-name <ap-name>
Controls the LED behavior for the AP with the specified name
ip-addr <ip-addr>
Controls the LED behavior for the AP with the specified IP address
wired-mac <mac-addr> Controls the LED behavior for the AP with the specified MAC address
global
Selects all APs on all controllers
local
Selects all APs registered on this controller
blink
Causes the LEDs to blink for identification
normal
Restores the LEDs to their normal behavior
Usage Guidelines
Use the ap-leds command to make the LEDs on a defined set of APs either blink or display in the currently configured LED operating mode. Note that if the LED operating mode defined in the AP's system profile is set to "off", then the normal parameter in the ap-leds command will disable the LEDs. If the LED operating mode in the AP system profile is set to "normal" then the normal parameter in this command will allow the LEDs light as usual.
Example
The following command causes all local APs to blink their LEDs for identification purposes: ap-leds all local blink
Command History
Release ArubaOS 3.0
Modification Command introduced
253 | ap-leds
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap-leds | 254
ap-move
ap-move all ap-group <ap-group> ap-name <ap-name>
Description
When HA is enabled, use this command to move an AP or group of APs to their standby controller.
Syntax
Parameter all
Description Move all APs.
ap-group <ap-group> Move all APs belonging to the specified AP group.
ap-name <ap-name>
Move the specified AP.
Usage Guidelines
When HA is enabled on a pair of controllers, this command should be used when it is necessary to move a single AP, all APs in an ap-group, or all APs to switchover to their standby controller without an actual failure of the active controller. For example, this allows the network admin to manually move one or more APs to their standby controller and perform a planned upgrade or maintenance on the active controller.
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms Available on all platforms.
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
255 | ap-move
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap-name
ap-name <name> ap-system-profile <profile> authorization-profile <profile> clone <profile> dot11a-radio-profile <profile> dot11a-traffic-mgmt-profile <profile> dot11g-radio-profile <profile> dot11g-traffic-mgmt-profile <profile> enet0-profile <profile> enet1-profile <profile> event-thresholds-profile <profile> exclude-mesh-cluster-profile-ap <profile> exclude-virtual-ap <profile> ids-profile <profile> mesh-cluster-profile <profile> priority <priority> mesh-radio-profile <profile> no ... regulatory-domain-profile <profile> rf-optimization-profile <profile> snmp-profile <profile> virtual-ap <profile> voip-cac-profile <profile>
Description
This command configures a specific AP.
Syntax
Parameter <name>
ap-system-profile authorization-profile clone dot11a-radio-profile
Description
Default
Name that identifies the AP. By default, an AP's
--
name can either be the AP's Ethernet MAC address,
or if the AP has been previously provisioned with an
earlier version of ArubaOS, a name in the format
<building>.<floor>.<location>. The name must be 1-
63 characters.
NOTE: You cannot use quotes (") in the AP name.
Configures AP administrative operations, such as logging levels. See ap system-profile on page 226.
Restrictive group for unauthorized AP.
Name of an existing AP name from which profile names are copied.
"default"
-- --
Configures 802.11a radio settings for the AP group; contains the ARM profile. See rf dot11a-radio-profile on page 752.
"default"
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap-name | 256
Parameter dot11a-traffic-mgmt-profile
Description
Configures bandwidth allocation. See wlan trafficmanagement-profile on page 2334.
Default --
dot11g-radioprofile
Configures 802.11g radio settings for the AP group; contains the ARM profile. See rf dot11a-radio-profile on page 752.
"default"
dot11g-trafficmgmt-profile
Configures bandwidth allocation. See wlan traffic-
--
management-profile on page 2334.
enet0-profile
Configures the duplex and speed of the Ethernet 0 interface on the AP. See ap enet-link-profile on page 178.
"default"
enet1-profile
Configures the duplex and speed of the Ethernet 1 interface on the AP. See ap enet-link-profile on page 178.
"default"
event-thresholds-profile
Configures Received Signal Strength Indication (RSSI) metrics. See rf event-thresholds-profile on page 776.
"default"
exclude-mesh-cluster-profile-ap Excludes the specified mesh cluster profile from this -- AP.
The Secure Enterprise Mesh license must be installed.
exclude-virtual-ap
Excludes the specified virtual AP profiles from this AP.
ids-profile
Configures Dell's Intrusion Detection System (IDS). See ids profile on page 439.
"default"
mesh-cluster-profile
Configures the mesh cluster profile for the AP (mesh node). There is a "default" mesh cluster profile; however, it is not applied until you provision the mesh node. See ap mesh-cluster-profile on page 191.
The Secure Enterprise Mesh license must be installed.
"default"
priority
Configures the priority of the mesh cluster profile. If 1 more than two mesh cluster profiles are configured, mesh points use this number to identify primary and backup profile(s).
The supported range of values is 1-16. The lower the number, the higher the priority.
mesh-radio-profile
Configures the 802.11g and 802.11a radio settings for the AP (mesh node). See ap mesh-ht-ssid-profile on page 193.
"default"
257 | ap-name
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
no regulatory-domain-profile rf-optimization -profile snmp-profile virtual-ap voip-cac-profile
Description
The Secure Enterprise Mesh license must be installed.
Default
Negates any configured parameter.
--
Configures the country code and valid channels. See ap regulatory-domain-profile on page 217.
"default"
Configures load balancing and coverage hole and interference detection. See rf optimization-profile on page 782.
"default"
Configures SNMP-related parameters. See ap snmpprofile (deprecated) on page 221.
"default"
One or more profiles, each of which configures a specified WLAN. See wlan virtual-ap on page 2341.
"default"
Configures voice over IP (VoIP) call admission control (CAC) options. See wlan voip-cac-profile on page 2354.
This parameter requires the PEFNG license.
"default"
Usage Guidelines
Profiles that are applied to an AP group can be overridden on a per-AP name basis, and virtual APs can be added or excluded on a per-AP name basis. If a particular profile is overridden for an AP, all parameters from the overriding profile are used. There is no merging of individual parameters between the AP and the AP group to which the AP belongs.
Example
The following command excludes a virtual AP profile from a specific AP: (host) (config) #ap-name 00:0b:86:c0:cf:d8
exclude-virtual-ap corpnet
Related Commands
View AP settings using the command show ap-name.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap-name | 258
Command History:
Release ArubaOS 3.0 ArubaOS 3.2 ArubaOS 3.4
Modification
Command introduced
Support for mesh parameters was introduced.
License requirements changed in ArubaOS 3.4.1, so the voip-cac-profile parameter required the PEF license instead of the Voice Services Module license required in earlier versions.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
259 | ap-name
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap-regroup
ap-regroup {ap-name <name>|serial-num <num>|service-tag <service-tag>|wired-mac <macaddr>} <group>
Description
This command moves a specified AP into a group.
Syntax
Parameter ap-name serial-num service-tag wired-mac <group>
Description Name of the AP.
Serial number of the AP. Service tag of the AP. MAC address of the AP.
Name that identifies the AP group. The name must be 1-63 characters.
Default -- -- -- -- "default"
Usage Guidelines
All APs discovered by the controller are assigned to the "default" AP group. An AP can belong to only one AP group at a time. You can move an AP to an AP group that you created with the ap-group command.
This command automatically reboots the AP.
Example
The following command moves an AP to the `corpnet' group: (host)(config) #ap-regroup wired-mac 00:0f:1e:11:00:00 corpnet
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.4.2.0
The service-tag parameter was introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap-regroup | 260
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master controllers
261 | ap-regroup
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap-rename
ap-rename {ap-name <name>|serial-num <num>|service-tag <service-tag>|wired-mac <macaddr>} <new-name>
Description
This command changes the name of an AP to the specified new name.
Syntax
Parameter ap-name serial-num service-tag wired-mac <new-name>
Description Current name of the AP. Serial number of the AP. Service tag of the AP. MAC address of the AP. New name for the AP. The name must be 1-63 characters. NOTE: You cannot use quotes (") in the AP name.
Usage Guidelines
An AP name must be unique within your network.
This command automatically reboots the AP.
Example
The following command renames an AP: (host) (config) #ap-rename wired-mac 00:0f:1e:11:00:00 building3-lobby
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.4.2.0
The service-tag parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap-rename | 262
263 | ap-rename
Dell Networking W-Series ArubaOS 6.4.x | User Guide
app lync traffic-control
app lync traffic-control <profile-name> clone <source> no ... prioritize-desktop-sharing prioritize-file-transfer prioritize-video prioritize-voice
Description
This command creates a traffic control profile that allows the controller to recognize and prioritize a specific type of Lync traffic in order to apply QoS through the Lync Application Layer Gateway (ALG).
Syntax
Parameter
Description
clone
Copy configuration from another traffic control prioritization profile.
no ...
Include this parameter to disable Lync ALG for the specified traffic type.
prioritizedesktop-sharing
Issue this command to enable or disable prioritization of desktop-sharing traffic by Lync ALG.
prioritize-file- Issue this command to enable or disable prioritization of file-transfer traffic by Lync ALG. transfer
prioritize-video Issue this command to enable or disable prioritization of video traffic by Lync ALG.
prioritize-voice Issue this command to enable or disable prioritization of voice traffic by Lync ALG.
Example
All Lync traffic types are recognized and prioritized by default. The following commands disables Lync ALG prioritization for desktop sharing traffic. (host) (config) #app lync traffic-control default (host) (Traffic Control Prioritization Profile "default") #no prioritize-desktop-sharing
Related Commands
Command History
Command
show ucc configuration traffic-control lync <profilename>
Description Displays the Lync traffic control profile configuration in the controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
app lync traffic-control | 264
Version ArubaOS 6.4
Description
Command introduced. NOTE: This command replaces app lync traffic-control (deprecated).
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config mode on master or local controllers
265 | app lync traffic-control
Dell Networking W-Series ArubaOS 6.4.x | User Guide
app lync traffic-control (deprecated)
app lync traffic-control no ... prioritize desktop-sharing prioritize file-transfer prioritize video prioritize voice
Description
This command allows the controller to recognize and prioritize a specific type of Lync traffic in order to apply QoS through the Lync Application Layer Gateway (ALG).
Command History
Version ArubaOS 6.3
Description Command introduced.
ArubaOS 6.4
Command deprecated.
NOTE: This command is replaced by app lync traffic-control <profilename>.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
app lync traffic-control (deprecated) | 266
arm move-sta
arm move-sta <client-mac> <newbssid>
Description
This command moves a client station to another BSSID.
Syntax
Parameter <mac> <newbssid>
Description MAC address of the client to be moved to another BSSID BSSID of the AP to which the client should associate.
Usage Guidelines
Issue this command to manually move a client to a different BSSID
Example
The following command moves a client with the MAC address 00:0B:86:01:7A:C0 to the BSSID 00:1C:B3:09:85:15. (host) (config) #arm move-sta 00:0B:86:01:7A:C0 00:1C:B3:09:85:15
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
267 | arm move-sta
Dell Networking W-Series ArubaOS 6.4.x | User Guide
arp
arp <ipaddr> <macaddr>
Description
This command adds a static Address Resolution Protocol (ARP) entry.
Syntax
Parameter <ipaddr> <macaddr>
Description IP address of the device to be added. Hardware address of the device to be added, in the format xx:xx:xx:xx:xx:xx.
Usage Guidelines
If the IP address does not belong to a valid IP subnetwork, the ARP entry is not added. If the IP interface that defines the subnetwork for the static ARP entry is deleted, you will be unable to use the arp command to overwrite the entry's current values; use the no arp command to negate the entry and then enter a new arp command.
Example
The following command configures an ARP entry: (host) (config) #arp 10.152.23.237 00:0B:86:01:7A:C0
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
arp | 268
audit-trail
audit-trail [all]
Description
This command enables an audit trail.
Syntax
Parameter all
Description
Enables audit trail for all commands, including enable mode commands. The audit-trail command without this option enables audit trail for all commands in configuration mode.
Usage Guidelines
By default, audit trail is enabled for all commands in configuration mode. Use the show audit-trail command to display the content of the audit trail.
Example
The following command enables an audit trail: (host) (config) #audit-trail
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
269 | audit-trail
Dell Networking W-Series ArubaOS 6.4.x | User Guide
backup
backup {flash|pcmcia}
Description
This command backs up compressed critical files in flash.
Syntax
Parameter flash pcmcia
Description
Backs up flash directories to flashbackup.tar.gz file.
Backs up flash images to external PCMCIA flash card. This option can only be executed on controllers that have a PCMCIA slot.
Usage Guidelines
Use the restore flash command to untar and uncompress the flashbackup.tar.gz file.
Example
The following command backs up flash directories to the flashbackup.tar.gz file: (host)(config) #backup flash
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config modes on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
backup | 270
banner motd
banner motd <delimiter> <textString>
Description
This command defines a text banner to be displayed at the login prompt when a user accesses the controller.
Syntax
Parameter <delimiter>
<textString>
Description
Indicates the beginning and end of the banner text.
The text you want displayed.
Range --
up to 1023 characters
Usage Guidelines
The banner you define is displayed at the login prompt to the controller. The banner is specific to the controller on which you configure it. The WebUI displays the configured banner at its login prompt, but you cannot use the WebUI to configure the banner.
The delimiter is a single character that indicates the beginning and the end of the text string in the banner. Select a delimiter that is not used in the text string you define, because the controller ends the banner when it sees the delimiter character repeated.
There are two ways of configuring the banner message:
l Enter a space between the delimiter and the beginning of the text string. The text can include any character except a quotation mark ("). Use quotation marks to enclose your text if you are including spaces (spaces are not recognized unless your text string is enclosed in quotation marks; without quotation marks, the text is truncated at the first space). You can also use the delimiter character within quotation marks.
l Press the Enter key after the delimiter to be placed into a mode where you can simply enter the banner text in lines of up to 255 characters, including spaces. Quotation marks are ignored.
Example
The following example configures a banner by enclosing the text within quotation marks:
(host)(config) #banner motd * "Welcome to my controller. This controller is in the production network, so please do not save configuration changes. Zach Jennings is awesome. Maintenance will be performed at 7:30 PM, so please log off before 7:00 PM."*
The following example configures a banner by pressing the Enter key after the delimiter:
(host)(config) #banner motd * Enter TEXT message [maximum of 1023 characters]. Each line in the banner message should not exceed 255 characters. End with the character '*'.
Welcome to my controller. This controller is in the production network, so please do not save configuration changes. Zach Jennings is awesome. Maintenance will be performed at 7:30 PM, so please log off before 7:00 PM.*
The banner display is as follows:
271 | banner motd
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Welcome to my controller. This controller is in the production network, so please do not save configuration changes. Zach Jennings is awesome. Maintenance will be performed at 7:30 PM, so please log off before 7:00 PM.
Command History
This command was introduced in ArubaOS 1.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
banner motd | 272
boot
boot cf-test [fast | read-only | read-write] config-file <filename> remote-node [all|ip-address <A.B.C.D] system partition [0 | 1] verbose
Description
Configure the boot options for the controller.
Syntax
Parameter cf-test
fast read-only read-write config-file <filename> remote-node all ip address <A.B.C.D> system 0 | 1
verbose
Description Sets the type of compact flash test to run when booting the controller. Performs a fast test, which does not include media testing. Performs a read-only media test. Performs a read-write media test. Sets the configuration file to use when booting the controller. Specifies the name of the configuration file from which to boot the controller. Reloads a branch controller. Reloads all branch controllers on the network. Reloads the branch controller with the specified IP address.
Enter the keyword system followed by the partition number (0 or 1) that you want the controller to use during the next boot (login) of the controller. NOTE: A controller reload is required before the new boot partition takes effect. Prints extra debugging information at boot.
Usage Guidelines
Use the following options to control the boot behavior of the controller:
l cf-test--Test the flash during boot. l config-file--Set the configuration file to use during boot. l system--Specify the system partition to use during the controller's next boot (login). l verbose--Print extra debugging information during boot. The information is sent to the screen at boot
time. Printing the extra debugging information is disabled using the no boot verbose command.
273 | boot
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Example
The following command uses the configuration file january-config.cfg the next time the controller boots: boot config-file january-config.cfg The following command uses system partition 1 the next time the controller boots: boot system partition 1
Command History
ArubaOS 1.0
Modification Introduced for the first time.
ArubaOS 6.0
The remote-node parameter was introduced.
ArubaOS 6.2
The remote-node parameter was deprecated.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
boot | 274
cellular profile
cellular profile <profile_name> dialer <group> driver acm|hso|option|sierra|ptumlusbnet import <address> modeswitch {eject <params>}|rezero no priority <1-255> serial <sernum> tty <ttyport> user <login> password <password> vendor <vend_id> product <prod_id>
Description
Create new profiles to support new USB modems or to customize USB characteristics.
Syntax
Parameter cellular profile <profile_name> dialer <group> driver acm|hso|option|sierra|ptumlusbnet
import <address> modeswitch {eject <params>}|rezero
Description
Enter the keywords cellular profile followed by your profile name. This command changes the configuration mode and the command line prompt changes to:
host (config-cellular <profile_name>)#
Enter the keyword dialer followed by a group name to specify the dialing parameters for the carrier. The parameters tend to be common between service providers on the same type of network (CDMA vs. GSM) as displayed in the show dialer group command.
Enter the keyword driver followed by one of the driver options: l acm: Linux ACM driver. l hso: Option High Speed driver. l option: Option USB data card driver (default). l sierra: Sierra Wireless driver. l ptumlusbnet: Pantech UML290 driver.
Enter the keyword import followed by the USB device address as displayed in the show usb command. Import retrieves the vendor/product serial numbers from the USB device list and populates them into the profile.
Enter the keyword modeswitch followed by either: l eject followed by the CDROM device. l rezero: Send SCSI CDROM rezero command.
275 | cellular profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
Certain cellular devices must be modeswitched before the modem switches to data mode.
no
Enter the keyword no to negate the command and
revert back to the defaults.
priority <1-255>
Enter the keyword priority to override the default cellular priority (100).
Range: 1 to 255.
Default: 100
serial <sernum>
Enter the keyword serial followed by the USB device serial number
tty <ttyport>
Enter the keyword tty followed by the Modem TTY port (i.e. ttyUSB0, ttyACM0)
user <login> password <password>
Enter the keyword user followed by your login, and then enter the keyword password followed by your password to establish user name authentication.
vendor <vend_id> product <prod_id> in hex
Enter the keyword vendor followed by the vendor ID in hexadecimal (see show usb on page 1955) and then enter the keyword product followed by the product ID listed in the show usb command.
Usage Guidelines
The cellular modems are plug-and-play and support most native USB modems. Cellular modems are activated only if it is the uplink with the highest priority (see show uplink on page 1954). However, new profiles can be created using this command to support new data cards or to customize card characteristics.
Command History
Introduced in ArubaOS 3.4.
Command Information
Platforms W-600 Series controllers
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
cellular profile | 276
clear aaa auth-survivability-cache
clear aaa auth-survivability-cache
Description
This command allows you to clear the data that is currently in the local Survival Server cache.
Usage Guidelines
The clear...cache parameter has two sub-parameters: l all: Clears all entries in the Authentication Survivability Cache. l station: Clears the entry in the Authentication Survivability Cache for a particular station.
Specify the station with its MAC address in A:B:C:D:E:F format.
Example
To clear the Auth-Survivability cache: (host)#clear aaa auth-survivability-cache <all> | <station MAC_address>
Command History
Version ArubaOS 6.4.3.0
Description Command introduced.
Command Information
Platforms
Licensing
Aruba 7000 Cloud Services Controllers
Base operating system
Command Mode
Config mode on master or local controllers
277 | clear aaa auth-survivability-cache
Dell Networking W-Series ArubaOS 6.4.x | User Guide
cfgm
cfgm {set config-chunk <kbytes>|set heartbeat <seconds>|set maximum-updates <number>|snapshottimer <minutes>|sync-command-blocks <number>|sync-typecomplete|sync-type snapshot}
Description
This command configures the configuration module on the master controller.
Syntax
Parameter set config-chunk
set heartbeat set maximum-updates
snapshot-timer sync-command-blocks sync-type complete sync-type snapshot
Description
Range
Maximum packet size, in Kilobytes, that is sent every second to the local controller whenever the master controller sends a configuration to the local. If the connection between the master and local is slow or uneven, you can lower the size to reduce the amount of data that needs to be retransmitted. If the connection is very fast and stable, you can increase the size to make the transmission more efficient.
1-100
Interval, in seconds, at which heartbeats are sent. You can increase the interval to reduce traffic load.
10-300
Maximum number of local controllers that can be updated at the same time with configuration changes. You can decrease this value if you have a busy network. You can increase this value to improve configuration synchronization.
2-25
Interval, in minutes, that the local controller waits for a configuration download from the master upon bootup or startup before loading the last snapshot configuration.
5-60
To configure the number of command-list blocks. Each block contains a list of global configuration commands for each write-mem operation.
3-10
The master sends full configuration file to the -- local.
The master sends only the incremental con-
--
figuration to the local.
NOTE: By default, this configuration is enabled.
Default 10 Kbytes
10 seconds 5
5 minutes 5 -- Enable
Dell Networking W-Series ArubaOS 6.4.x | User Guide
cfgm | 278
Usage Guidelines
By default, configuration updates on the controller are disabled to prevent any alterations to the controller configuration.
Example
The following command sets the maximum packet size as 20 KB per second whenever the master controller sends a configuration to the local : (host) (config) #cfgm set config-chunk 20
Command History
This command was introduced in ArubaOS 3.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
279 | cfgm
Dell Networking W-Series ArubaOS 6.4.x | User Guide
clear
clear aaa acl airgroup {cli-policy {all}|global-credits {statistics}|server|statistics|user} ap arm arp counters crypto datapath dot1x fault gab-db ip ipc ipv6 lldp loginsession master-local-entry master-local-session port provisioning-ap-list provisioning-params rap-wml update-counter upgrade-images voice vpdn web-cc cache <MD5-1> <MD5-2> web-cc stats wms
Description
This command clears various user-configured values from your running configuration.
Syntax
Parameter aaa
authentication-server
Description
Clear all values associated with authentication profile.
Provide authentication server details to clear values specific to an authentication server or all authentication server. Parameters: l all -- Clear all server statistics. l internal -- Clear Internal server statistics. l ldap - Clear LDAP server statistics. l radius -- Clear RADIUS server statistics. l tacacs -- Clear TACACS server statistics.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
clear | 280
Parameter device-id-cache
Description
Clear all device ID cache. Parameters: l all -- Clear all entries in the device ID cache. l mac -- Clear entries in the device ID cache for MAC address.
load-balance
Clear load balance statistics. Parameters: l statistics -- Clear load balance statistics.
multiple-server-accounting
Clear multiple server accounting statistics. Parameters: l statistics -- Clear multiple server accounting statistics.
state
Clear internal status of authentication modules. Parameters: l configuration -- Clear all configured objects. l debug-statistics -- Clear debug statistics. l messages -- Clear authentication messages that were sent and
received.
acl
Clear ACL statistics.
hits
Clear ACL hit statistics
airgroup
Clear airgroup statistics and user entries from the user table.
cli-policy all
Clears AirGroup policies except CPPM policies.
global-credits statistics Clears credits assigned to mDNS packets.
server
Clears AirGroup servers.
statistics
l blocked-queries -- Clears the statistics of service IDs which were queried but not available in the AirGroup service table.
l blocked-service-id -- Clears the statistics for the list of blocked services.
l cppm-entries -- Clears the statistics that are displayed for show airgroup cppm entries command.
l internal-state -- Clears internal state statistics of mDNS module.
l multi-controller-- Clears the statistics maintained for multicontroller message exchanges.
l query -- Clears statistics maintained in the user and server table.
281 | clear
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter user
ap arm bandwidth-management arm client-match crash-info debug
mesh port remote flash-config arm
arp counters
fastethernet
Description
l service -- Clears statistics maintained in the AirGroup service table.
l Mac Address - Clears the AirGroup server Mac addresses. l dlna - Clears the AirGroup DLNA users. l mdns - Clears the AirGroup mDNS users. l all - Removes the current AirGroup user entries from the user
table.
Clear all AP related information.
Clears AP bandwidth management table counters. An AP can be specified by ap-name, BSSID, IPv4 address, or IPv6 address.
summary -- Clears the client match summary information unsupported -- Clears the MAC address of an unsteerable client or clients.
Clears AP crash information. An AP can be specified by ap-name, IPv4 address, or IPv6 address.
l bss-dmo-stats-- Clears DMO debug statistics from a specific BSSID of an AP.
l client-stats-- Clears statistics from a client. l dot11r {efficiency-stat}-- Clears 802.11r related stats. l lldp-- Clears Link Layer Discovery Protocol. l radio-stats-- Clears aggregate radio debug statistics of an AP.
Clear all mesh commands.
Toggle the link on the specified port.
Clears the flash configuration from a specified AP. An AP can be specified by ap-name, BSSID, IPv4 address, or IPv6 address.
Clear the following types of ARM client match information l client-match-summary l client-match-unsteerable
Clear all ARP table information. You can either clear all information or enter the IP address of the ARP entry to clear a specific value.
Clear all interface configuration values.
Clears configuration related to fastethernet ports.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
clear | 282
Parameter gigabitethernet port-channel <id> tunnel vrrp [ipv6]
crypto dp ipsec sa isakmp sa stats
datapath
Description
Clears configuration related to fastethernet ports.
Clears statistics related to a port-channel.
Clears all tunnel configuration values on interface ports.
Clears all VRRP configuration values on interface ports. Include the ipv6 parameter to clear IPv6 counters.
Clears the specified crypto information.
Clears crypto latest DP packets.
Clears crypto ipsec state security associations.
Clears crypto isakmp state security associations.
Clears crypto statistics.
Clears all configuration values and statistics for the following datapath modules. l application {counters} l bridge {counters} l bwm {counters} l crypto {counters} l debug {performance} l dma {counters} l eap {counters} l frame {counters} l hardware {counters|statistics} l ip-fragment-table {ipv4|ipv6} l ip-reassembly {counters} l maintenance {counters} l message-queue {counters} l mobility {stats} l network {ingress} l papi {counters} l route {counters} l route-cache {A.B.C.D|counters} l session {counters} l ssl {counters}
283 | clear
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
dot1x fault gap-db ip ipc ipv6
lldp
Description
l station {counters} l tcp {counters} l tunnel {counters} l user {counters} l web-cc {counters} l wifi-reassembly {counters} l wmm {counters}
Clears all 802.1X specific counters and supplicant statistics. Use the following parameters: l counters l supplicant-info
Clears all SNMP fault configuration.
Clears global AP database. This command is often used to clear all stale AP records. Use the following parameters: l ap-name l lms l wired-mac
Clears all IP information from DHCP bindings, IGMP groups and IP mobility configuration. Use the following parameters: l dhcp l igmp {group|proxy-mobility-group|stats-counters} l mobile {multicast-vlan-table|traffic|trail}
Clears all inter process communication statistics. l statistics {app-ap|app-id|app-name}
Clears all IPv6 session statistics, multicast listener discovery (MLD) group and member information, MLD statistics, counters, and DHCPv6 binding information. Use the following parameters: l datapath {session} l dhcp {binding} l mld {group|proxy-mobility-group|stats-counters} l neighbor
Clears lldp information on all the interfaces. Use the following parameters: l neighbors {interface gigabitethernet slot/port} l statistics {interface gigabitethernet slot/port}
Dell Networking W-Series ArubaOS 6.4.x | User Guide
clear | 284
Parameter loginsession
Description
Clears loginsession information for a specific login session, as identified by the session id.
master-local-entry
Clears local controller information from the master controller LMS list. Specify the IP address of the local controller to be removed from master controller active LMS list.
master-local-session
Clear and reset master local TCP connection. Specify the IP address of either the master or local controller.
port
Clear all port statistics that includes link-event counters or all counters. Use the following parameters:
l link-event
l stats
provisioning-ap-list
Clear AP entries from the provisioning list.
provisioning-params
Clear provisioning parameters and reset them to the default configuration values.
rap-wml
Clear wired MAC lookup cache for a DB server.
update-counter
Clear all update counter statistics.
upgrade-images
Clear all upgrade images used by the centralized licensing feature.
voice
Clear all voice state information. Use the following parameters: l call-counters l call-status l statisticscac | tspec-enforcement
vpdn
Clear all VPDN configuration for L2TP and PPTP tunnel. Use the following parameters:
l tunnel l2tp id <l2tp-tunnel-id>
l tunnel pptp id <pptp-tunnel-id>
web-cc cache <MD5-1> <MD5-2>
Clear web content category URLs from the datapath cache by specifying the two MD5 values of the URL to be removed from the cache. To view all entries in the datapath, and the MD5 values for each entry, issue the command show datapath web-cc.
web-cc stats
Clear all web content classification statistics. To view current statistics information, issue the command show web-cc stats.
wms
Clear all WLAN management commands. Use the following
parameters:
l ap--clear -- All AP related commands. Specify the BSSID of the
285 | clear
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
AP. l client-- Clear all wired client related commands. Specify the
MAC address of the client. l probe -- Clear all probe information. Specify the BSSID of the
probe.
Usage Guidelines
The clear command clears the specified parameters of their current values.
Example
The following command clears all aaa counters for all authentication servers: (host) (config) #clear aaa authentication-server all
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
The following MLD parameters are added to the ipv6 option: l mld group l mld stats-counters
ArubaOS 6.3
l The device-id-cache, load-balance, multiple-server-accounting parameters were introduced under aaa parameter.
l The airgroup parameter was introduced. l The dhcp binding parameter under ipv6 was introduced. l The proxy-mobilty-group parameter under mld was introduced. l The ip-fragment-table parameter under datapath was introduced.
ArubaOS 6.4
l The lldp parameter was introduced.
l The Server and User options were introduced under the clear airgroup command.
ArubaOS 6.4.2.0
l The web-cc cache and web-cc stats parameters were introduced. l The datapath web-cc parameter was introduced.
ArubaOS 6.4.3.0
l The clear counter tunnel interface limit was changed from 2147483647 to 16777215.
l The global-credits statistics parameter was introduced.
l The port-channel sub-parameter was introduced under the counters parameter.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
clear | 286
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master controllers
287 | clear
Dell Networking W-Series ArubaOS 6.4.x | User Guide
clear wms wired-mac
clear wms wired-mac [ all | gw-mac <mac> | monitored-ap-wm <mac> | prop-eth-mac <mac> | regap-oui <mac> | system-gw-mac <mac>| system-wired-mac <mac> | wireless-device <mac>]
Description
Clear learned and collected Wired MAC information. Optionally, enter the MAC address, in nn:nn:nn:nn:nn:nn format, of the AP that has seen the Wired Mac.
Syntax
all gw-mac <mac> monitored-ap-wm <mac> prop-eth-mac <mac> reg-ap-oui <mac> system-gw-mac <mac> system-wired-mac <mac> wireless-device <mac>]
Description Clear all the learned and collected wired Mac information. Clear the gateway wired Mac information collected from the APs. Clear monitored AP wired Mac information collected fom the APs. Clear the wired Mac information collected from the APs. Clear the registered AP OUI information collected from the APs. Clear system gateway Mac information learned at the controller. Clear system wired Mac information learned at the controller. Clear routers or potential wireless devices information.
Revision History
Release ArubaOS 6.1
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
clear wms wired-mac | 288
clock append
clock clock append
Description
This command enables the timestamp feature, adding a date and time to the output of show commands.
Syntax
No parameters.
Usage Guidelines
When you enable the timestamp feature, the command-line interface includes a timestamp in the output of each show command indicating when the show command was issued. Note that the output of show clock and show log do not include timestamps, even when this feature is enabled. You can disable timestamps using the command no clock append.
Example
The following example enables the timestamp feature. (host)(config) #clock append
Command History
This command was introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode
289 | clock append
Dell Networking W-Series ArubaOS 6.4.x | User Guide
clock set
clock clock set <year><month><day><time>
Description
This command sets the date and time.
Syntax
Parameter year month day time
Description Sets the year. Requires all 4 digits.
Range Numeric
Sets the month. Requires the first three letters of the month.
Alphabetic
Sets the day.
1-31
Sets the time. Specify hours, minutes, and seconds separated by spaces.
Numeric
Usage Guidelines
You can configure the year, month, day, and time. You must configure all four parameters. Specify the time using a 24-hour clock. You must specify the seconds.
Example
The following example configures the clock to January 1st of 2007, at 1:03:52 AM. (host)(config) #clock set 2007 jan 1 1 3 52
Command History
This command was introduced in ArubaOS 1.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
clock set | 290
clock summer-time recurring
clock summer-time <WORD> [recurring] <1-4> <start day> <start month> <hh:mm> first <start day> <start month> <hh:mm> last <start day> <start month> <hh:mm> <1-4> <end day> <end month> <hh:mm> first <end day> <end month> <hh:mm> last <end day> <end month> <hh:mm> [<-23 - 23>]
Description
Set the software clock to begin and end daylight savings time on a recurring basis.
Syntax
Parameter WORD 1-4
first last start day start month hh:mm -23 - 23
Description
Enter the abbreviation for your time zone. For example, PDT for Pacific Daylight Time.
Range
3-5 characters
Enter the week number to start/end daylight savings time. For
1-4
example, enter 2 to start daylight savings time on the second week
of the month.
Enter the keyword first to have the time change begin or end on
--
the first week of the month.
Enter the keyword last to have the time change begin or end on
--
the last week of the month.
Enter the weekday when the time change begins or ends.
SundaySaturday
Enter the month when the time change begins or ends.
JanuaryDecember
Enter the time, in hours and minutes, that the time change begins or ends.
24 hours
Hours offset from the Universal Time Clock (UTC).
-23 - 23
Usage Guidelines
This command subtracts exactly 1 hour from the configured time.
The WORD can be any alphanumeric string, but cannot start with a colon (:). A WORD longer than five characters is not accepted. If you enter a WORD containing punctuation, the command is accepted, but the timezone is set to UTC.
You can configure the time to change on a recurring basis. To do so, set the week, day, month, and time when the change takes effect (daylight savings time starts). You must also set the week, day, month, and time when the time changes back (daylight savings time ends).
291 | clock summer-time recurring
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The start day requires the first three letters of the day. The start month requires the first three letters of the month. You also have the option to set the number of hours by which to offset the clock from UTC. This has the same effect as the clock timezone command.
Example
The following example sets daylight savings time to occur starting at 2:00 AM on Sunday in the second week of March, and ending at 2:00 AM on Sunday in the first week of November. The example also sets the name of the time zone to PST with an offset of UTC - 8 hours. clock summer-time PST recurring 2 Sun Mar 2:00 first Sun Nov 3:00 -8
Command History
This command was introduced in ArubaOS 1.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
clock summer-time recurring | 292
clock timezone
clock timezone <name> <-23 to 23>
Description
This command sets the time zone on the controller.
Syntax
Parameter <name> -23 to 23
Description Name of the time zone. Hours offset from UTC.
Range 3-5 characters -23 to 23
Usage Guidelines
The name parameter can be any alphanumeric string, but cannot start with a colon (:). A time zone name longer than five characters is not accepted. If you enter a time zone name containing punctuation, the command is accepted, but the time zone is set to UTC.
Example
The following example configures the timezone to PST with an offset of UTC - 8 hours. clock timezone PST -8
Command History
This command was introduced in ArubaOS 1.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master controllers
293 | clock timezone
Dell Networking W-Series ArubaOS 6.4.x | User Guide
cluster-member-custom-cert
cluster-member-custom-cert member-mac <mac> ca-cert <ca> server-cert <cert> suite-b <gcm-128 | gcm-256>]
Description
This command sets the controller as a control plane security cluster root, and specifies a custom user-installed certificate for authenticating cluster members.
Syntax
Parameter member-mac <ca> ca-cert <ca> ca-cert <ca> server-cert <cert> suite-b
Description MAC address of the cluster member
Name of the CA certificate uploaded via the WebUI
Name of the CA certificate uploaded via the WebUI
Name of the server certificate uploaded via the WebUI.
To use Suite-B encryption in the secure communication between the cluster root and cluster member, specify one of the following Suite-B algorithms l gcm-128: Encryption using 128-bit AES-GCM l gcm-256: Encryption using 256-but AES-GCM
Usage Guidelines
If your network includes multiple master controllers each with their own hierarchy of APs and local controllers, you can allow APs from one hierarchy to failover to any other hierarchy by defining a cluster of master controllers. Each cluster will have one master controller as its cluster root, and all other master controllers as cluster members. To define a controller as a cluster root, issue one of the following commands on that controller: l cluster-member-custom-cert: Define the controller as a cluster root, and select a user-installed certificate to
authenticate that cluster member. l cluster-member-factory-cert: Define the controller as a cluster root, and select a factory-installed certificate
to authenticate that cluster member. l cluster-member-ip : Define the controller as a cluster root, and set the IPsec key to authenticate that cluster
member.
For information on installing certificates on your controller, refer to the Management Utilities chapter of the Dell Networking W-Series ArubaOS User Guide.
Example
The following example selects a customer installed certificate for cluster member authentication. (host)(config) # cluster-member-custom-cert member-mac 00:1E:37:CB:D4:52 ca-cert cacert1 server-cert servercert1
Dell Networking W-Series ArubaOS 6.4.x | User Guide
cluster-member-custom-cert | 294
Related Commands
Parameter
Description
control-plane-security Configure the control plane security profile.
show cluster-config
Show the multi-master cluster configuration for the control plane security feature.
show cluster-switches
Issue this command on a master controller using control plane security in a multi-master environment to show other the other controllers to which it is connected.
Mode Config mode Enable mode
Enable mode
Command History.
Introduced in ArubaOS 6.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on cluster root controllers
295 | cluster-member-custom-cert
Dell Networking W-Series ArubaOS 6.4.x | User Guide
cluster-member-factory-cert
cluster-member-factory-cert member-mac <mac>
Description
This command sets the controller as a control plane security cluster root, and specifies a custom user-installed certificate for authenticating cluster members.
Syntax
Parameter <mac>
Description MAC address of the user-installed certificate on the cluster member
Usage Guidelines
If your network includes multiple master controllers each with their own hierarchy of APs and local controllers, you can allow APs from one hierarchy to failover to any other hierarchy by defining a cluster of master controllers. Each cluster will have one master controller as its cluster root, and all other master controllers as cluster members.
To define a controller as a cluster root, issue one of the following commands on that controller:
l cluster-member-custom-cert: Define the controller as a cluster root, and select a user-installed certificate to authenticate that cluster member.
l cluster-member-factory-cert: Define the controller as a cluster root, and select a factory-installed certificate to authenticate that cluster member.
l cluster-member-ip : Define the controller as a cluster root, and set the IPsec key to authenticate that cluster member.
For information on installing certificates on your controller, refer to the Management Utilities chapter of the Dell Networking W-Series ArubaOS User Guide.
Example
The following command sets the controller on which you issue command as a root controller, and adds the controller172.21.18.18 as a cluster member with the IPsec key ipseckey1: (host) (config) #cluster-member-factory-cert member-mac 00:1E:37:CB:D4:52
Related Commands
Parameter
Description
control-plane-security Configure the control plane security profile.
show cluster-config
Show the multi-master cluster configuration for the control plane security feature.
Mode Config mode Enable mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
cluster-member-factory-cert | 296
Parameter show cluster-switches
Description
Issue this command on a master controller using control plane security in a multi-master environment to show other the other controllers to which it is connected.
Mode Enable mode
Command History
Introduced in ArubaOS 6.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on cluster root controllers
297 | cluster-member-factory-cert
Dell Networking W-Series ArubaOS 6.4.x | User Guide
cluster-member-ip
cluster-member-ip <ip-address> ipsec <key>
Description
This command sets the controller as a control plane security cluster root, and specifies the IPsec key for a cluster member.
Syntax
Parameter <ip-address>
ipsec <key>
Description
Switch IP address of a control plane security cluster member. You can also use the IP address 0.0.0.0 to set a single IPsec key for all cluster members.
Configure the value of the IPsec key for secure communication between the cluster root and the specified cluster member. The key must be between 6-64 characters.
Usage Guidelines
If your network includes multiple master controllers each with their own hierarchy of APs and local controllers, you can allow APs from one hierarchy to failover to any other hierarchy by defining a cluster of master controllers. Each cluster will have one master controller as its cluster root, and all other master controllers as cluster members.
The master controller operating as the cluster root will use the control plane security feature to create a selfsigned certificate, then certify it's own local controllers and APs. Next, the cluster root will send the certificate to each cluster member, which in turn certifies their own local controllers and APs. Since all controllers and APs in the cluster get their certificates from the cluster root, they will all have the same trust anchor, and the APs can switch to any other controller in the cluster and still remain connected to the secure network.
Issue the cluster-member-ip command on the controller you want to define as the cluster root to set the IPsec key for secure communication between the cluster root and each cluster member. Use the IP address 0.0.0.0 in this command to set a single IPsec key for all member controllers, or repeat this command as desired to define a different IPsec key for each cluster member.
Once the cluster root has defined an IPsec key for all cluster members, you must access each of the member controllers and issue the command cluster-root-ip to define the IPsec key for communication to the cluster root.
Example
The following command sets the controller on which you issue command as a root controller, and adds the controller172.21.18.18 as a cluster member with the IPsec key ipseckey1:
(host) (config) #cluster-member-ip 172.21.18.18 ipsec ipseckey1
Dell Networking W-Series ArubaOS 6.4.x | User Guide
cluster-member-ip | 298
Related Commands
Parameter
Description
control-plane-security Configure the control plane security profile.
show cluster-config
Show the multi-master cluster configuration for the control plane security feature.
show cluster-switches
Issue this command on a master controller using control plane security in a multi-master environment to show other the other controllers to which it is connected.
Mode Config mode Enable mode
Enable mode
Command History
Introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on cluster root controllers
299 | cluster-member-ip
Dell Networking W-Series ArubaOS 6.4.x | User Guide
cluster-root-ip
cluster-root-ip <ip-address> ipsec <key> ipsec-custom-cert root-mac1 <mac1> [root-mac2 <mac2>] ca-cert <ca> server-cert <cert> [suite-b <gcm-128 | gcm-256>] ipsec-factory-cert root-mac-1 <mac> [root-mac-1 <mac>]
Description
This command sets the controller as a control plane security cluster member, and defines the IPsec key or certificate for secure communication between the cluster member and the controller's cluster root.
Syntax
Parameter <ip-address>
Description
The IP address of control plane security cluster root controller. To set a single IPsec key for all member controllers in the cluster use the IP address 0.0.0.0.
ipsec <key>
Set the value of the IPsec pre-shared key for communication with the cluster root. This parameter must be have the same value as the IPsec key defined for the cluster member via the cluster-member-ip command.
ipsec-factory-cert
Use a factory-installed certificate for secure communication between the cluster root and the specified cluster member by specifying the MAC address of the certificate.
root-mac-1 <mac>
Specify MAC address of the cluster root.
root-mac-2 <mac>
Specify MAC address of the redundant cluster Root.
ipsec-custom-cert
Use a custom user-installed certificate for secure communication between the cluster root and the specified cluster member.
root-mac-1 <mac>
Specify the MAC address of the cluster-root's certificate.
root-mac-2 <mac>
(Optional) If your network has multiple master controllers, use this parameter to specify he MAC address of the redundant cluster-root's certificate.
ca-cert <ca>
Name of the CA certificate uploaded via the WebUI
server-cert <cert> Name of the server certificate uploaded via the WebUI.
suite-b
To use Suite-B encryption in the secure communication between the cluster root and cluster member, specify one of the following Suite-B algorithms
l gcm-128: Encryption using 128-bit AES-GCM
l gcm-256: Encryption using 256-but AES-GCM
Dell Networking W-Series ArubaOS 6.4.x | User Guide
cluster-root-ip | 300
Usage Guidelines
If your network includes multiple master controllers each with their own hierarchy of APs and local controllers, you can allow APs from one hierarchy to failover to any other hierarchy by defining a cluster of master controllers. Each cluster will have one master controller as its cluster root, and all other master controllers as cluster members.
The master controller operating as the cluster root will use the control plane security feature to create a selfsigned certificate, then certify it's own local controllers and APs. Next, the cluster root will send the certificate to each cluster member, which in turn certifies their own local controllers and APs. Since all controllers and APs in the cluster get their certificates from the cluster root, they will all have the same trust anchor, and the APs can switch to any other controller in the cluster and still remain connected to the secure network. Issue the clustermember-ip command on the controller you want to define as the cluster root to select the certificate or define the IPsec key for secure communication between the cluster root and each cluster member.
Once the cluster root has defined an IPsec key or certificate for all cluster members, you must access each of the member controllers and issue the command cluster-root-ip to define the IPsec key or certificate for communication to the cluster root.
For information on installing certificates on your controller, refer to the Management Utilities chapter of the Dell Networking W-Series ArubaOS User Guide.
Example
The following command defines the IPsec key for communication between the cluster member and the root controller172.21.45.22: (host) (config) #cluster-root-ip 172.21.45.22 ipsec ipseckey1
Related Commands
Parameter
Description
control-plane-security Configure the control plane security profile.
show cluster-config
Show the multi-master cluster configuration for the control plane security feature.
show cluster-switches
Issue this command on a master controller using control plane security in a multi-master environment to show other the other controllers to which it is connected.
Mode Config mode Enable mode
Enable mode
Command History
Release ArubaOS 5.0 ArubaOS 6.1
Modification
Command introduced.
The ipsec-factory-cert and ipsec-custom-cert parameters were introduced to allow certificate-based authentication of cluster members.
301 | cluster-root-ip
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on cluster member controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
cluster-root-ip | 302
configure terminal
configure terminal
Description
This command allows you to enter configuration commands.
Syntax
No parameters.
Usage Guidelines
Upon entering this command, the enable mode prompt changes to: (host) (config) # To return to enable mode, enter Ctrl-Z or exit.
Example
The following command allows you to enter configuration commands: (host) # configure terminal
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
configure terminal | 304
control-plane-security
control-plane-security auto-cert-allow-all auto-cert-allowed-addrs <ipaddress-start> <ipaddress-end> auto-cert-prov cpsec-enable no ...
Description
Configure the control plane security profile by identifying APs to receive security certificates.
Syntax
Parameter auto-cert-allow-all
Description
When you issue the controlplane-security auto-cert-allowall command, the controller will send a certificate to all associated APs when auto certificate provisioning is enabled. When disabled, the controller sends certificates only to APs whose IP addresses are in the ranges specified by autocert-allowed-addrs.
auto-cert-allowed-addrs <ipaddress-start> <ipaddress-end>
Use this command to define a specific range of AP IP addresses. The controller will send certificates to the APs in this IP range when auto certificate provisioning is enabled. Identify a range by entering the starting IP address and the ending IP address in the range, separated by a single space. You can repeat this command as many times as necessary to define multiple IP ranges.
auto-cert-prov
Issue this command to enable automatic certificate provisioning. When this feature is enabled, the controller will attempt to send certificates to associated APs. To disable this feature, use the command no auto-cert-prov. Automatic certificate provisioning is disabled by default
305 | control-plane-security
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter cpsec-enable
Description
Issue this command to enable control plane security. To disable this feature, use the command no cpsec-enable. Control plane security is enabled by default.
Usage Guidelines
Controllers enabled with control plane security will only send certificates to APs that you have identified as valid APs on the network. If you are confident that all campus APs currently on your network are valid APs, you can configure automatic certificate provisioning to send certificates from the controller to each campus AP, or to all campus APs within a specific range of IP addresses. If you want closer control over each AP that gets certified, you can manually add individual campus APs to the secure network by adding each AP's information to a campus AP whitelist.
Example
The following command defines a range of IP addresses that should receive certificates from the controller, and enables the control plane security feature: (host)(config) # control-plane-security
auto-cert-allowed-addrs 10.21.18.10 10.21.10.90 cpsec-enable
Related Commands
Command show control-plane-security
Description
Mode
Show the current configuration of the control plane security profile.
Config mode
Command History
This command was introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
control-plane-security | 306
controller-ip
controller-ip [loopback|vlan <VLAN ID>] no ...
Description
This command sets the controller IP to the loopback interface address or a specific VLAN interface address.
Syntax
Parameter loopback vlan
VLAN ID
Description Sets the controller IP to the loopback interface. Set the controller IP to a VLAN interface. Specifies the VLAN interface ID.
Default disabled -- --
Usage Guidelines
This command allows you to set the controller IP to the loopback interface address or a specific VLAN interface address. If the controller IP command is not configured then the controller IP defaults to the loopback interface address. If the loopback interface address is not configured then the first configured VLAN interface address is selected. Generally, VLAN 1 is the factory default setting and thus becomes the controller IP address.
Example
The following command sets the controller IP address to VLAN interface 6. (host) (config) #controller-ip vlan 6
Related Commands
(host) (config) #show controller-ip
Command History
This command was introduced in ArubaOS 3.4
Command Information
Platform Available on all platforms
License Base operating system
Command Mode Config mode on master controllers
307 | controller-ip
Dell Networking W-Series ArubaOS 6.4.x | User Guide
controller-ipv6
controller-ipv6 [loopback|{vlan <VLAN ID>}] no ...
Description
This command sets the default IPv6 address of the controller to the IPv6 loopback interface address or a specific VLAN interface address.
Syntax
Parameter loopback vlan
VLAN ID
Description Sets the controller IP to the loopback interface. Set the controller IP to a VLAN interface. Specifies the VLAN interface ID.
Default disabled -- --
Usage Guidelines
This command allows you to set the default IPv6 address of the controller to the IPv6 loopback interface address or a specific IPv6 VLAN interface address. If the controller IPv6 command is not configured then the controller IP defaults to the loopback interface address. If the loopback interface address is not configured then the first configured VLAN interface address is selected. Generally, VLAN 1 is the factory default setting and thus becomes the controller IP address.
Example
The following command sets the controller IP address to VLAN interface 6. (host) (config) #controller-ipv6 vlan 6
Related Commands
(host) (config) #show controller-ipv6
Command History
This command is introduced in ArubaOS 6.1.
Command Information
Platform Available on all platforms
License Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
controller-ipv6 | 308
copy
copy flash: <srcfilename> {flash: <destfilename> | scp: <scphost> <username> <destfilename> tftp: <tftphost> <destfilename> | usb: partition {0|1} <destfilename>} ftp: <ftphost> <user> <filename> system: partition {0|1} | running-config {flash: <filename> | ftp: <ftphost> <user> <filename>
[<remote-dir>] | startup-config | tftp: <tftphost> <filename>} | scp: <scphost> <username> <filename> {flash: <destfilename>| system: partition [0|1]}| startup-config {flash: <filename> | tftp: <tftphost> <filename>} | system: partition {<srcpartition> 0|1} [<destpartition> 0 | 1] | tftp: <tftphost> <filename> {flash: <destfilename> | system: partition [0|1]} usb: partition <partition-number> <filename> flash: <destfilename>
Description
This command copies files to and from the controller.
Syntax
Parameter flash:
<srcfilename> flash: <destfilename> tftp: <tftphost> usb: partition ftp:
<ftphost> <user> <filename> partition 0 | 1
Description Copy the contents of the controller's flash file system, the system image, to a specified destination.
Full name of the flash file to be copied.
Copy the file to the flash file system.
Specify the new name of the copied file.
Copy the file to a TFTP server.
Specify the IP address or hostname of the TFTP server. Copy the file to an attached USB storage device. Specify the partition on the USB device. Copy a file from the FTP server. NOTE: Using this parameter, a password is required to access the FTP server. The password is masked, and must be entered in a separate line. Specify the IP address or hostname of the FTP server.
User account name required to access the FTP server.
Full name of the file to be copied.
Specify the system partition to save the file.
309 | copy
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter running-config
flash: <filename> ftp:
<ftphost> <user> <remote-dir> startup-config tftp: <tftphost> scp:
<scphost> <username> <filename> flash: <destfilename> system: startup-config flash: <filename> tftp:
Description Copy the active, running configuration to a specified destination. Copy the configuration to the flash file system. Specify the new name of the copied configuration file. Using FTP, copy the configuration to an FTP server. NOTE: Using this parameter, a password is required to access the FTP server. The password is masked, and must be entered in a separate line. Specify the IP address of the FTP server. User account name required to access the FTP server. Specify a remote directory, if needed. Copy the active, running configuration to the start-up configuration. Using TFTP, copy the configuration to a TFTP server Specify the IP address or hostname of the TFTP server. Copy an ArubaOS image file or file from the flash file system using the Secure Copy protocol. The SCP server or remote host must support SSH version 2 protocol. Specify the IP address of the SCP server or remote host. User account name required to access the SCP server or remote host. Specify the absolute path of the filename to be copied. Copy the file to the flash file system. Specify the new name of the copied file. Copy the file to the system partition. Copy the startup configuration to a specified flash file or to a TFTP server. Copy the file to the flash file system. Specify the new name of the copied startup configuration file. Using TFTP, copy the startup configuration to a TFTP server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
copy | 310
Parameter <tftphost>
system: <srcpartition> <destpartition>
tftp:
<tftphost> <filename> flash: <destfilename> system usb: partition <filename> flash: <destfilename>
Description Specify the IP address or hostname of the TFTP server. Copy the specified system partition Disk partition from which to copy the system data, as either 0 or 1. Disk partition to copy the system data to, as either 0 or 1. Copy a file from the specified TFTP server to either the controller or another destination. This command is typically used when performing a system restoration, or to pull a specified file name into the wms database. Specify the IP address or hostname of the TFTP server. Full name of the file to be copied. Copy the file to the flash file system Specify the new name of the copied file. Copy the file to the system partition. Copy a file from an attached USB device to the flash file system. Specify the partition on the USB device. Full name of the file to be copied. Copy the file to the flash file system Specify the new name of the copied file.
Passwords Secured During FTP Copy
Password are masked when using FTP to copy a file to a remote system. In previous releases, the password was entered in clear text at the end of the copy command. Starting with ArubaOS 6.4.0.0, the password is masked, and must be entered in a separate line. If you use scripts to copy files from controllers, scripts used on controllers running previous releases of ArubaOS must be modified to support this new password behavior.
Old syntax: (host) #copy running-config ftp: <ftphost> <user> <password> <filename>
New syntax: (host) #copy running-config ftp: <ftphost> <user> <filename> Password: <password>
In the following example, the password is entered on the second line, and is displayed in masked text. (host) #copy running-config ftp: 192.168.1.2 adminuser runconfig Password: ********
311 | copy
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Usage Guidelines
Use this command to save back-up copies of the configuration file to an FTP or TFTP server, or to load a saved file from an FTP or TFTP server.
Three partitions reside on the file system flash. Totalling 256MB, the three partitions provide space to hold the system image files (in partitions 1 and 2 which are 45MB each) and user files (in partition 3, which is 165MB). System software runs on the system partitions; the database, DHCP, startup configuration, and logs are positioned on the user partition.
To restore a database, copy the database from the network server and import the database.
To restore a configuration file, copy the file from network server to the controller's flash system then copy the file from the flash system to the system configuration. This ensures that you do not accidentally overwrite your system startup configuration file.
Unlike the controller's flash, the USB device has more than two partitions; not just 0 and 1. When copying a file from a USB device, you must know which partition the target file is on. Use the show storage command to identify the location of the file to identify the correct USB partition.
Example
The following commands copy the configuration file named engineering from the TFTP server to the controller's flash file system and then uses that file as the startup configuration. This example assumes the startup configuration file is named default.cfg: (host) (config) #copy tftp: 192.0.2.0 engineering flash: default.bak copy flash: default.bak flash: default.cfg
Command History
This command was introduced in ArubaOS 1.0.
ArubaOS 1.0
Modification Introduced for the first time.
ArubaOS 6.2
The USB parameters introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config modes on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
copy | 312
cp-bandwidth-contract
cp-bandwidth-contract <name> {pps <1..64000>}
Description
This command configures a bandwidth contract traffic rate which can then be associated with a whitelist session ACL.
Syntax
Parameter <name> pps
Description Name of a bandwidth contract. Set a bandwidth rate in packets/seconds.
Range -- 164000
Default -- --
Example
The following example configures a bandwidth contract named "cp-rate" with a rate of 100 pps. (host)(config) #cp-bandwidth-contract cp-rate pps 100
Related Commands
Command show cp-bwcontracts
firewall cp
Description
Display a list of Control Processor (CP) bandwidth contracts for whitelist ACLs.
This command creates a new whitelist ACL and can associate a bandwidth contract with that ACL.
Command History
Version ArubaOS 3.4
Modification Command introduced.
ArubaOS 6.4.3.0
The unit of bandwidth contract traffic rate changed from Mbps or Kbps to pps. The range for pps is 164000.
Command Information
Platforms
Licensing
Command Mode
All platforms This command requires the PEFNG license. Config mode on master controllers
313 | cp-bandwidth-contract
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local ipsec sa-cleanup
crypto-local ipsec sa-cleanup
Description
Issue this command to clean IPsec security associations (SAs).
Syntax
No parameters
Usage Guidelines
Use this command to remove old IPsec security associations if remote APs on your network still use an old SA after upgrading to a newer version of ArubaOS.
Command History
This command was introduced in ArubaOS 6.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local ipsec sa-cleanup | 314
crypto dynamic-map
crypto dynamic-map <name> <priority> disable no ... set pfs {group1|group2|group14|group19|group20} set security-association lifetime kilobytes <kilobytes> set security-association lifetime seconds <seconds> set transform-set <name1> [<name2>] [<name3>] [<name4>] version v1|v2
Description
This command configures a new or existing dynamic map.
Syntax
Parameter <name>
Description Name of the map.
Range --
<priority>
Priority of the map.
1-10000
no
Negates a configured parameter.
--
disable enable [bypass|secret]
set pfs
Disables the dynamic map.
--
Enables the dynamic map using the -- bypass or secret. Bypass prompts for the enable mode login and password. Secret prompts for the enable password.
Enables Perfect Forward Secrecy
--
(PFS) mode. Use one of the
following:
l group1: 768-bit Diffie Hellman prime modulus group.
l group2: 1024-bit Diffie Hellman
l group14: 2048-bit Diffie Hellman.
l group19: 256-bit random Diffie Hellman ECP modulus group.
l group20: 384-bit random Diffie Hellman ECP modulus group.
set security-association lifetime Configures the lifetime for the
--
security association (SA) in
seconds or kilobytes.
seconds <seconds>
Lifetime for the SA in seconds.
300-86400
Default -- 10000 -- -- --
group1
-- 7200
315 | crypto dynamic-map
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter kilobytes <kilobytes>
set transform-set
version
Description Lifetime for the SA in kilobytes.
Range
1000 1000000000
Name of the transform set for this -- dynamic map. You can specify up to four transform sets. You configure transform sets with the crypto ipsec transform-set command.
Specify the version of IKE protocol
--
the controller uses to set up a
security association (SA) in the
IPsec protocol suite
l v1:IKEv1
l v2: IKEv2
Default --
defaulttransfor m
v1
Usage Guidelines
Dynamic maps enable IPsec SA negotiations from dynamically addressed IPsec peers. Once you have defined a dynamic map, you can optionally associate that map with the default global map using the command crypto map global-map.
Example
The following command configures a dynamic map: (host) (config)# crypto dynamic-map dmap1 100 set pfs group2 set security-association lifetime seconds 300
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
The version parameter was introduced.
The pfs parameter was modified to support the group19 and group20 PFS group values.
ArubaOS 6.3 ArubaOS 6.4
The set security-association lifetime kilobytesand Diffie-Hellman set pfs group 14 parameters were added.
The disable/enable parameters were introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto dynamic-map | 316
Command Information
Platforms All platforms
Licensing
The group19 and group20 PFS options requires the Advanced Cryptography (ACR) license. All other parameters are available in the base operating system.
Command Mode
Config mode on master controllers
317 | crypto dynamic-map
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto ipsec
crypto ipsec mtu <max-mtu> transform-set <transform-set-mtu> esp-3des|esp-aes128|esp-aes128-gcm|esp-aes192|espaes256|esp-aes256-gcm|esp-des esp-md5-hmac|esp-null-hmac|esp-sha-hmac}
Description
This command configures IPsec parameters.
Syntax
Parameter mtu <max-mtu>
Description
Configure the IPsec Maximum Transmission Unit (MTU) size. The supported range is 1024 to 1500 and the default is 1500.
transform-set <transform-set-mtu> Create or modify a transform set.
esp-3des
Use ESP with 168-bit 3DES encryption.
esp-aes128
Use ESP with 128-bit AES encryption.
esp-aes128-gcm
Use ESP with 128-bit AES-GCM encryption.
esp-aes192
Use ESP with 192-bit AES encryption.
esp-aes256
Use ESP with 256-bit AES encryption.
esp-aes256-gcm
Use ESP with 256-bit AES-GCM encryption.
esp-des
Use ESP with 56-bit DES encryption.
esp-md5-hmac
Use ESP with the MD5 (HMAC variant) authentication algorithm
esp-null-hmac
Use ESP with no authentication. This option is not recommended.
esp-sha-hmac
Use ESP with the SHA (HMAC variant) authentication algorithm.
Usage Guidelines
Define the Maximum Transmission Unit (MTU) size allowed for network transmissions using IPsec security, and create or edit transform sets that define a specific encryption and authentication type.
Example
The following command configures 3DES encryption and MD5 authentication for a transform set named set2:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto ipsec | 318
(host) (config)# crypto ipsec transform-set set2 esp-3des esp-md5-hmac
Command History
Release ArubaOS 3.0
Modification Command introduced.
ArubaOS 6.1
The esp-aes128-gcm and esp-aes256-gcm transform-set parameters were introduced.
Command Information
Platforms Licensing
All platforms
The esp-aes128-gcm and esp-aes56-gcm transform-set parameters require the Advanced Cryptography (ACR) license. All other parameters are available in the base OS.
Command Mode
Config mode on master controllers
319 | crypto ipsec
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto isakmp
crypto isakmp address <peer-address> netmask <mask>} disable eap-passthrough eap-mschapv2|eap-peap|eap-tls enable groupname <name> key <keystring> address <peer-address> netmask <mask> udpencap-behind-natdevice enable|disable packet-dump
Description
This command configures Internet Key Exchange (IKE) parameters for the Internet Security Association and Key Management Protocol (ISAKMP).
Syntax
Parameter address
<peer-address> netmask
<mask> disable eap-passthrough
enable groupname
<name> key
<keystring>
Description Configure the IP address for the group key.
IP address for the group key, in dotted-decimal format.
Configure the IP netmask for the group key.
Subnet mask for the group key.
Disable IKE processing.
Select one of the following authentication types for IKEv2 user authentication using EAP. l eap-mschapv2 l eap-peap l eap-tls
Enable IKE processing.
Configure the IKE Aggressive group name. Aggressive-mode IKE is a 3packet IKE exchange that does not provide identity-protection, but is faster, because fewer messages are exchanged.
Name of the IKE aggressive group.
Configure the IKE preshared key.
Configure the value of the IKE PRE-SHARED key. The key must be between 6-64 characters long.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto isakmp | 320
Parameter address
Description Configure the IP address for the group key.
<peer-address>
An IP for the group key, in dotted-decimal format.
netmask
Configure the netmask for the group key IP address.
<mask>
A subnet mask, in dotted-decimal format
udpencap-behind-natdevice Configure NAT-T if controller is behind NAT device. (For Windows VPN Dialer only)
enable
Enable Nat-T. This is the recommended setting if the controller is behind a NAT device.
disable
Disable Nat-T.
packet-dump
Issue this command in enable mode to troubleshoot an IPsec tunnel establishment by looking at the packet exchanges between the controller and the remote AP or the other IPsec peer. The packet dump output is saved to a file named ike.pcap.
NOTE: This is a testing feature only, and should not be enabled on a production network. To disable this feature, use the command no crypto isakmp packet-dump.
Usage Guidelines
Use this command to configure the IKE pre-shared key, set the EAP authentication method for IKEv2 clients using EAP user authentication, and enable source NAT if the IP addresses of clients need to be translated to access the network.
Example
The following command configures an ISAKMP peer IP address and subnet mask. After configuring an ISAKMP address and netmask, you will be prompted to enter the IKE preshared key. (host)(config) #crypto isakmp address 10.3.14.21 netmask 255.255.255.0 Key:*******Re-Type Key:*******
Command History
Release ArubaOS 3.0
Modification Command introduced.
ArubaOS 6.1
The eap-passthrough parameter was introduced.
321 | crypto isakmp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto isakmp | 322
crypto isakmp block-aruba-ca
crypto-local isakmp block-aruba-ca enable disable
Description
This command configures the controller to accept or reject Dell certified clients.
Syntax
Parameter enable disable
Description Accept Dell certified client certificates. Reject Dell certified client certificates and use custom certificates instead.
Example
This command configures a CA certificate: crypto-local isakmp block-aruba-ca enable
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
323 | crypto isakmp block-aruba-ca
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto isakmp policy
crypto isakmp policy authentication pre-share|rsa-sig|ecdsa-256|ecdsa-384 disable|enable [bypass|secret] encryption 3DES|AES128|AES192|AES256|DES group 1|2|14|19|20 hash md5|sha|sha1-96|sha2-256-128|sha2-384-192 prf PRF-HMAC-MD5|PRF-HMAC-SHA1|PRF-HMAC-SHA256|PRF-HMAC-SHA384 lifetime <seconds> no disable version v1|v2
Description
This command configures Internet Key Exchange (IKE) policy parameters for the Internet Security Association and Key Management Protocol (ISAKMP).
Syntax
Parameter policy
<priority>
authentication pre-share
rsa-sig ecdsa-256 ecdsa-384 disable enable [bypass|secret] encryption 3DES
AES128
Description Configure an IKE policy
Specify a number from 1 to 10,000 to define a priority level for the policy. The higher the number, the higher the priority level.
Configure the IKE authentication method.
Use Pre Shared Keys for IKE authentication. This is the default authentication type.
Use RSA Signatures for IKE authentication.
Use ECDSA-256 signatures for IKE authentication.
Use ECDSA-384 signatures for IKE authentication. Disables the IKE policy. Enables the IKE policy using the bypass or secret. Bypass prompts for the enable mode login and password. Secret prompts for the enable password. Configure the IKE encryption algorithm.
Use 168-bit 3DES-CBC encryption algorithm. This is the default encryption value.
Use 128-bit AES-CBC encryption algorithm.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto isakmp policy | 324
Parameter AES192 AES256 DES
group 1 2 14 19 20
hash md5 sha SHA1-96 SHA2-256-128 SHA2-384-192
prf
lifetime <seconds> no version
Description Use 192-bit AES-CBC encryption algorithm. Use 256-bit AES-CBC encryption algorithm. Use 56-bit DES-CBC encryption algorithm. Configure the IKE Diffie Hellman group. Use the 768-bit Diffie Hellman prime modulus group. This is the default group setting. Use the 1024-bit Diffie Hellman prime modulus group. Use the 2048-bit Diffie Hellman DDH prime modulus group. Use the 256-bit random Diffie Hellman ECP modulus group. Use the 384-bit random Diffie Hellman ECP modulus group
Use MD5 as the hash algorithm. Use SHA-1 as the hash algorithm. This is the default policy algorithm. Use SHA1-96 as the hash algorithm.
Use SHA2-256-128 as the hash algorithm. Use SHA2-384-192 as the hash algorithm. Set one of the following pseudo-random function (PRF) values for an IKEv2 policy: l PRF-HMAC-MD5 (default) l PRF-HMAC-SHA1 l PRF-HMAC-SHA256 l PRF-HMAC-SHA384 Specify the lifetime of the IKE security association (SA), from 300 - 86400 seconds. Disables the policy. Specify the version of IKE protocol for the IKE policy
325 | crypto isakmp policy
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
l v1: IKEv1 l v2: IKEv2
Usage Guidelines
To define settings for a ISAKMP policy, issue the command crypto isakmp policy <priority> then press Enter. The CLI will enter config-isakmp mode, which allows you to configure the policy values.
Example
The following command configures an ISAKMP peer IP address and subnet mask.. After configuring an ISAKMP address and netmask, you will be prompted to enter the IKE preshared key. (host)(config) #crypto isakmp policy1 (host)(config-isakmp) #auth rsa-sig Key:*******Re-Type Key:*******
Command History
Release ArubaOS 3.0
Modification Command introduced.
ArubaOS 6.1
The following parameters were introduced. l authentication ecdsa-256 l authentication ecdsa-384 l hash sha1-96 l hash sha2-256-128 l hash sha2-384-192 l prf
ArubaOS 6.3 ArubaOS 6.4
The Diffie-Hellman group 14 parameter was introduced. The disable/enable and no parameters were introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto isakmp policy | 326
Command Information
Platforms Licensing
Command Mode
All platforms
The following settings require the Advanced Cryptogram (ACR) license: l hash algorithm: SHA-256-128, SHA-384-192 l Diffie-Hellman (DH) Groups: 19 and 20 l Pseudo-Random Function (PRF): PRF-HMAC-SHA256, PRF-HMAC-
SHA384 l Authentication: ecdsa-256 and ecdsa-384
Config mode on master controllers
All other parameters are supported in the base OS.
327 | crypto isakmp policy
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local ipsec-map
crypto-local
crypto-local ipsec-map <map> <priority> dst-net <ipaddr> <mask> force-natt no ... local-fqdn <local_id_fqdn> peer-cert-dn <peer-dn> peer-fqdn any-fqdn|{peer-fqdn <peer-id-fqdn>} peer-ip <ipaddr> pre-connect {disable|enable} set ca-certificate <cacert-name> set ike1-policy <policy-v1-number> set ikev2-policy <policy-v2-number> set pfs {group1|group2|group14|group19|group20} set security-association lifetime kilobytes <kilobytes> set security-association lifetime seconds <seconds> set server-certificate <cert-name> set transform-set <name1> [<name2>] [<name3>] [<name4>] src-net <ipaddr> <mask> trusted {disable|enable} version v1|v2 vlan <vlan>
Description
This command configures IPsec mapping for site-to-site VPNs.
Syntax
Parameter <map> <priority> dst-net
force-natt
no local-fqdn <local_id_fqdn>
Description Name of the IPsec map.
Range --
Priority of the entry.
1-9998
IP address and netmask for the
--
destination network.
Include this parameter to always enforce -- UDP 4500 for IKE and IPsec. This option is disabled by default.
Negates a configured parameter.
--
If the local controller has a dynamic IP
--
address, you must specify the fully
qualified domain name (FQDN) of the
controller to configure it as a initiator of
IKE aggressive-mode.
Default -- -- -- --
-- --
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local ipsec-map | 328
Parameter peer-cert-dn <peer-dn>
peer-ip <ipaddr>
peer-fqdn any-fqdn fqdn-id <peer-id-fqdn> pre-connect set ike1-policy <policy-v1-number> set ikev2-policy
<policy-v2-number> set ca-certificate <cacert-name>
set pfs
329 | crypto-local ipsec-map
Description
Range
If you are using IKEv2 to establish a site-
--
to-site VPN to a statically addressed
remote peer, identify the peer device by
entering its certificate subject name in
the Peer Certificate Subject Name field
If you are using IKEv1 to establish a site-
--
to-site VPN to a statically addressed
remote peer, identify the peer device by
enteringIP address of the peer gateway.
NOTE: If you are configuring an IPsec map for a static-ip controller with a dynamically addressed remote peer, you must leave the peer gateway set to its default value of 0.0.0.0.
For site-to-site VPNs with dynamically addressed peers, specify a fully qualified domain name (FQDN) for the controller.
any-fqdn fqdn-id
If the controller is defined as a
--
dynamically addressed responder, you
can select any-fqdn to make the
controller a responder for all VPN peers,
Specify the FQDN of a peer to make the
--
controller a responder for one specific
initiator only.
Enables or disables pre-connection.
enable/ disable
Select an IKEv1 policy for the ipsec-map.
--
Predefined policies are described in the
table below.
Select IKEv2 policy for the ipsec-map. Pre- -- defined policies are described in the table
below.
User-defined name of a trusted CA
--
certificate installed in the controller. Use
the show crypto-local pki TrustedCA
command to display the CA certificates
that have been imported into the
controller.
If you enable Perfect Forward Secrecy (PFS) mode, new session keys are not derived from previously used session keys. Therefore, if a key is compromised, that compromised key will not affect any previous session keys. To enable this feature, specify one of the following Perfect Forward Secrecy modes:
group1 group2 group14 group19 group20
Default --
--
anyfqdn -- -- disabled -- -- --
disabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
Range
Default
l group1 : 768-bit Diffie Hellman prime modulus group.
l group2: 1024-bit Diffie Hellman prime modulus group.
l group14: 2048-bit Diffie Hellman prime modulus group.
l group19: 256-bit random Diffie Hellman ECP modulus group. (For IKEv2 only)
l group20: 384-bit random Diffie Hellman ECP modulus group. (For IKEv2 only)
set security-association lifetime Configures the lifetime for the security association (SA).
set seconds <seconds>
kilobytes <kilobytes>
set server-certificate <cert-name>
In seconds In kilobytes
300-86400
7200 seconds
1000 -
--
1000000000
User-defined name of a server
--
--
certificate installed in the controller. Use
the show crypto-local pki ServerCert
command to display the server
certificates that have been imported into
the controller.
set transform-set <name1>
Name of the transform set for this IPsec
--
map. One transform set name is
required, but you can specify up to four
transform sets. Configure transform sets
with the crypto ipsec transform-set
command.
defaulttransfor m
src-net <ipaddr> <mask>
IP address and netmask for the source
--
--
network.
trusted
Enables or disables a trusted tunnel.
enable/ disable
disabled
version v1|v2
Select the IKE version for the IPsec map.
v1
l v1: IKEv1
l v2: IKEv2
vlan <vlan>
VLAN ID. Enter 0 for the loopback.
1-4094
--
Usage Guidelines
You can use controllers instead of VPN concentrators to connect sites at different physical locations.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local ipsec-map | 330
You can configure separate CA and server certificates for each site-to-site VPN. You can also configure the same CA and server certificates for site-to-site VPN and client VPN. Use the show crypto-local ipsec-map command to display the certificates associated with all configured site-to-site VPN maps; use the tag <map> option to display certificates associated with a specific site-to-site VPN map.
ArubaOS supports site-to-site VPNs with two statically addressed controllers, or with one static and one dynamically addressed controller. By default, site-to-site VPN uses IKE Main-mode with Pre-Shared-Keys to authenticate the IKE SA. This method uses the IP address of the peer, and therefore will not work for dynamically addressed peers.
To support site-site VPN with dynamically addressed devices, you must enable IKE Aggressive-Mode with Authentication based on a Pre-Shared-Key. A controller with a dynamic IP address must be configured to be the initiator of IKE Aggressive-mode for Site-Site VPN, while the controller with a static IP address must be configured as the responder of IKE Aggressive-mode.
Understanding Default IKE policies
ArubaOS includes the following default IKE policies. These policies are predefined and cannot be edited.
Table 6: Default IKE Policy Settings
Policy Name
Policy Number
IKE Version
Encryption Algorithm
Hash Algorithm
Authentica -tion Method
PRF Method
DiffieHellman Group
Default protectio n suite
10001
IKEv1
3DES-168
SHA 160
Pre-Shared N/A Key
2 (1024 bit)
Default
10002
IKEv1
AES -256
SHA 160
RSA
N/A
RAP
Signature
Certificat
e
protectio
n suite
2 (1024 bit)
Default RAP PSK protectio n suite
10003
AES -256
SHA 160
Pre-Shared N/A Key
2 (1024 bit)
Default RAP IKEv2 RSA protectio n suite
1004
IKEv2
AES -256
SSHA160
RSA Signature
hmacsha1
2 (1024 bit)
Default Cluster PSK protectio n suite
10005
IKEv1
AES -256
SHA160
Pre-Shared Key
PreShared Key
2 (1024 bit)
331 | crypto-local ipsec-map
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Policy Name
Policy Number
IKE Version
Encryption Algorithm
Hash Algorithm
Authentica -tion Method
PRF Method
DiffieHellman Group
Default IKEv2 RSA protectio n suite
1006
IKEv2
AES - 128
SHA 96
RSA Signature
hmacsha1
2 (1024 bit)
Default IKEv2 PSK protectio n suite
10007
IKEv2
AES - 128
SHA 96
Pre-shared key
hmacsha1
2 (1024 bit)
Default Suite-B 128bit ECDSA protectio n suite
10008
IKEv2
AES - 128
SHA 256128
ECDSA-256 Signature
hmacsha2256
Random ECP Group (256 bit)
Default Suite-B 256 bit ECDSA protectio n suite
10009
IKEv2
AES -256
SHA 384192
ECDSA-384 Signature
hmacsha2384
Random ECP Group (384 bit)
Default Suite-B 128bit IKEv1 ECDSA protectio n suite
10010
IKEv1
AES-GCM128
SHA 256128
ECDSA-256 Signature
hmacsha2256
Random ECP Group (256 bit)
Default Suite-B 256-bit IKEv1 ECDSA protectio n suite
10011
IKEv1
AES-GCM256
SHA 256128
ECDSA-256 Signature
hmacsha2256
Random ECP Group (256 bit)
When using a default IKE (V1 or V2) policy for an IPsec map, the priority number should be the same as the policy number.
Examples
The following commands configures site-to-site VPN between two controllers: (host) (config) #crypto-local ipsec-map sf-chi-vpn 100
src-net 101.1.1.0 255.255.255.0 dst-net 100.1.1.0 255.255.255.0 peer-ip 172.16.0.254 vlan 1 trusted
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local ipsec-map | 332
(host) (config) #crypto-local ipsec-map chi-sf-vpn 100 src-net 100.1.1.0 255.255.255.0 dst-net 101.1.1.0 255.255.255.0 peer-ip 172.16.100.254 vlan 1 trusted
For a dynamically addressed controller that initiates IKE Aggressive-mode for Site-Site VPN:
(host) (config)crypto-local ipsec-map <name> <priority> src-net <ipaddr> <mask> dst-net <ipaddr> <mask> peer-ip <ipaddr> local-fqdn <local_id_fqdn> vlan <id> pre-connect enable|disable trusted enable
For the Pre-shared-key: crypto-local isakmp key <key> address <ipaddr> netmask <mask>
For a static IP controller that responds to IKE Aggressive-mode for Site-Site VPN:
(host) (config)crypto-local ipsec-map <name2> <priority> src-net <ipaddr> <mask> dst-net <ipaddr> <mask> peer-ip 0.0.0.0 peer-fqdn fqdn-id <peer_id_fqdn> vlan <id> trusted enable For the Pre-shared-key: crypto-local isakmp key <key> fqdn <fqdn-id>
For a static IP controller that responds to IKE Aggressive-mode for Site-Site VPN with One PSK for All FQDNs:
(host) (config)crypto-local ipsec-map <name2> <priority> src-net <ipaddr> <mask> peer-ip 0.0.0.0 peer-fqdn any-fqdn vlan <id> trusted enable For the Pre-shared-key for All FQDNs: crypto-local isakmp key <key> fqdn-any
Command History
Release ArubaOS 3.0
Modification Command introduced.
ArubaOS 6.1
The peer-cert-dn and peer-fqdn parameters were introduced. The set pfs command introduced the group19 and group20 parameters.
ArubaOS 6.3
The set security-association lifetime kilobytesand Diffie-Hellman set pfs group 14 parameters were added.
333 | crypto-local ipsec-map
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Release
Modification
Command Information
Platforms All platforms
Licensing
Command Mode
The group19 and group20 PFS options requires the Advanced Cryptography (ACR) license. All other parameters are available in the base operating system.
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local ipsec-map | 334
crypto-local isakmp ca-certificate
crypto-local isakmp ca-certificate <cacert-name>
Description
This command assigns the Certificate Authority (CA) certificate used to authenticate VPN clients.
Syntax
Parameter ca-certificate
Description
User-defined name of a trusted CA certificate installed in the controller. Use the show crypto-local pki TrustedCA command to display the CA certificates that have been imported into the controller.
Usage Guidelines
You can assign multiple CA certificates. Use the show crypto-local isakmp ca-certificate command to view the CA certificates associated with VPN clients.
Example
This command configures a CA certificate: crypto-local isakmp ca-certificate TrustedCA1
Command History
This command was introduced in ArubaOS 3.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
335 | crypto-local isakmp ca-certificate
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local isakmp certificate-group
crypto-local isakmp certificate-group server-certificate <server_certificate> ca-certificate <ca_cert-name>
Description
The command configures an IKE Certificate Group for VPN Clients.
Syntax
Parameter
Description
server-certificate <server-certificate> The IKE server certificate name for VPN clients.
ca-certificate <ca-cert-name>
The IKE CA Certificate for this server certificate.
Range
Default
1-64
--
characte
rs
1-64
--
characte
rs
Usage Guidelines
This feature allows you to create a certificate group so you can access multiple types of certificates on the same controller.
Example
This command configures a certificate group that consists of server certificate named newtest with the CA certificate TrustedCA. crypto-local isakmp certificate-group server-certificate newtest ca-certificate TrustedCA
Command History
This command was introduced in ArubaOS 6.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local isakmp certificate-group | 336
crypto-local isakmp disable-aggressive-mode
crypto-local isakmp disable-aggressive-mode
Description
The command disables the IKEv1 aggressive mode.
Syntax
No parameters.
Usage Guidelines
The master-local communication by default uses IPsec aggressive mode when a PSK is used for authentication between controllers. You need to convert master-local communication to certificate-based IPsec authentication before disabling aggressive mode. Disabling Aggressive Mode will impact other sessions which use aggressive mode such as Master-local IKE session with PSK.
Example
crypto-local isakmp disable-aggressive-mode
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
337 | crypto-local isakmp disable-aggressive-mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto_local isakmp disable-ipcomp
crypto-local isakmp disable-ipcomp
Description
This command disables IP compression on the master controller.
Syntax
No parameters.
Usage Guidelines
When this hardware-based compression feature is enabled, the quality of unencrypted traffic (such as Lync or Voice traffic) is not compromised by increased latency or decreased throughput. Use this command to disable IP compression on a master controller in a master/local topology. To disable IP compression on a branch controller, use the Smart Config WebUI. On the branch controller, navigate to Configuration > BRANCH > Smart Config.
Example
(boc_host) (config) #crypto-local isakmp disable-ipcomp
Command History
ArubaOS 6.4.3.0
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto_local isakmp disable-ipcomp | 338
crypto-local isakmp dpd
crypto-local isakmp dpd idle-timeout <seconds> retry-timeout <seconds> retry-attempts <number>
Description
This command configures IKE Dead Peer Detection (DPD) on the local controller.
Syntax
Parameter idle-timeout retry-timeout retry-attempts
Description Idle timeout, in seconds. Retry interval, in seconds. Number of retry attempts.
Range 10-3600 2-60 3-10
Default 22 seconds 2 seconds 3
Usage Guidelines
DPD is enabled by default on the controller for site-to-site VPN.
Example
This command configures DPD parameters: crypto-local isakmp dpd idle-timeout 60 retry-timeout 3 retry-attempts 5
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
339 | crypto-local isakmp dpd
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local isakmp key
crypto-local isakmp key <key> {address <peer-ipaddr> netmask <mask>}|{fqdn <ike-id-fqdn>} |fqdn-any
Description
This command configures the IKE preshared key on the local controller for site-to-site VPN.
Syntax
Parameter key <key>
address <peer-ipaddr> netmask <mask> fqdn <ike-id-fqdn> fqdn-any
Description IKE preshared key value, between 6-64 characters. To configure a pre-shared key that contains non-alphanumeric characters, surround the key with quotation marks. For example: crypto-local isakmp key "key with spaces" fqdn-any.
IP address for the preshared key.
Netmask for the preshared key.
Configure the PSK for the specified FQDN.
Configure the PSK for any FQDN.
Usage Guidelines
This command configures the IKE preshared key.
Example
The following command configures an IKE preshared key for site-to-site VPN: crypto-local isakmp key R8nD0mK3y address 172.16.100.1 netmask 255.255.255.255
Command History
Version ArubaOS 3.0
Modification Command introduced.
ArubaOS 3.4
The fqdn and fqdn-any parameters were introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local isakmp key | 340
341 | crypto-local isakmp key
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local isakmp permit-invalid-cert
crypto-local isakmp permit-invalid-cert
Description
This command allows invalid or expired certificates to be used for site-to-site VPN.
Syntax
No parameters.
Usage Guidelines
This command allows invalid or expired certificates to be used for site-to-site VPN.
Command History
This command was introduced in ArubaOS 3.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local isakmp permit-invalid-cert | 342
crypto-local isakmp sa-cleanup
crypto-local isakmp sal-cleanup
Description
This command enables the cleanup of IKE SAs.
Syntax
No parameters.
Usage Guidelines
This command removes expired ISAKMP SAs from the controller.
Command History
This command was introduced in ArubaOS 6.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
343 | crypto-local isakmp sa-cleanup
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local isakmp server-certificate
crypto-local isakmp server-certificate <cert-name>
Description
This command assigns the server certificate used to authenticate the controller for VPN clients using IKEv1 or IKEv2
Syntax
Parameter server-certificate
Description
User-defined name of a server certificate installed in the controller. Use the show crypto-local pki ServerCert command to display the server certificates that have been imported into the controller.
Usage Guidelines
This certificate is only for VPN clients and not for site-to-site VPN clients. You can assign separate server certificate for use with VPN clients using IKEv1 and clients using IKEv2. Use the show crypto-local isakmp server-certificate command to view the server certificate associated with VPN clients. You must import and configure server certificates separately on master and local controllers.
There is a default server certificate installed in the controller, however this certificate does not guarantee security for production networks. Best practices is to replace the default certificate with a custom certificate issued for your site or domain by a trusted CA. You can use the WebUI to generate a Certificate Signing Request (CSR) to submit to a CA and then import the signed certificate received from the CA into the controller. For more information, see "Managing Certificates" in the Dell Networking W-Series ArubaOS User Guide.
Example
This command configures a server certificate: crypto-local isakmp server-certificate MyServerCert
Command History
This command was introduced in ArubaOS 3.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local isakmp server-certificate | 344
crypto-local isakmp xauth
crypto-local isakmp xauth
Description
This command enables IKE XAuth for VPN clients.
Syntax
No parameters.
Usage Guidelines
The no crypto-local isakmp xauth command disables IKE XAuth for VPN clients. This command only applies to VPN clients that use certificates for IKE authentication. If you disable XAuth, then a VPN client that uses certificates will not be authenticated using username/password. You must disable XAuth for Cisco VPN clients using CAC Smart Cards.
Example
This command disables IKE XAuth for Cisco VPN clients using CAC Smart Cards: no crypto-local isakmp xauth
Command History
This command was introduced in ArubaOS 3.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local isakmp xauth | 346
crypto-local pki
crypto-local pki CRL <name> <filename> IntermediateCA <name> <filename> OCSPResponderCert <certname> <filename> OCSPSignerCert <certname> <filename> PublicCert <name> <filename> ServerCert <name> <filename> TrustedCA <name> <filename> global-oscp-signer-cert rcp <name>
Issue this command to configure a local certificate, OCSP signer or responder certificate and Certificate Revocation List (CRL). You can also list revocation checkpoints and enable the responder service.
Syntax
Parameter CRL
<name> <filename> IntermediateCA <name> <filename> OCSPResponderCert <certname> <filename> OCSPSignerCert <certname> <filename> PublicCert
<certname>
Description Specifies a Certificate Revocation list. Validation of the CRL is done when it imported through the WebUI (requires the CA to have been already present). CRLs can only be imported through the WebUI. Name of the CRL. Original imported filename of the CRL. Configures an intermediate CA certificate Name of the intermediate CA certificate. Original imported filename of the CRL. Configures a OCSP responder certificate. Name of responder certificate. Original imported filename of the responder certificate. Configures a OCSP signer certificate. Name of the signer certificate. Original imported filename of the signer certificate. Public key of a certificate. This allows an application to identify an exact certificate. Name of the signer certificate.
347 | crypto-local pki
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter <filename>
Description Original imported filename of the signer certificate.
ServerCert
Server certificate. This certificate must contain both a public and a private key (the public and private keys must match). You can import a server certificate in either PKCS12 or x509 PEM format; the certificate is stored in x509 PEM DES encrypted format on the controller.
<certname>
Name of the signer certificate.
<filename>
Original imported filename of the signer certificate.
TrustedCA
Trusted CA certificate. This can be either a root CA or intermediate CA. Dell encourages (but does not require) an intermediate CA's signing CA to be the controller itself.
<certname>
Name of the signer certificate.
<filename>
Original imported filename of the signer certificate.
global-ocsp-signer-cert
Specifies the global OCSP signer certificate to use when signing OCSP responses if there is no check point specific OSCP signer certificate present. If the ocsp-signer-cert is not specified, OCSP responses are signed using the global OCSP signer certificate. If this is not present, than an error message is sent out to clients.
NOTE: The OCSP signer certificate (if configured) takes precedence over the global OCSP signer certificate as this is check point specific.
rcp <name>
Specifies the revocation check point. A revocation checkpoint is automatically created when a TrustedCA or IntermediateCA certificate is imported on the controller.
service-ocsp-responder
This is a global knob that turns the OCSP responder on or off. The default is off (disabled). To enable this option a CRL must be configured for this revocation checkpoint as this is the source of revocation information in the OCSP responses.
Usage Guidelines
This command lets you configure the controller to perform real-time certificate revocation checks using the Online Certificate Status Protocol (OCSP) or traditional certificate validation using the Certificate Revocation List (CRL) client. Refer to the Certificate Revocation chapter in the Dell Networking W-Series ArubaOS 6.4.x User Guide for more information on how to configure this feature using both the WebUI and CLI.
Example
This example configures the controller as an OCSP responder.
The revocation check point is specified as CAroot. (The revocation check point CAroot was automatically created when the CAroot certificate was previously uploaded to this controller.) The OCSP signer certificate is RootCA-Ocsp_signer. The CRL file is Security1-WIN-05PRGNGEKAO-CA-unrevoked.crl The OCSP responder is enabled. crypto-local pki service-ocsp-responder crypto-local pki rcp CARoot
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local pki | 348
ocsp-signer-cert RootCA-Ocsp_signer crl-location file Security1-WIN-05PRGNGEKAO-CA-unrevoked.crl enable-ocsp-responder
Related Commands
Command crypto-local pki rcp
Description
Mode
Specifies the certificates that are used to sign OCSP responses for this revocation check point
Config mode
show crypto-local pki
This command shows local certificate, OCSP signer or responder certificate and CRL data and statistics.
Config mode
Command History
Version ArubaOS 3.2 ArubaOS 6.1
Modification
Command introduced.
The following parameters were introduced: l CRL l Intermediate CA l OCSPResponderCert l OCSPSignerCert l global-ocsp-signer-cert l rcp l service-ocsp-responder
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
349 | crypto-local pki
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local pki rcp
crypto-local pki rcp <name> [crl-location <file>]|[enable-ocsp-responder]|[ocsp-responder-cert <ocsp-respondercert>]|[ocsp-signer-cert <ocsp-signer-cert>]| [ocsp-url <ocsp-url>]|[revocation-check [None|<method1>|<method2>]]
Description
Use this command to specify the certificates used to sign OCSP for the revocation check point.
Syntax
Parameter rcp
Description
Specifies the revocation check point. A revocation checkpoint is automatically created when a TrustedCA or IntermediateCA certificate is imported on the controller.
crl-location <file>
Location of the CRL that is used for the rcp. The specified CRL filename must be previously imported onto the controller before using this option.
enable-ocsp-responder
Enables the OCSP Responder for this revocation checkpoint. The default is disabled.
ocsp-responder-cert <ocsp-responder-cert>
Specifies the certificate that is used to verify OCSP responses. The certificate name has to be one of the certificates shown as output when the CLI command
show crypto-local pki ocsprespondercert is used.
ocsp-signer-cert <ocsp-signer-cert> ocsp-url <ocsp-url>
Specifies the certificate that is used to sign OCSP responses for this revocation check point. The OCSP signer certificate must be previously imported on to the controller (using the WebUI). The OCSP signer cert can be the same trusted CA as the check point, a designated OCSP signer certificate issued by the same CA as the check point or some other local trusted authority.
If the ocsp-signer-cert is not specified, OCSP responses are signed using the global OCSP signer certificate. If that is not present, than an error message is sent out to clients.
NOTE: The OCSP signer certificate (if configured) takes precedence over the global OCSP signer certificate as this is check point specific.
Configures the OCSP Server URL. The URL has to be in the form of http://my.responder.com/path. This parameter can contain only one responder URL at time.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local pki rcp | 350
Parameter
Description
revocation-check None <method1> <method2>
Configures the revocation check methods used for this rcp. Options include:
l None (default)- No revocation checks are performed for certificates being verified against this trusted CA.
l CRL- CRL is used for the revocation check method.
l OCSP- OCSP is used for the revocation check method.
You can configure one fallback method.
Usage Guidelines
This command lets you configure the check methods that are used for this revocation check point.. You can configure the controller to perform real-time certificate revocation checks using the Online Certificate Status Protocol (OCSP) or traditional certificate validation using the Certificate Revocation List (CRL) client. Refer to the Certificate Revocation chapter in the Dell Networking W-Series ArubaOS 6.4.x User Guide for more information on how to configure this feature using both the WebUI and CLI.
Example
This example configures an OCSP client with the revocation check method as OCSP with CRL configured as the back up method.
The OCSP responder certificate is configured as RootCA-Ocsp_responder. The corresponding OCSP responder service is available at http://10.4.46.202/ocsp. The revocation check method is OCSP with CRL configured as the back up method.
crypto-local pki rcp CARoot ocsp-responder-cert RootCA-Ocsp_responder ocsp-url http://10.4.46.202/ocsp crl-location file Security1-WIN-05PRGNGEKAO-CA-unrevoked.crl revocation-check ocsp crl
Related Commands
Command crypto-local pki
Description
This command configures a local certificate, OCSP signer or responder certificate and Certificate Revocation List (CRL). You can also list revocation checkpoints and enable the responder service.
show crypto-local pki
This command shows local certificate, OCSP signer or responder certificate and CRL data and statistics.
Mode Config mode
Config mode
351 | crypto-local pki rcp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 3.2 ArubaOS 6.1
Modification
Command introduced.
The following parameters were introduced: l CRL l Intermediate CA l OCSPResponderCert l OCSPSignerCert l global-ocsp-signer-cert l rcp l service-ocsp-responder
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto-local pki rcp | 352
crypto map global-map
crypto map global-map <map-number> ipsec-isakmp {dynamic <dynamic-map-name>}|{ipsec <ipsecmap-name>}
Description
This command configures the default global map.
Syntax
Parameter <map-number> dynamic
Description Use a dynamic map.
<dynamic-map-name>} Name of the dynamic map.
ipsec
Use a IPsec map.
<ipsec-map-name>
Name of an IPsec map.
Usage Guidelines
This command identifies the dynamic or ipsec map used as the default global map. If you have not yet defined a dynamic or ipsec map, issue the command crypto map global-map or crypto-local ipsec-map to define map parameters.
Example
The following command configures the global map with the dynamic map named dynamic_map_2. (host)(config) #crypto map global-map 2 ipsec-isakmp dynamic dynamic_map_2
Command History
This command was introduced in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
353 | crypto map global-map
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto
crypto pki csr {rsa key_len <key_val> |{ec curve-name <key_val>} common_name <common_val> country <country_val> state_or_province <state> city <city_val> organization <organization_val> unit <unit_val> email <email_val>
expirycheck
Description
Generate a certificate signing request (CSR) for the captive portal feature.
Syntax
Parameter rsa key_len <key_val>
ec curve-name <key_val>
common_name <common_val> country <country_val> state_or_province <state> city <city_val> organization <organization_val> unit <unit_val> email <email_val> expirycheck
Description
Generate a certificate signing request with a Rivest, Shamir and Adleman (RSA) key with one of the following supported RSA key lengths: l 1024 l 2048 l 4096
Generate a certificate signing request with an elliptic-curve (EC) key, with one of the following EC types: l secp256r1 l secp384r1
Specify a common name, e.g., www.yourcompany.com.
Specify a country name, e.g., US or CA.
Specify the name of a state or province.
Specify the name of a city.
Specify the name of an organization unit, e.g., sales.
Specify a unit value, e.g. EMEA.
Specify an email address, in the format name@mycompany.com.
Run an expiry check on all certificates on the controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto | 354
Usage Guidelines
Use this command in enable mode to generate a CSR for the Captive Portal feature or to see all controller certificates are expiring. Display the CSR output by entering the command show crypto pki csr.
Example
The following command configures a CSR for a user with the email address jdoe@example.com. (host)(config) #crypto pki csr key 1024 common_name www.example.lcom country US state_or_ province ca city Sunnyvale organization engineering unit pubs email jdoe@example.com
Command History
Release ArubaOS 3.1
Modification Command introduced.
ArubaOS 6.1
The ec curve-name parameter was introduced to support certificate signing requests using an elliptic-curve (EC) key
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
355 | crypto
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto pki-import
crypto pki-import {der|pem|pfx|pkcs12|pkcs7} {CRL|IntermediateCA|OCSPResponderCert|OCSPSignerCert|PublicCert|ServerCert|TrustedCA} <name>
Description
Import certificates for the captive portal feature.
Syntax
Parameter der
Description Import the following certificates in DER format.
CRL <name>
Import a CRL.
IntermediateCA <name>
Import an intermediate CA certificate.
OCSPResponderCert <name> Import an OCSP Responder certificate.
OCSPSignerCert <name>
Import an OCSP Signer certificate.
PublicCert <name>
Import a public certificate.
ServerCert <name>
Import a server certificate.
TrustedCA <name>
Import a trusted CA certificate.
pem
Import a certificate in x509 PEM format. See certificate types under
the der parameter.
pfx
Import a certificate in PFX format. See certificate types under the der
parameter.
pkcs12
Import a certificate in PKCS12 format.See certificate types under the derparameter.
pkcs7
Import a certificate in PKCS7 format. See certificate types under the der parameter.
Usage Guidelines
Use this command in enable mode to install a CSR for the Captive Portal feature.
Example
The following command installs a server certificate in DER format. (host)(config) #crypto pki-import der ServerCert cert_20
Dell Networking W-Series ArubaOS 6.4.x | User Guide
crypto pki-import | 356
Command History
Release ArubaOS 3.0 ArubaOS 6.1
Modification
Command introduced.
The CRL, IntermediateCA, OCSPResponderCert, OCSPSignerCert parameters were added.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
357 | crypto pki-import
Dell Networking W-Series ArubaOS 6.4.x | User Guide
database synchronize
database synchronize period <minutes>|captive-portal-custom
Description
This command manually synchronizes the database between a pair of redundant master controllers
Syntax
Parameter
Description
captive-portal custom Includes custom captive portal files..
period
Configures the interval for automatic database synchronization.
<minutes>
Interval in minutes. Range is 1 -- 25200 minutes.
Usage Guidelines
This command takes effect immediately. If a peer is not configured, the controller displays an error message. Use the database synchronize period command in config mode to configure the interval for automatic database synchronization. Use the database synchronize rf-plan-data command to include RF plan data when synchronizing in standby mode.
Example
The following commands cause the database on the active master controller to synchronize with the standby in 25 minute intervals. The synchronization includes RF plan data. (host) (config) #database synchronize period 25
Command History
Version ArubaOS 3.0
Description Command introduced.
ArubaOS 6.3
The captive-portal-custom parameter was introduced. The parameter rf-plan-data is deprecated.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config modes on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
database synchronize | 358
delete
delete {filename <filename>|ssh-host-addr <ipaddr>|ssh-known-hosts}
Description
This command deletes a file or RSA signature entry from flash.
Syntax
Parameter filename ssh-host-addr
ssh-known -hosts
Description
Name of the file to be deleted.
Deletes the entry stored in flash for the RSA host signature created when you run the copy scp command.
Deletes all entries stored in flash for the RSA host signatures created when you run the copy scp command.
Usage Guidelines
To prevent running out of flash file space, you should delete files that you no longer need. The copy scp command creates RSA signatures whenever it connects to a new host. These host signatures are stored in the flash file system.
Example
The following command deletes a file: (host) #delete filename december-config-backup.cfg The following command deletes an RSA signature entry from flash: (host) #delete ssh-host-addr 10.100.102.101 The following command deletes all RSA signature entries from flash: (host) #delete ssh-known-hosts
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
359 | delete
Dell Networking W-Series ArubaOS 6.4.x | User Guide
destination
destination <STRING> <A.B.C.D> [invert]
Description
This command configures the destination name and address.
Syntax
Parameter STRING A.B.C.D invert
Description Destination name. Destination IP address or subnet. Specifies all destinations except this one.
Range Alphanumeric -- --
Usage Guidelines
You can configure the name and IP address of the destination. You can optionally configure the subnet, or invert the selection.
Example
The following example configures a destination called "Home" with an IP address of 10.10.10.10. (host) (config) #destination Home 10.10.10.10
Command History
Release ArubaOS 1.0
Modification Command introduced
ArubaOS 3.0
Replaced with netdestination command.
Command Information
Availability
License
Can be used only on the master controller.
Requires the PEF NG license
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
destination | 360
dialer group
crypto-local dialer group <name> dial-string <string> init-string <string> no ...
Description
Configure a dialer group with dialing parameters for a USB modem.
Syntax
Parameter dial-string init-string
Description
The dial string column specifies the number to dial.
The init string can contain carrier-specific dialing options for the USB modem. You can often find these settings in online forums or from your ISP.
Usage Guidelines
Use this command to configure dial settings for a USB modem connected to a W-600 Series controller.
Example
(host) (config) dialer group gsm_us init-string AT+CGDCONT=1,"IP","ISP.CINGULAR"
Command History
Introduced in ArubaOS 3.4.
Command Information
Platforms W-600 Series controllers
Licensing Base operating system
Command Mode
Config mode on master and local controllers
361 | dialer group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
dir
dir
Description
This command displays a list of files stored in the flash file system.
Syntax
No parameters.
Usage Guidelines
Use this command to view the system files associated with the controller.
Output from this command includes the following:
l The first column contains ten place holders that display the file permissions. n First place holder: Displays - for a file or d for directory. n Next three place holders: Display file owner permissions: r for read access, w for write access permissions, x for executable. n Following three place holders: Display member permissions: r for read access or x for executable. n Last three place holders: Display non-member permissions: r for read access or x for executable.
l The second column displays the number of links the file has to other files or directories. l The third column displays the file owner. l The fourth column displays group/member information. l The remaining columns display the file size, date and time the file was either created or last modified, and
the file name.
Example
The following command displays the files currently residing on the system flash:
(host) #dir
The following is sample output from this command:
-rw-r--r--rw-r--r--rw-r--r--rw-r--r--rw-r--r--rw-r--r--rw-r--r--
1 root 1 root 1 root 1 root 1 root 1 root 2 root
root root root root root root root
9338 Nov 20 10:33 class_ap.csv 1457 Nov 20 10:33 class_sta.csv 16182 Nov 14 09:39 config-backup.cfg 14174 Nov 9 2005 default-backup-11-8-05.cfg 16283 Nov 9 12:25 default.cfg 22927 Oct 25 12:21 default.cfg.2006-10-25_20-21-38 19869 Nov 9 12:20 default.cfg.2006-11-09_12-20-22
Command History
Introduced in ArubaOS 1.0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
dir | 362
Command Information
Platform Available on all platforms
License
Available in the base operating system
Command Mode
Enable and Config modes on local or master controllers
363 | dir
Dell Networking W-Series ArubaOS 6.4.x | User Guide
disable-whitelist-sync
disable-whitelist-sync
Description
This command disables whitelist synchronization with local or Cloud Services Controller on the master controller. Whitelist database synchronization is enabled by default.
Syntax
No parameters.
Usage Guidelines
By default, the whitelist database synchronization is enabled between the master and local or cloud services controller. Once the whitelist database entries are synchronized across all controllers, issue the disablewhitelist-sync command on the master controller to disable the synchronization. Configuring this parameter reduces the number of database queries on the master controller. Enable this parameter to synchronize the whitelist database with all local or Cloud Services controllers. Once synchronized, issue the disable-whitelist-sync command to disable the synchronization. Enabling this parameter may increase the number of database queries on the master controller. Use this command when the number of APs and local or Cloud Services controllers is high in the network.
Enabling the whitelist database synchronization may increase the mysqldb process CPU utilization on the master controller if there is a large number of whitelist entries and local or cloud services controllers terminating on the master.
Example
The following command disables whitelist synchronization. (host) (config) #disable-whitelist-sync Whitelist sync has been disabled The following command re-enables whitelist synchronization if it was manually disabled. (host) (config) #no disable-whitelist-sync Whitelist sync has been enabled
Command History
Version ArubaOS 6.4.3.0
Description Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
disable-whitelist-sync | 364
dot1x
high-watermark <1-32000> stm-throttling percent <throttling%> no ...
Use this command only under the supervision of Dell support.
Description
Use this command under the guidance of Dell support to configure the maximum and minimum thresholds of the table that contains 802.1X sessions being processed.
Syntax
Parameter high-watermark
Description
The maximum entries in the Active table. When the number of entries in the Active Table reaches the High WaterMark value, new requests are queued on the Pending Table
stm-throttling
Use this command to enable STM throttling when the total entries in Pending Table are greater than (stm-throttling perceng) * (high watermark).
Command History
Introduced in ArubaOS 6.3.1.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
365 | dot1x
Dell Networking W-Series ArubaOS 6.4.x | User Guide
dpi
dpi custom-app <name> <http/s uri host> <http/s uri path> global-bandwidth-contract {app <name>[downstream |upstream][kbits|mbits <value>}| {appcategory <name>[downstream |upstream][kbits|mbits <value>}
Description
This command configures Deep-Packet Inspection and the global bandwidth contract for an application or application category for the AppRF feature.
Syntax
Parameter custom-app
<name> <http/s uri host>
<http/s uri path>
Description
The application or application category.
Name of the application or application category.
HTTP or HTTPS URI host of the application or application category.
HTTP or HTTPS URI path of the application or application category.
global-bandwidth-contract app <name> appcategory <name>
downstream upstream kbits <value> mbits <value>
Configures the global bandwidth contract for an application or application category.
Name of the application. For a complete list of supported applications, issue the command show dpi application all.
Name of the application category. For a complete list of supported application categories, issue the command show dpi application category all.
Bandwidth contract to downstream traffic.
Bandwidth contract to upstream traffic.
Specify bandwidth in kbits per second. Range: 256-2000000.
Specify bandwidth in mbits per second. Range: 1-2000.
Usage Guidelines
You can configure bandwidth contracts to limit application and application categories on an application or global level.
Example
To configure global bandwidth contracts: (host)(config) #dpi global-bandwidth-contract[app|appcategory] <name>[downstream|upstream][kbits|mbits]<256..2000000> To show global bandwidth contract configuration output:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
dpi | 366
(host) #show dpi global-bandwidth-contract all (host) #show dpi global-bandwidth-contract app name (host) #show dpi global-bandwidth-contract appcategory name
Command History
Introduced in ArubaOS 6.4
Command Information
Platform Available on all platforms
License
Available in the base operating system
Command Mode
Config mode on local or master controllers
367 | dpi
Dell Networking W-Series ArubaOS 6.4.x | User Guide
dynamic-ip
dynamic-ip restart
Description
This command restarts the PPPoE or DHCP process.
Syntax
No parameters.
Usage Guidelines
This command can be used to renegotiate DHCP or PPPoE parameters. This can cause new addresses to be assigned on a VLAN where the DHCP or PPPoE client is configured.
Command History
This command was introduced in ArubaOS 3.0
Command Information
Platform
License
Available on all platforms
Available in the base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
dynamic-ip | 368
eject usb
eject usb:
Description
Use this command to eject a USB device from your controller.
Usage Guidelines
Use this command to safely remove an external USB device,
Example
(host) #eject usb:
Command History
Command introduced in ArubaOS 6.2
Command Information
Platform Available on all platforms
License
Command Mode
Available in the base operating system
User mode on master or local controllers in enable mode.
369 | eject usb
Dell Networking W-Series ArubaOS 6.4.x | User Guide
enable
enable
Description
This user mode command switches the controller into enable mode. The enable mode allows you to access privileged commands.
Usage Guidelines
To enter enable mode, you are prompted for the password configured during the controller's initial setup. Passwords display as asterisks (*) when you enter them. To change the password, use the config mode enable secret command. If you lose or forget the enable mode password, resetting the default admin user password also resets the enable mode password to "enable". See the Dell Networking W-Series ArubaOS User Guide for more information about resetting the admin and enable mode passwords. When you are in enable mode, the CLI prompt ends with the hash (#) character.
Example
The following example allows you to enter enable mode on the controller. (host) >enable Password: ****** (host) #
Command History
Command introduced in ArubaOS 1.0.
Command Information
Platform Available on all platforms
License
Command Mode
Available in the base operating system
User mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
enable | 370
enable bypass
enable bypass no enable bypass
Description
This config mode command allows you to bypass the enable password prompt and go directly to the privileged command mode.
Usage Guidelines
Use this command when you want to access the privileged mode directly after logging in to the controller and not be prompted to enter an enable mode password. To restore the enable mode password prompt, use the config mode command. no enable bypass.
Example
The following example allows bypass the enable mode password prompt. (host) #configure terminal Enter Configuration commands, one per line. End with CNTL/Z
(host) (config) #enable bypass (host) (config) #
Command History
Version ArubaOS 6.0
Modification Command introduced
Command Information
Platform Available on all platforms
License
Available in the base operating system
Command Mode
Config mode on master or local controllers
371 | enable bypass
Dell Networking W-Series ArubaOS 6.4.x | User Guide
enable secret
enable secret
Description
This config mode command allows you to change the password for enable mode.
Usage Guidelines
Use this command to change the password for enable mode. To reset the password to the factory default of "enable", use the no enable command.
The password must not contain a space and special characters.
Example
The following example allows you to change the password for enable mode. (host) #configure terminal Enter Configuration commands, one per line. End with CNTL/Z
(host) (config) #enable secret Password:****** Re-Type password: ****** (host) (config) #
Command History
Version ArubaOS 1.0
Modification Command introduced
ArubaOS 3.3.2
Updated with restriction of the secret phase
Command Informatio
Platform Available on all platforms
License
Available in the base operating system
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
enable secret | 372
encrypt
encrypt {disable|enable}
Description
This command allows passwords and keys to be displayed in plain text or encrypted.
Syntax
Parameter disable
Description Passwords and keys are displayed in plain text
enable
Passwords and keys are displayed encrypted
Default -- enabled
Usage Guidelines
Certain commands, such as show crypto isakmp key, display configured key information. Use the encrypt command to display the key information in plain text or encrypted.
Example
The following command allows passwords and keys to be displayed in plain text: (host) #encrypt disable
Command History
Introduced in ArubaOS 3.0
Command Information
Platform Available on all platforms
License
Available in the base operating system
Command Mode
Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
encrypt | 374
esi group
esi group <name> [no]|[ping <attributes>]|[server <server>]
Description
This command configures an ESI group.
Syntax
Parameter no
Description Negates any configured parameter.
ping
Specify the name of a set of ping checking attributes defined via the command esi ping. Only one set is allowed.
server
Specify the name of a server to be added or removed from the ESI group. You define ESI servers via the command esi server.
Usage Guidelines
Use the show esi group command to show ESI group information.
Example
The following command sets up the ESI group named "fortinet." (host) (config) #esi group fortinet
ping default server forti_1
Command History
Introduced in ArubaOS 2.5
Command Information
Platform Available on all platforms
License Requires the PEFNG license
Command Mode
Config mode on master or local controllers
375 | esi group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
esi parser domain
esi parser domain <name> [no] | [peer <peer-ip>] | [server <ipaddr>]
Description
This command configures an ESI syslog parser domain.
Syntax
Parameter no peer
server
Description
Negates any configured parameter
(Optional.) Specify the IP address of an another controller in this domain. These controllers are notified when the user cannot be found locally. This command is needed only when multiple controllers share a single ESI server
Specify the IP address of the ESI server to which the controller listens.
Usage Guidelines
The ESI parser is a generic syslog parser on the controller that accepts syslog messages from external thirdparty appliances such as anti-virus gateways, content filters, and intrusion detection systems. It processes syslog messages according to user-defined rules and takes configurable actions on the corresponding system users. ESI servers (see esi server on page 383) are configured into domains to which ESI syslog parser rules (see esi parser rule on page 377) are applied. Use the show esi parser domains command to show ESI parser domain information.
Example
The following commands configure a virus syslog parser domain named "fortinet" which contains the ESI server "forti_1" with the trusted IP address configured using the command esi server. (host) (config) #esi parser domain fortinet server 10.168.172.3
Command History
Introduced in ArubaOS 3.1.
Command Information
Platform Available on all platforms
License Requires the PEFNG license
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
esi parser domain | 376
esi parser rule
esi parser rule <rule_name> [condition <expression>] | [domain <name>] | [enable] [match {ipaddr <expression> | mac <expression> | user <expression> }] | [no] | [position <position>] | [set {blacklist | role <role>} | [test {msg <msg> | file <filename>}]
Description
This command creates or changes an ESI syslog parser rule.
Syntax
Parameter Description
condition
Specifies the REGEX (regular expression) pattern that uniquely identifies the syslog.
Range --
domain
(Optional.) Specify the ESI syslog parser domain to which -- this rule applies. If not specified, the rule matches with all configured ESI servers.
enables
Enables this rule.
--
Note: The condition, user match, and set action parameters must be configured before the rule can be enabled.
match
Specifies the user identifier to match, where ipaddr,
--
mac, and user take a REGEX pattern that uniquely
identifies the user.
no
Negates any configured parameter.
--
position
Specifies the rule's priority position.
132; 1 highest
set
Specifies the action to take: blacklist the user or change
--
the user role.
Note: The role entity should be configured before it is accepted by the ESI rule.
test
Test the regular expression output configured in the
--
esi parser rules command. You can test the
expressions against a specified syslog message, or test
the expression against a sequence of syslog messages
contained in a file.
Default -- --
Not enabled
--
-- -- --
--
377 | esi parser rule
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Usage Guidelines
The user creates an ESI rule by using characters and special operators to specify a pattern that uniquely identifies a syslog message. This "condition" defines the type of message and the ESI domain to which this message pertains. The rule contains three major fields:
l Condition: The pattern that uniquely identifies the syslog message type. l User: The username identifier. It can be in the form of a name, MAC address, or IP address. l Action: The action to take when a rule match occurs.
Once a condition match occurs, no further rule-matching will be made. For the matching rule, only one action can be defined.
For more details on the character-matching operators, repetition operators, and expression anchors used to defined the search or match target, refer to the External Services Interfacechapter in the Dell Networking WSeries ArubaOS 6.4.x User Guide .
Use the show esi parser rules command to show ESI parser rule information. Use the show esi parser stats command to show ESI parser rule statistical information
Examples
The following command sets up the Fortigate virus rule named "forti_rule." This rule parses the virus detection syslog scanning for a condition match on the log_id value (log_id=) and a match on the IP address (src=).
(host) (config) #esi parser rule forti_rule condition "log_id=[0-9]{10}[ ]" match ipaddr "src=(.*)[ ]" set blacklist domain fortinet enable
In this example, the corresponding ESI expression is:
< Sep 26 18:30:02 log_id=0100030101 type=virus subtype=infected src=1.2.3.4 >
The following example of the test command tests a rule against a specified single syslog message.
test msg "26 18:30:02 log_id=0100030101 type=virus subtype=infected src=1.2.3.4"
< 26 18:30:02 log_id=0100030101 type=virus subtype=infected src=1.2.3.4 >
=====
Condition:
Matched with rule "forti_rule"
User:
ipaddr = 1.2.3.4
=====
The following example of the test command tests a rule against a file named test.log, which contains several syslog messages.
test file test.log
< Sep 26 18:30:02 log_id=0100030101 type=virus subtype=infected src=1.2.3.4 >
==========
Condition:
Matched with rule "forti_rule"
User:
ipaddr = 1.2.3.4
==========
< Oct 18 10:43:40 cli[627]: PAPI_Send: To: 7f000001:8372 Type:0x4 Timed out. >
==========
Condition:
No matching rule condition found
==========
Dell Networking W-Series ArubaOS 6.4.x | User Guide
esi parser rule | 378
< Oct 18 10:05:32 mobileip[499]: <500300> <DBUG> |mobileip| Station 00:40:96:a6:a1:a4,
10.0.100.103: DHCP FSM received event: RECEIVE_BOOTP_REPLY current: PROXY_DHCP_NO_PROXY,
next: PROXY_DHCP_NO_PROXY >
==========
Condition:
No matching rule condition found
==========
Command History
Introduced in ArubaOS 3.1
Command Information
Platform Available on all platforms.
License Requires the PEFNG license
Command Mode
Config mode on master and local controllers
379 | esi parser rule
Dell Networking W-Series ArubaOS 6.4.x | User Guide
esi parser rule-test
esi parser rule-test [file <filename>] | [msg <msg>]
Description
This command allows you to test all of the enabled parser rules.
Syntax
Parameter Description
file
Tests against a specified file containing more than one syslog message.
msg
Tests against a syslog message, where <msg> is the message text.
Usage Guidelines
You can test the enabled parser rules against a syslog message input, or run the expression through a file system composed of syslog messages. The command shows the match result as well as the user name parsed for each message.
Example
The following command tests against a specified single syslog message. (host) (config) #esi parser rule-test msg "26 18:30:02 log_ id=0100030101 type=virus subtype=infected src=1.2.3.4"
< 26 18:30:02 log_id=0100030101 type=virus subtype=infected src=1.2.3.4 >
=====
Condition:
Matched with rule "forti_rule"
User:
ipaddr = 1.2.3.4
=====
The following command tests against a file named test.log, which contains several syslog messages. esi parser rule-test file test.log
< Sep 26 18:30:02 log_id=0100030101 type=virus subtype=infected src=1.2.3.4 >
==========
Condition:
Matched with rule "forti_rule"
User:
ipaddr = 1.2.3.4
==========
< Oct 18 10:43:40 cli[627]: PAPI_Send: To: 7f000001:8372 Type:0x4 Timed out. >
==========
Condition:
No matching rule condition found
==========
< Oct 18 10:05:32 mobileip[499]: <500300> <DBUG> |mobileip| Station 00:40:96:a6:a1:a4,
10.0.100.103: DHCP FSM received event: RECEIVE_BOOTP_REPLY current: PROXY_DHCP_NO_PROXY,
next: PROXY_DHCP_NO_PROXY >
==========
Condition:
No matching rule condition found
Dell Networking W-Series ArubaOS 6.4.x | User Guide
esi parser rule-test | 380
==========
Command History
Introduced in ArubaOS 3.1
Command Information
Platform
Available on all platforms
License Requires the PEFNG license
Command Mode
Config mode on master and local controllers
381 | esi parser rule-test
Dell Networking W-Series ArubaOS 6.4.x | User Guide
esi ping
esi ping <ping-name> [frequency <seconds>] | [no] | [retry-count <count>] | [timeout <seconds>] |
Description
This command specifies the ESI ping health check configuration.
Syntax
Parameter frequency no retry-count timeout
Description Specifies the ping frequency in seconds. Negates any configured parameter Specifies the ping retry count Specifies the ping timeout in seconds.
Usage Guidelines
Use the show esi ping command to show ESI ping information.
Example
The following command specifies the ping health check attributes. (host) (config) #esi ping default
frequency 5 retry-count 2 timeout 2
Command History
Introduced in ArubaOS 2.5
Command Information
Platform Available on all platforms
License Requires the PEFNG license
Range 165536 -- 165536 165536
Default
-- 2 2
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
esi ping | 382
esi server
esi server <name> [dport <tcp-udp-port>] | [mode {bridge | nat | route}] | [no] | [trusted-ip-addr <ip-addr> [health-check]] | [trusted-port <slot/port>] | [untrusted-ip-port <ip-addr> [health-check]] | [untrusted-port <slot/port>]
Description
This command configures an ESI server.
Syntax
Parameter dport
Description Specifies the NAT destination TCP/UDP port.
mode
Specifies the ESI server mode of operation: bridge, nat, or route
no
Negates any configured parameter.
trusted-ip-addr
Specifies the server IP address on the trusted network. As an option, you can also enable a health check on the specified address
trusted-port
Specifies the port connected to the trusted side of the ESI server; slot/port format.
untrusted-ip-addr Specifies the server IP address on the untrusted network. As an option, you can also enable a health check on the specified address
untrusted-port
Specifies the port connected to the untrusted side of the ESI server.
Usage Guidelines
Use the show esi server command to show ESI server information.
Example
The following command specifies the ESI server attributes. (host) (config) #esi server forti_1
mode route trusted-ip-addr 10.168.172.3 untrusted-ip-addr 10.168.171.3
Command History
Introduced in ArubaOS 2.5.
383 | esi server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platform Available on all platforms
License Requires the PEFNG license
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
esi server | 384
exit
exit
Description
This command exits the current CLI mode.
Syntax
No parameters.
Usage Guidelines
Upon entering this command in a configuration sub-mode, you are returned to the configuration mode. Upon entering this command in configuration mode, you are returned to the enable mode. Upon entering this command in enable mode, you are returned to the user mode. Upon entering this command in user mode, you are returned to the user login.
Example
The following sequence of exit commands return the user from the interface configuration sub-mode to the user login: (host) (config-if) #exit (host) (config) #exit (host) #exit (host) >exit User:
Command History
Introduced in ArubaOS 3.0
Command Information
Platform Available on all platforms
License
Command Mode
Available in the base operating system
Available in the following command modes: l User l Enable l Config l Config sub-modes
385 | exit
Dell Networking W-Series ArubaOS 6.4.x | User Guide
export
export gap-db <filename>
Description
This command exports the global AP database to the specified file.
Syntax
Parameter <filename>
Description Name of the file to which the global AP database is exported.
Usage Guidelines
This command is intended for system troubleshooting. You should run this command only when directed to do so by a Dell support representative. The global AP database resides on a master controller and contains information about known APs on all controllers in the system. You can view the contents of the global AP database with the show ap database command.
Example
The following command exports the global AP database to a file: (host) #export gap-db global-ap-db
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platform Available on all platforms
License
Available in the base operating system
Command Mode
Enable mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
export | 386
file syncing profile
file syncing profile file-syncing-enable no sync-time
Description
This command allows the user to configure the file syncing profile.
Syntax
Parameter file-syncing-enable no sync-time
Description Enables file syncing on the controller. Negates any configured parameter. Configures the time, in minutes, between file syncs.
Range -- -- 30 - 180
Default enabled
--
30 minutes
Usage Guidelines
This command enables or disables the file syncing. Additionally, the time between syncs can be configured as part of the file syncing profile.
Example
The following example shows how to enable the file syncing. (host) (config) #file syncing profile (host) (File syncing profile) #file-syncing-enable
Command History
This command was introduced in ArubaOS 6.4.1.
Command Information
Platform Available on all platforms
License
Available in the base operating system
Command Mode Config mode on master controllers.
387 | file syncing profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
fips
fips [disable|enable]
This command applies only to the FIPS version of ArubaOS.
Description
This command enables and disables the FIPS mode of operation.
Syntax
Parameter enable disable
Description Enables the FIPS mode of operation. Disables the FIPS mode of operation.
Usage Guidelines
This command enables or disables the FIPS mode of operation. You can view the FIPS mode of operation status using the show fips command.
Example
The following example shows how to enable the FIPS mode of operation. (host) #fips enable
Command History
This command was introduced in ArubaOS-FIPS 2.4.
Command Information
Platform Available on all platforms
License
Available in the base operating system
Command Mode
Enable mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
fips | 388
firewall
firewall allow-stun allow-tri-session amsdu attack-rate arp <1-16384> {blacklist|drop} cp <1-16384> grat-arp <1-16384> {blacklist|drop} ping <1-16384> session <1-16384> tcp-syn <1-16384>
bwcontracts-subnet-broadcast cp cp-bandwidth-contract deny-inter-user-bridging deny-inter-user-traffic deny-source-routing disable-ftp-server disable-stateful-h323 disable-stateful-sccp-processing disable-stateful-sip-processing disable-stateful-sips-processing disable-stateful-ua-processing disable-stateful-vocera-processing dpi drop-ip-fragments enable-bridging enable-per-packet-logging enforce-tcp-handshake enforce-tcp-sequence gre-call-id-processing imm-fb jumbo local-valid-users log-icmp-error optimize-dad-frames prevent-dhcp-exhaustion prohibit-arp-spoofing prohibit-ip-spoofing prohibit-rst-replay public-access session-idle-timeout <seconds> session-mirror-destination session-mirror-ipsec session-tunnel-fib session-voip-timeout shape-mcast stall-crash voip-wmm-content-enforcement web-cc web-cc-cache-miss-drop
Description
This command configures firewall options on the controller.
389 | firewall
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Syntax
Parameter allow-stun
Description
Range
Allows ICE-STUN based firewall -- traversal.
allow-tri-session
Allows three-way session when -- performing destination NAT. This option should be enabled when the controller is not the default gateway for wireless clients and the default gateway is behind the controller. This option is typically used for captive portal configuration.
amsdu
Aggregated Medium Access
--
Control Service Data Units
(AMSDU) packets are dropped
if this option is enabled.
attack-rate arp <1-16384> {blacklist|drop} cp <1-16384> grat-arp <1-16384> {blacklist|drop} ping <1-16384> session <1-16384> tcp-syn <1-16384>
Sets rates which, if exceeded, can indicate a denial of service attack.
l arp: Monitor/police ARP attack (non Gratuitous ARP).
l cp: Monitor/police Control Processor (CP) attack.
l grat-arp: Monitor/police Gratuitous ARP attack.
l ping: Monitor ping attack.
l session: Monitor IP session attack.
l tcp-syn: Monitor TCP SYN attack.
NOTE: <1-16384> denotes the number of arp, cp, grat-arp, ping, session, or tcp-syn requests per 30 seconds.
bwcontracts-subnet-broadcast
Applies bw contracts to local subnet broadcast traffic.
116384
--
cp
See firewall cp on page 398
cp-bandwidth-contract
See firewall cp-bandwidthcontract on page 401
Default enabled disable d
disable d --
--
Dell Networking W-Series ArubaOS 6.4.x | User Guide
firewall | 390
Parameter deny-inter-user-bridging
deny-inter-user-traffic
deny-source-routing disable-ftp-server
disable-stateful-h323processing disable-stateful-sccp-processing disable-stateful-sip-processing
Description
Range
Prevents the forwarding of
--
Layer2 traffic between wired or
wireless users. You can
configure user role policies
that prevent Layer3 traffic
between users or networks but
this does not block Layer2
traffic. This option can be used
to prevent traffic, such as
Appletalk or IPX from being
forwarded. If enabled, traffic
(all non-IP traffic) to untrusted
port or tunnel is also blocked.
Default
disable d
Denies downstream traffic
--
between users in a wireless
network (untrusted users) by
disallowing layer2 and layer3
traffic. This parameter does
not depend on the deny-inter-
user-bridging parameter
being enabled or disabled.
disable d
Disallows forwarding of IP frames -- with source routing with the source routing options set.
Disables the FTP server on the -- controller. Enabling this option prevents FTP transfers.
Enabling this option could cause APs to not boot up. You should not enable this option unless instructed to do so by a Dell representative.
Disables stateful H.323
--
processing.
Disables SCCP processing.
--
Disables monitoring of
--
exchanges between a voice
over IP or voice over WLAN
device and a SIP server. This
option should be enabled only
when there is no VoIP or
VoWLAN traffic on the network.
disabled
disable d
disable d disable d disable d
391 | firewall
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter disable-stateful-sips-processing disable-stateful-ua-processing disable-stateful-vocera-processing dpi drop-ip-fragments enable-bridging enable-per-packet-logging
enforce-tcp-handshake
enforce-tcp-sequence
Description
Configure the controller to read SIP signaling messages sent by Lync clients on port 5061.
Range --
Default enabled
Disables stateful UA processing.
--
disable
d
Disables stateful VOCERA
--
processing.
disable d
Enables Deep-Packet Inspection (DPI)
--
disable
d
When enabled, all IP fragments -- are dropped. You should not enable this option unless instructed to do so by a Dell representative.
disable d
Enables bridging when the
--
controller is in factory default.
disable d
Enables logging of every
--
packet if logging is enabled for
the corresponding session
rule. Normally, one event is
logged per session. If you
enable this option, each packet
in the session is logged. You
should not enable this option
unless instructed to do so by a
Dell representative, as doing
so may create unnecessary
overhead on the controller.
disable d
Prevents data from passing
--
between two clients until the
three-way TCP handshake has
been performed. This option
should be disabled when you
have mobile clients on the
network as enabling this option
will cause mobility to fail. You
can enable this option if there
are no mobile clients on the
network.
disable d
Enforces the TCP sequence
--
numbers for all packets.
disable d
Dell Networking W-Series ArubaOS 6.4.x | User Guide
firewall | 392
Parameter gre-call-id-processing imm-fb jumbo local-valid-users log-icmp-error optimize-dad-frames prevent-dhcp-exhaustion
prohibit-arp-spoofing
Description
Creates a unique state for each PPTP tunnel. Do not enable this option unless instructed to do so by a technical support representative.
Range --
Default
disable d
Immediately free buffers on W- --
--
7200controllers. Do not enable
this option unless instructed to
do so by a technical support
representative.
Enables jumbo frames processing.
--
disable
d
Adds only IP addresses, which
--
belong to a local subnet, to the
user-table.
disable d
Logs received ICMP errors. You -- should not enable this option unless instructed to do so by a Dell representative.
disable d
Reduce flooding of IPv4
--
Gratuitous ARPs/IPv6 Duplicate
Address Detection (DAD)
frames onto wireless clients.
enabled
Enable check for DHCP client
--
hardware address against the
packet source MAC address.
This command checks the
frame's source-MAC against
the DHCPv4 client hardware
address and drops the packet
if it does not match. Enabling
this feature prevents a client
from submitting multiple DHCP
requests with different
hardware addresses, thereby
preventing DHCP pool
depletion.
disable d
Detects and prohibits arp
--
spoofing. When this option is
enabled, possible arp spoofing
attacks are logged and an
SNMP trap is sent.
disable d
393 | firewall
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter prohibit-ip-spoofing
prohibit-rst-replay session-idle-timeout session-mirror-destination session-mirror-ipsec session-tunnel-fib session-voip-timeout
shape-mcast stall-crash Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
Range
Detects IP spoofing (where an
--
intruder sends messages using
the IP address of a trusted
client). When this option is
enabled, source and
destination IP and MAC
addresses are checked;
possible IP spoofing attacks
are logged and an SNMP trap
is sent.
Default
enabled in IPv4
disable d in IPv6
Closes a TCP connection in
--
both directions if a TCP RST is
received from either direction.
You should not enable this
option unless instructed to do
so by a Dell representative.
disable d
Time, in seconds, that a nonTCP session can be idle before it is removed from the session table. You should not modify this option unless instructed to do so by a Dell representative.
16-259
15 seconds
This parameter is deprecated. --
--
Use the packet-capture
command.
This parameter is deprecated.
--
Use the packet-capture com-
mand.
Enable session tunnel-based
--
forwarding.
NOTE: Best practices is to enable this parameter only during maintenance window or off-peak production hours.
Idle session timeout, in seconds, for sessions that are marked as voice sessions. If no voice packet exchange occurs over a voice session for the specified time, the voice session is removed.
16-300
-- disabled
300 seconds
Enables multicast optimization -- and provides excellent streaming quality regardless of the amount of VLANs or IP IGMP groups that are used.
Triggers datapath crash on stall
--
detection. Applies to the to W-
disable d
enabled
firewall | 394
Parameter voip-wmm-voip-content-enforcement web-cc
web-cc-cache-miss-drop
Description 7200 Series controllers only.
Range
If traffic to or from the user is
--
inconsistent with the
associated QoS policy for
voice, the traffic is reclassified
to best effort and data path
counters incremented.
This parameter requires the PEFNG license.
Default
disable d
Enables web content
--
classification for all HTTP
traffic. Once enabled, ArubaOS
enforces ACLs and bandwidth
policies associated with web
content categories or
reputation levels.
NOTE: On enabling web-cc, the web-cc feature usage information will be sent to Dell at every 7 days interval.
Issue this command to allow
--
the controller to drop any
packets that do not match any
web content category or
reputation levels in the
controller's internal web
content cache.
disable d
disable d
Usage Guidelines
This command configures global firewall options on the controller.
Example
The following command disallows forwarding of non-IP frames between users: firewall deny-inter-user-bridging
Related Commands
Release show firewall
Modification Display a list of global firewall policies.
395 | firewall
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 3.0
Modification Command introduced.
ArubaOS 3.2
The wmm-voip-content-enforcement parameter was introduced.
ArubaOS 3.3
The session-mirror-destination parameter was modified.
ArubaOS 3.3.2
The local-valid-users parameter was added.
ArubaOS 3.4
The voip-proxy-arp parameter was renamed to broadcast-filter-arp and it does not require a Voice license.
The prohibit-arp-spoofing parameter was added.
The deny-inter-user-traffic parameter was added.
ArubaOS 6.0 ArubaOS 6.1 ArubaOS 6.2 ArubaOS 6.2.1 ArubaOS 6.3
ArubaOS 6.4
The shape-mcast parameter was added.
The parameter amsdu was added.
The parameter clear-sessions-role-update was deprecated.
l The broadcast-filter arp parameter was deprecated. l The imm-fb parameter was introduced.
The following parameters were added: l jumbo l disable-stateful-sips-processing l deny-source-routing The parameters session-mirror-destination and session-mirror-ipsec have been deprecated. They were replaced by the destination and datapath ipsec parameters, respectively, of the packet-capture command.
The following parameters were added: l allow-stun l dpi l stall-crash
Dell Networking W-Series ArubaOS 6.4.x | User Guide
firewall | 396
Release ArubaOS 6.4.1.0
ArubaOS 6.4.2.0 ArubaOS 6.4.2.5
Modification The following sub-parameters were added: l arp l grat-arp
The web-cc and web-cc-cache-miss-drop parameters were added.
The optimize-dad-frames parameter was introduced.
Command Information
Platform Available on all platforms
License
Base operating system except the
voip-wmm-voipcontentenforcement parameter which requires the PEFNG license.
Command Mode Config mode on master controllers
397 | firewall
Dell Networking W-Series ArubaOS 6.4.x | User Guide
firewall cp
firewall cp ipv4|ipv6 deny|permit <ip-addr><ip-mask>|any|{host <ip-addr>} proto{<ip-protocol-number> ports <start port number><end port number>}|ftp|http|https|icmp|snmp|ssh|telnet|tftp [bandwidth-contract <name>]
no...
Description
This command creates whitelist session ACLs. Whitelist ACLs consist of rules that explicitly permit or deny session traffic from being forwarded or not to the controller. This prohibits traffic from being automatically forwarded to the controller if it was not specifically denied in a blacklist.The maximum number of entries allowed in the whitelist is 64.
Syntax
Parameter ipv4|ipv6 deny|permit <ip-addr><ip-mask>
any host <ip-addr> proto
IP protocol number
start port
end port
ftp http https icmp
Description Specifies ipv4 or ipv6.
Range --
Default --
Specifies the entry to reject (deny) on the
--
--
session ACL whitelist.
Specifies an entry that is allowed (permit) on the session ACL whitelist.
Specifies any IPv4 or IPv6 source address.
--
--
Indicates a specific IPv4 or IPv6 source address. --
--
Protocol that the session traffic is using.
--
--
Specifies the IP protocol number that is permitted or denied.
1-255
--
Specifies the starting port, in the port range, on 1-65535 -- which session traffic is running.
Specifies the last port, in the port range, on which session traffic is running.
1-65535 --
Specifies the File Transfer Protocol.
--
--
Specifies the Hypertext Trasfer Protocol.
--
--
Specifies the Secure HTTP Protocol.
--
--
Specifies the Internet Control Message Protocol.
--
--
Dell Networking W-Series ArubaOS 6.4.x | User Guide
firewall cp | 398
Parameter snmp
Description
Specifies the Simple Network Management Protocol.
ssh
Specifies the Secure Shell.
telnet
Specifies the Telnet protocol.
tftp
Specifies the Trivial File Transfer Protocol.
bandwidth-contract <name>
Specify the name of a bandwidth contract defined via the cp-bandwidth-contract command.
Range --
Default --
--
--
--
--
--
--
--
--
Usage Guidelines
This command turns the session ACL from a blacklist to a whitelist. A rule must exist that explicitly permits the session before it is forwarded to the controller and the last rule in the list denies everything else.
Example
The following command creates a whitelist ACL that allows on with the source address as 10.10.10.10 and the source mask as 2.2.2.2. The protocol is FTP and the bandwidth contract name is mycontract. (host) (config-fw-cp) #ipv4 permit 10.10.10.10 2.2.2.2 proto ftp bandwidth-contract name mycontract The following command creates a a whitelist ACL entry that denies traffic using protocol 2 on port 5000 from being forwarded to the controller: (host) (config-fw-cp) #deny proto 6 ports 5000 6000
Related Commands
Command show firewall-cp
Description Show Control Processor (CP) whitelist ACL info.
Mode
Enable or Config modes
cp-bandwidth-contract
This command configures a bandwidth contract traffic rate which can then be associated with a whitelist session ACL.
Enable or Config modes
399 | firewall cp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
ArubaOS 3.4
Modification Command introduced.
ArubaOS 6.2
The permit <ip-addr><ip-mask> parameter was added. The deny <ip-addr> parameter was added. The any parameter was added. The host parameter was added. The ftp, http, https, icmp, snmp, ssh, telnet and tftp parameters were added.
ArubaOS 6.3
The ipv4 and ipv6 parameters were added.
Command Information
Platform Available on all platforms
License
Base operating system, except for noted parameters
Command Mode
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
firewall cp | 400
firewall cp-bandwidth-contract
firewall cp-bandwidth-contract {auth|route|sessmirr|trusted-mcast|trusted-ucast |untrusted-mcast|untrusted-ucast} <Rate>
Description
This command configures bandwidth contract traffic rate limits, in packets per second, to prevent denial of service attacks.
Syntax
Parameter auth route sessmirr trusted-mcast trusted-ucast untrusted-mcast untrusted-ucast
Description
Range
Specifies the traffic rate limit that is forwarded to the authentication process.
1-65535 pps
Specifies the traffic rate limit that needs ARP requests.
1-65535 pps
Specifies the session mirrored traffic forwarded to the controller.
1-65535 pps
Specifies the trusted multicast traffic rate limit.
1-65535 pps
Specifies the trusted unicast traffic rate limit.
1-65535 pps
Specifies the untrusted multicast traffic rate limit.
1-65535 pps
Specifies the untrusted unicast traffic rate limit.
1-65535 pps
Default 976 pps
976 pps
976 pps
1953 pps 65535 pps 1953 pps 9765 pps
Usage Guidelines
This command configures firewall bandwidth contract options on the controller.
Example
The following command disallows forwarding of non-IP frames between users: (host) (config) #firewall deny-inter-user-bridging
Related Commands
(host) (config) #show firewall
Command History
Introduced in ArubaOS 3.4
401 | firewall cp-bandwidth-contract
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platform Available on all platforms
License
This command requires the PEFNG license
Command Mode
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
firewall cp-bandwidth-contract | 402
firewall-visibility
firewall-visibility no ...
Description
Enables or disables policy enforcement firewall visibility feature.
Syntax
No parameters.
Usage Guideline
When you enable this feature, the Firewall Monitoring page on the Dashboard tab of the WebUI displays the summary of all sessions in the controller aggregated by users, devices, destinations, applications, WLANs, and roles.
Example
The following command enables firewall visibility. (host)(config) #firewall-visibility
Related Commands
Command show firewall-visibility
Description
Displays the policy enforcement firewall visibility process state and status information
Mode
Config or Enable mode
Command History
This command is introduced in ArubaOS 6.2.
Command Information
Platforms
W-3200, W-3400, W-3600, W-6000M3, and W-7200 controllers
Licensing
This command requires the PEFNG license
Command Mode
Config mode on master or local controller
403 | firewall-visibility
Dell Networking W-Series ArubaOS 6.4.x | User Guide
gateway health-check disable
gateway health-check disable
Description
Disable the gateway health check.
Usage Guidelines
The gateway health check feature can only be enabled by Dell Technical Support. This command disables the gateway health check, and should only be issued under the guidance of the support staff.
Related Commands
Command
show gateway healthcheck
Description
Mode
Display the current status of the gateway health-check feature
This command is available in Config and Enable mode on master and local controllers
(host) (config) #show gateway health-check
History
Introduced in ArubaOS 3.4
Command Information
Platforms All platforms
Licensing
Base operating system
Command Mode Config mode on master or local controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
gateway health-check disable | 404
guest-access-email
guest-access-email smtp-port smtp-server no...
Description
This command configures the SMTP server which is used to send guest email. Guest email is generated when a guest user account is created or when the Guest Provisioning user sends guest user account email a later time.
Syntax
Parameter smtp-port
<Port number> smtp-server
<IP-Address> no
Description
Identifies the SMTP port through which the guestaccess email is sent.
Range --
Default --
The SMTP port number.
165535
25
The SMTP server to which the controller sends the --
--
guest-access email.
The SMTP server's IP address.
--
--
Deletes the command configuration
--
--
Usage Guidelines
As part of the guest provisioning feature, the guest-access-email command allows you to set up the SMTP port and server that process guest provisioning email. This email process sends email to either the guest or the sponsor whenever a guest user account is created or when the Guest Provisioning user manually sends email from the Guest Provisioning page.
Example
The following command creates a guest-access email profile and sends guest user email through SMTP server IP address 1.1.1.1 on port 25. (host) (config) #guest-access-email (host) (Guest-access Email Profile) # (host) (Guest-access Email Profile) #smtp-port 25 (host) (Guest-access Email Profile) #smtp-server 1.1.1.1
Related Commands
(host) #show guest-access-email (host) #local-userdb-guest add (host) #local-userdb-guest modify (host) #show local-userdb-guest
405 | guest-access-email
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
ArubaOS 3.4
Modification Introduced for the first time.
Command Information
Platform
License
Command Mode
Available on all platforms
Available in the base operating system.
Config mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
guest-access-email | 406
ha
ha group-membership <profile> group-profile <profile>]
clone <profile-name> controller <controller> role active|dual|standby controller-v6 <ipv6> role active|dual|standby heartbeat heartbeat-interval <heartbeat-interval> heartbeat-threshold <heartbeat-threshold> no over-subscription pre-shared-key <key> preemption state-sync
Description
This command configures the High Availability:Fast Failover feature by assigning controllers to a highavailability group, and defining the deployment role for each controller.
Parameter group-membership group-profile <profile>
clone controller <controller>
role
Description
Displays the high availability group in which the controller is a member.
Create a new high availability group, or define settings for an existing group
Name of an existing high availability profile from which parameter values are copied.
IPv4 address of a controller that should be added to the specified high availability group.
Assign one of the following roles to each controller in the high availability group.
l Active: Controller is active and is serving APs. l Dual: Controller serves some APs and acts as a standby
controller for other APs. l Standby: Controller does not serve APs, as only acts as a
standby in case of failover.
controller-v6 <controller-v6> IPv6 address of a controller that should be added to the specified high availability group.
role
Assign one of the following roles to each controller in the high availability group.
l Active: Controller is active and is serving APs.
l Dual: Controller serves some APs and acts as a standby controller for other APs.
l Standby: Controller does not serve APs, as only acts as a
407 | ha
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter heartbeat heartbeat-interval <heartbeat-interval> heartbeat-threshold <heartbeat-threshold> no over-subscription
pre-shared-key <key> preemption
state-sync
Description
standby in case of failover.
The high availability inter-controller heartbeat feature allows for faster AP failover from an active controller to a standby controller, especially in situations where the active controller reboots or loses connectivity to the network.
Enter a heartbeat interval in the Heartbeat Interval field to define how often inter-controller heartbeats are sent.
Range: 100-1000 ms; Default:100ms
Enter a heartbeat threshold in the Heartbeat Threshold field to define the number of heartbeats that must be missed before the APs are forced to fail over to the standby controller.
Range: 3-10 heartbeats; Default: 5 heartbeats
Negates or removes any configured parameter.
The standby controller oversubscription feature allows a standby controller to support connections to standby APs beyond the controller's original rated AP capacity.
Starting with ArubaOS 6.4.0.0, a W-7200 Series controller acting as a standby controller can oversubscribe to standby APs by up to four times that controller's rated AP capacity, and a standby W-6000M3 controller module or W-3600 controller can oversubscribe by up to two times its rated AP capacity, as long as the tunnels consumed the standby APs do not exceed the maximum tunnel capacity for that standby controller.
Define a pre-shared key to be used with the state synchronization feature.
If you include this optional parameter to enable preemption, an AP that has failed over to a standby controller attempts to connect back to its original active controller once that controller is reachable again. When you enable this setting, the AP will wait for the time specified by the lms-hold-down-period parameter in the ap system-profile profile before the standby AP attempts to switch back to original controller.
State synchronization improves failover performance by synchronizing PMK and Key cache values from the active controller to the standby controller, allowing clients to authenticate on the standby controller without repeating the complete 802.1X authentication process.
NOTE: To use the state synchronization feature, configure a preshared key with the pre-shared-key parameter.
Usage Guidelines
The High Availability:Fast Failover feature supports redundancy models with an active controller pair, or an active/standby deployment model with one backup controller supporting one or more active controllers. Each of these clusters of active and backup controllers comprises a high-availability group. Note that all active and backup controllers within a single high-availability group must be deployed in a single master-local topology.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ha | 408
The High Availability: Fast Failover features works across Layer-3 networks, so there is no need for a direct Layer-2 connection between controllers in a high-availability group.
By default, an AP's active controller is the controller to which the AP first connects when it comes up. Other dual mode or standby mode controllers in the same High Availability group become potential standby controllers for that AP. This feature does not require that the active controller act the configuration master for the local standby controller . A master controller in a master-local deployment can act as an active or a standby controller .
When the AP first connects to its active controller, that controller sends the AP the IP address of a standby controller, and the AP attempts to connect to the standby controller. If an AP that is part of a cluster with multiple backup controllers fails to connect to the first standby controller, the active controller will select a new standby controller for that AP, and the AP will attempt to connect to that standby controller. APs using control plane security establish an IPsec tunnel to their standby controllers. APs that are not configured to use control plane security send clear, unencrypted information to the standby controller.
An AP will failover to its backup controller if it fails to contact its active controller through regular heartbeats and keepalive messages, or if the user manually triggers a failover using the WebUI or CLI.
A controller using this feature can have one of three high availability roles active, standby or dual. An active controller serves APs, but cannot act as a failover standby controller for any AP except the ones that it serves as active. A standby controller acts as a failover backup controller, but cannot be configured as the primary controller for any AP. A dual controller can support both roles, and acts as the active controller for one set of APs, and also acts as a standby controller for another set of APs.
Examples
The following commands configures a high availability group, and assigns controllers and roles to each controller in the group.
(host) (config) #ha group-profile new (host) (HA group information "new") #controller 192.0.2.2 role active (host) (HA group information "new") #controller 192.0.2.3 role active (host) (HA group information "new") #controller 192.0.2.4 role standby (host) (HA group information "new") #preemption
Command History
Version ArubaOS 6.3
Description Command introduced
ArubaOS 6.4
The following parameters were introduced l heartbeat l heartbeat-interval l heartbeat-threshold l over-subscription l pre-shared-key l state-sync
409 | ha
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platform Available on all platforms
License
Available in the base operating system.
Command Mode
Config mode on master and local controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ha | 410
halt
halt
Description
This command halts all processes on the controller.
Syntax
No parameters.
Usage Guidelines
This command gracefully stops all processes on the controller. You should issue this command before rebooting or shutting down to avoid interrupting processes.
Command History
Introduced in ArubaOS 3.0
Command Information
Platform Available on all platforms
License
Available in the base operating system.
Command Mode
Enable mode on master and local controllers.
411 | halt
Dell Networking W-Series ArubaOS 6.4.x | User Guide
help
help
Description
This command displays help for the CLI.
Syntax
No parameters.
Usage Guidelines
This command displays keyboard editing commands that allow you to make corrections or changes to the command without retyping. You can also enter the question mark (?) to get various types of command help: l When typed at the beginning of a line, the question mark lists all commands available in the current mode. l When typed at the end of a command or abbreviation, the question mark lists possible commands that
match. l When typed in place of a parameter, the question mark lists available options.
Example
The following command displays help: (host) #help
Command History
Available in ArubaOS 3.0
Command Information
Platform
Available on all platforms
License
Available in the base operating system
Command Mode
Available in the following command modes: l User l Enable l Config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
help | 412
hostname
hostname <hostname>
Description
This command changes the hostname of the controller.
Syntax
Parameter hostname
Description The hostname of the controller
Range 1-63
Default See below
Usage Guidelines
The hostname is used as the default prompt. You can use any alphanumeric character, punctuation, or symbol character. To use spaces, plus symbols (+), question marks (?), or asterisks (*), enclose the text in quotes.
Example
The following example configures the controller hostname to "Controller 1". hostname "Controller 1"
Command History
Introduced in ArubaOS 1.0
Command Information
Platform Available on all platforms
License
Available in the base operating system
Command Mode
Config mode on master and local controllers
413 | hostname
Dell Networking W-Series ArubaOS 6.4.x | User Guide
iap del branch-key
iap del branch-key <brkey>
Description
This command removes a branch from the controller based on the branch key.
Syntax
Parameter branch-key <brkey>
Description Key for the branch, which is unique to each branch.
Example
(host) (config) #iap del branch-key b3c65c4d013836cf190566ca1afdf87c95350cffb1c782e463
Related Commands
Command show iap table
Description This command displays the branch details connected to the controller.
Command History
Release ArubaOS 6.2
Modification Command introduced
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system, except for noted parameters
Configuration mode on master and local controller
Dell Networking W-Series ArubaOS 6.4.x | User Guide
iap del branch-key | 414
iap trusted-branch-db
iap trusted-branch-db add {mac-address <mac-address>} allow-all del {mac-address <mac-address>} del-all
Description
This command is used to configure an IAP-VPN branch as trusted.
Syntax
Parameter add
mac-address <mac-address> allow-all del
mac-address <mac-address> del-all
Description Configure an IAP trusted branch entry. MAC-address of an AP. Configure all branches as trusted. Delete an IAP trusted branch entry. MAC-address of AP. Delete all trusted branch entries.
Example
The following command configures a specific IAP-VPN branch as trusted: (host) (config) #iap trusted-branch-db add mac-address 01:01:0e:3e:4c:33 The following is the output of the above command: Trusted branch added This following command configures all IAP-VPN branches as trusted: (host) (config) #iap trusted-branch-db allow-all The following is the output of the above command: All IAP+VPN branches are trusted
Related Commands
Command
Description
show iap detailed-table This command displays the IAP trusted branch table
Command History
Release ArubaOS 6.4
Modification Command introduced
415 | iap trusted-branch-db
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms
Licensing
All platforms
Base operating system, except for noted parameters
Command Mode
Enable or Configuration mode on master and local controller
Dell Networking W-Series ArubaOS 6.4.x | User Guide
iap trusted-branch-db | 416
ids ap-classification-rule change
id-classification-rule <rule-name> check-min-discovered-aps classify-to-type [neighbor | suspected-rogue] clone conf-level-incr discovered-ap-cnt <discovered-ap-cnt> match-ssids no snr-max <value> snr-min <value> ssid <ssid>
Description
Configure the AP classification rule profile.
Syntax
Parameter <rule-name>
check-min-discovered-aps
Description
Enter the AP classification rule profile name.
Have the rule check for the minimum number of APs
classify-to-type [neighbor | suspected-rogue]
Specify if the type the AP will be classified, neighbor or suspectedrogue, if the rule is matched.
clone
Copy data from another AP classification rule profile
conf-level-incr
Increase the confidence level (in percentage) when the rule matches
discovered-ap-cnt <discovered-ap-cnt>
Enter the keyword discovered-ap-cnt followed by the number of APs to be discovered.
match-ssids
Match SSIDs; match or do not match
no snr-max <value> snr-min <value>
Negates any configured parameter Use the maximum SNR value Use the minimum SNR value
Range Default
--
--
true false
--
true
suspecte d-rogue
--
--
0-100
5
0-100
0
true false -- 0-100 0-100
false
-- 0 0
417 | ids ap-classification-rule change
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter ssid <ssid>
Description
Enter the keyword ssid followed by the SSID string to be matched or excluded
Range --
Default --
Usage Guidelines
AP classification rule configuration is performed only on a master controller. If AMP is enabled via the mobilitymanager command, then processing of the AP classification rules is disabled on the master controller. A rule is identified by its ASCII character string name (32 characters maximum). The AP classification rules have one of the following specifications: l SSID of the AP l SNR of the AP l Discovered-AP-Count or the number of APs that can see the AP Once you have created an AP classification rule, but must ienable it by adding it to the IDS AP Matching Rules profile: ids ap-rule-matching
rule-name <name>
SSID specification
Each rule can have up to 6 SSID parameters. If one or more SSIDs are specified in a rule, an option of whether to match any of the SSIDs, or to not match all of the SSIDs can be specified. The default is to check for a match operation.
SNR specification
Each rule can have only one specification of the SNR. A minimum and/or maximum can be specified in each rule and the specification is in SNR (db).
Discovered-AP-Count specification
Each rule can have only one specification of the Discovered-AP-Count. Each rule can specify a minimum or maximum of the Discovered-AP-count. The minimum or maximum operation must be specified if the Discovered-AP-count is specified. The default setting is to check for the minimum discovered-AP-count.
Example
The following example configures the AP Configuration Rule Profile named "rule1", then enables the rule by adding it to the IDS AP Matching Rules profile. (host) (config) #ids ap-classification-rule rule1 (host) (IDS AP Classification Rule Profile "rule1") #check-min-discovered-aps (host) (IDS AP Classification Rule Profile "rule1") #classify-to-type neighbor (host) (IDS AP Classification Rule Profile "rule1") ! (host) (config) #ap-rule-matching rule-name rule1
Command History
Release ArubaOS 6.0
Modification Command introduced
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids ap-classification-rule change | 418
Command Information
Platforms Available on all platforms
Licensing
Command Mode
Requires the RFprotect license Config mode on master controllers
419 | ids ap-classification-rule change
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids ap-rule-matching
no rule-name
Description
Configure the IDS active AP rules profile by enabling an AP classification rule.
Syntax
Parameter no rule-name
Description Negates any configured parameter Name of the IDS AP classification rule
Usage Guidelines
This command activates an active AP rule created by the ids ap-classification-rule change command. You must create the rule before you can activate it.
Example
(host) (IDS Active AP Rules Profile) #rule-name rule2
Command History
Release ArubaOS 6.0
Modification Command introduced
Command Information
Platforms Available on all platforms
Licensing
Command Mode
Requires the RFprotect license Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids ap-rule-matching | 420
ids dos-profile
ids
ids dos-profile <profile> ap-flood-inc-time <seconds> ap-flood-quiet-time <seconds> ap-flood-threshold <number> assoc-rate-thresholds <number> auth-rate-thresholds <number> block-ack-dos-quiet-time chopchop-quiet-time client-ht-40mhz-intol-quiet-time <seconds> client-flood-inc-time client-flood-quiet-time client-flood-threshold client-ht-40mhz-intolerance clone <profile> cts-rate-quiet-time cts-rate-threshold cts-rate-time-interval deauth-rate-thresholds <number> detect-ap-flood detect-block-ack-dos detect-chopchop-attack detect-client-flood detect-cts-rate-anomaly detect-disconnect-station detect-eap-rate-anomaly detect-fata-jack-attack detect-ht-40mhz-intolerance detect-invalid-address detect-malformed-association-request detect-malformed-auth-frame detect-malformed-htie detect-malformed-large-duration detect-omerta-attack detect-overflow-eapol-key detect-overflow-ie detect-power-save-dos-attack detect-rate-anomalies detect-rts-rate-anomaly detect-tkip-replay-attack disassoc-rate-thresholds <number> disconnect-deauth-disassoc-threshold disconnect-sta-assoc-resp-threshold disconnect-sta-quiet-time <seconds> eap-rate-quiet-time <seconds> eap-rate-threshold <number> eap-rate-time-interval <seconds> fata-jack-quiet-time invalid-address-combination-quiet-time malformed-association-request-quiet-time malformed-auth-frame-quiet-time malformed-htie-quiet-time malformed-large-duration-quiet-time no ... omerta-quiet-time omerta-threshold overflow-eapol-key-quiet-time overflow-ie-quiet-time power-save-dos-min-frames
421 | ids dos-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
power-save-dos-quiet-time power-save-dos-threshold probe-request-rate-thresholds <number> probe-response-rate-thresholds <number> rts-rate-quiet-time rts-rate-threshold rts-rate-time-interval spoofed-deauth-blacklist tkip-replay-quiet-time
Description
This command configures traffic anomalies for denial of service (DoS) attacks.
Syntax
Parameter <profile> ap-flood-inc-time ap-flood-quiet-time
ap-flood-threshold assoc-rate-thresholds auth-rate-thresholds block-ack-dos-quiet-time
chopchop-quiet-time
Description
Name that identifies an instance of the profile. The name must be 1-63 characters.
Range --
Time, in seconds, during which a configured number of fake AP beacons must be received to trigger an alarm.
0-36000
After an alarm has been triggered by a fake AP flood, the time, in seconds, that must elapse before an identical alarm may be triggered.
60-360000
Number of fake AP beacons that must be received within the flood increase time to trigger an alarm.
0-100,000
Rate threshold for associate
--
request frames.
Rate threshold for
--
authenticate frames.
Time to wait, in seconds, after detecting an attempt to reset the receive window using a forged block ACK add.
60-360000 seconds
Time to wait, in seconds, after detecting a ChopChop attack after which the check can be resumed.
60-360000 seconds
Default "defaul t"
3600 second s
900 second s
50
--
--
900 second s
900 second s
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids dos-profile | 422
Parameter client-ht-40mhz-intol-quiettime <seconds>
client-flood-inc-time client-flood-quiet-time client-flood-threshold clone cts-rate-quiet-time cts-rate-threshold cts-rate-time-interval deauth-rate-thresholds detect-ap-flood
detect-block-ack-dos
Description
Controls the quiet time (when to stop reporting intolerant STAs if they have not been detected), in seconds, for detection of 802.11n 40 MHz intolerance setting.
Range
60-360000 seconds
Number of consecutive seconds over which the client count is more than the threshold.
0-36000 seconds
Time to wait, in seconds, after detecting a client flood before continuing the check.
60-360000 seconds
Threshold for the number of spurious clients in the system.
0-100000
Copy data from another IDS
--
Denial Of Service Profile.
Time to wait, in seconds, after detecting a CTS rate anomaly after which the check can be resumed.
60-360000 seconds
Number of CTS control packets over the time interval that constitutes an anomaly.
0-100000
Time interval, in seconds, over which the packet count should be checked.
1-120 seconds
Rate threshold for
--
deauthenticate frames.
Enables detection of flooding with fake AP beacons to confuse legitimate users and to increase the amount of processing needed on client operating systems.
true false
Enable/disable detection of attempts to reset traffic receive windows using forged Block ACK Add messages.
true false
Default 900 second s
3 second s
900 second s 150
--
900 second s
5000
5 second s --
false
true
423 | ids dos-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter detect-chopchop-attack detect-client-flood detect-cts-rate-anomaly detect-disconnect-station
detect-eap-rate-anomaly
detect-fata-jack-attack detect-ht-40mhz-intolerance
detect-invalid-address detect-malformed-associationrequest detect-malformed-auth-frame
Description
Enable/disable detection of ChopChop attack.
Range
true false
Enable/disable detection of client flood attack.
true false
Enable/disable detection of CTS rate anomaly.
true false
In a station disconnection attack, an attacker spoofs the MAC address of either an active client or an active AP. The attacker then sends deauthenticate frames to the target device, causing it to lose its active association.
Use this command to enable the detection of disconnect station attack.
true false
Enables Extensible Authentication Protocol (EAP) handshake analysis to detect an abnormal number of authentication procedures on a channel and generate an alarm when this condition is detected.
true false
Enable/disable detection of FATA-Jack attack
true false
Enables or disables detection of 802.11n 40 MHz intolerance setting, which controls whether stations and APs advertising 40 MHz intolerance will be reported.
true false
Enable/disable detection of invalid address combinations
true false
Enable/disable detection of malformed association requests.
true false
Enable/disable detection of malformed authentication frames
true false
Default false disable disable enable
false
enable false
false disable disable
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids dos-profile | 424
Parameter detect-malformed-htie detect-malformed-large-duration
detect-omerta-attack detect-overflow-eapol-key detect-overflow-ie
detect-power-save-dos-attack detect-rate-anomalies detect-rts-rate-anomaly detect-tkip-replay-attack disassoc-rate-thresholds disconnect-deauth-disassocthreshold disconnect-sta-assoc-respthreshold
disconnect-sta-quiet-time
Description
Enable/disable detection of malformed HT IE
Range
true false
Default false
Enable/disable detection of
true
true
unusually large durations in frames
false
Enable/disable detection of Omerta attack
true false
enable
Enable/disable detection of overflow EAPOL key requests
true false
disable
Enable/disable detection of overflow Information Elements (IE)
true false
disable
Enable/disable detection of Power Save DoS attack
true false
enable
Enable/disable detection of rate anomalies
true false
disable
Enable/disable detection of RTS rate anomaly
true false
disable
Enable/disable detection of TKIP replay attack
true false
disable
Rate threshold for
--
--
disassociate frames.
Rate thresholds for
1-50
8
Disassociate frames
The number of successful
1-30
5
Association Response or
Reassociation response
frames seen in an interval of
10 seconds that should
trigger this event.
After a station disconnection attack is detected, the time, in seconds, that must elapse before another identical alarm can be generated.
60360000secon ds
900 second s
425 | ids dos-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter eap-rate-quiet-time
Description
After an EAP rate anomaly alarm has been triggered, the time, in seconds, that must elapse before another identical alarm may be triggered.
Range 60-360000
eap-rate-threshold
Number of EAP handshakes that must be received within the EAP rate time interval to trigger an alarm.
0-100000
eap-rate-time-interval
Time, in seconds, during which the configured number of EAP handshakes must be received to trigger an alarm.
1-120 seconds
fata-jack-quiet-time
Time to wait, in seconds, after detecting a FATA-Jack attack after which the check can be resumed.
60-360000 seconds
invalid-address-combinationquiet-time
Time to wait, in seconds, after detecting an invalid address combination after which the check can be resumed.
60-360000 seconds
malformed-association-requestquiet-time
Time to wait, in seconds, after detecting a malformed association request after which the check can be resumed.
60-360000 seconds
malformed-auth-frame-quiet-time
Time to wait, in seconds, after detecting a malformed authentication frame after which the check can be resumed.
60-360000 seconds
malformed-htie-quiet-time
Time to wait, in seconds, after detecting a malformed HT IE after which the check can be resumed.
60-360000 seconds
malformed-large-duration-quiet-time
Time to wait, in seconds, after detecting a large duration for a frame after which the check can be resumed.
60-360000 seconds
no
Negates any configured
--
parameter.
Default 900 second s
60
3 second s
900 second s
900 second s
900 second s
900 second s
900 second s
900 second s
--
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids dos-profile | 426
Parameter omerta-quiet-time omerta-threshold overflow-eapol-key-quiet-time overflow-ie-quiet-time power-save-dos-min-frames
power-save-dos-quiet-time power-save-dos-threshold
probe-request-rate-thresholds probe-response-rate-thresholds rts-rate-quiet-time
Description
Time to wait, in seconds, after detecting an Omerta attack after which the check can be resumed.
Range
60-360000 seconds
The Disassociation packets received by a station as a percentage of the number of data packets sent, in an interval of 10 seconds.
1-100
Time to wait, in seconds, after detecting a overflow EAPOL key request after which the check can be resumed.
60-360000 seconds
Time to wait, in seconds, after detecting a overflow IE after which the check can be resumed.
60-360000 seconds
The minimum number of Power Management OFF packets that are required to be seen from a station, in intervals of 10 second, in order for the Power Save DoS check to be done.
1-1000
Time to wait, in seconds, after detecting a Power Save DoS attack after which the check can be resumed.
60-360000 seconds
The Power Management ON packets sent by a station as a percentage of the Power Management OFF packets sent, in intervals of 10 second, which will trigger this event.
1- 100 %
Rate threshold for probe
--
request frames.
Rate threshold for probe
--
response frames.
Time to wait, in seconds, after detecting an RTS rate anomaly after which the check can be resumed.
60-360000 seconds
Default 900 second s
10%
900 second s
900 second s
120
900 second s
80%
--
--
900 second s
427 | ids dos-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter rts-rate-threshold rts-rate-time-interval spoofed-deauth-blacklist
tkip-replay-quiet-time
Description
Number of RTS control packets over the time interval that constitutes an anomaly.
Range 0-100000
Time interval, in seconds, over which the packet count should be checked.
1-120 seconds
Enables detection of a deauth attack initiated against a client associated to an AP. When such an attack is detected, the client is quarantined from the network to prevent a man-inthe-middle attack from being successful.
true false
Time to wait, in seconds, after detecting a TKIP replay attack after which the check can be resumed.
60-360000 seconds
Default 5000
5 second s false
900 second s
Usage Guidelines
DoS attacks are designed to prevent or inhibit legitimate clients from accessing the network. This includes blocking network access completely, degrading network service, and increasing processing load on clients and network equipment.
Example
The following command enables a detection in the DoS profile named "floor2": (host) (config) #ids dos-profile floor2 (host) (IDS Denial Of Service Profile "floor2") detect-ap-flood
Command History
Release ArubaOS 3.0
Modification Command Introduced.
ArubaOS 3.3
Updated with support for high-throughput IEEE 802.11n standard.
ArubaOS 3.4
detect-disconnect-sta and disconnect-sta-quiet-time parameters deprecated.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids dos-profile | 428
Release ArubaOS 6.0 ArubaOS 6.1
Modification
Deprecated predefined profiles and added numerous DoS profile options
Added the following parameter in support of Detection of the Meiners Power Save DoS attack, including event notification to the user.
detect-power-save-dos-attack power-save-dos-min-frames power-save-dos-quiet-time power-save-dos-threshold
Deprecated Predefined Profiles
Deprecated DOS profile: l ids-dos-disabled l ids-dos-low-setting l ids-dos-medium-setting l ids-dos-high-setting
Command Information
Platform
Available on all platforms
License Requires the RFprotect license
Command Mode
Config mode on master controllers
429 | ids dos-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids general-profile
ids general-profile <profile-name> adhoc-ap-inactivity-timeout adhoc-ap-max-unseen-timeout ap-inactivity-timeout <seconds> ap-max-unseen-timeout clone <profile> frame-types-for-rssi [all | ba | ctrl | dhigh | dlow | dnull | mgmt | pr] ids-events [logs-and-traps | logs-only | none | traps-only] max-monitored-stations <max-monitored-stations> max-unassociated-stations <max-unassociated-stations> min-pot-ap-beacon-rate <percent> min-pot-ap-monitor-time <seconds> mobility-manager-rtls mon-stats-update-interval no ... packet-snr-threshold <packet-snr-threshold> send-adhoc-info-to-controller signature-quiet-time <seconds> sta-inactivity-timeout <seconds> wired-containment wired-containment-ap-adj-mac wired-containment-susp-l3-rogue wireless-containment [deauth-only | none | tarpit-all-sta | tarpit-non-valid-sta] wired-containment-ap-adj-mac wireless-containment-debug
Description
Configure an IDS general profile.
Syntax
Parameter <profile-name> adhoc-ap-inactivity-timeout
adhoc-ap-max-unseen-timeout
ap-inactivity-timeout
Description Name that identifies an instance of the profile. The name must be 1-63 characters.
Ad hoc (IBSS) AP inactivity timeout in number of scans.
Ageout time in seconds since ad hoc (IBSS) AP was last seen.
Time, in seconds, after which an AP is aged out.
Range Default
--
"defaul
t"
536000 second s
5 second s
536000 second s
5 second s
536000 second s
5 second s
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids general-profile | 430
Parameter ap-max-unseen-timeout
clone
frame-types-for-rssi all ba ctrl dhigh dlow dnull mgmt pr
ids-events logs-and-traps logs-only none traps-only]
max-monitored-stations
max-unassociated-stations
Description
Ageout time, in seconds, since AP was last seen.
Range Default
536000 second s
600 second s
Name of an existing IDS general profile
--
--
from which parameter values are
copied.
Select frame types to be used in AM RSSI -- calculation.
Frame types:
all--All types of frames. This frame type overrides any other frame types.
ba--Block ACK frame types.
ctrl--All control frames except ACK.
dhigh--Data frames more than 36 Mbps except null data frames.
dlow--Data frames less than 36 Mbps except null data frames.
dnull--Null data frames.
mgmt--All management frames except probe request.
pr--Probe request frames. NOTE: Configure this parameter under the supervision of Dell Technical Support.
Enable or disable IDS event generation
--
from the AP. Event generation from the
AP can be enabled for syslogs, traps, or
both. This does not affect generation of
IDS correlated events on the switch.
ba, ctrl, dlow, dnull, mgmt, pr
logsandtraps
Maximum number of monitored stations.
NOTE: This parameter is currently available on the W-AP220 Series access points only. NOTE: Configure this parameter under the supervision of Dell Technical Support.
10244096
Maximum number of unassociated stations.
NOTE: This parameter is currently available on W-AP220 Series access points only. NOTE: Configure this parameter under the supervision of Dell Technical Support.
2564096
1024 256
431 | ids general-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter min-pot-ap-beacon-rate min-pot-ap-monitor-time mobility-manager-rtls mon-stats-update-interval no packet-snr-threshold
send-adhoc-info-to-controller signature-quiet-time sta-inactivity-timeout sta-max-unseen-timeout wired-containment
Description
Range Default
Minimum beacon rate acceptable from a potential AP, in percentage of the advertised beacon interval.
0-100
25%
Minimum time, in seconds, a potential AP has to be up before it is classified as a real AP.
236000
2 second s
Enable/disable RTLS communication with the configured mobility-manager
enable d disable d
disable d
Time interval, in seconds, for AP to update the switch with stats for monitored devices. Minimum is 60.
60360000
second s
60 second s
Negates any configured parameter.
--
--
Set the packet Signal to Noise Ratio
0-90 dB 0
(SNR) threshold. All packets with SNR
below this threshold is dropped from IDS
and ARM processing.
No packets are dropped if the threshold is set to 0.
NOTE: Configure this parameter under the supervision of Dell Technical Support.
Enable or disable sending adhoc information to the controller from the AP.
enable disable
disable
After a signature match is detected, the time to wait, in seconds, to resume checking.
60360000
second s
900 second s
Time, in seconds, after which a station is aged out.
30360000
second s
60 second s
Ageout time, in seconds, since station was last seen. Minimum is 5.
536000 second s
5 second s
Enable containment from the wired side.
true false
false
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids general-profile | 432
Parameter wired-containment-ap-adj-mac
Description
Enable/disable wired containment of MACs offset by one from APs BSSID.
Range Default
true false
false
wired-containment-susp-l3-rogue The basic wired containment feature
true
enabled using the wired-containment
command contains layer-3 APs whose
wired interface MAC addresses are
either the same as (or one character off
from) their BSSIDs. This feature can also
identify and contain an AP with a preset
wired MAC address that is completely
different from the AP's BSSID if the MAC
address that the AP provides to wireless
clients as the `gateway MAC' is offset by
one character from its wired MAC
address.
NOTE: This feature requires that the following wired-containment parameter in the ids general-profile is also enabled, and that the confidence level of the suspected rogue exceeds the level configured by the suspect-rogue-containment and suspectrogue-conf-level parameters in the ids unauthorized-device-profile.
wireless-containment deauth-only none tarpit-all-sta tarpit-non-valid-sta
Enable wireless containment including
--
Tarpit Shielding. Tarpit shielding works
by steering a client to a tarpit so that the
client associates with it instead of the AP
that is being contained.
deauth-only--Containment using deauthentication only.
none--Disable wireless containment.
tarpit-all-sta--Wireless containment by tarpit of all stations.
tarpit-non-valid-sta--Wireless containment by tarpit of non-valid clients.
false
deaut honly
wireless-containment-debug
Enable/disable debug of containment from the wireless side.
Note: Enabling this debug option will cause containment to not function properly.
true false
false
Usage Guidelines
This command configures general IDS profile attributes.
Example
The following command enables containment in the general IDS profile: (host) (config) #ids general-profile floor7 (host) (IDS General Profile "floor7") #wired-containment (host) (IDS General Profile "floor7") #wireless-containment tarpit-all-sta
433 | ids general-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
(host) (IDS General Profile "floor7") #wireless-containment-debug
Command History
Version ArubaOS 3.0
Description Command Introduced
ArubaOS 5.0
Introduced the mobility-manager-rtls parameter.
ArubaOS 6.0
Deprecated predefined profiles and added numerous General profile options
ArubaOS 6.3 ArubaOS 6.4.2.3
Introduced the wired-containment-susp-l3-rogue parameter.
The following parameters were introduced: l packet-snr-threshold l frame-types-for-rssi l max-monitored-stations l max-unassociated-stations
Deprecated Predefined Profiles
Deprecated General profiles: l ids-general-disabled l ids-general-high-setting
Command Information
Platform
Available on all platforms
License Requires the RFprotect license.
Command Mode
Config mode on master controllers
Warning Message for Containment Features
The feature for enabling wireless containment under the IDS Unauthorized Device profile and IDS Impersonation profile may be in violation of certain Federal Communications Commission (FCC) regulatory statutes. To address this, a warning message will be issued each time the command is enabled through the CLI. The warning message will appear after the command is executed.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids general-profile | 434
ids impersonation-profile
ids impersonation-profile <name> ap-spoofing-quiet-time beacon-diff-threshold <percent> beacon-inc-wait-time <seconds> beacon-wrong-channel-quiet-time clone <profile> detect-ap-impersonation detect-ap-spoofing detect-beacon-wrong-channel detect-hotspotter hotspotter-quiet-time no ... protect-ap-impersonation
Description
This command configures anomalies for impersonation attacks.
Syntax
Parameter <profile>
Description
Name that identifies an instance of the profile. The name must be 1-63 characters.
Range Default
--
"defaul
t"
ap-spoofing-quiet-tim
Time to wait in seconds after detecting AP Spoofing after which the check can be resumed. Minimum is wait time is 60.
60 second s
beacon-diff-threshold
Percentage increase in beacon rates that triggers an AP impersonation event.
0-100
50%
beacon-inc-wait-time
Time, in seconds, after the beacon
--
difference threshold is crossed before
an AP impersonation event is generated.
3 second s
beacon-wrong-channel-quiet-time
Time to wait, in seconds, after detecting a beacon with the wrong channel after which the check can be resumed.
60360000 second s
900 second s
clone
Name of an existing IDS impersonation
--
--
profile from which parameter values are
copied.
435 | ids impersonation-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter detect-ap-impersonation
detect-ap-spoofing detect-beacon-wrong-channel detect-hotspotter hotspotter-quiet-time
no protect-ap-impersonation
Description
Enables detection of AP impersonation. In AP impersonation attacks, the attacker sets up an AP that assumes the BSSID and ESSID of a valid AP. AP impersonation attacks can be done for man-in-the-middle attacks, a rogue AP attempting to bypass detection, or a honeypot attack.
Range --
Default true
Enable/disable AP Spoofing detection
--
enable
Enable/disable detection of beacons
--
advertising the incorrect channel
disable
Enable/disable detection of the
--
Hotspotter attack to lure away valid
clients.
disable
Time to wait in seconds after detecting an attempt to Use the Hotspotter tool against clients.
60360000 second s
900 second s
Negates any configured parameter.
--
--
When AP impersonation is detected,
--
both the legitimate and impersonating
AP are disabled using a denial of service
attack.
false
Usage Guidelines
A successful man-in-the-middle attack will insert an attacker into the data path between the client and the AP. In such a position, the attacker can delete, add, or modify data, provided he has access to the encryption keys. Such an attack also enables other attacks that can learn a client's authentication credentials. Man-in-the-middle attacks often rely on a number of different vulnerabilities.
Example
The following command enables detections in the impersonation profile: (host) (config) #ids impersonation-profile floor1 (host) (IDS Impersonation Profile "floor1") #detect-beacon-wrong-channel (host) (IDS Impersonation Profile "floor1") #detect-ap-impersonation
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids impersonation-profile | 436
Command History
Version ArubaOS 3.0
Modification Command Introduced
ArubaOS 3.4
detect-sequence-anomaly, sequence-diff, sequence-quiet-time, sequence-time-tolerance parameters deprecated.
ArubaOS 6.0 Deprecated predefined profiles and added numerous Impersonation profile options
Deprecated Predefined Profiles
IDS Impersonation profile: l ids-impersonation-disabled l ids-impersonation-high-setting
Command Information
Platform
Available on all platforms
License Requires the RFprotect license
Command Mode Config mode on master controllers
437 | ids impersonation-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids management-profile
event-correlation [logs-and-traps | logs-only | none | traps-only]
event-correlation-quiet-time <value>
Description
Mange the event correlation.
Syntax
Parameter
event-correlation logs-and-traps logs-only none traps-only
event-correlation-quiet-time <value>
Description
Range Default
Correlation mode for IDS event traps and syslogs (logs). Event correlation can be enabled with generation of correlated logs, traps, or both. To disable correlation, enter the keyword none.
logsandtraps
Time to wait, in seconds, after generating a correlated event after which the event could be raised again. This only applies to events that are repeatedly raised by an AP.
30360000 second s
900 second s
Usage Guidelines
Manage the events correlation for IDS event traps and syslogs (logs).
Example
(host) (config) #ids management-profile (host) (IDS Management Profile) #event-correlation-quiet-time 30 (host) (IDS Management Profile) #event-correlation logs-and-traps
Command History
Release ArubaOS 6.0
Modification Command introduced
Command Information
Platforms Available on all platforms
Licensing
Command Mode
Requires the RFprotect license Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids management-profile | 438
ids profile
ids profile <name> clone <profile> dos-profile <profile> general-profile <profile> impersonation-profile <profile> no ... signature-matching-profile <profile> unauthorized-device-profile <profile>
Description
This command defines a set of IDS profiles.
Syntax
Parameter <profile>
Description
Name that identifies an instance of the profile. The name must be 1-63 characters.
Default "default"
clone
Name of an existing IDS profile from which
--
parameter values are copied.
dos-profile
Name of a IDS denial of service profile to be applied to the AP group/name. See ids dos-profile on page 421.
"default"
general-profile
Name of an IDS general profile to be applied to the AP group/name. See ids general-profile on page 430.
"default"
impersonation-profile
Name of an IDS impersonation profile to be applied to the AP group/name. See ids impersonationprofile on page 435.
"default"
no
Negates any configured parameter.
--
signature-matching-profile
Name of an IDS signature matching profile to be applied to the AP group/name. See ids signaturematching-profile on page 443
"default"
unauthorized-device-profile
Name of an IDS unauthorized device profile to be applied to the AP group/name. See ids unauthorized-device-profile on page 448.
"default"
Usage Guidelines
This command defines a set of IDS profiles that you can then apply to an AP group (with the ap-group command) or to a specific AP (with the ap-name command).
439 | ids profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Example
The following command defines a set of IDS profiles: (host) (config) #ids profile floor2 (host) (IDS Profile "floor2") #dos-profile dos1
general-profile general1 impersonation-profile mitm1 signature-matching-profile sig1 unauthorized-device-profile unauth1
Command History
Version ArubaOS 3.0
Modification Command Introduced
ArubaOS 6.0 Deprecated predefined profiles
Deprecated Predefined Profile
Deprecated Profile for levels: disabled, high, medium, and low l ids-disabled l ids-high-setting l ids-medium-setting l ids-low-setting
Command Information
Platform Available on all platforms
License Requires the RFprotect license
Command Mode
Config mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids profile | 440
ids rate-thresholds-profile
ids rate-thresholds-profile <name> channel-inc-time <seconds> channel-quiet-time <seconds> channel-threshold clone <profile> no ... node-quiet-time <seconds> node-threshold <number> node-time-interval <seconds>
Description
This command configures thresholds that are assigned to the different frame types for rate anomaly checking.
Syntax
Parameter <profile>
Description
Name that identifies an instance of the profile. The name must be 1-63 characters.
Range --
Default
"defaul t"
channel-inc-time
Time, in seconds, in which the threshold must be exceeded in order to trigger an alarm.
0360000 seconds
15 second s
channel-quiet-time
After a channel rate anomaly alarm has been triggered, the time that must elapse before another identical alarm may be triggered. This option prevents excessive messages in the log file.
60360000
900 second s
channel-threshold
Number of a specific type of frame that must be
any
300
exceeded within a specific interval in an entire channel
to trigger an alarm.
clone
Name of an existing IDS rate thresholds profile from
--
--
which parameter values are copied.
no
Negates any configured parameter.
--
--
node-quiet-time
After a node rate anomaly alarm has been triggered, the time, in seconds, that must elapse before another identical alarm may be triggered. This option prevents excessive messages in the log file.
60360000
900 second s
node-threshold
Number of a specific type of frame that must be exceeded within a specific interval for a particular client MAC address to trigger an alarm.
0-
200
100000
frames
node-time-interval
Time, in seconds, in which the threshold must be exceeded in order to trigger an alarm.
1-120
15 second s
441 | ids rate-thresholds-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Usage Guidelines
A profile of this type is attached to each of the following 802.11 frame types in the IDS denial of service profile: l Association frames l Disassociation frames l Deauthentication frames l Probe Request frames l Probe Response frames l Authentication frames
Example
The following command configures frame thresholds: (host) (config) #ids rate-thresholds-profile Lobby (host) (IDS Rate Thresholds Profile "Lobby") #channel-threshold 250
Command History
Version
Modification
ArubaOS 3.0 Command Introduced
ArubaOS 6.0 Deprecated predefined profiles
Deprecated Predefined Profiles
Deprecated the predefined profile with probe-request-response-threshold.
Command Information
Platform
Available on all platforms
License Requires the RFprotect license
Command Mode
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids rate-thresholds-profile | 442
ids signature-matching-profile
ids signature-matching-profile <name> clone <profile> no ... signature <profile>
Description
This command contains defined signature profiles.
Syntax
Parameter Description
<profile>
Name that identifies an instance of the profile. The name must be 1-63 characters.
Default "default"
clone
Name of an existing IDS signature matching profile from which
--
parameter values are copied.
no
Negates any configured parameter.
--
signature
Name of a signature profile. See ids signature-profile on page 445.
--
Usage Guidelines
You can include one or more predefined signature profiles or a user-defined signature profile in a signature matching profile.
Example
The following command configures a signature matching profile: (host) (config) IDS signature matching LobbyEast (host) (IDS Signature Matching Profile "LobbyEast") #signature Null-Probe-Response
Command History
Version
Modification
ArubaOS 3.0 Command Introduced
ArubaOS 6.0 Deprecated predefined profiles
Deprecated Predefined Profiles
Deprecated Signature Matching profile: l factory-default-signatures
443 | ids signature-matching-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platform Available on all platforms
License Requires the RFprotect license
Command Mode
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids signature-matching-profile | 444
ids signature-profile
ids signature-profile <name> bssid <macaddr> clone <profile> dst-mac <macaddr> frame-type {assoc|auth|beacon|control|data|deauth|disassoc|mgmt|probe-request|proberesponse no ... payload <pattern> [offset <number>] seq-num <number> src-mac <macaddr>
Description
This command configures signatures for wireless intrusion detection.
Syntax
Parameter <profile>
bssid clone
dst-mac frame-type
assoc auth beacon control data deauth disassoc mgmt
Description Name that identifies an instance of the profile. The name must be 1-63 characters.
BSSID field in the 802.11 frame header.
Name of an existing IDS signature profile from which parameter values are copied.
Destination MAC address in the 802.11 frame header.
Type of 802.11 frame. For each type of frame, further parameters can be specified to filter and detect only the required frames.
Association frame type
Authentication frame type
Beacon frame type
All control frames
All data frames
Deauthentication frame type
Disassociation frame type
Management frame type
Default "default"
-- --
-- --
445 | ids signature-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter probe-request probe-response ssid ssid-length
no payload <pattern>
offset
seq-num src-mac
valid-ap
Description Frame type is probe request
Default
Frame type is probe response
For beacon, probe-request, and probe-response frame
--
types, specify the SSID as either a string or hex pattern.
For beacon, probe-request, and probe-response frame
--
types, specify the length, in bytes, of the SSID. Maximum
length is 32 bytes.
Negates any configured parameter.
--
Pattern at a fixed offset in the payload of an 802.11 frame.
--
Specify the pattern to be matched as a string or hex pattern.
Maximum length is 32 bytes.
When a payload pattern is configured, specify the offset in
--
the payload where the pattern is expected to be found in the
frame.
Sequence number of the frame.
--
Source MAC address in the 802.11 frame header.
--
Matches a valid AP SSID
--
Example
The following command configures a signature profile: (host) (config) #ids signature-profile floor4 (host) (IDS Signature Profile "floor4") #frame-type assoc (host) (IDS Signature Profile "floor4") #src-mac 00:00:00:00:00:00
Usage Guidelines
The following describes the configuration for the predefined signature profiles:
Signature Profile AirJack
Parameter frame-type
Value beacon ssid = AirJack
ASLEAP
frame-type
beacon ssid = asleap
Deauth-Broadcast
frame-type
deauth
dst-mac
ff:ff:ff:ff:ff:ff
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids signature-profile | 446
Signature Profile Netstumbler Generic
Netstumbler Version 3.3.0x
Null-Probe-Response
Parameter payload payload payload
payload frame-type
Value offset=3 pattern=0x00601d offset=6 pattern=0x0001 offset=3 pattern=0x00601d
offset=12 pattern=0x000102 probe-response ssid length = 0
Command History
Version ArubaOS 3.0
Modification Command Introduced
Command Information
Platform
Available on all platforms
License Requires the RFprotect license
Command Mode
Config mode on master controllers
447 | ids signature-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids unauthorized-device-profile
ids unauthorized-device-profile <name> adhoc-using-valid-ssid-quiet-time <seconds> allow-well-known-mac [hsrp|iana|local-mac|vmware|vmware1|vmware2|vmware3] cfg-valid-11a-channel <channel> cfg-valid-11g-channel <channel> classification clone <profile> detect-adhoc-network detect-adhoc-using-valid-ssid detect-bad-wep detect-ht-greenfield detect-invalid-mac-oui detect-misconfigured-ap detect-sta-assoc-to-rogue detect-unencrypted-valid-client detect-valid-client-misassociation detect-valid-ssid-misuse detect-windows-bridge detect-wireless-bridge detect-wireless-hosted-network mac-oui-quiet-time <seconds> no ... oui-classification overlay-classification privacy prop-wm-classification protect-adhoc-enhanced protect-adhoc-network protect-high-throughput protect-ht-40mhz protect-misconfigured-ap protect-ssid protect-valid-sta x protect-windows-bridge protect-wireless-hosted-network require-wpa rogue-containment suspect-rogue-conf-level <level> suspect-rogue-containment unencrypted-valid-client-quiet-time valid-and-protected-ssid <ssid> valid-oui <oui> valid-wired-mac <macaddr> wireless-bridge-quiet-time <seconds> wireless-hosted-network-quiet-time
Description
This command configures detection of unauthorized devices, as well as rogue AP detection and containment.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids unauthorized-device-profile | 448
Syntax
Parameter <profile>
adhoc-using-valid-ssid-quiettime
allow-well-known-mac
Description
Name that identifies an instance of the profile. The name must be 1-63 characters.
Range
Defaul t
--
"defaul
t"
Time to wait, in seconds, after detecting an adhoc network using a valid SSID, after which the check can be resumed.
6036000 0
900 secon ds
Allows devices with known MAC addresses to classify rogues APs.
--
--
Depending on your network, configure one or more of the following options for classifying rogue APs:
l hsrp--Routers configured for HSRP, a Cisco-proprietary redundancy protocol, with the HSRP MAC OUI 00:00:0c.
l iana--Routers using the IANA MAC OUI 00:00:5e.
l local-mac--Devices with locally administered MAC addresses starting with 02.
l vmware--Devices with any of the following VMWare OUIs: 00:0c:29, 00:05:69, or 00:50:56
l vmware1--Devices with VMWare OUI 00:0c:29.
l vmware2--Devices with VMWare OUI 00:05:69.
l vmware3--Devices with VMWare OUI 00:50:56.
If you modify an existing configuration, the new configuration overrides the original configuration. For example, if you configure allow-well-known-mac hsrp
and then configure allow-well-known-
mac iana, the original configuration is lost. To add more options to the original configuration, include all of the required options, for example: allow-well-
known-mac hsrp iana.
449 | ids unauthorized-device-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
cfg-valid-11a-channel cfg-valid-11g-channel classification
clone detect-adhoc-network detect-adhoc-using-validssid detect-bad-wep
Description
Range
Defaul t
Use caution when configuring this command. If the neighboring network uses similar routers, those APs might be classified as rogues. If containment is enabled, clients attempting to associate to an AP classified as a rogue are disconnected through a denial of service attack.
To clear the well known MACs in the system, use the following commands:
l clear wms wired-mac:This clears all of the learned wired MAC information on the controller.
l reload: This reboots the controller.
List of valid 802.11a channels that third-
34-
N/A
party APs are allowed to use.
165
List of valid 802.11b/g channels that third- 1-14
N/A
party APs are allowed to use.
Enable/disable rogue AP classification. A
--
true
rogue AP is one that is unauthorized and
plugged into the wired side of the
network. Any other AP seen in the RF
environment that is not part of the valid
enterprise network is considered to be
interfering -- it has the potential to cause
RF interference but it is not connected to
the wired network and thus does not
represent a direct threat.
Name of an existing IDS rate thresholds
--
--
profile from which parameter values are
copied.
Enable detection of adhoc networks.
--
false
Enable/disable detection of adhoc
--
enable
networks using valid/protected SSIDs
Enables detection of WEP initialization
--
vectors that are known to be weak and/or
repeating. A primary means of cracking
WEP keys is to capture 802.11 frames
over an extended period of time and
search for implementations that are still
used by many legacy devices.
false
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids unauthorized-device-profile | 450
Parameter detect-ht-greenfield detect-invalid-mac-oui
detect-misconfigured-ap
detect-sta-assoc-to-rogue detect-unencrypted-validclient detect-valid-clientmisassociation
detect-valid-ssid-misuse detect-windows-bridge detect-wireless-bridge
Description
Range
Defaul t
Enables or disables detection of high-
--
throughput devices advertising greenfield
preamble capability.
false
Enables checking of the first three bytes
--
of a MAC address, known as the
organizationally unique identifier (OUI),
assigned by the IEEE to known
manufacturers. Often clients using a
spoofed MAC address do not use a valid
OUI and instead use a randomly
generated MAC address. Enabling MAC
OUI checking causes an alarm to be
triggered if an unrecognized MAC
address is in use.
false
Enables detection of misconfigured APs.
--
An AP is classified as misconfigured if it is
classified as valid and does not meet any
of the following configurable parameters:
- valid channels - encryption type - list of valid AP MAC OUIs - valid SSID list
false
Enable/disable detection of station association to rogue AP.
enable
Enable/disable detection of unencrypted
--
valid clients.
enable
Enable/disable detection of
--
misassociation between a valid client and
an unsafe AP. This setting can detect the
following misassociation types:
l MisassociationToRogueAP
l MisassociationToExternalAP
l MisassociationToHoneypotAP
l MisassociationToAdhocAP
l MisassociationToHostedAP
enable
Enable/disable detection of Interfering or -- Neighbor APs using valid/protected SSIDs.
disabl e
Enables detection of Windows station
--
true
bridging.
Enables detection of wireless bridging.
--
false
451 | ids unauthorized-device-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter detect-wireless-hosted-network
mac-oui-quiet-time no oui-classification overlay-classification privacy prop-wm-classification protect-adhoc-enhanced
protect-adhoc-network protect-high-throughput
Description
Range
Defaul t
If enabled, this feature can detect the
--
presence of a wireless hosted network.
When a wireless hosted network is detected this feature sends a "Wireless Hosted Network" warning level security log message and the wlsxWirelessHostedNetworkDetected SNMP trap.
If there are clients associated to the hosted network, this feature will send a "Client Associated To Hosted Network" warning level security log message and the wlsxClientAssociatedToHostedNetworkDete cted SNMP trap.
enable
Time, in seconds, that must elapse after an invalid MAC OUI alarm has been triggered before another identical alarm may be triggered.
6036000 0 secon ds
900 secon ds
Negates any configured parameter.
--
--
Enable/disable OUI based rogue AP classification
--
enable
Enable/disable overlay rogue AP classification
--
enable
Enables encryption as a valid AP configuration.
--
false
Enable/disable rogue AP classification
--
true
through propagated wired MACs
Enables advanced protection from
--
open/WEP adhoc networks. When
enhanced adhoc containment is carried
out, a new repeatable event, syslog and
SNMP trap will be generated for each
containment event.
false
Enables protection from adhoc neworks
--
using WPA/WPA2 security. When adhoc
networks are detected, they are disabled
using a denial of service attack.
false
Enables or disables protection of high-
--
throughput (802.11n) devices.
false
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids unauthorized-device-profile | 452
Parameter protect-ht-40mhz protect-misconfigured-ap protect-ssid protect-valid-sta protect-windows-bridge protect-wireless-hosted-network
require-wpa rogue-containment
Description
Enables or disables protection of highthroughput (802.11n) devices operating in 40 MHz mode.
Range
Defaul t
--
false
Enables protection of misconfigured APs. --
false
Enables use of SSID by valid APs only.
--
false
When enabled (true), does not allow valid -- stations to connect to a non-valid AP.
false
Enable/disable protection of a windows
--
station bridging
disabl ed
When you enable the wireless hosted
--
network protection feature, the controller
enforces containment on a wireless
hosted network by launching a denial of
service attack to disrupt associations
between a Windows 7 software-enabled
Access Point (softAP) and a client, and
disrupt associations between the client
that is hosting the softAP and any access
point to which the host connects.
When a wireless hosted network triggers this feature, wireless hosted network protection sends the Wireless Hosted Network Containment and Host of Wireless Network Containment warning level security log messages, and the wlsxWirelessHostedNetworkContainment and wlsxHostOfWirelessNetworkContainment SNMP traps.
NOTE: The existing generic containment SNMP traps and log messages will also be sent when Wireless Hosted Network Containment or Host of Wireless Network Containment is enforced.
When enabled (true), any valid AP that is
--
not using WPA encryption is flagged as
misconfigured.
disabl ed
false
Rogue APs can be detected (see
--
classification) but are not automatically
disabled. This option automatically shuts
down rogue APs. When this option is
enabled (true), clients attempting to
associate to an AP classified as a rogue
are disconnected through a denial of
service attack.
false
453 | ids unauthorized-device-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter suspect-rogue-conf-level
suspect-rogue-containment
unencrypted-valid-clientquiet-time valid-and-protected-ssid valid-oui valid-wired-mac wireless-bridge-quiet-time
wireless-hosted-network-quiettime
Description
Range
Defaul t
Confidence level of suspected Rogue AP to trigger containment.
When an AP is classified as a suspected rogue AP, it is assigned a 50% confidence level. If multiple APs trigger the same events that classify the AP as a suspected rogue, the confidence level increases by 5% up to 95%.
In combination with suspected rogue containment, this option configures the threshold by which containment should occur. Suspected rogue containment occurs only when the configured confidence level is met.
50100%
60%
Suspected rogue APs are treated as
--
interfering APs, thereby the controller
attempts to reclassify them as rogue APs.
Suspected rogue APs are not
automatically contained. In combination
with the configured confidence level (see
suspect-rogue-conf-level), this option
contains the suspected rogue APs.
false
Time to wait, in seconds, after detecting an unencrypted valid client after which the check can be resumed.
6036000 0 secon ds
900 secon ds
List of valid and protected SSIDs.
--
--
List of valid MAC OUIs.
--
--
List of MAC addresses of wired devices in --
--
the network, typically gateways or
servers.
Time, in seconds, that must elapse after a wireless bridge alarm has been triggered before another identical alarm may be triggered.
6036000 0 secon ds
900 secon ds
The wireless hosted network detection feature sends a log message and trap when a wireless hosted network is detected. The quiet time defined by this parameter sets the amount of time, in seconds, that must elapse after a wireless hosted network log message or trap has been triggered before an identical log message or trap can be sent again.
6036000 0 secon ds
900 secon ds
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids unauthorized-device-profile | 454
Usage Guidelines
Unauthorized device detection includes the ability to detect and disable rogue APs and other devices that can potentially disrupt network operations.
Example
The following command copies the settings from the ids-unauthorized-device-disabled profile and then enables detection and protection from adhoc networks: (host) (config) #ids unauthorized-device-profile floor7 (host) (IDS Unauthorized Device Profile "floor7") #unauth1 (host) (IDS Unauthorized Device Profile "floor7") #clone ids-unauthorized-device-disable (host) (IDS Unauthorized Device Profile "floor7") #detect-adhoc-network (host) (IDS Unauthorized Device Profile "floor7") #protect-adhoc-network
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.3
Update with support for the high-throughput IEEE 802.11n standard. Also, introduced allow-well-known-mac, suspect-rogue-conf-level, and suspectrogue-containment parameters.
ArubaOS 6.0
Deprecated predefined profiles
ArubaOS 6.1
Added the detect-valid-ssid-misuse parameter to internally generate a list of valid SSIDs to use in addition to the user configured list of Valid and Protected SSIDs.
ArubaOS 6.3
Added the following parameters l protect-adhoc-enhanced l detect-wireless-hosted-network l wireless-hosted-network-quiet-time l protect-wireless-hosted-network
Deprecated Predefined Profiles
IDS Unauthorized Device profile: l ids-unauthorized-device-disabled l ids-unauthorized-device-medium-setting l ids-unauthorized-device-high-setting
Command Information
Platform
Available on all platforms
License Requires the RFprotect license
Command Mode
Config mode on master controllers
455 | ids unauthorized-device-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids wms-general-profile
wms general adhoc-ap-ageout-interval <adhoc-ap-ageout-interval> ap-ageout-interval <ap-ageout-interval> collect-stats learn-ap learn-system-wired-macs no persistent-neighbor persistent-valid-sta poll-interval <poll-interval> poll-retries <poll-retries> propagate-wired-macs sta-ageout-interval <sta-ageout-interval> stat-update
Description
This command configures the WLAN management system (WMS).
Syntax
Parameter
adhoc-ap-ageout-interval <adhoc-ap-ageout-interval>
Description
Time, in minutes, that an adhoc (IBSS) AP remains unseen before it is deleted (ageout) from the database.
Range ?
ap-ageout-interval <ap-ageout-interval>
Time, in minutes, that an AP remains
?
unseen by any probes before it is deleted
from the database.
collect-stats
Enables collection of statistics (up to
--
25,000 entries) on the master controller
for monitored APs and clients. This only
applies when MMS is not configured.
learn-ap
Enables "learning" of non-Dell APs.
--
learn-system-wired-macs
Enable or disable "learning" of wired
--
MACs at the controller.
Default 30 minutes 30 minutes disabled
disabled disabled
no persistent-neighbor
Negates any configured parameter.
--
Do not age out known AP neighbors.
--
-- disabled
persistent-valid-sta
Do not age out valid stations.
--
?
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids wms-general-profile | 456
Parameter poll-interval <poll-interval>
poll-retries <poll-retries>
propagate-wiredmacs sta-ageout-interval <sta-ageout-interval>
stat-update
Description
Range
Interval, in milliseconds, for communication between the controller and Dell AMs. The controller contacts the AM at this interval to download AP to station associations, update policy configuration changes, and download AP and station statistics.
(any)
Default
60000 millisecond s (1 minute)
Maximum number of failed polling attempts before the polled AM is considered to be down.
(any)
2
Enables the propagation of the gateway
--
wired MAC information.
enabled
Time, in minutes, that a client remains
?
unseen by any probes before it is deleted
from the database.
Enables statistics updating in the
--
database.
30 minutes enabled
Usage Guidelines
By default, non-Dell APs that are connected on the same wired networks as Dell APs are classified as "rogue" APs. Enabling AP learning classifies non-Dell APs as "valid" APs. Typically, you would want to enable AP learning in environments with large numbers of existing non-Dell APs and leave AP learning enabled until all APs in the network have been detected and classified as valid. Then, disable AP learning and reclassify any unknown APs as interfering.
VLAN Trunking
In deployments where Dell APs are not placed on every VLAN and where it is not possible to trunk all VLANs to a Dell AP, enable the parameter learned-system-wired-mac. When this is enabled, ArubaOS is able to classify rogues on all the VLANs that belong to the Dell controller, as long as Dell APs can see the rogues in the air. If there are VLANs in the network residing on a third party controller and if those VLANs are trunked to a port on the Dell controller, enabling this feature will allow detection of rogues on those VLANs as well.
Master/Local
When learned-system-wired-mac is enabled in a master/local deployment, the learning of Wired and Gateway MACs will happen at each local controller. For topologies with local controllers in geographical locations, the local controller collects the Wired and Gateway MAC info and passes it to the APs that are connected to it. Even though the locals do the collection of Wired and Gateway MACs, the master is still be responsible for classification.
Example
The following command enables AP learning: (host)(IDS WMS General Profile) #learn-ap
To disable AP learning: (host)(IDS WMS General Profile) #no learn-ap
457 | ids wms-general-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 3.0 ArubaOS 6.1
Modification Command introduced Added parameter learned-system-wired-mac
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids wms-general-profile | 458
ids wms-local system-profile
ids wms-locals-profile <profile> max-rbtree-entries <number> max-system-wm <number> max-threshold <number> system-wm-update-interval <number>]
Description
This command sets the local configuration parameters to control the size of the Wired MAC table and APs and Stations.
Syntax
Parameter max-rbtree-entries
Description
Set the max threshold for the total number of AP and Station RBTree entries.
max-system-wm
Set the max number of system wired MAC table entries learned at the controller.
Range: 1-2000
Default: 1000
max-threshold
Set the max threshold for the total number of APs and Stations.
system-wm-update-interval
Set the interval, in minutes, for repopulating the system wired MAC table at the controller.
Range: 1 to 30 minutes
Default: 8 minutes
Usage Guidelines
The wms-local system command is used for configuring commands that are local, not global. This means in a master-local system, the configuration parameter is modifiable at each individual controller, and the setting on one controller does not affect the setting on other controllers.
Increasing the max threshold limit will cause an increase in usage in the memory by WMS. In general, each entry will consume about 500 bytes of memory. If the setting is bumped up by 2000, then it will cause an increase in WMS memory usage by 1MB.
Example
The following commands first set the interval time for repopulating the MAC table to 10 minutes and then sets the maximimum number of APs and stations to 500. (host) (config) #ids wms-locals-profile system system-wm-update-interval 10 (host) (config)# ids wms-locals-profile system max-threshold 500
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids wms-local system-profile | 460
Command History
Release ArubaOS 3. ArubaOS 6.1
ArubaOS 6.1.3
Modification Introduced
Local configuration parameters to control the size of the Wired MAC table max-system-wm and system-wm-update-interval The wms-local command was renamed to ids wms-local-system-profile.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
461 | ids wms-local system-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ifmap
ifmap cppm enable no server host <host> port <port> username<username> passwd <password>
Description
This command is used in conjunction with ClearPass Policy Manager. It sends HTTP User Agent Strings and mDNS broadcast information to ClearPass so that it can make more accurate decisions about what types of devices are connecting to the network.
Syntax
Parameter enable server host <host> port <port>
username<username>
passwd <password>
Description Enables the IFMAP protocol. Configures the CPPM IF-MAP server.
Default -- --
IP address/hostname of the CPPM IF-MAP server.
--
Port number for the CPPM IF-MAP server. The range is 165535.
Username for the user who performs actions on the CPPM IFMAP server. The name must be between 1-255 bytes in length.
Password of the user who performs actions on the CPPM IFMAP server. The password must be between 6-100 bytes in length.
443 -- --
Example
This example configures IFMAP and enables it. (host) (config) #ifmap (host) (config) #ifmap cppm (host) (CPPM IF-MAP Profile) #server host <host> (host) (CPPM IF-MAP Profile) #port <port> (host) (CPPM IF-MAP Profile) #passwd <psswd> (host) (CPPM IF-MAP Profile) #enable
Usage Guidelines
Use this command in conjunction with ClearPass Policy Manager.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ifmap | 462
Related Commands
Command show ifmap
Description
Mode
This command is used in conjunction with ClearPass Policy Manager. It sends HTTP User Agent Strings and mDNS broadcast information to ClearPass so that it can make more accurate decisions about what types of devices are connecting to the network
Config mode
Command History
Version ArubaOS 6.3
Modification Command Introduced
Command Information
Platform
Available on all platforms
License
Available in the base operating system
Command Mode
Config mode on master controllers
463 | ifmap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Interface cellular
interface cellular ip access-group <name> session
Description
This command allows you to specify an ingress or egress ACL to the cellular interface of an EVDO modem.
Syntax
Parameter <name>
Description
Enter the name or number of the access group you want to apply to the EVDO modem.
Example
(host) (config-cell)#ip access-group 3 session
Related Command
Command
Description
show interface cellular List the Access groups configured on the cellular interface access-group
Command History
Release ArubaOS 5.0
Modification Command introduced
Command Information
Platforms W-600 Series
Licensing Base operating system
Command Mode Configuration Mode (config-cell)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Interface cellular | 464
interface fastethernet | gigabitethernet
interface
interface {fastethernet|gigabitethernet} <slot>/<module>/<port> bandwidth-contract <name>|{{app <app-name>|appcategory <app-category-name>} <bw-contractname>} upstream|downstream [exclude] description <string> duplex {auto|full|half} ip access-group <name> {in|out|session {vlan <vlanId>}} jumbo lacp {group|port-priority|timeout} lldp {fast-transmit-counter <1-8>|fast-transmit-interval <13600>|med|receive|transmit|transmit-hold <1-100>|transmit-interval <1-3600> }600> no ... port monitor {fastethernet|gigabitethernet} <slot>/<port> priority-map <name> shutdown spanning-tree {[bpduguard]|[cost <value>]|[point-to-point]|[port-priority <value>]| [portfast] [vlan]} speed {10|100|auto} switchport {access vlan <vlan>|mode {access|trunk}| trunk {allowed vlan {<vlans>|add <vlans>|all|except <vlans>|remove <vlans>}| native vlan <vlan>}} trusted {vlan <word>} tunneled-node-port xsec {point-to-point <macaddr> <key> allowed vlan <vlans> [<mtu>]|vlan <vlan>}
Description
This command configures a FastEthernet or GigabitEthernet interface on the controller.
Syntax
Parameter <slot> <module> <port>
bandwidth-contract
Description <slot> is always 1.
Range --
<slot>/<module>/<port> (7000 Series only)
Number assigned to the network
--
interface embedded in the
controller.Port numbers start at 0 from
the left-most position.
Apply a bandwidth contract to all
--
upstream of downstream traffic, or to
traffic for a specified application or
application category
NOTE: This feature is only supported on W-7000 Series and W-7200 Series controllers
Default --
-- --
465 | interface fastethernet | gigabitethernet
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter <name>
app <name>
appcategory <name>
downstream upstream exclude <app>|<appcategory> description duplex ip access-group
in out
Description
Name of a bandwidth contract configured with the aaa bandwidthcontract command. If you specify a bandwidth contract name before you specify an application or application category, the bandwidth contract is applied to all downstream or upstream traffic.
Range
Default
Name of the application to which the
--
--
bandwidth contract is applied. For a
complete list of supported applications,
issue the command show dpi
application all.
Name of the application category to
--
--
which the bandwidth contract is applied.
For a complete list of supported
applications, issue the command show
dpi application category all.
Apply the bandwidth contract to
--
--
downstream traffic.
Apply the bandwidth contract to
--
--
upstream traffic.
Use this parameter to exclude application or application category traffic from a bandwdth contract.
String that describes this interface.
--
--
Transmission mode on the interface: full or half-duplex or auto to automatically adjust transmission.
auto/full/ha lf
auto
Applies the specified access control list
--
--
(ACL) to the interface. Use the ip
access-list command to configure an
ACL.
NOTE: This parameter requires the PEFNG license.
Applies ACL to interface's inbound
--
--
traffic.
Applies ACL to interface's outbound
--
--
traffic.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface fastethernet | gigabitethernet | 466
Parameter session
tunneled-node-port no jumbo lacp
Description
Range
Applies session ACL to interface and
--
optionally to a selected VLAN associated
with this port.
Enable tunneled node capability on the
--
interface.
Negates any configured parameter.
--
Enables or disables jumbo frame MTU con- -- figured via firewall on a port.
group <id> mode [active|passive]
port-priority
timeout
lldp
Configures an LLDP functionality on an
--
interface.
fast-transmit-counter Set the number of the LLDP data units
1-8
<1-8>
sent each time fast LLDP data unit
transmission is triggered
fast-transmit-interval Set the LLDP fast transmission interval in
<1-3600>
seconds.
1-3600
med
Enables the LLDP MED protocol.
--
receive
Enables processing of LLDP PDU
--
received.
transmit
Enables LLDP PDU transmit.
--
transmit-hold <1-100>
transmit-interval <1-3600>
port monitor
Set the transmit hold multiplier.
Sets the transmit interval in seconds.
Monitors another interface on the controller.
1-100 1-3600 --
Default -- disabled -- disabled
-- 4 1 disabled disabled disabled 4 30 --
467 | interface fastethernet | gigabitethernet
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter priority-map
shutdown spanning-tree
bpduguard cost
point-to-point port-priority
portfast vlan speed switchport access vlan mode
Description
Range
Applies a priority map to the interface.
--
Use the priority-map command to
configure a priority map which allows
you to map ToS and CoS values into high
priority traffic queues.
Default --
Causes a hard shutdown of the
--
--
interface.
Enables Rapid spanning tree or Per-
--
VLAN spanning tree.
enabled
Enables bpduguard on the edge ports.
--
disabled
Administrative cost associated with the spanning tree.
1-65535
19 (Fast Ethernet) 4 (Gigabit Ethernet)
Set interface as point to point.
--
disabled
Spanning tree priority of the interface. A 0-255
128
lower setting brings the port closer to
root port position (favorable for
forwarding traffic) than does a higher
setting. This is useful if ports may
contend for root position if they are
connected to an identical bridge.
Enables forwarding of traffic from the
--
interface.
disabled
Configure the vlan instance.
1-4094
disabled
Sets the interface speed: 10 Mbps, 100 Mbps, or auto configuration.
10|100|au to
auto
Sets switching mode parameters for the --
--
interface.
Sets the interface as an access port for
--
1
the specified VLAN. The interface carries
traffic only for the specified VLAN.
Sets the mode of the interface to access or trunk mode only.
access|tru nk
access
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface fastethernet | gigabitethernet | 468
Parameter trunk
trusted vlan <word>
tunneled-node-port xsec
Description
Range
Sets the interface as a trunk port for the -- specified VLANs. A trunk port carries traffic for multiple VLANs using 802.1q tagging to mark frames for specific VLANs. You can include all VLANs configured on the controller, or add or remove specified VLANs. Specify native to identify the native VLAN for the trunk mode interface. Frames on the native VLAN are not 802.1q tagged.
Set this interface and range of VLANs to -- be trusted. VLANs not included in the trusted range of VLANs will be, by default, untrusted.
Trusted ports and VLANs are typically connected to internal controlled networks, while untrusted ports connect to third-party APs, public areas, or other networks to which access controls should be applied. When Dell APs are attached directly to the controller, set the port to be trusted.
Sets the supplied range of VLANs as trusted. All remaining become untrusted automatically.
For example, If you set a VLAN range as: vlan 1-10, 100-300, 301, 305-400, 5014094
Then all VLANs in this range are trusted and all others become untrusted by default. You can also use the no trusted vlan command to explicitly make an individual VLAN untrusted. The no trusted vlan command is additive and adds given vlans to the existing untrusted vlan set.
However, if you execute the trusted vlan <word> command, it overrides any earlier untrusted VLANs or a range of untrusted VLANs and creates a new set of trusted VLANs.
NOTE: A port supports a user VLAN range from 1-4094. If you want to set all VLANs (1-4094) on a port as untrusted then mark the port itself as untrusted. By default the port and all its associated VLANs are trusted.
1-4094
--
Enables and configures the Extreme
--
Security (xSec) protocol.
Default -- enabled --
-- --
469 | interface fastethernet | gigabitethernet
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
point-to-point
allowed vlan mtu vlan
Description
NOTE: You must purchase and install the xSec software module license in the controller.
Range
MAC address of the controller that is the -- xSec tunnel termination point, and the 16-byte shared key used to authenticate the controllers to each other. The key must be the same on both controllers.
VLANs that are allowed on the xSec
--
tunnel.
(Optional) MTU size for the xSec tunnel.
--
xSec VLAN ID. For controller-tocontroller communications, both controllers must belong to the same VLAN.
1-4094
Default
--
-- -- --
Usage Guidelines
Use this command to configure settings for the controller interface, including duplex, LLDP and switchport settings. You can issue the show port status command to obtain information about the interfaces currently available on the controller.
Interface Bandwidth Contracts
W-7000 Series controllers have the ability to classify and identify applications on the network. If a W-7000 Series controller is configured as a branch controller, you can create bandwidth contracts to limit traffic for individual applications (or categories of applications) either sent from or received by a selected interface. There are two basic models for using this feature.
l Limiting lower-priority traffic: If there is a lower-priority application or application type that you want to limit, apply a bandwidth contract just to that application, and allow all other application traffic to pass without any limits.
l Protecting higher-priority traffic: If you want to guarantee bandwidth for a company-critical application or application group, you can add that application to an exception list, then apply a bandwidth contract to all remaining traffic.
You can apply bandwidth contracts using one or both of these models. Each interface supports up to 64 bandwidth contracts.
Interface contract Precedence
An interface bandwidth contract is applied to downstream traffic before a user-role bandwidth contract is applied, and for upstream traffic, the user-role bandwidth contract is applied before the interface bandwidth contract. For all traffic using compression and encryption, bandwidth contracts are applied after that traffic is compressed and encrypted. If you apply more than one bandwidth contract to any specific category type, then the bandwidth contracts are applied in the following order.
1. A contract that explicitly excludes an application 2. A contract that explicitly excludes an application category 3. A contract that applies to a specific application
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface fastethernet | gigabitethernet | 470
4. A contract that applies to a specific application category 5. A generic bandwidth contract, not specific to any application or application category
Example
The following commands configure an interface as a trunk port for a set of VLANs: (host) (config) # interface fastethernet 1/2 (host) (config-range)# switchport mode trunk (host) (config-range)# switchport trunk native vlan 10 (host) (config-range)# switchport trunk allowed vlan 1,10,100 The following commands configure trunk port 1/2 with test-acl session for VLAN 2. (host) (config) # interface range fastethernet 1/2 (host) (config-range)# switchport mode trunk (host) (config-range)# ip access-group (host) (config-range) # ip access-group test session vlan 2 The following commands configure a interface bandwidth contract for a high-priority application. (host) (config) # interface gigabitethernet 1/1 (host) (config) # bw-contract protectlync exclude app alg-lync-voice downstream
Related Commands
(host) #show interface {fastethernet|gigabitethernet} <slot>/<port> (host) #show datapath port vlan-table <slot>/<port>
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.4
The trusted VLAN and ip access-group session vlan parameters were introduced.
ArubaOS 3.4.1
The trusted vlan <word> parameter was added.
ArubaOS 6.1
The parameter muxport was changed to tunneled-node-port
ArubaOS 6.3
The jumbo parameter was added to enable or disable jumbo frame MTU configured via firewall on port.
ArubaOS 6.4
The lldp parameter was added.
ArubaOS 6.4.3.0
The bw-contract parameter was introduced.
The bpduguard, point-to-point, and vlan parameters were introduced as part of spanning-tree.
471 | interface fastethernet | gigabitethernet
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms
Licensing
Command Mode
All platforms, except for the interface bandwidth contract feature, which is limited to W-7000 Series controllers only.
This command is available in the base operating system. The ip access-group parameter requires the PEFNG license. The xsec parameter requires the xSec license.
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface fastethernet | gigabitethernet | 472
interface loopback
interface loopback ip address <ipaddr> ipv6 address <ipv6-prefix> no ...
Description
This command configures the loopback address on the controller.
Syntax
Parameter ip address
ipv6 address no
Description Host IP address in dotted-decimal format. This address should be routable from all external networks.
Host IPv6 address that is routable from all external networks.
Negates any configured parameter.
Usage Guidelines
If configured, the loopback address is used as the controller's IP address. If you do not configure a loopback address for the controller, the IP address assigned to VLAN 1 is used as the controller's IP address. After you configure or modify a loopback address, you need to reboot the controller.
Example
The following command configures a loopback address: (host) (config) #interface loopback
ip address 10.2.22.220
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
The parameter ipv6 address was added.
Command Information
Platforms All platforms
Licensing
This command is available in the base operating system
Command Mode
Config mode on master and local controllers
473 | interface loopback
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface loopback | 474
interface port-channel
interface port-channel <id> add {fastethernet|gigabitethernet} <slot>/<port> del {fastethernet|gigabitethernet} <slot>/<port> description <LINE> ip access-group <acl> {in|out|session {vlan <vlanId>}} jumbo no ... shutdown spanning-tree [portfast] switchport {access vlan <vlan>|mode {access|trunk}| trunk {allowed vlan {<vlans>|add <vlans>|all|except <vlans>|remove <vlans>| native vlan <vlan>} trusted {vlan <word>} xsec {point-to-point <macaddr> <key> allowed vlan <vlans> [<mtu>]|vlan <vlan>}
Description
This command configures an Ethernet port channel.
Syntax
Parameter port-channel add
del description <LINE> ip access-group
in out session jumbo
Description ID number for this port channel.
Range 0-7
Default --
Adds the specified FastEthernet or GigabitEthernet --
--
interface to the port channel.
You cannot specify both FastEthernet and GigabitEthernet interfaces for the same port channel.
Deletes the specified FastEthernet or
--
--
GigabitEthernet interface to the port channel.
A character string describing this port-channel.
up to 60
--
characters
Applies the specified access control list (ACL) to
--
--
the interface. Use the ip access-list command to
configure an ACL.
NOTE: This command requires the PEFNG license.
Applies ACL to interface's inbound traffic.
--
--
Applies ACL to interface's outbound traffic.
--
--
Applies session ACL to interface and optionally to
--
--
a selected VLAN associated with this port.
Enable or disables jumbo frame MTU configured via firewall on a port channel.
Disabled
475 | interface port-channel
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter no shutdown spanning-tree
portfast switchport
access vlan mode trunk
native trusted
vlan <word>
Description Negates any configured parameter.
Range --
Causes a hard shutdown of the interface.
--
Enables spanning tree.
--
Enables forwarding of traffic from the interface.
--
Sets switching mode parameters for the interface. --
Sets the interface as an access port for the
--
specified VLAN. The interface carries traffic only
for the specified VLAN.
Sets the mode of the interface to access or trunk
--
mode only.
Sets the interface as a trunk port for the specified
--
VLANs. A trunk port carries traffic for multiple
VLANs using 802.1q tagging to mark frames for
specific VLANs. You can include all VLANs
configured on the controller, or add or remove
specified VLANs.
Specifies the native VLAN for the trunk mode
--
interface. Frames on the native VLAN are not
802.1q tagged.
Set this interface and range of VLANs to be
--
trusted. VLANs not included in the trusted range of
VLANs will be, by default, untrusted.
Trusted ports and VLANs are typically connected to internal controlled networks, while untrusted ports connect to third-party APs, public areas, or other networks to which access controls should be applied. When Dell APs are attached directly to the controller, set the port to be trusted.
Sets the supplied range of VLANs as trusted. All remaining become untrusted automatically.
For example, if you set a VLAN range as: vlan 1-10, 100-300, 301, 305-400, 501-4094
Then all VLANs in this range are trusted and all others become untrusted by default. You can also use the no trusted vlan command to explicitly make an individual VLAN untrusted. The no trusted vlan command is additive and adds given vlans to the existing untrusted vlan set.
1-4094
Default -- -- -- -- -- -- -- --
-- disable d
--
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface port-channel | 476
Parameter
xsec point-to-point allowed vlan mtu vlan
Description
Range
However, if you execute the trusted vlan <word>command, it overrides any earlier untrusted VLANs or a range of untrusted VLANs and creates a new set of trusted VLANs.
NOTE: A port supports a user VLAN range from 14094. If you want to set all VLANs (1-4094) on a port as untrusted then mark the port itself as untrusted. By default the port and all its associated VLANs are trusted.
Enables and configures the Extreme Security
--
(xSec) protocol.
NOTE: You must purchase and install the xSec software module license in the controller.
MAC address of the controller that is the xSec
--
tunnel termination point, and the 16-byte shared
key used to authenticate the controllers to each
other. The key must be the same on both
controllers.
VLANs that are allowed on the xSec tunnel.
--
(Optional) MTU size for the xSec tunnel.
--
xSec VLAN ID. For controller-to-controller communications, both controllers must belong to the same VLAN.
1-4094
Default
-- -- -- -- --
Usage Guidelines
A port channel allows you to aggregate ports on a controller. You can configure a maximum of 8 port channels per supported controller with a maximum of 8 interfaces per port channel. Note the following when setting up a port channel between a controller and a Cisco switch (such as a Catalyst 6500 Series Switch): l There must be no negotiation of the link parameters. l The port-channel mode on the Cisco switch must be "on".
Example
The following command configures a port channel: (host) (config) #interface port channel 7
add fastethernet 1/1 add fastethernet 1/2
477 | interface port-channel
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 3.0 ArubaOS 3.4
ArubaOS 3.4.1 ArubaOS 6.3 ArubaOS 6.4.3.0
Modification Command introduced The trusted VLAN and ip access-group session vlan parameters were introduced. The trusted vlan <word> parameter was added. The jumbo parameter was added. The description parameter was introduced.
Command Information
Platforms
Licensing
Command Mode
This command is available in the base operating system. The ipaccess-group parameter requires the PEFNG license. The xsec parameter requires the xSec license.
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface port-channel | 478
interface-profile voip-profile
interface-profile voip-profile <profile-name> clone <source> no{...} voip-dot1p <priority> voip-dscp <value> voip-mode [auto-discover | static] voip-vlan <VLAN-ID>
Description
This command creates a VoIP profile that can be applied to any interface or an interface group.
Syntax
Parameter <profile-name>
voip-dot1p <priority>
Description Name of the VoIP profile.
Specifies the dot1p priority.
Range
Default
1-32 char- -- acters; cannot begin with a numeric character
--
--
voip-dscp <value>
Specifies the DSCP value for the
--
voice VLAN
voip-mode [auto-discover | static] Specifies the mode of VoIP operation. --
l auto-discover - Operates VoIP on auto discovery mode.
l static - Operates VoIP on static mode.
voip-vlan <vlan id>
Specifies the Voice VLAN ID.
--
-- static
--
Usage Guidelines
Use this command to create VoIP VLANs for VoIP phones. Creating a VoIP profile does not apply the configuration to any interface or interface group. To apply the VoIP profile, use the interface gigabitethernet and interface-group commands.
Example
The following command configures a VoIP profile: interface-profile voip-profile VoIP_PHONES voip-dot1p 100 voip-dscp 125 voip-mode auto-discover voip-vlan 126
479 | interface-profile voip-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
This command was introduced in ArubaOS
Release ArubaOS 6.2
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface-profile voip-profile | 480
interface range
interface range {fastethernet|gigabitethernet} <slot>/<port>-<port> duplex {auto|full|half} ip access-group <acl> {in|out|session {vlan <vlanId>}} no ... poe [cisco] shutdown spanning-tree [cost <value>] [port-priority <value>] [portfast] speed {10|100|auto} switchport {access vlan <vlan>|mode {access|trunk}| trunk {allowed vlan {<vlans>|add <vlans>|all|except <vlans>|remove <vlans>}| native vlan <vlan>}} trusted {vlan <word>}
Description
This command configures a range of FastEthernet or GigabitEthernet interfaces on the controller.
Syntax
Parameter range duplex
ip access-group
in out session no poe cisco shutdown spanning-tree
Description
Range of Ethernet ports in the format <slot>/<port>-<port>.
Range --
Default --
Transmission mode on the interface: full- or halfduplex or auto to automatically adjust transmission.
auto/full/ha lf
auto
Applies the specified access control list (ACL) to
--
--
the interface. Use the ip access-list command to
configure an ACL.
Applies ACL to interface's inbound traffic.
--
--
Applies ACL to interface's outbound traffic.
--
--
Applies session ACL to interface and optionally
--
--
to a selected VLAN associated with this port.
Negates any configured parameter.
--
--
Enables Power-over-Ethernet (PoE) on the
--
--
interface.
Enables Cisco-style PoE on the interface.
--
--
Causes a hard shutdown of the interface.
--
--
Enables spanning tree.
--
--
481 | interface range
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter cost port-priority
portfast speed switchport
access vlan mode trunk
trusted
vlan <word>
Description
Range
Administrative cost associated with the spanning tree.
1-65535
Default --
Spanning tree priority of the interface. A lower setting brings the port closer to root port position (favorable for forwarding traffic) than does a higher setting. This is useful if ports may contend for root position if they are connected to an identical bridge.
0-255
Enables forwarding of traffic from the interface.
--
--
Sets the interface speed: 10 Mbps, 100 Mbps, or auto configuration.
10|100|au to
auto
Sets switching mode parameters for the
--
--
interface.
Sets the interface as an access port for the
--
--
specified VLAN. The interface carries traffic only
for the specified VLAN.
Sets the mode of the interface to access or trunk --
--
mode only.
Sets the interface as a trunk port for the
--
--
specified VLANs. A trunk port carries traffic for
multiple VLANs using 802.1q tagging to mark
frames for specific VLANs. You can include all
VLANs configured on the controller, or add or
remove specified VLANs. Specify native to
identify the native VLAN for the trunk mode
interface. Frames on the native VLAN are not
802.1q tagged.
Set this interface and range of VLANs to be
--
trusted. VLANs not included in the trusted range
of VLANs will be, by default, untrusted.
Trusted ports and VLANs are typically connected to internal controlled networks, while untrusted ports connect to third-party APs, public areas, or other networks to which access controls should be applied. When Dell APs are attached directly to the controller, set the port to be trusted.
enable d
Sets the supplied range of VLANs as trusted. All
1-4094
--
remaining become untrusted automatically.
For example, If you set a VLAN range as: vlan 1-10, 100-300, 301, 305-400, 501-4094
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface range | 482
Parameter
Description
Range
Then all VLANs in this range are trusted and all others become untrusted by default. You can also use the no trusted vlan command to explicitly make an individual VLAN untrusted. The no trusted vlan command is additive and adds given vlans to the existing untrusted vlan set.
However, if you execute the trusted vlan <word> command, it overrides any earlier untrusted VLANs or a range of untrusted VLANs and creates a new set of trusted VLANs.
NOTE: A port supports a user VLAN range from 14094. If you want to set all VLANs (1-4094) on a port as untrusted then mark the port itself as untrusted. By default the port and all its associated VLANs are trusted.
Default
Usage Guidelines
Use the show port status command to obtain information about the interfaces available on the controller.
Example
The following command configures a range of interface as a trunk port for a set of VLANs: interface range fastethernet 1/12-15
switchport mode trunk switchport trunk native vlan 10 switchport trunk allowed vlan 1,10,100
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.4
The trusted VLAN and ip access-group session vlan parameters were introduced.
ArubaOS 3.4.1
The trusted vlan <word> parameter was added.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
483 | interface range
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface tunnel
interface tunnel <number> description <string> inter-tunnel-flooding ip address {<ipaddr> <netmask>} | internal ip ospf {area <area-id>}|{authentication message-digest}|{cost <value>}|{dead-interval <value>}|{hello-interval <value>}|{message-digest-key <id>}|{priority <value>}|{retransmitinterval <value>}|{transmit-delay <value>} ipv6 address X:X:X:X::X mtu <mtu> no ... shutdown trusted tunnel destination <ip-addr>| remote-node-master-ip|{ipv6 <ipv6-addr>} keepalive {<interval> <retries>}|<cisco> mode gre {<num>|ip|ipv6 source <ip-addr>|controller-ip|loopback|{vlan <vlan-id>}|{ ipv6 <ipv6-addr>|loopback| controller-ip|{vlan <vlan id>}} vlan <vlan id>
Description
This command configures a Layer-2 or Layer-3 GRE tunnel between a controller and another GRE-capable device.
Syntax
Parameter tunnel <number>
Description
Tunnel Identification number. The tunnel ID used here does not have to match the tunnel ID used in the other controller.
Range
Default
1-
--
16777215
description
String that describes this tunnel.
--
----
inter-tunnel-flooding Enables inter-tunnel flooding.
--
Enabled
ip
IP address of the Layer 3 tunnel. This
--
--
represents the entrance to the tunnel.
NOTE: This address should be a unique, nonroutable IP address.
Enter the following values:
l address: The interface IP address of the Layer-3 tunnel.
l <ipaddr>: An IPv4 address.
NOTE: The IP address should not be part of any subnet in your network, nor does it have to be routable in your network. It is used as a gateway for routing your private subnets (i.e., nonroutable VLANs) within the GRE tunnel.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface tunnel | 484
Parameter ipv6 mode gre
mtu no shutdown trusted 485 | interface tunnel
Description
Range
Default
l internal: IP address allocated from the Remote-Node pool.
l <ipmask>: IP address allocated from the Remote-Node pool.
l ospf: OSPF interface command.
IPv6 address of the Layer-3 GRE tunnel.
-
-
NOTE: This IP address can be configured only for a Layer-3 GRE tunnel (refer to the "mode gre" parameter below for details).
This parameter a) specifies the tunnel encapsulation method as GRE and b) allows you to specify whether it is a Layer-2 or Layer3 GRE tunnel.
l <16-bit protocol number>
The 16-bit protocol number uniquely identifies a GRE tunnel. The number format is numeric. The controllers at both endpoints of the tunnel must be configured with the same protocol number. The protocol number does not necessarily have to match the protocol number of the encapsulated frame. The controller encapsulates the entire frame, including the Layer-2 header.
l ip
Specifies an IPv4 Layer-3 GRE tunnel. The protocol number is set to 0x0800 and is not configurable. Traffic is redirected into the tunnel using a static route or a session ACL policy. The controller encapsulates the Layer-3 packet only.
l ipv6
Specifies an IPv6 Layer-3 GRE tunnel. The protocol number is set to 0x86DD and is not configurable. Traffic is redirected into the tunnel using a static route or a session ACL policy. The controller encapsulates the Layer-3 packet only.
MTU size for the interface.
1024 - 9216
Enabled IPv4: 1100 IPv6: 1500
Negates any configured parameter.
--
--
Causes a hard shutdown of the interface.
--
--
l When Trusted is enabled:
--
Any device can send any traffic through the
GRE tunnel without having to be
Disabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
tunnel destination
keepalive <interval> <retries>
Description
Range
authenticated.
l When Trusted is disabled: Any device that is a source of traffic and is sent through the tunnel must be authenticated to be able to send the traffic. If the device is not authenticated, traffic from that device will be subject to the restrictions of the Initial Role specified in the Wired Access AAA Profile. This is the default.
For related information, see aaa authentication wired.
Configures tunneling. The default is an IPv4
--
Layer-3 GRE tunnel.
The destination IP address for the GRE tunnel
--
endpoint.
l <ip-addr>
IPv4 address for the GRE tunnel's endpoint.
l ipv6 <ipv6-addr>
IPv6 address for the GRE tunnel's endpoint.
l <remote-node-destination-ip>
This option provides branch controller support for the case in which the branch controller receives all its configuration data from the master controller. In the remotenode profile on the master, you can specify the tunnel's destination as remote-nodemaster-ip. When this configuration is applied on the branch controller, the tunnel destination is replaced with the branch controller's specified master IP address.
Enables sending of periodic keepalive frames
--
on the tunnel to determine the tunnel status
(up or down).
You can optionally set the interval at which keepalive frames are sent, and the number of times the frames are resent before a tunnel is considered to be down.
Number of seconds at which keepalive frames are sent.
1-86400
Number of consecutive times that the keepalives fail before the tunnel is considered to be down.
0-1024
Default
mode gre ip --
Disabled 10 seconds 3
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface tunnel | 486
Parameter <cisco> source
vlan
Description
Range
The <cisco> option enables keepalive interoperability for Layer-3 tunnels between controllers and Cisco network devices. Dell sets the keepalive packet's GRE protocol field to 0x801; however, Cisco sets the GRE protocol field to 0. When this option is enabled, the Dell controller automatically sets the GRE protocol value to 0.
The local endpoint of the tunnel on the
--
controller. This can be one of the following:
l <A.B.C.D>: Specify an IPv4 address.
l controller-ip: IPv4 address of the controller.
l loopback: Loopback interface configured on the controller.
l vlan <vlanid>: Specify the VLAN interface ID.
l ipv6: Specify one of the following IPv6 options:
n <X:X:X:X::X>: Specify the IPv6 address. n controller-ip: IPv4 address of the
controller. n loopback: IPv6 loopback interface
configured on the controller. n vlan <vlan id>: Specify the VLAN
interface ID.
Specifies the VLANs to be included in this
--
tunnel.
l <vlan id> Specify the VLAN interface ID.
NOTE: You can configure a VLAN only if the
tunnel mode is set to Layer-2 (mode gre <16-bit protocol number>). If the tunnel mode is not set to Layer-2 mode, the system displays an error message: Tunnel is an IP [v6] GRE Tunnel. Change the mode before adding this.
Default Disabled --
--
Usage Guidelines
You can configure a Layer-2 or Layer-3 GRE tunnel between a Dell controller and another GRE-capable device. The default is an IPv4 Layer-3 GRE tunnel (tunnel mode gre ip).
In Layer-3 GRE tunnels, IPv6 encapsulated in IPv4 and IPv4 encapsulated in IPv6 are not supported. The only Layer-3 GRE modes supported are IPv4 encapsulated in IPv4 and IPv6 encapsulated in IPv6.
You can direct traffic into the tunnel using a static route (by specifying the tunnel as the next hop for a static route) or a session-based access control list (ACL).
487 | interface tunnel
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Configuration Examples
Layer-2 GRE Tunnel
The following CLI command configures a Layer-2 GRE tunnel:
The following are the required configurations to create the Layer-2 GRE tunnel between controllers named Controller-1 and Controller-2:
Controller-1 Configuration
(Controller-1) (config) # interface tunnel 101 description "IPv4 Layer-2 GRE 101" tunnel mode gre 1 tunnel source vlan 10 tunnel destination 20.20.20.249 tunnel keepalive trusted tunnel vlan 101
Controller-2 Configuration
(Controller-2) (config) # interface tunnel 101 description "IPv4 Layer-2 GRE 101" tunnel mode gre 1 tunnel source vlan 20 tunnel destination 10.10.10.249 tunnel keepalive trusted tunnel vlan 101
IPv4 Layer-3 GRE Tunnel
The following CLI command examples configure a Layer-3 GRE tunnel for IPv4 between two controllers.
The following are the required configurations to create the IPv4 Layer-3 GRE tunnel between controllers named Controller-1 and Controller-2:
Controller-1 Configuration
(Controller-1) (config) # interface tunnel 202 description "IPv4 L3 GRE 101" tunnel mode gre ip ip address 1.1.1.1 255.255.255.255 tunnel source vlan 10 tunnel destination 20.20.20.249 trusted
Controller-2 Configuration
(Controller-2) (config) # interface tunnel 202 description "IPv4 L3 GRE 202" tunnel mode gre ip ip address 1.1.1.2 255.255.255.255 tunnel source vlan 20 tunnel destination 10.10.10.249 trusted
IPv6 Layer-3 GRE Tunnel
The following CLI command examples configure a Layer-3 GRE tunnel for IPv6 between two controllers.
The following are the required configurations to create the IPv6 Layer-3 GRE tunnel between controllers named Controller-1 and Controller-2:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface tunnel | 488
Controller-1 Configuration
(Controller-1) (config) # interface tunnel 106 description "IPv6 Layer-3 GRE 106" tunnel mode gre ipv6 ip address 2001:1:2:1::1 tunnel source vlan 10 tunnel destination 2001:1:2:2020::1 trusted
Controller-2 Configuration
(Controller-2) (config) # interface tunnel 206 description "IPv6 Layer-3 GRE 206" tunnel mode gre ipv6 ip address 2001:1:2:1::2 tunnel source vlan 20 tunnel destination 2001:1:2:1010::1 trusted
Command History
Release ArubaOS 3.0
Modification Command introduced.
ArubaOS 3.2
The keepalive parameter was introduced.
ArubaOS 6.4
The checksum parameter was deprecated.
Tunnel destination ipv6, tunnel mode gre ipv6, tunnel source ipv6, parameters were introduced.
ArubaOS 6.4.3.0
l The tunnel interface limit was changed from 2147483647 to 16777215.
l Introduced the <remote-node-master-ip> option to the tunnel destination parameter.
l Introduced the <cisco> option to the tunnel keepalive parameter.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
489 | interface tunnel
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface vlan
interface vlan <vlan> bandwidth-contract <name> bcmc-optimization description <string> ip {access-group <name> in}|{address <ipaddr>|dhcp-client client-id<cid>|internal|pppoe} |helper-address <address>|igmp [proxy][snooping]|local-proxy-arp|nat[inside]|{ospf {area|authentication|cost|dead-interval|hello-interval|message-digestkey|priority|retransmit-interval|transmit-delay}| pppoe-max-segment-size <mss>| pppoepassword <password>|pppoe-service-name <service-name>|pppoe-username <username>|routing} ipv6 {address <ipv6-address> link-local | [<ipv6-prefix>/<prefix-length> | eui-64]}| {dhcp server <pool name>}| {mld snooping | proxy {fastethernet | gigabitethernet | port-channel} <slot>/<port>} | nd {ra [dns | enable | hop-limit | interval | life-time | managed-configflag | mtu | other-config-flag | preference | prefix] | reachable-time <value> | retransmit-time <value>}} mtu <number> multimode-auth {lease-time} no ... operstate {up} option-82 {ap-name essid}|{mac [essid]} shutdown suppress-arp
Description
This command configures a VLAN interface.
Syntax
Parameter vlan
Description VLAN ID number.
Range Default 1-4094 --
bandwidth-contract <name>
Name of the bandwidth contract to be applied
--
--
to this VLAN interface. When applied to a VLAN,
the contract limits both broadcast and
multicast traffic. Use the aaa bandwidth-
contract command to configure a bandwidth
contract.
bcmc-optimization
Enables broadcast and multicast traffic
--
optimization to prevent flooding of broadcast
and multicast traffic on VLANs. If this feature is
enabled on uplink ports, any controller-
generated Layer-2 packets will be dropped.
disabled
description
String that describes this interface.
--
802.1q
VLAN
ip
Configures IPv4 for this interface.
access-group <name> in
Assigns an access list to inbound traffic on the interface, where <name> is the name of an access list.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface vlan | 490
Parameter address
Description
Configures the IP address for this interface, which can be one of the following: <ipaddr> <netmask> l dhcp-client: use DHCP to obtain the IP
address l internal: IP address allocated from the
branch group config. l pppoe: use PPPoE to obtain the IP address
Range Default
--
--
helper-address
IP address of the DHCP server for relaying
--
--
DHCP requests for this interface. If the DHCP
server is on the same subnetwork as this VLAN
interface, you do not need to configure this
parameter.
igmp
Enables IGMP and/or IGMP snooping on this
--
--
interface.
local-proxy-arp
Enables local proxy ARP.
--
--
nat inside
Enables source network address translation
--
--
(NAT) for all traffic routed from this VLAN.
CAUTION: All ports on the controller are assigned to VLAN 1 by default. Do not enable the nat inside option for VLAN 1, as this will prevent IPsec connectivity between the controller and its IPsec peers.
ospf
Define an OSPF area. See ip ospf on page 542
--
--
for complete details on this command.
pppoe-max-segment-site
Configures the TCP maximum segment size in
128
--
bytes.
pppoe-password
Configures the PAP password on the PPPoE Access Concentrator for the switch.
180
--
pppoe-service-name
Configures the PPPoE service name.
180
--
pppoe-username
Configures the PAP username on the PPPoE Access Concentrator for the switch.
180
--
routing
Enables layer-3 forwarding on the VLAN
--
interface. To disable layer-3 forwarding, you
must configure the IP address for the interface
and specify no ip routing.
(enable d)
ipv6
Configures IPv6 for this interface.
--
--
491 | interface vlan
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter address dhcp
mld
Description
Configures the link local address or the global unicast address for this interface.
Range Default
--
--
Configures dynamic host configuration protocol for IPv6.
--
--
server - Configures the DHCPv6 pool for the vlan.
Enables Multicast Listener Discovery (MLD) on --
--
this interface.
snooping-- Configures the MLD snooping on this interface.
proxy--Configures MLD proxy on the following interfaces.
l fastethernet
l gigabitethernet
l port-channel
nd {ra | reachable-time |retransmit-time}
Configures the IPv6 neighbor discovery options.
--
--
l ra--configures the following router advertizement options:
l dns--Configures IPv6 recursive DNS server
l enable--Enables IPv6 RA
l hop-limit--Configures RA hop-limit
l interval--Configures RA interval
l life-time--Configures RA lifetime
l managed-config-flag--Enables hosts to use DHCP server for stateful address autoconfiguration
l mtu--Configures maximum transmission unit for RA
l other-config-flag--Enables hosts to use DHCP server for other non-address stateful autoconfiguration
l preference--Configures a router preference
l prefix--Configures IPv6 RA prefix
l reachable-time--configures neighbor discovery reachable time
l retransmit-time--configures neighbor discovery retransmit time
no
Negates any configured parameter.
--
--
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface vlan | 492
Parameter mtu
Description MTU setting for the VLAN.
Range Default
1024-
--
1500
multimode-auth
MultiMode Authentication Support on VLAN
--
--
operstate up
Set the state of the interface to be up.
--
--
option-82 {ap-name [essid] Allows a DHCP relay agent to insert circuit
--
--
|mac [essid]}
specific information into a request that is being
forwarded to a DHCP server.
The controller, when acting as a DHCP relay agent, needs to be able to insert information about the AP and SSID through which a client is connecting into the DHCP request.
Many service providers use this mechanism to make access control decisions. You can include:
l AP name or AP name and ESSID.
l MAC address or MAC address and ESSID.
shutdown
Causes a hard shutdown of the interface.
--
--
suppress-arp
Prevents flooding of ARP broadcasts on all the
--
--
untrusted interfaces.
Usage Guidelines
All ports on the controller are assigned to VLAN 1 by default. Use the interface fastethernet | gigabitethernet command to assign a port to a configured VLAN. Use the show interface vlan and show user commands to view DHCP option-82 related output.
Example
The following command configures a VLAN interface: (host) (config) #interface vlan 16
ip address 10.26.1.1 255.255.255.0 ip helper-address 10.4.1.22
Related Commands
Command ip access-list route
ip nexthop-list
Description This command configures an access control list (ACL) for policy-based routing (PBR).
Use this command to define a next-hop list for a routing policy
routing-policy-map
This command associates a routing access control list (ACL) with a user role.
493 | interface vlan
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 3.0 ArubaOS 3.3 ArubaOS 3.4
ArubaOS 6.0
ArubaOS 6.1 ArubaOS 6.2
ArubaOS 6.3 ArubaOS 6.4
ArubaOS 6.4.3.0
Modification
Command introduced
The ipv6 parameters were introduced.
The igmp snooping parameter was deprecated. For information on configuring IGMP snooping, see interface vlan ip igmp proxy on page 498.
The pppoe-max-segment-site, pppoe-password, pppoe-service-name and pppoe-password parameters were introduced.
The option-82 parameter was introduced.
The nd parameter for configuring neighbor discovery and router advertizement options was introduced.
The proxy parameter was introduced to enable MLD proxy in a VLAN.
The dhcp parameter for configuring dynamic host configuration protocol for IPv6 was introduced.
The access-group <name> parameter was introduced to associate the interface with an ACL. For the option-82 parameter, the ap-name [essid] sub-parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface vlan | 494
interface vlan ipv6
interface vlan <vlan ID> ipv6 {address <ipv6-address> link-local | [<ipv6-prefix>/<prefix-length> | eui-64] ipv6 dhcp server <pool-name> ipv6 mld [snooping] ipv6 nd {ra [dns | enable | hop-limit | interval | life-time | managed-config-flag | mtu | other-config-flag | preference | prefix] | reachable-time <value> | retransmit-time <value>}}
Description
This command configures the IPv6 link local address or the global unicast address, and the IPv6 router advertisement parameters for this interface.
Syntax
Parameter <ipv6 address> link-local
Description
Configures the specified IPv6 address as the link local address for this interface.
Range --
<ipv6-prefix>/<prefix-length> Specify the IPv6 prefix/prefix-length to
--
configure the global unicast address for
this interface.
eui-64
Specify this optional parameter to
--
configure the global unicast address in
Extended Universal Identifier 64 bit format
(EUI-64) for this interface.
ipv6 dhcp server <pool-name> ipv6 nd
Specify the DHCPv6 server pool name for
--
this VLAN. The configured DHCPv6 pool sub-
net must match the interface prefix for
DHCPv6 Server to be active.
Configures the IPv6 neighbor discovery
--
options for router advertizement
functionality.
ra
Configures the following router
--
advertisement options:
l dns--Configures IPv6 recursive DNS server.
l enable--Enables IPv6 RA.
l hop-limit--Configures RA hop-limit.
l interval--Configures RA interval.
l life-time--Configures RA lifetime.
l managed-config-flag--Enables hosts to use DHCP server for stateful address autoconfiguration
Default -- -- --
--
-- --
495 | interface vlan ipv6
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
reachable-time <value> retransmit-time <value>
Description
l mtu--Configures maximum transmission unit for RA.
l other-config-flag--Enables hosts to use DHCP server for other nonaddress stateful autoconfiguration.
l preference--Configures a router preference.
l prefix--Configures IPv6 RA prefix.
Configures the neighbor discovery reachable time in msec.
Configures the neighbor discovery retransmit time in msec.
Range
Default
0-
0
3,600,000
03,600,000
Usage Guidelines
You can use this command to configure the IPv6 link local address and the global unicast address for this interface.
Example
The following example configures the link local address for the VLAN 1. (host) (conf)# interface vlan 1
(config-subif)#ipv6 address fe80::b:8600:50d:7700 link-local
The following example configures the global unicast address in EUI-64 format for the VLAN 1. (host) (conf)# interface vlan 1
(config-subif)#ipv6 address 2001:DB8:0:3::/64 eui-64
Command History
Release ArubaOS 6.1 ArubaOS 6.2
ArubaOS 6.3
Modification This command was introduced.
The nd parameter for configuring neighbor discovery and router advertisement options was introduced.
The dhcp server <pool-name> parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface vlan ipv6 | 496
497 | interface vlan ipv6
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface vlan ip igmp proxy
interface vlan <vlan> ip igmp snooping|{proxy fastethernet|gigabitethernet <slot>/<port>}
Description
This command enables IGMP and/or IGMP snooping on this interface, or configures a VLAN interface for uninterrupted streaming of multicast traffic.
Syntax
Parameter snooping
proxy fastethernet gigabitethernet <slot>/<port>
Description
Enable IGMP snooping. The IGMP protocol enables an router to discover the presence of multicast listeners on directly-attached links. Enable IGMP snooping to limit the sending of multicast frames to only those nodes that need to receive them.
Enable IGMP on this interface.
Enable IGMP proxy on the FastEthernet (IEEE 802.3) interface.
Enable IGMP proxy on the GigabitEthernet (IEEE 802.3) interface.
Any command that references a Fast Ethernet or Gigabit Ethernet interface requires that you specify the corresponding port on the controller in the format <slot>/<port>. <slot> is always 1, except when referring to interfaces on the W-6000 controller (slots 0-3). The <port> parameter refers to the network interfaces that are embedded in the front panel of the W-3000 Series controller, or a W-6000M3 controller module installed in a W-6000 controller chassis. Port numbers start at 0 from the left-most position.
Usage Guidelines
The newer IGMP proxy feature and the older IGMP snooping feature cannot be enabled at the same time, as both features add membership information to multicast group table. For most multicast deployments, you should enable the IGMP Proxy feature on all VLAN interfaces to manage all the multicast membership requirements on the controller. If IGMP snooping is configured on some of the interfaces, there is a greater chance that multicast information transfers may be interrupted.
Example
The following example configures IGMP proxy for vlan 2. IGMP reports from the controller would be sent to the upstream router on fastethernet port 1/3. (host) (conf)# interface vlan 2
(conf-subif)# ip igmp proxy fastethernet 1/3
Dell Networking W-Series ArubaOS 6.4.x | User Guide
interface vlan ip igmp proxy | 498
Related Commands
This release of ArubaOS supports version 1 of the Multicast Listener Discovery (MLD) protocol (MLDv1). MLDv1, defined in RFC 2710, is derived from version 2 of the IPv4 Internet Group Management Protocol (IGMPv2) Issue the command interface vlan <vlan> ipv6 mld to enable the MLD protocol and allow an IPv6 router to discover the presence of multicast listeners on directly-attached links. Use the CLI command interface vlan <vlan> ipv6 mld snooping, and the IPv6 router will send multicast frames to only those nodes that need to receive them.
Command History
This command was introduced in ArubaOS 3.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
499 | interface vlan ip igmp proxy
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip access-list eth
ip
ip access-list eth {<number>|<name>} deny {<ethtype> [<bits>]|any} [mirror] [position} no ... permit {<ethtype> [<bits>]|any} [mirror][position]
Description
This command configures an Ethertype access control list (ACL).
Syntax
Parameter eth deny
no permit
Description Enter a name, or a number in the specified range.
Range
200299
Reject the specified packets, which can be one of the following:
--
l Ethertype in decimal or hexadecimal (0-65535) and optional wildcard (0-65535)
l any: match any Ethertype
Optionally, you can configure the mirror parameter, which mirrors packets to a datapath or remote destination, or set the position of the ACL. The default position is last, a position of 1 puts the ACL at the top of the list.
Negates any configured parameter.
--
Allow the specified packets, which can be one of the following:
--
l Ethertype in decimal or hexadecimal (0-65535) and optional wildcard (0-65535)
l any: match any Ethertype
Optionally, you can configure the mirror parameter, which mirrors packets to a datapath or remote destination, or set the position of the ACL. The default position is last, a position of 1 puts the ACL at the top of the list.
Usage Guidelines
The Ethertype field in an Ethernet frame indicates the protocol being transported in the frame. This type of ACL filters on the Ethertype field in the Ethernet frame header, and is useful when filtering non-IP traffic on a physical port. This ACL can be used to permit IP frames while blocking other non-IP protocols such as IPX or Appletalk.
If you configure the mirror option, define the destination to which mirrored packets are sent in the firewall policy. For more information, see firewall on page 389.
Example
The following command configures an Ethertype ACL: (host) (config) #ip access-list eth 200
deny 809b
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip access-list eth | 500
Command History
Release ArubaOS 3.0 ArubaOS 3.3
Modification Command introduced The mirror parameter was introduced.
Command Information
Platform
Available on all platforms
License Requires the PEFNG license.
Command Mode
Config mode on master controllers
501 | ip access-list eth
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip access-list extended
ip access-list extended {<number>|<name>} deny <protocol> <source> <dest> ipv6 no ... permit <protocol> <source> <dest>
Description
This command configures an extended access control list (ACL). To configure IPv6 specific rules, use the ipv6 keyword for each rule.
Syntax
Parameter extended
Description Enter a name, or a number in the specified range.
ipv6 deny
<protocol>
<source>
<dest>
no permit
Use the ipv6 keyword to add IPv6 specific rules.
Reject the specified packets.
Protocol, which can be one of the following: l Protocol number between 0-255 l any: any protocol l icmp: Internet Control Message Protocol l igmp: Internet Gateway Message Protocol l tcp: Transmission Control Protocol l udp: User Datagram Protocol
Source, which can be one of the following: l Source address (IPv4 or IPv6) and wildcard l any: any source l host: specify a single host IP address
Destination, which can be one of the following: l Destination address (IPv4 or IPv6) and wildcard l any: any destination l host: specify a single host IP address
Negates any configured parameter.
Allow the specified packets.
Range 100-199, 2000-2699 -- -- --
--
--
--
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip access-list extended | 502
Parameter <protocol>
<source> <dest>
Description
Protocol, which can be one of the following: l Protocol number between 0-255 l any: any protocol l icmp: Internet Control Message Protocol l igmp: Internet Gateway Message Protocol l tcp: Transmission Control Protocol l udp: User Datagram Protocol
Source, which can be one of the following: Source address (IPv4 or IPv6) and wildcard any: any source host: specify a single host IP address
Destination, which can be one of the following: Destination address (IPv4 or IPv6) and wildcard any: any destination host: specify a single host IP address
Range --
-- --
Usage Guidelines
Extended ACLs are supported for compatibility with router software from other vendors. This ACL permits or denies traffic based on the source or destination IP address or IP protocol.
Example
The following command configures an extended ACL: (host) (config) #ip access-list extended 100
deny any host 1.1.21.245 any
Command History
This command was available in ArubaOS 3.0.
Command Information
Platform Available on all platforms
License Requires the PEFNG license
Command Mode
Config mode on master and local controllers
503 | ip access-list extended
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip access-list mac
ip access-list mac {<number>|<name>} deny {<macaddr>[<wildcard>]|any|host <macaddr>} [mirror] no ... permit {<macaddr>[<wildcard>]|any|host <macaddr>} [mirror]
Description
This command configures a MAC access control list (ACL).
Syntax
Parameter mac deny
no permit
Description
Configures a MAC access list. Enter a name, or a number in the specified range.
Reject the specified packets, which can be the following: MAC address and optional wildcard any: any packets host: specify a MAC address Optionally, you can configure the mirror parameter, which mirrors packets to a datapath or remote destination.
Negates any configured parameter.
Allow the specified packets, which can be the following: MAC address and optional wildcard any: any packets host: specify a MAC address Optionally, you can configure the mirror parameter, which mirrors packets to a datapath or remote destination.
Range 700-799, 12001299 --
-- --
Usage Guidelines
MAC ACLs allow filtering of non-IP traffic. This ACL filters on a specific source MAC address or range of MAC addresses. If you configure the mirror option, define the destination to which mirrored packets are sent in the firewall policy. For more information, see firewall on page 389.
Example
The following command configures a MAC ACL: (host) (config) #ip access-list mac 700
deny 11:11:11:00:00:00
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip access-list mac | 504
Command History
Release ArubaOS 3.0 ArubaOS 3.3
Modification Command introduced The mirror parameter was introduced.
Command Information
Platform Available on all platforms
License Requires the PEFNG license
Command Mode Config mode
505 | ip access-list mac
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip access-list route
ip access-list route <name> <source> <dest> <service> <action> forward|route {ipsec-map <ipsec-map-name>}|{next-hoplist <next-hop-list-name>}|{tunnel <tunnel-id>}|{tunnel-group <tunnelgroupname>} [position <position>]
Description
This command configures an access control list (ACL) for policy-based routing (PBR).
Syntax
Parameter <source>
<dest>
<service>
Description
The traffic source, which can be one of the following: l alias <name>: specify the network resource (use the netdestination command
to configure aliases; use the show netdestination command to see configured aliases) l any: match any traffic l host <ip-addr>: specify a single host IP address l localip: specify the local IP address to match traffic l network <ip-addr> <netmask>: specify the IP address and netmask l user: represents the IP address of the user
The traffic destination, which can be one of the following: l alias <name>: specify the network resource (use the netdestination command
to configure aliases; use the show netdestination command to see configured aliases) l any: match any traffic l host <ip-addr>: specify a single host IP address l localip: specify the local IP address to match traffic l network <ip-addr> <netmask>: specify the IP address and netmask l user: represents the IP address of the user
Network service to which the ACL is applied. The service can be one of the following: l <0-255>: IP protocol number (0-255) l <string>: name of a network service (use the show netservice command to see
configured services) l any: match any traffic l app <string>: application name. (For a complete list of supported applications,
issue the command show dpi application all.) l appcategory <string>: application category name. (For a complete list of
supported applications, issue the command show dpi application all.) l tcp <0-65535>: specify the TCP destination port number (0-65535) l tcp source <0-65535>: TCP source port number
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip access-list route | 506
Parameter <action>
Description
l udp <0-65535>: UDP destination port number (0-65535)
l udp source <0-65535>: UDP source port number
Action if rule is applied, which can be one of the following:
l forward: Explicitly define an ACL with a forward action to skip policy-based routing for traffic which would otherwise match another policy-based routing rule.
l route ipsec-map <ipsec-map-name>: Redirected over a VPN tunnel by specifying the ipsec-map name. For more information on IPsec maps, see cryptolocal ipsec-map.
l route next-hop-list <next-hop-list-name>: Packets can be routed to a nexthop router on a nexthop list by specifying the nexthop list name. For more information on nexthop lists, see ip nexthop-list.
l route tunnel <tunnel-id>: Packets can be redirected over an L3 GRE tunnel.
l route tunnel-group <tunnelgroupname>: Packets can be redirected over an L3 GRE tunnel group. For more information on tunnel groups, see tunnel-group.
l [position <position>]: (Optional) Specify the position of the forwarding or routing rule. (1 is first, default is last)
Usage Guidelines
Policy-based routing is an optional feature that allows allows packets to be routed based on access control lists (ACLs) configured by the administrator. By default, when a controller receives a packet for routing, it looks up the destination IP in the routing table and forwards the packet to the nexthop router. If policy-based routing is configured, the nexthop device can be chosen based on a defined access control list.
In a typical deployment scenario with multiple uplinks, the default route only uses one of the uplink next-hops for forwarding packets. If a nexthop becomes unreachable, the packets will not reach their destination. If your deployment uses policy-based routing based on a nexthop list, any of the uplink nexthops could be used for forwarding traffic. This requires a valid ARP entry (Route-cache) in the system for all the policy-based routing nexthops.
Example
The following command configures a routing access list using an IPsec map. (host)(config)# ip access-list route pbr1
any any udp 100 route ipsec-map VPN1
Related Commands
Command routing-policy-map interface vlan ip accessgroup ip nexthop-list
Description This command associates a routing access control list (ACL) with a user role. This command associates a routing access control list (ACL) with a specific VLAN.
Use this command to define a next-hop list for a routing policy
507 | ip access-list route
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 6.4.3.0
Modification Command introduced.
Command Information
Platform All platforms
License Requires the PEFNG license
Command Mode Config mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip access-list route | 508
ip access-list session
ip access-list session <accname> <source> <dest> <service> <action> [<extended action>] ipv6 <source> <dest> <service> <action> [<extended action>] no ...
Description
This command configures an access control list (ACL) session. To create IPv6 specific rules, use the ipv6 keyword.
Syntax
Parameter <accname> ipv6 <source>
<dest>
<service>
Description
Name of an access control list session.
Use the ipv6 keyword to create IPv6 specific rules.
The traffic source, which can be one of the following: alias: specify the network resource (use the netdestination command to configure aliases; use the show netdestination command to see configured aliases) any: match any traffic host: specify a single host IP address localip: specify the local IP address to match traffic network: specify the IP address and netmask user: represents the IP address of the user
The traffic destination, which can be one of the following: alias: specify the network resource (use the netdestination command to configure aliases; use the show netdestination command to see configured aliases) any: match any traffic host: specify a single host IP address localip: specify the local IP address to match traffic network: specify the IP address and netmask user: represents the IP address of the user
Network service, which can be one of the following: IP protocol number (0-255) name of a network service (use the show netservice command to see configured services) any: match any traffic app: application name. (For a complete list of supported applications, issue the command show dpi application all.)
509 | ip access-list session
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter <action>
Description
appcategory: application category name. (For a complete list of supported applications, issue the command show dpi application all.) tcp destination port number: specify the TCP port number (0-65535) tcp source: TCP/UDP source port number udp: specify the UDP port number (0-65535) web-cc-category: name of an a web content category. For the full list of available web content categories, issue the command show web-cc categories. web-cc-reputation: any of the predefined web content reputation levels. l high-risk l low-risk l moderate-risk l suspicious l trustworthy
Action if rule is applied, which can be one of the following: deny: Reject packets. Applicable to both IPv4 and IPv6. dst-nat: Performs destination NAT on packets. Forward packets from source network to destination; re-mark them with destination IP of the target network. This action functions in tunnel/decrypt-tunnel forwarding mode. User should configure the NAT pool in the controller. dual-nat: Performs both source and destination NAT on packets. Source IP and destination IP is changed as per the NAT pool configured. This action functions in tunnel/decrypt-tunnel forwarding mode. User should configure the NAT pool in the controller. permit: Forward packets. Applicable to both IPv4 and IPv6. redirect: Specify the location to which packets are redirected. The following are applicable only to IPv4: l Datapath destination ID (0-65535). l esi-group: Specify the ESI server group configured with the esi group command. l tunnel: Specify the ID of the tunnel configured with the interface tunnel command. webcc-reputation: Assign one of the predefined web content reputation levels to the packets.
The following are applicable only to IPv6: l tunnel: Specify the ID of the tunnel configured with the interface tunnel command. l tunnel-group: Specify the tunnel-group configured with the interface tunnel
command. route: Specify the next hop to which packets are routed, which can be one of the following: l dst-nat: Destination IP changes to the IP configured from the NAT pool. This action
functions in bridge/split-tunnel forwarding mode. User should configure the NAT pool in the controller. l src-nat:Source IP changes to RAP's external IP. This action functions in bridge/splittunnel forwarding mode and uses implied NAT pool.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip access-list session | 510
Parameter <extended ac tion>
no
Description
src-nat: Performs source NAT on packets. Source IP changes to the outgoing interface IP address (implied NAT pool) or from the pool configured (manual NAT pool). This action functions in tunnel/decrypt-tunnel forwarding mode.
Optional action if rule is applied, which can be one of the following: blacklist: blacklist user if ACL gets applied. classify-media: Monitors user UDP packets to classify them as media and tag accordingly. NOTE: Use this parameter only for voice and video signaling and control sessions as it causes deep packet inspection of all UDP packets from/to users. disable-scanning: pause ARM scanning while traffic is present. Note that you must enable "VoIP Aware Scanning" in the ARM profile for this feature to work. dot1p-priority: specify 802.1p priority (0-7) log: generate a log message mirror: mirror all session packets to datapath or remote destination If you configure the mirror option, define the destination to which mirrored packets are sent in the firewall policy. For more information, see firewall on page 389. next-hop-list: Route packet to the next hop in the list. position: specify the position of the rule (1 is first, default is last) queue: assign flow to priority queue (high/low) send-deny-response: if <action> is deny, send an ICMP notification to the source time-range: specify time range for this rule (configured with time-range command) tos: specify ToS value (0-63)
Negates any configured parameter.
Usage Guidelines
Session ACLs define traffic and firewall policies on the controller. You can configure multiple rules for each policy, with rules evaluated from top (1 is first) to bottom. The first match terminates further evaluation. Generally, you should order more specific rules at the top of the list and place less specific rules at the bottom of the list. The ACL ends with an implicit deny all. To configure IPv6 rules, use the ipv6 keyword followed by the regular ACL keywords.
Example
The following CLI configuration shows how pre-classification and post-classification occurs during enforcement.
Each application has an implicit set of ports that are used for communication. In phase 1, if an application ACE entry is hit, the traffic matching this application's implicit port is allowed (as governed by the application ACE). The DPI engine can monitor the exchange on these ports and determine the application. Once the application is determined, phase 2 occurs when an evaluation is done to determine the final outcome for the session.
The following CLI configuration example is a user role with both the global and role session ACLs:
ip access-list session global-sacl ip access-list session apprf-employee-sacl ip access-list session control
any any app gmail-chat permit
511 | ip access-list session
Dell Networking W-Series ArubaOS 6.4.x | User Guide
any any app youtube permit any any any deny
This example shows a DPI rule along with a L3/L4 rule with forwarding action in the same ACL.
ip access-list session AppRules any any app Facebook permit tos 45 any any app YouTube deny any any appcategory peer-to-peer deny any any tcp 23 permit network 40.1.0.0/16 any tcp 80 permit tos 60 network 20.1.0.0/16 any tcp 80 src-nat
! ip access-list session NetRules
network 80.0.0.0/24 any tcp 80 deny network 60.0.0.0/24 any tcp 80 dual-nat pool <pool1> network 10.0.0.0/24 any tcp 80 dst-nat ! user-role Role1 session-acl AppRules session-acl NetRules !
The following command configures a session ACL with IPv4 and IPv6 address:
(host) (config)#ip access-list session common (host) (config-sess-common)#host 10.12.13.14 any any permit (host) (config-sess-common)#ipv6 host 11:12:11:11::2 any any permit
The following example displays information for an ACL called mylist.
(host) (config) #show ip access-list mylist
ip access-list session mylist
mylist
---------
Priority Source Destination Service Application Action TimeRange Log Expired Queue
TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- -
-- ----- --------- ------ ------- ------------- ------ --------
1
any
any
app gmail deny
Low
4
Command History
Release ArubaOS 3.0
Modification This command was introduced.
ArubaOS 6.3 ArubaOS 6.4
ArubaOS 6.4.2.0
The any tcp source parameter was introduced.
The redirect parameter was introduced under action. The app, and appcategory parameters were introduced under service.
The web-cc-category and web-cc-reputation parameters were introduced, allowing users to define an ACL for a web content category or web content reputation type.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip access-list session | 512
Command Information
Platform Available on all platforms
License Requires the PEFNG license
Command Mode
Config mode on master controllers
513 | ip access-list session
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip access-list standard
ip access-list standard {<number>|<name>} deny {<ipaddr> <wildcard>|any|host <ipaddr>} no ... permit {<ipaddr> <wildcard>|any|host <ipaddr>}
Description
This command configures a standard access control list (ACL).
Syntax
Parameter standard ipv6 deny
no permit
Description Enter a name, or a number in the specified range.
Range 1-99, 1300-1399
Use the ipv6 keyword to create IPv6 specific standard rules.
Reject the specified packets, which can be the
--
following:
IP address and optional wildcard
any: any packets
host: specify a host IP address
Negates any configured parameter.
--
Allow the specified packets, which can be the
--
following:
IP address and optional wildcard
any: any packets
host: specify a host IP address
Usage Guidelines
Standard ACLs are supported for compatibility with router software from other vendors. This ACL permits or denies traffic based on the source address of the packet.
Example
The following command configures a standard ACL: (host) (config) #ip access-list standard 1
permit host 10.1.1.244
Command History
Introduced in ArubaOS 3.0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip access-list standard | 514
Command Information
Platform Available on all platforms
License Requires the PEFNG license
Command Mode
Config mode on master controllers
515 | ip access-list standard
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip cp-redirect-address
ip cp-redirect-address <ipaddr> | disable
Description
This command configures a redirect address for captive portal.
Syntax
Parameter Description
<ipaddr>
Host address with a 32-bit netmask. This address should be routable from all external networks.
disable
Disables automatic DNS resolution for captive portal.
Usage Guidelines
This command redirects wireless clients that are on different VLANs (from the controller's IP address) to the captive portal on the controller. If you have the Next Generation Policy Enforcement Firewall (PEFNG) license installed in the controller, modify the captive portal session ACL to permit HTTP/S traffic to the destination cp-redirect-address <ipaddr> instead of mswitch. If you do not have the PEFNG license installed in the controller, the implicit captive-portalprofile ACL is automatically modified when you issue this command.
Example
The following command configures a captive portal redirect address: (host) (config) #ip cp-redirect-address
Command History
Introduced in ArubaOS 3.0
Command Information
Platform Available on all platforms
License
Command Mode
Available in the base operating system
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip cp-redirect-address | 516
ip default-gateway
ip default-gateway <ipaddr>|{import cell|dhcp|pppoe}|{ipsec <name>} <cost>
Description
This command configures the default gateway for the controller.
Syntax
Parameter <ipaddr> import
cell dhcp pppoe ipsec <name> <cost>
Description IP address of the default gateway.
Use a gateway IP address obtained through the cell interface, DHCP or PPPoE. The default gateway is imported into the routing table and removed when the uplink is no longer active.
Use a gateway IP address obtained through the cell interface. Use a gateway IP address obtained DHCP. Use a gateway IP address obtained through PPPoE. Define a static route using an ipsec map.
Distance metric for this route.
Usage Guidelines
You can use this command to set the default gateway to the IP address of the interface on the upstream router or switch to which you connect the controller. If you define more than one dynamic gateway type, you must also define a cost for the route to each gateway. The controller will first attempt to obtain a gateway IP address using the option with the lowest cost. If the controller is unable to obtain a gateway IP address, it will then attempt to obtain a gateway IP address using the option with the next-lowest path cost.
Example
The following command configures the default gateway for the controller: (host) (config) #ip default-gateway 10.1.1.1
Command History
Introduced in ArubaOS 3.0
Command Information
Platform
Available on all platforms
License Available in the base operating system
Command Mode Config mode on master controllers
517 | ip default-gateway
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip dhcp excluded-address
ip dhcp excluded-address <low-ipaddr> [<high-ipaddr>]
Description
This command configures an excluded address range for the DHCP server on the controller.
Syntax
Parameter <low-ipaddr>
<high-ipaddr>
Description
Low end of range of IP addresses. For example, you can enter the IP address of the controller so that this address is not assigned.
High end of the range of IP addresses.
Usage Guidelines
Use this command to specifically exclude certain addresses from being assigned by the DHCP server. Ensure that the statically assigned IP addresses are excluded.
Example
The following command configures an excluded address range: ip dhcp excluded-address 192.168.1.1 192.168.1.255
Command History
Introduced in ArubaOS 3.0
Command Information
Platform Available on all platforms
License
Command Mode
Available in base operating system
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip dhcp excluded-address | 518
ip dhcp pool
ip dhcp pool <name> default-router <ipaddr> ... dns-server {<ipaddr> ... |import} domain-name <name> lease <days> <hours> <minutes> netbios-name-server {<ipaddr> ... |import} network <ipaddr> {<netmask>|<prefix>} no ... option <code> ip <ipaddr> pooltype ipupsell|private|public vendor-class-identifier
Description
This command configures a DHCP pool on the controller.
Syntax
Parameter default-router
dns-server <address> import
domain-name lease
netbios-nameserver
<address> import network
no option
Description IP address of the default router for the DHCP client. The client should be on the same subnetwork as the default router. You can specify up to eight IP addresses.
IP address of the DNS server, which can be one of the following:
IP address of the DNS server. You can specify up to eight IP addresses.
Use the DNS server address obtained through PPPoE or DHCP.
Domain name to which the client belongs.
The amount of time that the assigned IP address is valid for the client. Specify the lease in <days> <hours> <minutes>.
IP address of the NetBIOS Windows Internet Naming Service (WINS) server, which can be one of the following:
IP address of the WINS server. You can specify up to eight IP addresses.
Use the NetBIOS name server address obtained through PPPoE or DHCP.
Range of addresses that the DHCP server may assign to clients, in the form of <ipaddr> and <netmask> or <ipaddr> and <prefix> (/n).
Negates any configured parameter.
Client-specific option code and IP address. See RFC 2132, "DHCP Options and BOOTP Vendor Extensions".
519 | ip dhcp pool
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter pooltype
Description
Configure one of the following DHCP Pool types l ipupsell: Configure the DHCP pool as an IP upsell pool l private: Configure the DHCP pool as private l public: Configure the DHCP pool as public
vendor-class-identifier Send the ArubaAP vendor ID to clients.
Usage Guidelines
A DHCP pool should be created for each IP subnetwork for which DHCP services should be provided. DHCP pools are not specifically tied to VLANs, as the DHCP server exists on every VLAN. When the controller receives a DHCP request from a client, it examines the origin of the request to determine if it should respond. If the IP address of the VLAN matches a configured DHCP pool, the controller answers the request.
Example
The following command configures a DHCP pool: (host) (config) #ip dhcp pool floor1
default-router 10.26.1.1 dns-server 192.168.1.10 domain-name floor1.test.com lease 0 8 0 network 10.26.1.0 255.255.255.0
Command History
Introduced in ArubaOS 3.0
Command Information
Platform Available on all platforms
License Available in the base operating system
Command Mode
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip dhcp pool | 520
ip domain lookup
ip domain lookup
Description
This command enables Domain Name System (DNS) hostname to address translation.
Syntax
There are no parameters for this command.
Usage Guidelines
This command is enabled by default. Use the no form of this command to disable.
Example
The following command enables DNS hostname translation: (host)(config) #ip domain lookup
Command History
This command was available in ArubaOS 3.0.
Command Information
Platform Available on all platforms
License Available in the base operating system
Command Mode
Config mode on master controllers
521 | ip domain lookup
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip domain-name
ip domain-name <name>
Description
This command configures the default domain name.
Syntax
Parameter domain-name
Description Name used to complete unqualified host names. Do not specify the leading dot (.).
Usage Guidelines
The controller uses the default domain name to complete hostnames that do not contain domain names. You must have at least one domain name server configured on the controller (see ip name-server on page 538).
Example
The following command configures the default domain name: (host) (config) #ip domain-name yourdomain.com
Command History
This command was available in ArubaOS 3.0.
Command Information
Platform Available on all platforms
License Available in the base operating system
Command Mode
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip domain-name | 522
ip igmp
ip igmp last-member-query-count <number> last-member-query-interval <seconds> max-members-per-group <val> query-interval <seconds> query-response-interval <.1 seconds> quick-client-convergence robustness-variable <2-10> ssm-range startup-query-count <number> startup-query-interval <seconds> version-1-router-present-timeout <seconds>
Description
This command configures Internet Group Management Protocol (IGMP) timers and counters.
Syntax
Parameter last-member-query-count last-member-query-interval
max-members-per-group query-interval
query-response-interval
quick-client-convergence robustness-variable ssm-range
Description
Range Default
Number of group-specific queries that 1-
2
the controller sends before assuming
65535
that there are no local group members.
Maximum time, in seconds, that can elapse between group-specific query messages.
165535 second s
10 seconds
Configure maximum members per group.
1-
300
65535
Interval, in seconds, at which the controller sends host-query messages to the multicast group address 224.0.0.1 to solicit group membership information.
165535 second s
125 seconds
Maximum time, in 1/10th seconds, that can elapse between when the controller sends a host-query message and when it receives a response. This must be less than the query-interval.
165535 second s
100 (10 second s)
Trigger IGMP reports from client during roaming.
--
--
Increase this value to allow for
2-10
2
expected packet loss on a subnetwork.
Configure the start IP address and mask --
--
IP address for ssm-range.
523 | ip igmp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter startup-query-count
Description
Number of queries that the controller sends out on startup, separated by startup-query-interval. The default is the robustness-variable value.
Range
165535
Default 2
startup-query-interval
Interval, in seconds, at which the controller sends general queries on startup.
165535 second s
1/4 of the query interval
version-1-router-present-timeout Timeout, in seconds, if a version 1 IGM router is detected.
165535 second s
400 seconds
Usage Guidelines
IGMP is used to establish and manage IP multicast group membership. See RFC 3376, "Internet Group Management Protocol, version 3" for more information.
Example
The following command configures IGMP: (host) (config) #ip igmp
query-interval 130
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
Added parameters: max-members-per-group and quick-client-convergence
ArubaOS 6.4
The ssm-range parameter is introduced.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip igmp | 524
ip local
ip local pool <name> <start-ipaddr> [<end-ipaddr>]
Description
This command configures a local IP pool for Layer-2 Tunnel Protocol (L2TP).
Syntax
Parameter pool <start-ipaddr> <end-ipaddr>
Description Name for the address pool. Starting IP address for the pool. (Optional) Ending IP address for the pool.
Usage Guidelines
VPN clients can be assigned IP addresses from the L2TP pool.
Example
The following command configures an L2TP pool: (host) (config) #ip local pool 10.1.1.1 10.1.1.99
Command History
This command was available in ArubaOS 3.0.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Config mode on master controllers
525 | ip local
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip mobile active-domain
ip mobile
ip mobile active-domain <name>
Description
This command configures the mobility domain that is active on the controller.
Syntax
Parameter active-domain
Description Name of the mobility domain.
Usage Guidelines
All controllers are initially part of the "default" mobility domain. If you use the "default" mobility domain, you do not need to specify this domain as the active domain on the controller. However, once you assign a controller to a user-defined domain, the "default" mobility domain is no longer an active domain on the controller.
Example
The following command assigns the controller to a user-defined mobility domain: (host) (config) #ip mobile active-domain campus1
Command History
This command was available in ArubaOS 3.0.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip mobile active-domain | 526
ip mobile domain
ip mobile domain <name> description <descr> hat <home-agent> description <dscr> no
Description
This command configures the mobility domain on the controller.
Syntax
Parameter <name>
Description Name of the mobility domain.
description <descr> hat
Description of the mobility domain. The description can be a maximum of 30 characters (including spaces).
Configures a home agent table (HAT) entry.
<home-agent>
The IP address of the home agent controller that requires mobility service.
description <dscr>
Description of the Home Agent Table (HAT) entry. The description can be a maximum of 30 characters (including spaces).
no
Negates any configured parameter.
Usage Guidelines
You configure the HAT on a master controller; the mobility domain information is pushed to all local controllers that are managed by the same master.
HAT entries map subnetworks or VLANs and the home agents. The home agent is typically the controller's IP address. The home agent's IP address must be routable; that is, all controllers that belong to the same mobility domain must be able to reach the home agent's IP address.
The maximum number of mobility datapath tunnels supported is 32. A maximum of 32 hat entries can be configured if the hat entries are not VRRP IP addresses. If VRRP IP addresses are configured in the hat table the maximum number of hat entires supportd is less than 32 as for each VRRP entry in HAT more than two datapath tunnels are considered.
The controller looks up information in the HAT to obtain the IP address of the home agent for a mobile client. Because there can be multiple home agents on a subnetwork, the HAT can contain more than one entry for the same subnetwork.
Example
The following command configures HAT entries:
(host) (mobility-domain) #ip mobile domain east_building (host) (mobility-domain) #hat 192.0.2.1 description "East building entries" (host) (mobility-domain) #show ip mobile domain east_building
527 | ip mobile domain
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Mobility Domains:, 1 domain(s)
------------------------------
Domain name east_building
Home Agent Table
Home Agent
Description
--------------- -------------------------
192.0.2.1
East building entries
Command History
Release ArubaOS 3.0
Modification Command introduced.
ArubaOS 6.0
A new parameter, description is added for providing more information about a HAT entry.
ArubaOS 6.3
Under the hat <home-agent> command, following parameters are deprecated:
l <netmask>
l <VLAN-ID>
l <home-agent>
l description <dscr>
The above command is replaced by the hat <home-agent> description <dscr> command.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip mobile domain | 528
ip mobile foreign-agent
ip mobile foreign-agent {lifetime <seconds> | max-visitors <number> | registrations {interval <msecs> | retransmits <number>}}
Description
This command configures the foreign agent for IP mobility.
Syntax
Parameter lifetime max-visitors registrations
interval retransmits
Description
Requested lifetime, in seconds, as per RFC 3344, "IP Mobility Support for IPv4".
Maximum number of active visitors.
Frequency at which re-registration messages are sent to the home agent:
Retransmission interval, in milliseconds
Maximum number of times the foreign agent attempts mobile IP registration message exchanges before giving up.
Range 10-65534
Default 180 seconds
0-5000
5000
100-10000
1000 milliseconds
0-5
3
Usage Guidelines
A foreign agent is the controller which handles all mobile IP communication with a home agent on behalf of a roaming client.
Example
The following command configures the foreign agent: (host) (config) #ip mobile foreign-agent registration interval 10000
Command History
This command was available in ArubaOS 3.0.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Config mode on master controllers
529 | ip mobile foreign-agent
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip mobile home-agent
ip mobile home-agent {max-bindings <number>|replay <seconds>}
Description
This command configures the home agent for IP mobility.
Syntax
Parameter max-bindings
replay
Description
Maximum number of mobile IP bindings. This option is an additional limitation to control the maximum number of roaming users. When the limit is reached, registration requests from the foreign agent fail which causes a mobile client to set a new session on the visited controller, which will become its home controller.
Time difference, in seconds, for timestamp-based replay protection, as described by RFC 3344, "IP Mobility Support for IPv4". 0 disables replay.
Range Default
05000
5000
0-300
7 second s
Usage Guidelines
A home agent for a mobile client is the controller where the client first appears when it joins the mobility domain. The home agent is the single point of contact for the client when it roams.
Example
The following command configures the home agent: (host) (config) #ip mobile home-agent replay 100
Command History
This command was available in ArubaOS 3.0.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip mobile home-agent | 530
ip mobile packet-trace
ip mobile packet-trace <mac-address>
Description
This command enables packet tracing for the given mac address.
Use this command with caution. It replaces the existing users with user entries from the imported file.
Syntax
Platform <mac-address>
License The MAC address of the host
Usage Guidelines
Executing this command enables packet tracing for the given mac address. This is used for troubleshooting purposes only.
Example
The following command enables packet tracing for the host: (host) (config) #ip mobile packet-trace 00:40:96:a6:a1:a4
Command History
This command was available in ArubaOS 3.4.
Command Information
Platform
Available on all platforms
License
Command Mode
Available in the base operating system Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip mobile packet-trace | 532
ip mobile proxy
ip mobile proxy auth-sta-roam-only |event-threshold <number>|log-trail | no-service-timeout <seconds> | on-association | refresh-stale-ip stale-timeout <seconds> | trail-length <number> |trail-timeout <seconds>
Description
This command configures the proxy mobile IP module in a mobility-enabled controller.
Syntax
Parameter
auth-sta-roamonly
Description
Range
Allows a client to roam only if has been authenticated. If
--
a client has not been authenticated, no mobility service is
offered if it roams to a different VLAN or controller.
Default enabled
event-threshold
Maximum number of mobility events (events that can
1-
25
trigger mobility) handled per second. Mobility events
65535
above this threshold are ignored. This helps to control
frequent mobility state changes when the client bounces
back and forth on APs before settling down.
log-trail
Enables logging at the notification level for mobile client
--
moves.
enabled
no-service-time out
Time, in seconds, after which mobility service expires. If nothing has changed from the previous state, the client is given another bridge entry but it will have limited connectivity.
3060000
180 seconds
on-association
Enabling this option triggers mobility on station
--
association.
Mobility move detection is performed when the client associates with the controller and not when the client sends packets. Mobility on association can speed up roaming and improve connectivity for devices that can trigger mobility if they do not send many uplink packets. Downside is security; an association is all it takes to trigger mobility. This option is applicable only if layer-2 security is enforced. It is recommended to retain the default settings as this option causes more load in the system due to exchange of extra messages between controllers in the mobility domain.
refresh-stale-ip
Mobility forces station to renew its stale IP (assuming its DHCP) by deauthorizing the station.
disabled
533 | ip mobile proxy
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter stale-timeout
stand-alone-AP
trail-length trail-timeout
Description
Range
Number of seconds the mobility state is retained after the loss of connectivity. This allows authentication state and mobility information to be preserved on the home agent controller. The default is 60 seconds but can be safely increased. Note that in many case a station state is deleted without waiting for the stale timeout; user delete from management, foreign agent to foreign agent handoff, etc. (This is different from the no-servicetimeout; no-service-timeout occurs up front while the stale-timeout begins when mobility service is provided but the connection is disrupted for some reason.)
303600
Default
60 seconds
Enables support for third party or standalone APs. When
--
this is enabled, broadcast packets are not used to trigger
mobility and packets from untrusted interfaces are
accepted.
If mobility is enabled, you must also enable standalone AP for the client to connect to the controller's untrusted port. If the controller learns wired users via the following methods, enable standalone AP:
l Third party AP connected to the controller through the untrusted port.
l Clients connected to ENET1 on APs with two ethernet ports.
l Wired user connected directly to the controller's untrusted port.
disabled
Specifies the maximum number of entries (client moves) 1-100
30
stored in the user mobility trail.
Specifies the maximum interval, in seconds, an inactive mobility trail is held.
12086400
3600 seconds
Usage Guidelines
The proxy mobile IP module in a mobility-enabled controller detects when a mobile client has moved to a foreign network and determines the home agent for a roaming client. The proxy mobile IP module performs the following functions:
l Derives the address of the home agent for a mobile client from the HAT using the mobile client's IP address. If there is more than one possible home agent for a mobile client in the HAT, the proxy mobile IP module uses a discovery mechanism to find the current home agent for the client.
l Detects when a mobile client has moved. Client moves are detected based on ingress port and VLAN changes and mobility is triggered accordingly. For faster roaming convergence between AP(s) on the same controller, it is recommended that you keep the "on-association" option enabled. This helps trigger mobility as soon as 802.11 association packets are received from the mobile client.
Example
The following command enables the packet trace for the given MAC address: ip mobile packet-trace 00:40:96:a6:a1:a4
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip mobile proxy | 534
Command History
Version ArubaOS 3.0 ArubaOS 6.2
ArubaOS 6.3
Modification
Command introduced.
The re-home parameter was deprecated as the re-homing functionality is no longer available.
The block-dhcp-release, dhcp aggressive-transaction, dhcp ignoreoptions, dhcp max-requests <0-50>, dhcp transaction-hold <1-100>, dhcp transaction- timout <10-600>, stand-alone-AP parameters are deprecated.
Command Information
Platform
License
Command Mode
Available on all platforms Available in the base operating system.
Config mode on master controllers
535 | ip mobile proxy
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip mobile revocation
ip mobile revocation {interval <msec>|retransmits <number>
Description
This command configures the frequency at which registration revocation messages are sent.
Syntax
Parameter interval
retransmits
Description Retransmission interval, in milliseconds.
Maximum number of times the home agent or foreign agent attempts mobile IP registration/revocation message exchanges before giving up.
Range
10010000 ms
0-5
Default 1000 ms
3
Usage Guidelines
A home agent or foreign agent can send a registration revocation message, which revokes registration service for the mobile client. For example, when a mobile client roams from one foreign agent to another, the home agent can send a registration revocation message to the first foreign agent so that the foreign agent can free any resources held for the client.
Example
The following command configures registration revocation messages: (host) (config) #ip mobile revocation interval 2000
Command History
This command was available in ArubaOS 3.0.
Command Information
Platform
License
Command Mode
Available on all platforms Available in the base operating system.
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip mobile revocation | 536
ip mobile trail (deprecated)
ip mobile trail {host IP address | host MAC address}
Description
This command configures the capture of association trail for all devices.
Command History
Version ArubaOS 3.0
Description Command introduced
ArubaOS 6.1
Command deprecated
537 | ip mobile trail (deprecated)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip name-server
ip name-server <ipaddr>
Description
This command configures servers for name and address resolution.
Syntax
Parameter <ip-addr>
Description IP address of the server.
Usage Guidelines
You can configure up to six servers using separate commands. Specify one or more servers when you configure a default domain name (see ip domain-name on page 522).
Example
The following command configures a name server: ip name-server 10.1.1.245
Command History
This command was available in ArubaOS 3.0.
Command Information
Platform
License
Command Mode
Available on all platforms Available in the base operating system.
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip name-server | 538
ip nat
ip nat pool <name> <start-ipaddr> <end-ipaddr> [<dest-ipaddr>]
Description
This command configures a pool of IP addresses for network address translation (NAT).
Syntax
Parameter pool <start-ipaddr>
<end-ipaddr> <dest-ipaddr>
Description Name of the NAT pool.
IP address that defines the beginning of the range of source NAT addresses in the pool.
IP address that defines the end of the range of source NAT addresses in the pool.
Destination NAT IP address.
Usage Guidelines
This command configures a NAT pool which you can reference in a session ACL rule (see ip access-list session on page 509).
Example
The following command configures a NAT pool: (host) (config) #ip nat pool 2net 2.1.1.1 2.1.1.125
Command History
This command was available in ArubaOS 3.0.
Command Information
Platform
License
Available on all platforms
This command requires the PEFNG license.
Command Mode
Config mode on master and local controllers
539 | ip nat
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip nexthop-list
ip nexthop-list <string> ip {<ip-adddr>}|{dhcp vlan <id>} priority <0-255> ipsec-map <name> preemptive-failover
Description
Define a nexthop list for policy-based routing.
Syntax
Parameter <name> ip <ip-addr>
Description Name of the nexthop list IP address of the nexthop device
ip dhcp vlan <id>
VLAN ID of the VLAN used by the nexthop device. If the VLAN gets an IP address using DHCP, and the default gateway is determined by the VLAN interface, the gateway IP is used as the nexthop IP address.
ipsec-map <map_ name>
Packets can be redirected over a VPN tunnel by specifying the ipsec-map name.
preemptive-failover
This column indicates whether preemptive failover is enabled or disabled.
If preemption is enabled and a higher priority nexthop becomes reachable again, packets are again forwarded to the higher priority nexthop.
Usage Guidelines
A nexthop IP is the IP address of a adjacent router or device with layer-2 connectivity to the controller. If the controller uses policy-based routing to forwards packets to a nexthop device and that device becomes unreachable, the packets matching the policy will not reach their destination. The Nexthop list provides redundancy for the nexthop devices by forwarding the traffic to a backup nexthop device in case of failures. If active nexthop device on the list becomes unreachable, traffic matching a policy-based routing ACL is forwarded using the highest-priority active nexthop on the list.
A maximum of 4 nexthops can be added to a nexthoplist. Each nexthop can be assigned a priority, which decides the order of selection of the nexthop. If a higher priority nexthop goes down, the next higher priority nexthop which is active is chosen for forwarding. If all the nexthops are configured with same priority, the order is determined based on the order in which they are configured. If all the nexthops are down, traffic is passed regular destination based forwarding.
In a typical deployment scenario with multiple uplinks, the default route only uses one of the uplink next-hops for forwarding packets. If a nexthop becomes unreachable, the packets will not reach their destination. If your deployment uses policy-based routing based on a nexthop list, any of the uplink nexthops could be used for forwarding traffic. This requires a valid ARP entry (route-cache) in the system for all the policy-based routing nexthops.
In a branch controller deployment, the site uplinks can obtain their IP addresses and default gateway using DHCP. In such deployments, the nexthop-list configuration can use the VLAN IDs of uplink VLANs. If the VLAN gets an IP address using DHCP, and the default gateway is determined by the VLAN interface, the gateway IP is
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip nexthop-list | 540
used as the nexthop IP address. Branch deployments may also require policy-based redirection of traffic to different VPN tunnels. The nexthop list allows you to select an IPsec map to redirect traffic through IPsec tunnels.
Example
The following command configures a list of next hops. (host)(config)# ip nexthop-list list1 (host)(config-nexthop-list)#ip 10.1.1.41 priority 1 (host)(config-nexthop-list)#ip 172.21.18.170 priority 2 (host)(config-nexthop-list)#ip 192.18.140.20 priority 3
Related Commands
Command
Description
show ip nexthop-list Display nexthop list settings for policy-based routing.
Command History
Release ArubaOS 6.4.3.0
Modification Command introduced.
Command Information
Platform All platforms
License
Command Mode
Available in the base operating system.
Config mode on master, local, and branch controllers.
541 | ip nexthop-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip ospf
ip ospf area|{authentication message-digest | cost <cost> | dead-interval <seconds> | hellointerval <seconds> | message-digest-key <keyid> <passwd> | priority <number> | retransmitinterval <seconds> |transmit-delay <seconds>
Description
Configure OSPF on the VLAN interface.
Syntax
Parameter area
Description
Enable OSPF on a specific interface by entering the IP address of the router that will use OSPF.
Range
Default
authentication message-digest
Set the OSPF authentication mode to message digest.
disabled
cost <cost>
Set the cost associated with the 1 to
1
OSPF traffic on an interface.
65535
dead-interval <seconds>
Set the elapse interval
1 to
40
(seconds) since the last hello-
65535
packet was received from the
seconds
router. After the interval
elapses, the neighboring
routers declare the router
dead.
hello-interval <seconds>
Set the elapse interval
1 to
10
(seconds) between hello
65535
packets sent on the interface.
seconds
message-digest-key <keyid> <passwd>
Enable OSPF MD5 authentication and set the key identification and a character string password.
<keyid> = 1 to 256
No default
priority <number>
Set the priority number of the
0 to 255
1
interface to determine the DR.
retransmit-interval <seconds>
Set the retransmission time
1 to
5
between link state
65535
advertisements for adjacencies seconds
belonging to the interface.
NOTE: Set the time interval long enough to prevent unnecessary retransmissions.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip ospf | 542
Parameter transmit-delay <seconds>
Description
Range
Set the elapse time before retransmitting link state update packets on the interface.
1 to 65535 seconds
Default 1
Usage Guidelines
When configuring OSPF over multiple vendors, use this command to ensure that all routers use the same cost. Otherwise, OSPF may route improperly.
Related Commands
Command show ip ospf
Description View the OSPF configuration
Command History
Release ArubaOS 3.4
Modification Command introduced
Command Information
Platforms All Platforms
Licensing Base operating system
Command Mode
Configuration Interface Mode (configsubif)
543 | ip ospf
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip probe
ip probe default burst-size <size> frequency <frequency> mode ping no retries <count>
Description
This command configures WAN health-check ping-probes for measuring WAN availability and latency on branch controller uplinks.
Syntax
Parameter burst-size <size>
Description
Number of probes to be sent during the probe frequency interval defined by the frequency parameter of this profile. Range: 1-16, Default 5
frequency <frequency>
mode ping
Probe interval, in seconds. The WAN health-check feature sends the number of probes defined by the burst-size parameter during each frequency interval defined by this frequency parameter.
Range: 10-65535, Default 10
Enable this feature by issuing the mode ping command. Ping is the only mode currently supported by this feature.
no
Remove or negate any configured parameter
retries <count>
Number of times the controller attempts to resend a probe. Range: 1-255, Default 5
Usage Guidelines
The health-check feature uses ping-probes to check reachability and latency from the branch controller to datacenter though each of the branch controller's WAN uplinks. Latency is calculated based on the round-trip time (RTT) of ping responses. Ping settings are configured globally using the ip probe default command.
Examples
The following commands enable this feature, and reduce the default probe frequency interval and probe burst size. ip probe default
burst-size 3 frequency 5 mode ping
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip probe | 544
Command History
Release ArubaOS 6.4.3.0
Modification Command introduced.
Command Information
Platform
License
Command Mode
Available on all platforms Available in the base operating system.
Config mode on master and local controllers
545 | ip probe
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip pppoe-max-segment-size (deprecated)
ip pppoe-max-segment-size <mss>
Description
This command configures the maximum TCP segment size (mss), in bytes, for Point-to-Point Protocol over Ethernet (PPPoE) data.
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
Command deprecated
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip pppoe-max-segment-size (deprecated) | 546
ip pppoe-password (deprecated)
ip pppoe-password <password>
Description
This command configures the PPP over Ethernet (PPPoE) password.
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
Command deprecated
547 | ip pppoe-password (deprecated)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip pppoe-service-name (deprecated)
ip pppoe-service-name <service_name>
Description
This command configures the PPP over Ethernet (PPPoE) service name.
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
Command deprecated
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip pppoe-service-name (deprecated) | 548
ip pppoe-username (deprecated)
ip pppoe-username <username>
Description
This command configures the PPP over Ethernet (PPPoE) username.
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
Command deprecated
549 | ip pppoe-username (deprecated)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip radius
ip radius {nas-ip <ipaddr>|rfc-3576-server udp-port <port>|source-interface {loopback|vlan <vlan>}
Description
This command configures global parameters for configured RADIUS servers.
Syntax
Parameter nas-ip
Description
Range Default
NAS IP address to send in RADIUS packets. A server-specific --
--
NAS IP configured with the aaa authentication-server
radius command supersedes this configuration.
rfc-3576-server udp-port
Configures the UDP port to receive requests from a RADIUS server that can send user disconnect and change-ofauthorization messages, as described in RFC 3576, "Dynamic Authorization Extensions to Remote Dial In User Service (RADIUS)". See the aaa rfc-3576-server command to configure the server.
NOTE: This parameter can only be used on the master controller.
UDP port to receive server requests.
--
06553 5
-- 3799
source-inter face
Interface for all outgoing RADIUS packets. The IP address of --
--
the specified interface is included in the IP header of
RADIUS packets. The interface can be one of the following:
loopback
The loopback interface.
--
--
vlan
The specified VLAN.
--
--
Usage Guidelines
This command configures global RADIUS server parameters. If the aaa authentication-server radius command configures a server-specific NAS IP, the server-specific IP address is used instead.
Example
The following command configures a global NAS IP address sent in RADIUS packets: (host) (config) #ip radius nas-ip 192.168.1.245
Command History
This command was available in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip radius | 550
Command Information
Platform
License
Available on all platforms
The ip radius rfc-3576-server udpport command requires the PEFNG license. Other commands are available in the base operating system.
Command Mode
Config mode on master and local controllers
551 | ip radius
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids rap-wml-server-profile
ids rap-wml-server-profile <server-name> ageout <period> cache{disable|enable clone db-name <name> ip-addr<ipaddr> password <password> type mssql|mysql user <name>
Description
Use this command to specify the name and attributes of a MySQL or an MSSQL server.
Syntax
Parameter ageout cache clone db-name
ip-addr
no password
type user
Description (Optional) Specifies the cache ageout period, in seconds.
(Optional) Enables the cache, or disables the cache.
Copies configuration settings from an existing profile. (Optional) Specifies the name of the MySQL or MSSQL database.
(Optional) Specifies the IP address of the named MSSQL server.
Negates any configured parameter.
(Optional) Specifies the password required for database login.
(Optional) Specifies the server type.
(Optional) Specifies the user name required for database login.
Default 0 Disabled
-- 0.0.0.0 -- -- -- --
Usage Guidelines
Use the show rap-wml cache command to show the cache of all lookups for a database server. Use the show rap-wml servers command to show the database server state. Use the show rap-wml wired-mac command to show wired MAC discovered on traffic through the AP.
Example
(host) (config) #ids rap-wml-server-profile mysqlserver type mysql ip-addr 10.4.11.10 db-name automatedtestdatabase user sa password sa ids rap-wml-table-profile mysqlserver table-name mactest_undelimited timestampcolumn time lookup-time 600
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids rap-wml-server-profile | 552
ids rap-wml-table-profile table-name mysqlserver mactest_delimited mac-delimiter : timestampcolumn time lookup-time 600
This example configures an MSSQL server and sets up associated rap-wml table attributes for that server.
(host) (config) # ids rap-wml-server-profile mssqlserver type mssql ip-addr 10.4.11.11 db-name automatedtestdatabase user sa password sa ids rap-wml-table-profile mssqlserver table-name mactest_undelimited timestampcolumn time lookup-time 600 ids rap-wml-table-profile mssqlserver table-name mactest_delimited mac-delimiter : timestampcolumn time lookup-time 600
Command History
Release ArubaOS 2.0
Modification Command introduced
ArubaOS 6.1
This command was renamed from rap-wml to ids rap-wml-serverprofile.
Command Information
Platforms All platforms
Licensing
Requires the RF Protect license.
Command Mode Config mode on master controllers
553 | ids rap-wml-server-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids rap-wml-table-profile
ids rap-wml-table-profile <profile> clone <profile> column-name <column-name> lookup-time <lookup-time> mac-delimiter <char> no ... <table-name> timestamp-column <timestamp-column-name>
Description
Use this command to specify the name and attributes of the database table to be used for lookup.
Syntax
Parameter <profile> clone column-name
Description Name of an ids rap-wml-table profile Makes a copy of an existing profile
Specifies the database column name with the MAC address.
Default -- -- --
lookup-time
Specifies how far back--in seconds--to 0 look for the MAC address. Use 0 seconds to lookup everything.
mac-delimiter
Specifies the optional delimiter character for the MAC address in the database.
No delimiter
no
Negates the rap-wml table for the
--
named server.
table-name
Specifies the database table name.
--
timestamp-column <timestamp-column-name> Specify the database column name
--
with the timestamp last seen.
Usage Guidelines
Use the ids rap-wml-server-profile <servername> command to configure a MySQL or an MSSQL server, then use the ids rap-wml-table-profile command to configure the associated database table for the server.
Example
This example configures a MySQL server and sets up associated rap-wml table attributes for that server. (host) (config) #ids rap-wml-server-profile mysqlserver type mysql ip-addr 10.4.11.10 db-name automatedtestdatabase user sa password sa ids rap-wml-table-profile mysqlserver table-name mactest_undelimited timestampcolumn time lookup-time 600
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ids rap-wml-table-profile | 554
ids rap-wml-table-profile table-name mysqlserver mactest_delimited mac-delimiter : timestampcolumn time lookup-time 600
This example configures an MSSQL server and sets up associated rap-wml table attributes for that server.
(host) (config) # ids rap-wml-server-profile mssqlserver type mssql ip-addr 10.4.11.11 db-name automatedtestdatabase user sa password sa ids rap-wml-table-profile mssqlserver table-name mactest_undelimited timestampcolumn time lookup-time 600 ids rap-wml-table-profile mssqlserver table-name mactest_delimited mac-delimiter : timestampcolumn time lookup-time 600
Command History
Release ArubaOS 2.0
Modification Command introduced
ArubaOS 6.1
This command was renamed from rap-wml to ids rap-wml-table-profile.
Command Information
Platforms All platforms
Licensing
Requires the RF Protect license.
Command Mode Config mode on master controllers
555 | ids rap-wml-table-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip route
ip route <destip> <destmask> {<nexthop> [<cost>]|ipsec <name>|null 0}
Description
This command configures a static route on the controller.
Syntax
Parameter <destip>
Description Enter the destination IP address in dotted decimal format (A.B.C.D).
<destmask>
Enter the destination netmask in dotted decimal format (A.B.C.D).
<nexthop> [<cost>]
Enter the forwarding router address in dotted decimal format (A.B.C.D). Optionally, enter the distance metric (cost) for this route. The cost prioritizes routing to the destination. The lower the cost, the higher the priority.
ipsec <name>
Enter the keyword ipsec followed by the ipsec map name to use a static ipsec route map.
null 0
Enter the key word null 0 to designate a null interface.
Usage Guidelines
This command configures a static route on the controller other than the default gateway. Use the ip defaultgateway command to set the default gateway to the IP address of the interface on the upstream router or switch to which you connect the controller.
Example
The following command configures a static route: (host) (config) #ip route 172.16.0.0 255.255.0.0 10.1.1.1
Related Commands
Command ip nexthop-list
Description Configure nexthop list settings for policy-based routing.
Command History
Release ArubaOS 3.0 ArubaOS 6.4.3.0
Modification
Command introduced.
The <nexthop> [<cost>] parameters was introduced, which supports routing using a next-hop list.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ip route | 556
Command Information
Platform All platforms
License Base Operating System
Command Mode
Config mode on master and local controllers
557 | ip route
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ipv6 cp-redirect-address
ipv6 cp-redirect-address <ip6addr> | disable
Description
This command configures a redirect address for captive portal.
Syntax
Parameter Description
<ip6addr>
This address should be routable from all external networks.
disable
Disables automatic DNS resolution for captive portal.
Usage Guidelines
This command redirects wireless clients that are on different VLANs (from the controller's IP address) to the captive portal on the controller. If you have the Next Generation Policy Enforcement Firewall (PEFNG) license installed in the controller, modify the captive portal session ACL to permit HTTP/S traffic to the destination cp-redirect-address <ip6addr> instead of mswitch. If you do not have the PEFNG license installed in the controller, the implicit captive-portalprofile ACL is automatically modified when you issue this command.
Example
The following command configures a captive portal redirect address: (host) (config) #ipv6 cp-redirect-address
Command History
Introduced in ArubaOS 6.1
Command Information
Platform Available on all platforms
License
Command Mode
Available in the base operating system
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ipv6 cp-redirect-address | 558
ipv6 default-gateway
ipv6 default-gateway <ipv6-address> <cost>
Description
This command configures an IPv6 default gateway.
Syntax
Parameter
Description
<ipv6-address> Specify the IPv6 address of the default gateway.
cost
Specify the distance metric to select the routing protocol that determines the way to learn the route.
Usage Guidelines
This command configures an IPv6 default gateway.
Example
The following command configures an IPv6 default gateway: (host) (config) #ipv6 default-gateway 2cce:205:160:100::fe 1
Command History
Introduced in ArubaOS 6.1
Command Information
Platform Available on all platforms
License
Command Mode
Available in the base operating system
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ipv6 default-gateway | 560
ipv6 dhcp excluded-address
ipv6 dhcp excluded-address <low-address> [<high-address>]
Description
This command configures an excluded IPv6 address range for the DHCPv6 server on the controller.
Syntax
Parameter <low-ipaddr>
<high-ipaddr>
Description
Low end of range of IPv6 addresses. For example, you can enter an IPv6 address that should not be assigned.
High end of the range of IPv6 addresses.
Usage Guidelines
Use this command to specifically exclude certain IPv6 addresses from being assigned by the DHCPv6 server.Ensure that the statically assigned IPv6 addresses are excluded.
Example
The following command configures an excluded IPv6 address range: (host) (config-dhcpv6)#ipv6 dhcp excluded-address 2002:570:20::2 2002:570:20::25
Command History
Introduced in ArubaOS 6.2
Command Information
Platform Available on all platforms
License
Command Mode
Available in base operating system
Config mode on master controllers
561 | ipv6 dhcp excluded-address
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ipv6 dhcp pool
ipv6 dhcp pool <pool-name> dns-server <ipv6-address> domain-name <domain> lease <days> <hours> <minutes> <seconds> network <network prefix> no ... option <code> {ip <ipv6-addr> | text <string>} preference <1-255>
Description
This command configures a DHCPv6 pool on the controller.
Syntax
Parameter dns-server domain-name lease
network no option
preference
Description IPv6 address of the DNS server.
Domain name to which the client belongs.
The amount of time that the assigned IPv6 address is valid for the client. Specify the lease in <days> <hours> <minutes> <seconds>. The default value is 12 hours.
The DHCPv6 network prefix.
Negates any configured parameter.
Client-specific option code and IPv6 address or text. See RFC 3315, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)".
The DHCPv6 server preference.
Usage Guidelines
A DHCPv6 pool should be created for each IPv6 subnetwork for which DHCPv6 services should be provided. DHCPv6 pools are not specifically tied to VLANs, as the DHCPv6 server exists on every VLAN. When the controller receives a DHCPv6 request from a client, it examines the origin of the request to determine if it should respond. If the IPv6 address of the VLAN matches a configured DHCPv6 pool, the controller answers the request.
Example
The following command configures a DHCPv6 pool:
(host) (config) #ipv6 dhcp pool DHCPv6 dns-server 2001:470:20::2 domain-name test.org lease 0 12 0 0 network 2001:470:20::/64 option 24 text "Domain Search List" preference 25
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ipv6 dhcp pool | 562
Command History
Introduced in ArubaOS 6.3.
Command Information
Platform Available on all platforms
License Available in the base operating system
Command Mode
Config mode on master controllers
563 | ipv6 dhcp pool
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ipv6 enable
ipv6 enable
Description
This command enables IPv6 packet processing globally. This option is disabled by default.
Syntax
No parameters.
Usage Guidelines
This command enables IPv6 packet processing globally.
Command History
This command was introduced in ArubaOS 6.0.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ipv6 enable | 564
ipv6 firewall
ipv6 firewall attack-rate {ping <number>|session <number>|tcp-syn <number>} deny-inter-user-bridging | drop-ip-fragments | enable-per-packet-logging | enforce-tcp-handshake | prohibit-ip-spoofing | prohibit-rst-replay | session-idle-timeout <seconds> | session-mirror-destination {ip-address <ipaddr>}|{port <slot/<port>}
Description
This command configures firewall options on the controller for IPv6 traffic.
Syntax
Parameter attack-rate
Description
Sets rates which, if exceeded, can indicate a denial of service attack.
Range Default
ping
Number of ICMP pings per 30 seconds, which if
1-
--
exceeded, can indicate a denial of service attack. 16384
Recommended value is 120.
session
Number of TCP or UDP connection requests per
1-
--
30 seconds, which if exceeded, can indicate a
16384
denial of service attack. Recommended value is
960.
tcp-syn
Number of TCP SYN messages per 30 seconds,
1-
--
which if exceeded, can indicate a denial of service 16384
attack. Recommended value is 960.
deny-inter-user-bridging Prevents the forwarding of Layer-2 traffic
--
between wired or wireless users. You can
configure user role policies that prevent Layer-3
traffic between users or networks but this does
not block Layer-2 traffic. This option can be used
to prevent Appletalk or IPX traffic from being
forwarded.
disable d
drop-ip-frag ments
When enabled, all IP fragments are dropped. You -- should not enable this option unless instructed to do so by a Dell representative.
disable d
565 | ipv6 firewall
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter enable-per-pac ket-logging
enforce-tcphandshake
prohibit-ipspoofing
prohibit-rst-re play
session-idletimeout
ip-address <ipaddr> port <slot>/<port>
Description
Enables logging of every packet if logging is enabled for the corresponding session rule. Normally, one event is logged per session. If you enable this option, each packet in the session is logged. You should not enable this option unless instructed to do so by a Dell representative, as doing so may create unnecessary overhead on the controller.
Range --
Default
disable d
Prevents data from passing between two clients
--
until the three-way TCP handshake has been
performed. This option should be disabled when
you have mobile clients on the network as
enabling this option will cause mobility to fail. You
can enable this option if there are no mobile
clients on the network.
disable d
Detects IP spoofing (where an intruder sends
--
messages using the IP address of a trusted
client). When this option is enabled, IP and MAC
addresses are checked; possible IP spoofing
attacks are logged and an SNMP trap is sent.
disable d
Closes a TCP connection in both directions if a
--
TCP RST is received from either direction. You
should not enable this option unless instructed to
do so by a Dell representative.
disable d
Time, in seconds, that a non-TCP session can be idle before it is removed from the session table. You should not modify this option unless instructed to do so by a Dell representative.
16-259
15 second s
Send mirrored session packets to the specified IP address
Send mirrored session packets to the specified controller port.
Usage Guidelines
This command configures global firewall options on the controller for IPv6 traffic.
Example
The following command disallows forwarding of non-IP frames between IPv6 clients: (host) (config) #ipv6 firewall deny-inter-user-bridging
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ipv6 firewall | 566
Command History
Version ArubaOS 3.3 ArubaOS 6.1
ArubaOS 6.3 ArubaOS 6.4.1
Description
Command introduced
The ipv6 firewall enable command was deprecated. Use the command ipv6 enable to enable/disable ipv6 packet/firewall processing on the controller.
The session-mirror-destination parameter has been deprecated.
The valid range for the following parameters was changed to <1-16384>: l ping l session l tcp-syn
Command Information
Platform
License
Available on all platforms
Available in the base operating system, except for noted parameters
Command Mode
Config mode on master controllers
567 | ipv6 firewall
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ipv6 neighbor
ipv6 neighbor <ipv6addr> vlan <vlan#> <mac>
Description
This command configures an IPv6 static neighbor on a VLAN interface.
Syntax
Parameter <ipv6addr>
Description Specify the IPv6 address of the neighbor entry.
vlan <vlan#> Specify the VLAN ID.
<mac>
Specify the 48-bit hardware address of the neighbor entry.
Usage Guidelines
You can configure an IPv6 static neighbor on a VLAN interface.
Example
The following command configures an IPv6 static neighbor on VLAN 1: (host) (config) #ipv6 neighbor 2cce:205:160:100::fe vlan 1 00:0b:86:61:13:28
Command History
Introduced in ArubaOS 6.1
Command Information
Platform Available on all platforms
License
Command Mode
Available in the base operating system
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ipv6 neighbor | 568
ipv6 mld
ipv6 mld query-interval query-response-interval robustness-variable ssm-range
Description
This command configures the IPv6 MLD (Multi-listener discovery) parameters.
Syntax
Parameter query-interval
Description
Specify the time interval in seconds (1-65535) between general queries sent by the querier. The default value is 125 seconds. By varying this value, you can tune the number of MLD messages on the link; larger values cause MLD queries to be sent less often.
query-response-interval
Specify the maximum response delay in deciseconds (1/10 seconds) that can be inserted into the periodic general queries. The default value is 100 deciseconds.
By varying this value, you can tune the burstiness of MLD messages on the link; larger values make the traffic less bursty, as node responses are spread out over a larger interval.
NOTE: The number of seconds represented by this value must be less than the query interval.
robustness-variable
Specify a value between 2 to 10. The default value is 2. The robustness variable allows you to tune for the expected packet loss on a link. If a link is expected to be lossy, you can increase this value.
NOTE: You must not configure the robustness variable as 0 or 1.
ssm-range
Specify the source specific multicast IPv6 range. This variable allows you to configure a valid multicast IPv6 address range for which SSM semantics needs to be applied.The default IPv6 SSM address range is FF3X::4000:1 FF3X::FFFF:FFFF.
Usage Guidelines
You can modify the default values of the MLD parameters for IPv6 MLD snooping. You must enable IPv6 MLD snooping for these values to take effect. For more information on enabling IPv6 MLD snooping, see interface vlan on page 490.
Example
The following command configures the query interval of 200 seconds for IPv6 MLD snooping: (host) (config) #ipv6 mld (host) (config-mld) # query-interval 200
569 | ipv6 mld
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 6.1 ArubaOS 6.4
Modification Command introduced The ssm-range parameter was introduced.
Command Information
Platform Available on all platforms
License
Command Mode
Available in the base operating system
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ipv6 mld | 570
ipv6 proxy-ra
ipv6 proxy-ra interval
Description
This command configures an interval for proxy Router Advertisement.
Syntax
Parameter interval
Description
Configures proxy Router Advertisement Interval (180-1800 sec). This overrides interface Router Advertisement interval value if its value is lesser.
Usage Guidelines
This command configures interval for proxy Router Advertisement.
Example
The following command configures a global NAS IPv6 address sent in RADIUS packets: (host) (config) #ipv6 proxy-ra interval 200
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platform
License
Available on all platforms Available in the base operating system.
Command Mode
Config mode on master and local controllers
571 | ipv6 proxy-ra
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ipv6 radius
ipv6 radius {nas-ip6 <ipv6-addr>|source-interface {loopback|vlan <vlan> <ip6addr>}
Description
This command configures global parameters for configured IPv6 RADIUS servers.
Syntax
Parameter nas-ip6
source-inter face
loopback vlan
Description
NAS IPv6 address to send in RADIUS packets. A server-specific NAS IPv6 configured with the aaa authentication-server radius command supersedes this configuration.
Interface for all outgoing RADIUS packets. The IPv6 address of the specified interface is included in the IP header of RADIUS packets. The interface can be one of the following:
The loopback interface.
The specified VLAN.
Usage Guidelines
This command configures global IPv6 RADIUS server parameters. If the aaa authentication-server radius command configures a server-specific NAS IPv6 address, the server-specific IPv6 address is used instead.
Example
The following command configures a global NAS IPv6 address sent in RADIUS packets: (host) (config) #ipv6 radius nas-ip6 2001:470:20::2
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platform
License
Available on all platforms Available in the base operating system.
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ipv6 radius | 572
ipv6 route
ipv6 route {ipv6-prefix/prefix-length}|ipv6-next-hop|null|vlan[vlanid]|link-local-next-hop} |cost
Description
This command configures static IPv6 routes on the controller.
Syntax
Parameter
Description
<ipv6-prefix/prefix-length> Specify the IPv6 address and the prefix length of the destination.
<ipv6-next-hop>
Specify the next-hop IPv6 address or null 0 to terminate or discard the packets. Listed below are the following options:
l X:X:X:X::X-IPv6 address of next-hop. The address should only be a Global IPv6 address.
l null-Null interface
l vlan-Vlan for link local for next-hop
l <vlanid>-Vlan-id for link local next-hop
l X:X:X:X::X-IPv6 link local address of next-hop
<cost>
Specify the distance metric to select the routing protocol that determines the way to learn the route.
Usage Guidelines
You can configure static IPv6 routes on the controller.
Example
The following command configures a static IPv6 route on the controller: (host) (config) #ipv6 route 2cce:205:160:100::/<64> 2001:205:160:100::ff 1 (host) (config) #ipv6 route 2000:eab::/64 vlan 1 fe80::1a:1e00:a00:9f0
Command History
Release ArubaOS 6.1
Modification This command was introduced.
ArubaOS 6.4
The vlan parameter was introduced.
573 | ipv6 route
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platform Available on all platforms
License
Command Mode
Available in the base operating system
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ipv6 route | 574
kernel coredump
[no] kernel coredump
Use this command under the supervision of Dell Global Technical Support.
Description
This command enables the controller to capture the snapshot of the working memory of the control plane when the control plane has terminated abnormally. An additional flash memory available check is imposed on core dump. If less than 100 MB of space is left on the flash, the extra core dump chunks get discarded.
Syntax
Parameter coredump
Description
Enable kernel core dump on the controller.
Range --
Default Disabled
Usage Guidelines
After issuing this command, you may run the write memory command to save the configuration. This will enable the kernel core dumps across reboots.
Example
The following example enables kernel core dump on the controller: (host) (config) #kernel coredump Use the following command to save the configuration change using the CLI: (host) (config) #write memory Use the following command to view the kernel core dump status using the CLI: (host) (config) #show running-config | include kernel Building Configuration... kernel coredump
Command History
Version ArubaOS 6.4.2.0
Description Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
575 | kernel coredump
Dell Networking W-Series ArubaOS 6.4.x | User Guide
lacp group
lacp group <group_number> mode {active | passive}
Description
Enable Link Aggregation Control Protocol (LACP) and configure LACP on the interface.
Parameter <group_number>
Description
Enter the link aggregation group (LAG) number. Range: 0-7
mode {active | passive}
Enter the keyword mode followed by either the keyword active or passive.
l Active mode--the interface is in active negotiating state. LACP runs on any link that is configured to be in the active state. The port in an active mode also automatically initiates negotiations with other ports by initiating LACP packets.
l Passive mode--the interface is not in an active negotiating state. LACP runs on any link that is configured in a passive state. The port in a passive mode responds to negotiations requests from other ports that are in an active state. Ports in passive state respond to LACP packets.
Usage Guidelines
LACP is disabled by default; this command enables LACP. If the group number assigned contains static port members, the command is rejected.
Related Command
Command show lacp
Description View the LACP configuration status
show lacp sys-id
View the LACP system ID information
show interface portchannel
View information on a specified port channel interface
Command History
Release ArubaOS 3.4.1
Modification Command introduced
Dell Networking W-Series ArubaOS 6.4.x | User Guide
lacp group | 576
Command Information
Platform All Platforms
Licensing Base operating system
Command Mode
Configuration Interface Mode (config-if) for Master and Local controllers
577 | lacp group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
lacp port-priority
lacp port-priority <priority_value>
Description
Configure the LACP port priority.
Syntax
Parameter <priority value>
Description
Enter the port-priority value. The higher the value number the lower the priority. Range: 1 to 65535 Default: 255
Usage Guidelines
Set the port priority for LACP.
Related Commands
Command lacp group
Description Enable LACP and configure on the interface
show lacp
View the LACP configuration status
show lacp sys-id
View the LACP system ID information
show interface port-channel View information on a specified port channel interface
Command History
Release ArubaOS 3.4.1
Modification Command introduced
Command Information
Platform All Platforms
Licensing Base operating system
Command Mode
Configuration Interface Mode (config-if) for Master and Local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
lacp port-priority | 578
lacp system-priority
lacp system-priority <priority_value>
Description
Configure the LACP system priority.
Syntax
Parameter <priority_value>
Description
Enter the system priority value. The higher the value number the lower the priority. Range: 1 to 65535 Default: 32768
Usage Guidelines
Set the LACP system priority.
Related Commands
Command lacp group show lacp show lacp sys-id show interface port-channel
Description Enable LACP and configure on the interface View the LACP configuration status View the LACP system ID information View information on a specified port channel interface
Command History
Release ArubaOS 3.4.1
Modification Command introduced
Command Information
Platforms All Platforms
Licensing Base operating system
Command Mode
Configuration Mode (config) for Master and Local controllers
579 | lacp system-priority
Dell Networking W-Series ArubaOS 6.4.x | User Guide
lacp timeout
lacp timeout {long | short}
Description
Configure the timeout period for the LACP session.
Syntax
Parameter long
short
Description
Enter the keyword long to set the LACP session to 90 seconds. This is the default.
Enter the keyword short to set the LACP session to 3 seconds.
Usage Guidelines
The timeout value is the amount of time that a port-channel interface waits for a LACPDU (Link Aggregation Control Protocol data unit) from the remote system before terminating the LACP session. The default time out value is 90 seconds (long).
Related Commands
Command lacp group
Description Enable LACP and configure on the interface
show lacp
View the LACP configuration status
show lacp sys-id
View the LACP system ID information
show interface port-channel
View information on a specified port channel interface
Command History
Release ArubaOS 3.4.1
Modification Command introduced
Command Information
Platforms All Platforms
Licensing Base operating system
Command Mode
Configuration Interface Mode (config-if) for Master and Local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
lacp timeout | 580
lcd-menu
lcd-menu [no] disable menu [maintenance [factory-default| media-eject| qui-quick-setup | media-eject | system-halt | system-reboot | upgrade-image [parition0 | partition1]| upload-config]]
Description
This command allows you to enable or disable the LCD menu either completely or for specific operations.
Syntax
Parameter
Description
lcd-menu
Enters the LCD menu configuration mode.
no
Delete the specified LCD menu option.
disable
Disables (or enables) the complete LCD menu.
maintenance
Disables (or enables) the maintenance LCD menu.
factory-default Disables (or enables) the return to factory default option in the LCD menu.
media-eject
Disables (or enables) the media eject option in the LCD menu.
system-halt
Disables (or enables) the system halt option in the LCD menu.
system-reboot
Disables (or enables) the system reboot in the LCD menu.
upgrade-image
Disables (or enables) the upgrade image option in the LCD menu.
partition 0 partition 1
Disables (or enables) image upgrade on the specified partition (0 or 1).
upload-config
Disables (or enables) the upload config option in the LCD menu.
Default
Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled
Usage Guidelines
You can use this command to disable executing the maintenance operations using the LCD menu. You can use the no form of these commands to enable the specific LCD menu. For example, the following commands enable system halt and system reboot options:
(host) (config) #lcd-menu (host) (lcd-menu) #no disable menu maintenance system-halt (host) (lcd-menu) #no disable menu maintenance system-reboot
You can use the following show command to display the current LCD settings:
(host)#show lcd-menu lcd-menu -------Menu ---menu maintenance upgrade-image partition0 menu maintenance upgrade-image partition1 menu maintenance system-reboot reboot-stack menu maintenance system-reboot reboot-local
Value ----enabled enabled enabled enabled
581 | lcd-menu
Dell Networking W-Series ArubaOS 6.4.x | User Guide
menu maintenance system-halt halt-stack menu maintenance system-halt halt-local menu maintenance upgrade-image menu maintenance upload-config menu maintenance factory-default menu maintenance media-eject menu maintenance system-reboot menu maintenance system-halt menu maintenance gui-quick-setup menu maintenance menu
enabled enabled enabled enabled enabled enabled enabled enabled enabled enabled enabled
Example
The following example disables the LCD menu completely:
(host) #configure terminal (host) (config) #lcd-menu (host) (lcd-menu) #disable menu
The following example disables executing the specified maintenance operation using the LCD menu:
(host) #configure terminal
(host) (config) #lcd-menu
(host) (lcd-menu) #disable menu maintenance ?
factory-default
Disable factory default menu
gui-quick-setup
Disable quick setup menu on LCD
media-eject
Disable media eject menu on LCD
system-halt
Disable system halt menu on LCD
system-reboot
Disable system reboot menu on LCD
upgrade-image
Disable image upgrade menu on LCD
upload-config
Disable config upload menu on LCD
(host) (lcd-menu) #disable menu maintenance upgrade-image ?
partition0
Disable image upgrade on partition 0
partition1
Disable image upgrade on partition 1
Command History
Introduced in ArubaOS 6.2
Command Information
Platform W-7200 controller series only.
License
Command Mode
Available in the base operating system
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
lcd-menu | 582
license
license add <key> del <key> export <filename> import <filename> profile centralized-licensing-enable report <filename>} server-ip <ip-addr> server-redundancy {license-vrrp <id>}|[peer-ip-address <ip-addr>}
Description
This command allows you to install, delete, and manage software licenses on the controller.
Syntax
Parameter add
Description
Installs the software license key in the controller. The key is normally sent to you via email. This parameter is available in enable mode.
del
Removes the software license key from the controller. The key is
normally sent to you via email.
This parameter is available in enable mode.
export
Exports the license database on the controller to the specified file in flash.
This parameter is available in enable mode.
import
Replaces the license database on the controller with the specified file in flash.
The system serial numbers referenced in the imported file must match the numbers on the controller.
This parameter is available in enable mode.
profile centralized-licensing-enable
This command enables the centralized licensing feature, and is available in config mode.
Centralized licensing simplifies licensing management by distributing licenses installed on one controller to other controllers on the network. One controller acts as a centralized license database for all other controllers connected to it, allowing all controllers to share a pool of unused licenses. The primary and backup licensing server can share single set of licenses, eliminating the need for a redundant license set on the backup server. Local licensing client controllers maintain information sent from the licensing server even if licensing client controller and licensing server controller can no longer communicate
report
Saves a license report to the specified file in flash. This parameter is available in enable mode.
583 | license
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter server-ip <ip-addr>
server-redundancy license-vrrp <id>
Description
Enter the IP address of the licensing server. This command is available in config mode.
Use this command to specify configure server redundancy for the centralized licensing feature. This command is available in config mode.
Use this command to specify a VRRP instance to be used for the centralized licensing feature. This command is available in config mode.
By default, the master controller in a master-local topology is the primary licensing server. If this master controller already has a redundant standby master, that redundant master will automatically act the backup licensing server with no additional configuration. If your primary licensing server does not yet have a redundant standby controller and you want to use a backup server with the centralized licensing feature, you must identify a second controller you want to designate as the backup licensing server, and define a virtual router on the primary licensing server. For details, see vrrp.
peer-ip-address <ip-addr> Enter the IP address of the backup licensing server. This command is available in config mode.
Usage Guidelines
Obtain a Dell software license certificate from your Dell sales representative or authorized reseller. Use the certificate ID and the system serial number to obtain a software license key which you install in the controller. Starting with ArubaOS 6.3, you no longer need to reboot a controller after adding or deleting a license.
Users that are not very familiar with this procedure may wish to use the License Management page in the WebUI to install and manage licenses on the controller.
Centralized licensing simplifies licensing management by distributing licenses installed on one controller to other controllers on the network. One controller acts as a centralized license database for all other controllers connected to it, allowing all controllers to share a pool of unused licenses. The primary and backup licensing server can share single set of licenses, eliminating the need for a redundant license set on the backup server. Local licensing client controllers maintain information sent from the licensing server even if licensing client controller and licensing server controller can no longer communicate.
You can use the centralized licensing feature in a master-local topology with a redundant backup master, or in a multi-master network where all the masters are connected to a single W-AirWave server. In the master-local topology, the master controller acts as the primary licensing server, and the redundant backup master acts as the backup licensing server. In a multi-master network, one controller must be designated as a primary server and a second controller configured as a backup licensing server.
Centralized licensing can distribute the following license types:
l AP l PEFNG l RF PRotect l xSec l ACR
Dell Networking W-Series ArubaOS 6.4.x | User Guide
license | 584
Centralized licensing allows the primary and backup licensing server controllers share a single set of licenses. If you do not enable this feature, the master and backup master controller each require separate, identical license sets. The two controllers acting as primary and backup license servers must use the same version of ArubaOS, and must be connected on the same broadcast domain using the Virtual Router Redundancy Protocol (VRRP). Other client controllers on the network connect to the licensing server using the VRRP virtual IP address configured for that set of redundant servers. By default, the primary licensing server uses the configured virtual IP address. However, if the controller acting as the primary licensing server becomes unavailable, the secondary licensing server will take ownership of the virtual IP address, allowing licensing clients to retain seamless connectivity to a licensing server.
When you enable centralized licensing, information about the licenses already installed on the individual client controllers are sent to the licensing server, where they are added into the server's licensing table. The information in this table is then shared with all client controllers as a pool of available licenses. When a client controller uses a license in the available pool, it communicates this change to the licensing server master controller, which updates the table before synchronizing it with the other clients.
Client controllers do not share information about factory-installed or built-in licenses to the licensing server. A controller using the centralized licensing feature will use its built-in licenses before it consumes available licenses from the license pool. As a result, when a client controller sends the licensing server information about the licenses that client is using, it only reports licenses taken from the licensing pool, and disregards any built-in licenses used. For example, if a controller has a built-in 16-AP license and twenty connected APs, it will disregard the built-in licenses being used, and will report to the licensing server that it is using only four AP licenses from the license pool.
When centralized licensing is first enabled on the licensing server, its licensing table only contains information about the licenses installed on that server. When the clients contact the server, the licensing server adds the client licenses to the licensing table, then it sends the clients back information about the total available licenses for each license type. In the following example, the licenses installed on two client controllers are imported into the license table on the license server. The licensing server then shares the total number of available licenses with other controllers on the network.
For complete information on the centralized licensing feature, refer to the Dell Networking W-Series ArubaOS User Guide.
Examples
The following command adds a license key on the controller:
license add 890BobXs-cVPCb3aJ-7FbCijhZ-BuQPtuI4-RjLJW6Pl-n5K
Access the command-line interface of the licensing server, and issue the following commands in config mode:
(host) (config) #license profile (host) (License provisioning profile) #centralized-licensing-enable
If the licensing server already has a dedicated redundant standby controller, that standby controller will automatically become the backup license server. If the primary licensing server in your deployment does not have a redundant master controllerbut you want to define a backup server for the licensing feature, issue the following commands on the licensing server.
(host) (License provisioning profile) #License server-redundancy (host) (License provisioning profile) #License-vrrp <vrId> (host) (License provisioning profile) #Peer-ip-address <ip>
If you are deploying centralized licensing on a cluster of master controllers, access the command-line interface of a licensing client controller, and issue the following commands in config mode:
(host) (config) #license profile (host) (License provisioning profile) #centralized-licensing-enable (host) (License provisioning profile) # license server-ip <ip>
585 | license
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 3.0 ArubaOS 6.3
Description
Command introduced
The following commands were introduced to support the centralized licensing feature: l profile centralized-licensing-enable l server-ip <ip-addr> l server-redundancy {license-vrrp <id>}|[peer-ip-address
<ip-addr>}
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Enable or config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
license | 586
local-custom-cert
local-custom-cert local-mac <lmac> ca-cert <ca> server-cert <cert>
suite-b <gcm-128 | gcm-256>
Description
This command configures the user-installed certificate for secure communication between a local controller and a master controller.
Syntax
Parameter <lmac> ca-cert <ca>
server-cert <cert>
suite-b
Description
MAC address of the local controller's user-installed certificate.
User-defined name of a trusted CA certificate installed on the local controller. Use the show crypto-local pki TrustedCA command to display the CA certificates that have been imported into the controller.
User-defined name of a server certificate installed on the local controller. Use the show crypto-local pki ServerCert command to display the server certificates that have been imported into the controller.
If you configure your master controllers to use IKEv2 and custom-installed certificates, you can optionally use Suite-B cryptographic algorithms for IPsec encryption. Specify one of the following options: l gcm-128 Use 128-bit AES-GCM Suite-B encryption l gcm-256 Use 256-bit AES-GCM Suite-B encryption
Usage Guidelines
Use this command on a master controller to configure the custom certificate for communication with a local controller. On the local controller, use the masterip command to configure the IP address and certificates for the master controller. If your master and local controllers use certificates for authentication, the IPsec tunnel will be created using IKEv2.
Example
The following command configures the local controller with a user-installed certificate: (host) (config) #local-custom-cert local-mac 00:16:CF:AF:3E:E1 ca-cert cacert1 server-cert servercert1
Related Commands
Command show local-cert-mac
Description
Display the IP, MAC address and certificate configuration of local controllers in a master-local configuration
Mode
Config mode on master controllers.
587 | local-custom-cert
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Introduced in ArubaOS 6.1
Command Information
Platform
License
Command Mode
Available on all platforms
The suite-b gcm-128 and suite-b gcm-256 encryption options for IPsec custom certificates requires the Advanced Cryptography (ACR) license. All other parameters are available in the base operating system
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-custom-cert | 588
Dell Networking W-Series ArubaOS 6.4.x | User Guide
| 590
local-factory-cert
local-factory-cert local-mac <lmac>
Description
This command configures the factory-installed certificate for secure communication between a local controller and a master controller.
Syntax
Parameter <lmac>
Description MAC address of the local controller's factory-installed certificate.
Usage Guidelines
Use this command on a master controller to configure the factory certificate for communication with a local controller. On the local controller, use the masterip command to configure the IP address and certificates for the master controller. If your master and local controllers use certificates for authentication, the IPsec tunnel will be created using IKEv2.
Example
The following command configures the local controller with a factory-installed certificate: (host) (config) #local-factory-cert local-mac 00:16:CF:AF:3E:E1
Related Commands
Command
show local-certmac
Description
Display the IP, MAC address and certificate configuration of local controllers in a master-local configuration
Mode
Config mode on master controllers.
Command History
Introduced in ArubaOS 6.1
Command Information
Platform
License
Available on all platforms
Available in the base operating system
Command Mode Config mode on master controllers
591 | local-factory-cert
Dell Networking W-Series ArubaOS 6.4.x | User Guide
localip
localip <ipaddr> ipsec <key>
Description
This command configures the IP address and preshared key for the local controller on a master controller.
Syntax
Parameter <ipaddr>
ipsec <key>
Description
IP address of the local controller. Use the 0.0.0.0 address to configure a global preshared key for all inter-controller communications.
To establish the master-local IPsec tunnel using IKEv1, enter a preshared key between 6-64 characters.
Usage Guidelines
Use this command on a master controller to configure the IP address and preshared key or certificates for communication with a local controller. On the local controller, use the masterip command to configure the IP address and preshared key for the master controller. If your master and local controllers use a pre-shared key for authentication, they will create the IPsec tunnel using IKEv1.
Example
The following command configures the local controller with a pre-shared key: (host) (config) #localip 0.0.0.0 ipsec gw1234xyz
Command History
Command introduced in ArubaOS 3.0.
Command Information
Platform
License
Available on all platforms
Available in the base operating system
Command Mode
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
localip | 592
local-userdb add
localuserdb
local-userdb add {generate-username|username <name>} {generate-password|password <passwd>} [comment <g_comments>][email <email>] [expiry {duration <minutes>|time <hh/mm/yyy> <hh:mm>}] [guest-company <g_company>][guest-fullname <g_fullname>][guest-phone <g-phone>][mode disable] [opt-field-1 <opt1>][opt-field-2 <opt2>][opt-field-3 <opt3>][opt-field-4 <opt4>][[remote-ip <ip-addr>][role <role>][sponsor-dept <sp_dept>][sponsor-mail <sp_email>][sponsor-fullname <sp_ fullname>][sponsor-name <sp_name>] [start-time <mm/dd/yyyy> <hh.mm>]
Description
This command creates a user account entry in the controller's internal database.
Syntax
Parameter generate-username username generate-password password
comments email expiry
duration
time guest-company
guest-fullname guest-phone
Description Automatically generate and add a username.
Range --
Default --
Add the specified username.
1 64
--
characters
Automatically generate a password for the
--
--
username.
Add the specified password for the username.
6 128
--
characters
Comments added to the user account.
--
--
Email address for the user account.
--
--
Expiration for the user account. If this is not set,
--
the account does not expire.
no expirati on
Duration, in minutes, for the user account.
1-
--
21474836
47
Date and time, in mm/dd/yyy and hh:mm format,
--
--
that the user account expires.
Name of the guest's company. NOTE: A guest is the person who needs guest access to the company's Dell wireless network.
The guest's full name.
The guest's phone number.
593 | local-userdb add
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter mode opt-field-1
opt-field-2 opt-field-3 opt-field-4 remote-ip role
sponsor-dept
sponsor-email sponsor-fullname sponsor-name start-time
Description Enables or disables the user account,
Range --
This category can be used for some other
--
purpose. For example, the optional category
fields can be used for another person, such as a
"Supervisor." You can enter username, full name,
department and Email information into the
optional fields.
Same as opt-field-1.
--
Same as opt-field-1.
--
Same as opt-field-1.
--
IP address assigned to the remote peer.
Role for the user. This role takes effect when the
--
internal database is specified in a server group
profile with a server derivation rule. If there is no
server derivation rule configured, then the user is
assigned the default role for the authentication
method.
The guest sponsor's department name
--
NOTE: A sponsor is the guest's primary contact for the visit.
The sponsor's email address.
--
The sponsor's full name.
--
The sponsor's name.
--
Date and time, in mm/dd/yyy and hh:mm format,
--
the guest account begins.
Default Disable --
-- -- --
guest
-- -- -- -- --
Usage Guidelines
When you specify the internal database as an authentication server, client information is checked against the user accounts in the internal database. You can modify an existing user account in the internal database with the local-userdb modify command, or delete an account with the local-userdb del command.
By default, the internal database in the master controller is used for authentication. Issue the aaa authentication-server internal use-local-switch command to use the internal database in a local controller; you then need to add user accounts to the internal database in the local controller.
Example
The following command adds a user account in the internal database with an automatically-generated username and password: (host) #local-userdb add generate-username generate-password expiry duration 480
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb add | 594
The following information is displayed when you enter the command: GuestConnect Username: guest4157 Password: cDFD1675 Expiration: 480 minutes
Related Commands
Command show local-userdb
Description
Use this command to show the parameters displayed in the output of this command.
Mode
Enable and Config modes
show local-userdb-guest
Use this command to show the parameters displayed in the output of the local-userdbguest add command.
Enable and Config modes
mgmt-user
Use the webui-cacert <certificate name> command if you want an external authentication server to derive the management user role. This is helpful if there are a large number of users who need to be authenticated.
Use the mgmt-user webui-cacert <certificate_ name>serial <number> <username> <role> command if you want the authentication process to use previously configured certificate name and serial number to derive the user role.
Config mode
Command History
ArubaOS 3.0
Modification Introduced for the first time.
ArubaOS 3.4
The guest, sponsor and optional field parameters were added.
Command Information
Platform
License
Command Mode
Available on all platforms
Available in the base operating system. The role parameter requires the PEFNG license.
Enable mode on master controllers.
595 | local-userdb add
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb-ap add (deprecated)
local-userdb-ap add mac-address <macaddr> ap-group <group> ap-name <ap-name> description <desc> full-name <full-name> remote-ip <ip-addr>
Description
This command adds a Remote AP entry to the Remote AP whitelist table.
Command History
ArubaOS 3.0
Modification Command introduced
ArubaOS 6.2
Command replaced by whitelist-db rap add.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb-ap add (deprecated) | 596
local-userdb-ap del
local-userdb-ap del mac-address <mac-addr> [all]
Description
This command deletes a Remote AP entry from the obsolete Remote AP database.
Syntax
Parameter
Description
mac-address <mac-addr> MAC address of the remote AP to be removed from the Remote AP database.
all
Remove all entries from the whitelist.
Usage Guidelines
When you upgrade from ArubaOS 5.0-6.1 to ArubaOS 6.2 or later, the remote AP whitelist table will automatically move from the legacy remote AP whitelist to the newer remote AP whitelist. Issue the localuserdb-ap del command to delete any AP entries that did not properly move to the new table during the upgrade procedure. Entries in the newer remote AP whitelist can be removed using the command whitelist-db rap del.
Example
The example below deletes a Remote AP from the obsolete Remote AP whitelist. (host)(config) #local-userdb-ap del mac-addr 00:0b:86:c3:58:38
Related CommandsRelated Commands
Command lacp group
Description Enable LACP and configure on the interface
show lacp
View the LACP configuration status
show lacp sys-id
View the LACP system ID information
show interface port-channel
View information on a specified port channel interface
Command
Description
show local-userdb-ap Display the obsolete Remote AP whitelist.
whitelist-db rap del Delete a remote AP from the current remote AP whitelist table.
597 | local-userdb-ap del
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 3.0
Modification Command introduced.
ArubaOS 6.3
The all parameter was added to delete all entries from the obsolete remote AP database
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb-ap del | 598
local-userdb-ap modify (deprecated)
local-userdb-ap modify mac-address <macaddr> ap-name <ap-name> description <desc> full-name <full-name> remote-ip <ip-addr>
Description
This command modifies a Remote AP entry in the Remote AP whitelist table.
Command History
ArubaOS 3.0
Modification Command introduced.
ArubaOS 6.2
Command replaced by whitelist-db rap modify.
599 | local-userdb-ap modify (deprecated)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb-ap revoke (deprecated)
local-userdb-ap revoke mac-address <macaddr> revoke-comment <comment>
Description
Revoke a lost or stolen remote AP to prevent unauthorized users from accessing the company's corporate network
Command History
ArubaOS 3.0
Modification Command introduced.
ArubaOS 6.2
Command deprecated. For ArubaOS 6.3 or later, use or whitelist-db cpsec revoke
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb-ap revoke (deprecated) | 600
local-userdb-branch
localuserdb
local-userdb-branch add|del|modify mac-address <mac-address> remote-node-profile <remote-node-profile> <hostname>
Description
This command adds a branch controller to the branch controller whitelist. You can also delete the whitelist entry using this command.
Syntax
Parameter
Description
mac-address <mac-address> MAC address of the branch controller in colonseparated six-octet format.
branch-config-group <branch-config-group>
The branch config group to be assigned to that branch controller
<hostname>
host name of the master controller
Range --
1 64 characters --
Usage Guidelines
A master controller can only assign a configuration profile to a branch controller in its branch controller whitelist. To assign a different configuration to an unprovisioned branch controller, you must delete the whitelist entry and create a new branch controller whitelist entry with the correct branch group configuration. A branch group configuration has to be validated before it is configured and pushed to a branch controller.
If your network includes multiple master controllers under a single master controller the output of this command shows all branch and master controllers on the network. By default, this command displays all entries in the whitelist. To display only part of the branch controller whitelist, include the start <offset> parameters to start displaying the branch controller whitelist at the specified entry value. You can also include the optional mac-address <mac-addr> parameters to display values for a single branch controller entry.
Example
Adding an RN to the Whitelist
To add an RN to the RN whitelist, access the command-line interface of the RNC, enter enable mode, then issue the command local-userdb-branch add mac-address <mac-address> branch-config-group <branch-config-group>
where <mac-address> is the MAC address of the branch controller in colon-separated six-octet format, and <branch-config-group> is the name of the branch config group you want to assign to that branch controller.
Example: (branch-master) #local-userdb-branch add mac-address 00:16:CF:AF:3E:E1 branch-config-group Location_1
Note that you cannot change the profile assigned to the branch controller in the whitelist entry. To assign a different branch config group to an unprovisioned branch controller, you must delete the whitelist entry and create a new whitelist entry with the correct branch config group.
601 | local-userdb-branch
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Removing an RN from the Whitelist
When you remove an entry for an active RN from the RN whitelist on the RNC, that RN no longer receives configuration or license updates from the RNC, but continues to operate as previously configured. As the license server is the RNC, any operation related to the licensing does not work after it is detached. If you remove an individual RN entry from the RN whitelist before that RN is connected to the network, that RN is not automatically provisioned as a RN, and remains inactive on the network until manually provisioned. To remove an RN from the RN whitelist, access the command-line interface of the RNC, access enable mode, then enter the command local-userdb-branch del mac-address <mac-address> where <mac-address> is the MAC address of the RN, in colon-separated six-octet format. Example: (branch-master)(config) #local-userdb-branch del mac-address 00:16:CF:AF:3E:E1
Related Commands
Command show branch
Description
Shows branch controller, DHCP instances, license usage and running configuration information.
Mode Enable and Config mode
show branch-dhcp-pool
Shows branch controller DHCP pool configuration information.
Enable and Config mode
show branch-config-group Shows branch config group status information.
Enable and Config mode
show local-userdb-branch
The output of this command lists the MAC address and assigned branch config group for of each branch controller associated with that master controller.
Enable and Config mode
Command History
ArubaOS 6.0
Modification Command introduced
ArubaOS 6.2
Command deprecated
ArubaOS 6.4.3.0
Command reinstated
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb-branch | 602
Command Information
Platform
Available on W-7010, W7005, W-7024, and W7030 controllers
License
Command Mode
Available in the base operating system.
Enable mode on master controllers.
603 | local-userdb-branch
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb del
local-userdb {del username <name>|del-all}
Description
This command deletes entries in the controller's internal database.
Syntax
Parameter del username del-all
Description Deletes the user account for the specified username. Deletes all entries in the internal database.
Usage Guidelines
User account entries created with expirations are automatically deleted from the internal database at the specified expiration. Use this command to delete an entry before its expiration or to delete an entry that was created without an expiration.
Example
The following command deletes a specific user account entry: (host)#local-userdb del username guest4157
Command History
Introduced in ArubaOS 3.0.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Enable mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb del | 604
local-userdb export
local-userdb export <filename>
Description
This command exports the internal database to a file.
Use this command with caution. It replaces the existing users with user entries from the imported file.
Syntax
Parameter export
Description Saves the internal database to the specified file in flash.
Usage Guidelines
After using this command, you can use the copy command to transfer the file from flash to another location.
Example
The following command saves the internal database to a file: (host)#local-userdb export jan-userdb
Command History
Introduced in ArubaOS 3.0.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Enable mode on master controllers.
605 | local-userdb export
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb fix-database
local-userdb fix-database
Description
This command deletes and reinitializes the internal database.
Syntax
No parameters.
Usage Guidelines
Before using this command, you can save the internal database with the local-userdb export command.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Enable mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb fix-database | 606
local-userdb-guest add
local-userdb-guest
local-userdb-guest add {generate-username|username <name>} {generate-password|password <passwd>} [comment <g_comments>][email <email>] [expiry {duration <minutes>|time <hh/mm/yyy> <hh:mm>}] [guest-company <g_company>][guest-fullname <g_fullname>][guest-phone <g-phone>][mode disable][opt-field-1 <opt1>][opt-field-2 <opt2>][opt-field-3 <opt3>][opt-field-4 <opt4>] [sponsor-dept <sp_dept>][sponsor-mail <sp_email>][sponsor-fullname <sp_fullname>][sponsor-name <sp_name>] [start-time <mm/dd/yyyy> <hh.mm>]
Description
This command creates a guest user in a local user database.
Syntax
Parameter generate-username username generate-password password
comments email expiry
duration
time guest-company
guest-fullname
Description
Automatically generate and add a guest username.
Range --
Default --
Add the specified guest username.
1 64
--
characters
Automatically generate a password for the
--
--
username.
Add the specified password for the username.
6 128
--
characters
Comments added to the guest user account.
--
--
Email address for the guest user account.
--
--
Expiration for the user account. If this is not set,
--
the account does not expire.
no expirati on
Duration, in minutes, for the user account.
1-
--
21474836
47
Date and time, in mm/dd/yyy and hh:mm format,
--
--
that the user account expires.
Name of the guest's company. NOTE: A guest is the person who needs guest access to the company's Dell wireless network.
The guest's full name.
607 | local-userdb-guest add
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter guest-phone mode opt-field-1
opt-field-2 opt-field-3 opt-field-4 sponsor-dept
sponsor-email sponsor-fullname sponsor-name start-time
Description The guest's phone number.
Range
Enables or disables the user account,
--
This category can be used for some other
--
purpose. For example, the optional category
fields can be used for another person, such as a
"Supervisor." You can enter username, full name,
department and Email information into the
optional fields.
Same as opt-field-1.
--
Same as opt-field-1.
--
Same as opt-field-1.
--
The guest sponsor's department name.
--
NOTE: A sponsor is the guest's primary contact for the visit.
The sponsor's email address.
--
The sponsor's full name.
--
The sponsor's name.
--
Date and time, in mm/dd/yyy and hh:mm format,
--
the guest account begins.
Default
Disable --
-- -- -- --
-- -- -- --
Usage Guidelines
When you specify the internal database as an authentication server, client information is checked against the user accounts in the internal database. You can modify an existing user account in the internal database with the local-userdb-guest modify command, or delete an account with the local-userdb-guest del command.
By default, the internal database in the master controller is used for authentication. Issue the aaa authentication-server internal use-local-switch command to use the internal database in a local controller; you then need to add user accounts to the internal database in the local controller.
Example
The following command adds a guest user in the internal database with an automatically-generated username and password: (host) #local-userdb-guest add generate-username generate-password expiry none
The following information is displayed when you enter the command: GuestConnect Username: guest-5433352 Password: mBgJ6764 Expiration: none
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb-guest add | 608
Related Commands
Command
Description
show local-userdb-guest Show the parameter configured using the local-userdb-guest command.
show local-userdb
Show the parameters configured using the local-userdb command.
Mode
Enable and Config modes
Enable and Config modes
Command History
Introduced in ArubaOS 3.4.
Command Information
Platform
License
Command Mode
Available on all platforms
Available in the base operating system. The role parameter requires the PEFNG license.
Enable and config modes on master controllers.
609 | local-userdb-guest add
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb-guest del
local-userdb-guest {del username <name>|del-all}
Description
This command deletes entries in the controller's internal database.
Syntax
Parameter del username del-all
Description Deletes the user account for the specified username. Deletes all entries in the internal database.
Usage Guidelines
User account entries created with expirations are automatically deleted from the internal database at the specified expiration. Use this command to delete an entry before its expiration or to delete an entry that was created without an expiration.
Example
The following command deletes a specific user account entry: (host) #local-userdb-guest del username guest4157
Command History
Introduced in ArubaOS 3.4.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Enable and config modes on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb-guest del | 610
local-userdb-guest modify
local-userd-guest modify username <name> [comments <g_comments>][email <email>] [expiry {duration <minutes>|time <hh/mm/yyy> <hh:mm>}] [guest-company <g_company>][guest-fullname <g_ fullname>][guest-phone <g-phone>][mode disable][opt-field-1 <opt1>][opt-field-2 <opt2>][optfield-3 <opt3>][opt-field-4 <opt4>][password <passwd][sponsor-dept <sp_dept>][sponsor-mail <sp_email>][sponsor-fullname <sp_fullname>][sponsor-name <sp_name>][start-time <mm/dd/yyyy> <hh.mm>]
Description
This command modifies an existing guest user entry in the controller's internal database.
Syntax
Parameter username
comments email expiry
duration
time guest-company
guest-fullname guest-phone mode opt-field-1
Description Name of the existing user account entry.
Range
Default
1 64
--
characters
Comments added to the user account.
--
--
Email address for the use account.
--
--
Expiration for the user account. If this is not set,
--
the account does not expire.
no expirati on
Duration, in minutes, for the user account.
1-
--
21474836
47
Date and time, in mm/dd/yyy and hh:mm format,
--
--
that the user account expires.
Name of the guest's company. NOTE: A guest is the person who needs guest access to the company's Dell wireless network.
The guest's full name.
The guest's phone number.
Enables or disables the user account,
--
Disable
This category can be used for some other
--
--
purpose. For example, the optional category fields
can be used for another person, such as a
"Supervisor." You can enter username, full name,
department and Email information into the
optional fields.
611 | local-userdb-guest modify
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter opt-field-2 opt-field-3 opt-field-4 password
sponsor-dept
sponsor-email sponsor-fullname sponsor-name start-time
Description Same as opt-field-1.
Range --
Default --
Same as opt-field-1.
--
--
Same as opt-field-1.
--
--
User's password
1 6
--
characters
The guest sponsor's department name
--
--
NOTE: A sponsor is the guest's primary contact for the visit.
The sponsor's email address.
--
--
The sponsor's full name.
--
--
The sponsor's name.
--
--
Date and time, in mm/dd/yyy and hh:mm format,
--
--
the guest account begins.
Usage Guidelines
Use the show local-userdb-guest command to view the current user account entries in the internal database.
Example
The following command disables a guest user account in the internal database: (host)local-userdb-guest modify username guest4157 mode disable
Command History
Introduced in ArubaOS 3.4.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Enable and config modes on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb-guest modify | 612
local-userdb-guest send-email
local-userdb-guest send-email <username> [to-guest][to-sponsor]
Description
This command causes the controller to send email to the guest and/or sponsor any time a guest user is created.
Syntax
Parameter <username>
to-guest to-sponsor
Description Name of the guest
Allows you to send email to the guest user's address. Allows you to send email to the sponsor's email address.
Range
Default
1 64
--
characte
rs
--
--
--
--
Usage Guidelines
This command allows the guest provisioning user or network administrator to causes the controller to send email to the guest and/or sponsor any time a guest user is created.
Example
The following command causes the controller to send an email to the sponsor alerting them that the guest user "Laura" was just created. (host)# local-userdb-guest send-email Laura to-sponsor
Command History
Introduced in ArubaOS 3.4.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Enable mode on master controllers
613 | local-userdb-guest send-email
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb import
local-userdb import <filename>
Description
This command replaces the internal database with the specified file from flash.
Syntax
Parameter import
Description Replaces the internal database with the specified file.
Usage Guidelines
This command replaces the contents of the internal database with the contents in the specified file. The file must be a valid internal database file saved with the local-userdb export command.
Example
The following command imports the specified file into the internal database: (host)#local-userdb import jan-userdb
Command History
Introduced in ArubaOS 3.0.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Enable mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb import | 614
local-userdb maximum-expiration
local-userdb maximum-expiration <minutes>
Description
This command configures the maximum time, in minutes, that a guest account in the internal database can remain valid.
Syntax
Parameter maximum-expiration
Description
Maximum time, in minutes, that a guest account in the internal database can remain valid.
Range
12147483647
Usage Guidelines
The user in the guest-provisioning role cannot create guest accounts that expire beyond the configured maximum time. This command is not available to the user in the guest-provisioning role.
Example
The following command sets the maximum time for guest accounts in the internal database to 8 hours (480 minutes): (host)(config)#local-userdb maximum-expiration 480
Command History
Introduced in ArubaOS 3.0.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Configuration mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb maximum-expiration | 616
local-userdb modify
local-userdb modify username <name> [comments <g_comments>][email <email>] [expiry {duration <minutes>|time <hh/mm/yyy> <hh:mm>}] [guest-company <g_company>][guest-fullname <g_fullname>] [guest-phone <g-phone>][mode disable][opt-field-1 <opt1>][opt-field-2 <opt2>][opt-field-3 <opt3>][opt-field-4 <opt4>][remote-ip <ip-addr>][role <role>][sponsor-dept <sp_dept>][sponsormail <sp_email>][sponsor-fullname <sp_fullname>][sponsor-name <sp_name>][start-time <mm/dd/yyyy> <hh.mm>]
Description
This command modifies an existing user account entry in the controller's internal database.
Syntax
Parameter username
comments email expiry
duration
time guest-company
guest-fullname guest-phone mode opt-field-1
Description Name of the existing user account entry.
Range
Default
1 64
--
characters
Comments added to the user account.
--
--
Email address for the use account.
--
--
Expiration for the user account. If this is not set,
--
the account does not expire.
no expirati on
Duration, in minutes, for the user account.
1-
--
21474836
47
Date and time, in mm/dd/yyy and hh:mm format,
--
--
that the user account expires.
Name of the guest's company. NOTE: A guest is the person who needs guest access to the company's Dell wireless network.
The guest's full name.
The guest's phone number.
Enables or disables the user account,
--
Disable
This category can be used for some other
--
--
purpose. For example, the optional category fields
can be used for another person, such as a
"Supervisor." You can enter username, full name,
department and Email information into the
optional fields.
617 | local-userdb modify
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter opt-field-2 opt-field-3 opt-field-4 remote-ip role
sponsor-dept
sponsor-email sponsor-fullname sponsor-name start-time
Description Same as opt-field-1.
Range --
Same as opt-field-1.
--
Same as opt-field-1.
--
IP address assigned to the remote peer.
Role for the user.
--
This parameter requires the PEFNG license.
The guest sponsor's department name
--
NOTE: A sponsor is the guest's primary contact for the visit.
The sponsor's email address.
--
The sponsor's full name.
--
The sponsor's name.
--
Date and time, in mm/dd/yyy and hh:mm format,
--
the guest account begins.
Default -- -- --
guest
--
-- -- -- --
Usage Guidelines
Use the show local-userdb command to view the current user account entries in the internal database.
Example
The following command disables an existing user account in the internal database: (host)# local-userdb modify username guest4157 mode disable
Command History
ArubaOS 3.0
Modification Introduced for the first time.
ArubaOS 3.4
The guest, sponsor and optional parameters were added.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Enable mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb modify | 618
local-userdb-branch
localuserdb
local-userdb-branch add|del|modify mac-address <mac-address> remote-node-profile <remote-node-profile> <hostname>
Description
This command adds a branch controller to the branch controller whitelist. You can also delete the whitelist entry using this command.
Syntax
Parameter
Description
mac-address <mac-address> MAC address of the branch controller in colonseparated six-octet format.
branch-config-group <branch-config-group>
The branch config group to be assigned to that branch controller
<hostname>
host name of the master controller
Range --
1 64 characters --
Usage Guidelines
A master controller can only assign a configuration profile to a branch controller in its branch controller whitelist. To assign a different configuration to an unprovisioned branch controller, you must delete the whitelist entry and create a new branch controller whitelist entry with the correct branch group configuration. A branch group configuration has to be validated before it is configured and pushed to a branch controller.
If your network includes multiple master controllers under a single master controller the output of this command shows all branch and master controllers on the network. By default, this command displays all entries in the whitelist. To display only part of the branch controller whitelist, include the start <offset> parameters to start displaying the branch controller whitelist at the specified entry value. You can also include the optional mac-address <mac-addr> parameters to display values for a single branch controller entry.
Example
Adding an RN to the Whitelist
To add an RN to the RN whitelist, access the command-line interface of the RNC, enter enable mode, then issue the command local-userdb-branch add mac-address <mac-address> branch-config-group <branch-config-group>
where <mac-address> is the MAC address of the branch controller in colon-separated six-octet format, and <branch-config-group> is the name of the branch config group you want to assign to that branch controller.
Example: (branch-master) #local-userdb-branch add mac-address 00:16:CF:AF:3E:E1 branch-config-group Location_1
Note that you cannot change the profile assigned to the branch controller in the whitelist entry. To assign a different branch config group to an unprovisioned branch controller, you must delete the whitelist entry and create a new whitelist entry with the correct branch config group.
619 | local-userdb-branch
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Removing an RN from the Whitelist
When you remove an entry for an active RN from the RN whitelist on the RNC, that RN no longer receives configuration or license updates from the RNC, but continues to operate as previously configured. As the license server is the RNC, any operation related to the licensing does not work after it is detached. If you remove an individual RN entry from the RN whitelist before that RN is connected to the network, that RN is not automatically provisioned as a RN, and remains inactive on the network until manually provisioned. To remove an RN from the RN whitelist, access the command-line interface of the RNC, access enable mode, then enter the command local-userdb-branch del mac-address <mac-address> where <mac-address> is the MAC address of the RN, in colon-separated six-octet format. Example: (branch-master)(config) #local-userdb-branch del mac-address 00:16:CF:AF:3E:E1
Related Commands
Command show branch
Description
Shows branch controller, DHCP instances, license usage and running configuration information.
Mode Enable and Config mode
show branch-dhcp-pool
Shows branch controller DHCP pool configuration information.
Enable and Config mode
show branch-config-group Shows branch config group status information.
Enable and Config mode
show local-userdb-branch
The output of this command lists the MAC address and assigned branch config group for of each branch controller associated with that master controller.
Enable and Config mode
Command History
ArubaOS 6.0
Modification Command introduced
ArubaOS 6.2
Command deprecated
ArubaOS 6.4.3.0
Command reinstated
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb-branch | 620
Command Information
Platform
Available on W-7010, W7005, W-7024, and W7030 controllers
License
Command Mode
Available in the base operating system.
Enable mode on master controllers.
621 | local-userdb-branch
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb send-to-guest
local-userdb send-to-guest
Description
This command automatically sends email to the guest when the guest user is created.
Syntax
No parameters.
Usage Guidelines
A guest is the person who needs guest access to the company's Dell wireless network. Email is sent directly to the guest after the guest user is created. When configuring the guest provisioning feature, the guest user is generally created by Guest Provisioning user. This is the person who is responsible for signing in guests at your company.
Example
(host)(config) #local-userdb send-to-guest
Command History
Introduced in ArubaOS 3.4.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Configuration mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
local-userdb send-to-guest | 622
local-userdb send-to-sponsor
local-userdb send-to-sponsor
Description
This command automatically sends email to the guest's sponsor when the guest user is created.
Syntax
No parameters.
Usage Guidelines
The sponsor is the guest's primary contact. Email is sent directly to the guest's sponsor after the guest user is created. When configuring the guest provisioning feature, the sponsor is generally created by the Guest Provisioning user. This is the person who responsible for signing in guests at your company.
Example
(host)(config)#local-userdb send-to-sponsor
Command History
Introduced in ArubaOS 3.4.
Command Information
Platform
License
Available on all platforms Available in the base operating system
Command Mode
Configuration mode on master controllers.
623 | local-userdb send-to-sponsor
Dell Networking W-Series ArubaOS 6.4.x | User Guide
location
location <string>
Description
This command configures the location of the controller.
Syntax
Parameter location
Description A text string that specifies the system location.
Usage Guidelines
Use this command to indicate the location of the controller. You can use a combination of numbers, letters, characters, and spaces to create the name. To include a space in the name, use quotation marks to enclose the text string. To change the existing name, enter the command with a different string. To unconfigure the location, enter "" at the prompt.
Example
The following command configures the location: (host) (config) #location "Building 10, second floor, room 21E"
Command History
Introduced in ArubaOS 3.0
Command Information
Platform
License
Command Mode
Available on all platforms
Available in the base operating system
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
location | 624
location-server-feed
enable disable
Description
This command allows sends RSSI information from APs to a location management server.
Syntax
Parameter enable
disable
Description
Enable the feed that sends RSSI information to a location management server. This feature is disabled by default.
Disable the feed that sends RSSI information to a location management server. This feature is disabled by default.
Usage Guidelines
This command allows APs to send RSSI information to a location management server, which can use that information to compute the location of stations seen in the network.
Example
The following command configures the location: (host) (config) #location-server-feed enable
Command History
Introduced in ArubaOS 6.3
Command Information
Platform
License
Command Mode
Available on all platforms
Available in the base operating system
Config mode on master controllers
625 | location-server-feed
Dell Networking W-Series ArubaOS 6.4.x | User Guide
logging
logging [ipaddr|ipv6addr|facility|level]
Description
Use this command to specify the IP address of the remote logging server, facility, severity, and the type.
Syntax
Parameter ipaddr ipv6addr facility
level
Description To set the remote logging server IPv4 address. To set the remote logging server IPv6 address.
Range
Default A.B.C.D X:X:X:X::X
To set the remote logging server facility.
local 0 to -- local7
To set the logging level upto which the messages are logged.
Usage Guidelines
The local use facilities (local0, local1, local2, local3, local4, local5, local6, and local7) are not reserved for specific message-generating sources, and can be used for sending syslog messages. Use the show logging command to verify that the device sends logging messages.
Example
The following command adds the remote logging server with the IP address 10.1.2.3 with a user log type using local4. (host) (config) #logging 1.1.1.1 user facility local4
Command History
Introduced in ArubaOS 6.0 severity|type
Command History
This command was introduced in ArubaOS 3.0
Release ArubaOS 6.0
Modification Command introducedd.
ArubaOS 6.3
The severity and type parameters were deprecated. The ipv6addr parameter was introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
logging | 626
Command Information
Platform
License
Available on all platforms
Available in the base operating system
Command Mode Config mode on master controllers
627 | logging
Dell Networking W-Series ArubaOS 6.4.x | User Guide
logging facility
logging facility <facility>
Description
Use this command to set the facility to use when logging to the remote syslog server.
Syntax
Parameter <facility>
Description The facility to use when logging to a remote syslog server.
Range local0 to local7
Usage Guidelines
The local use facilities (local0, local1, local2, local3, local4, local5, local6, and local7) are not reserved for specific message-generating sources, and can be used for sending syslog messages.
Example
The following command sets the facility to local4. (host) (config) #logging facility local4
Command History
Introduced in ArubaOS 2.5
Command Information
Platform
License
Available on all platforms
Available in the base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
logging facility | 628
logging level
logging level <level> <category> [process <process>] [subcat <subcategory>]
Description
Use this command to set the categories or subcategories and the severity levels of messages that are logged.
Syntax
Parameter <level>
Description
The message severity level, which can be one of the following (in order of severity level):
emergencies
(0) Panic conditions that occur when the system becomes unstable.
alerts
(1) Any condition requiring immediate attention and correction.
critical
(2) Any critical conditions, such as hard drive errors.
errors
(3) Error conditions.
warnings
(4) Warning messages.
notifications (5) Significant events of a non-critical and normal nature.
informational (6) Messages of general interest to system users.
debugging
(7) Messages containing information for debugging purposes.
<category>
Message category, which can be one of the following:
ap-debug
AP troubleshooting messages. You must specify a debug value.
network
Network messages.
arm-user-debug ARM user troubleshooting messages. You must specify a MAC address.
security
Security messages.
system
System messages.
user
User messages.
user-debug
User troubleshooting messages. You must specify a MAC address.
629 | logging level
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter wireless
Description Wireless messages.
process
Controller process, which can be one of the following:
aaa
AAA logging
activate approc
Integration and communication with an Activate server AP processes
armd authmgr
ARM processes User authentication
certmgr cfgm
Certificate manager Configuration Manager
cpsec crypto
Control plane security VPN (IKE/IPsec)
cts
Transport service
dbsync
Database synchronization
dds dhcpd
logging for DDS processes DHCP packets
esi
External Services Interface
extifmgr fpapps
External Interface Manager Layer 2 and 3 control
fw_visibility Firewall visibility processes
gsmmgr
GSM manager
ha_mgr
High availability manager
httpd
Apache
hwmon iapmgr ipstm
Hardware monitoring Instant AP manager process Instant station manager process
Dell Networking W-Series ArubaOS 6.4.x | User Guide
logging level | 630
Parameter l2tp licensemgr localdb mdns mobileip OSPF packetfilter pim pppoed pptp processes profmgr publisher ravd rfm snmp spectrum stm syslogdwrap traffic ucm wms
subcat
Description L2TP License manager Local database Multicast DNS proxy Mobile IP OSPF logging Packet filtering of messaging and control frames Protocol Independent Multicast PPPoE PPTP Run-time processes Profile Manager Publish subscribe service Router Advertisement daemon RF Troubleshooting Manager SNMP Spectrum analysis processes Station management Syslogd wrap Traffic UCM processes Wireless management (master controller only) Message subcategory, which depends upon the message category specified. The following lists the subcategories available for each message category: l ap-debug: all
631 | logging level
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
l network: all, dhcp, mobility, packet-dump l security: aaa, all, dot1x, firewall, ike, mobility, packet-trace, vpn, webserver l system: all, configuration, messages, snmp, webserver, amon l user: all, captive-portal, dot1x, radius, voice, vpn l user-debug: all, configuration l wireless: all
Usage Guidelines
There are eight logging severity levels, each with its associated types of messages. Each level also includes the levels below it. For example, if you set the logging level to informational (6), all messages from level 0 through level 5 (from emergencies through notifications) are also logged. The warnings severity level is set by default for all message categories.
Only the logging level warnings security subcat ids and logging level warnings security subcat idsap subcategories are enabled by default. Other subcategories are not generated by default even their severity is warning or higher. Issue the logging level command to enable all other message subcategories.
Example
The following command logs critical system messages. logging level critical system
Command History
Version ArubaOS 2.5 ArubaOS 6.3
ArubaOS 6.4
Description
Command introduced
l A new subcategory amon is added in the logging level command to account for AMON related logging messages.
l A new process mdns is added to view mDNS debug messages.
A new process category ha_mgr is added to manage high availability processes.
Command Information
Platform
License
Available on all platforms
Available in the base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
logging level | 632
loginsession
loginsession timeout <minutes>
Description
This command configures the time management session (via Telnet or SSH) remains active without user activity.
Syntax
Parameter timeout
Description
Number of seconds or minutes that a management session remains active without any user activity.
Range
5-60 minutes or 13600 seconds, 0 to disable
Default 15 minutes
Usage Guidelines
The management user must re-login to the controller after a Telnet or SSH session times out. If you set the timeout value to 0, sessions do not time out. The TCP session timeout for wireless and wired user sessions through the controller is 15 minutes; this timeout for user sessions is not configurable.
Example:
The following command configures management sessions on the controller to not time out: (host) (config) #loginsession timeout 0
Command History
This command was available in ArubaOS 3.0
Command Information
Platform Available on all platforms
License Requires the PEFNG license
Command Mode
Config mode on master controllers
633 | loginsession
Dell Networking W-Series ArubaOS 6.4.x | User Guide
logout
logout
Description
This command exits the current CLI session.
Syntax
No parameters.
Usage Guidelines
Use this command to leave the current CLI session and return to the user login.
Example
The following command exits the CLI session: (host) >logout User:
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode User mode on local or master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
logout | 634
mac-address-table
mac-address-table static <macaddr> {fastethernet|gigabitethernet} <slot>/<port> vlan <vlan>
Description
This command adds a static entry to the MAC address table.
Syntax
Parameter <macaddr>
<slot> <port>
vlan
Description Media Access Control (MAC) address, in the format xx:xx:xx:xx:xx:xx.
<slot> is always 1.
Number assigned to the network interface embedded in the controller. Port numbers start at 0 from the left-most position.
ID number of the VLAN.
Range -- --
1-4094
Usage Guidelines
The MAC address table is used to forward traffic between ports on the controller. The table includes addresses learned by the controller. This command allows you to manually enter static addresses that are bound to specific ports and VLANs.
Example
The following command configures a MAC address table entry: (host) (config) #mac-address-table static 00:0b:86:f0:05:60 fastethernet 1/12 vlan 22
Command History
Available in ArubaOS 3.0
Command Information
Platform
Available on all platforms
License
Available in the base operating system
Command Mode Config mode on master and local controllers
635 | mac-address-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
master-redundancy master-vrrp
master-redundancy master-vrrp <id>
Description
This command associates a VRRP instance with master controller redundancy.
Syntax
Parameter <id>
Description
The virtual router ID for the VRRP instance configured with the vrrp command.
Range 1-255
Usage Guidelines
To maintain a highly redundant network, you can use a controller as a standby for the master controller. The underlying protocol used is VRRP which you configure using the vrrp command.
Example
The following command configures VRRP for the initially preferred master controller:
(host) (config) #vrrp 22 vlan 22 ip address 10.200.22.254 priority 110 preempt description Preferred-Master tracking master-up-time 30 add 20 no shutdown
master-redundancy master-vrrp 22 peer-ip-address 192.168.2.1 ipsec qwerTY012
The following shows the corresponding VRRP configuration for the peer controller.
(host) (config) #vrrp 22 vlan 22 ip address 10.200.22.254 priority 100 preempt description Backup-Master tracking master-up-time 30 add 20 no shutdown
master-redundancy master-vrrp 22
peer-ip-address 192.168.22.1 ipsec qwerTY012
Command History
This command was introduced in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
master-redundancy master-vrrp | 636
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
637 | master-redundancy master-vrrp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
masterip
masterip <ipaddr> ipsec <key> [interface uplink|{vlan <id>}] [fqdn <fqdn>] ipsec-custom-cert master-mac1 <mac1> [master-mac2 <mac2>] ca-cert <ca> server-cert <cert> [interface uplink|{vlan <id>}] [fqdn <fqdn>] [suite-b gcm-128|gcm-256] ipsec-factory-cert master-mac1 <mac1> [master-mac2 <mac2>] [interface uplink|{vlan <id>}] [fqdn <fqdn>]
Description
This command configures the IP address and preshared key or certificate for the master controller on a local controller.
Syntax
Parameter <ipaddr> ipsec <key> ipsec-custom-cert
master-mac1 <mac1> master-mac2 <mac2> ca-cert <ca>
server-cert <cert>
interface uplink vlan <id>
Description
IP address of the master controller.
To establish the master-local IPsec tunnel using IKEv1, enter a preshared key between 6-64 characters.
Use a custom-installed certificate on the master controller to establish a master-local IPsec tunnel using IKEv2.
The MAC address of the certificate on the Master.
(Optional) the MAC address of the certificate on the backup master controller.
User-defined name of a trusted CA certificate installed on the master controller. Use the show crypto-local pki TrustedCA command to display the CA certificates that have been imported into the controller.
User-defined name of a server certificate installed on the master controller. Use the show crypto-local pki ServerCert command to display the server certificates that have been imported into the controller.
Specify the uplink or VLAN interface on the master controller to initiate IKE.
Use the master controller's current active uplink to initiate IKE.
Specify a VLAN interface on the master controller to initiate IKE. If you do not specify a VLAN, the controller IP will be used.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
masterip | 638
Parameter fqdn <fqdn> suite-b
ipsec-factory-cert master-mac1 <mac1> master-mac2 <mac2> interface uplink vlan <id> fqdn <fqdn>
Description
Identify a dynamically addressed local controller by entering the Fully Qualified Domain Name (FQDN) of the controller.
If you configure your master and local controllers to use IKEv2 and custom-installed certificates, you can optionally use Suite-B cryptographic algorithms for IPsec encryption. Specify one of the following options: l gcm-128 Use 128-bit AES-GCM Suite-B encryption l gcm-256 Use 256-bit AES-GCM Suite-B encryption
Use the factory-installed certificate on the master controller to establish a master-local IPsec tunnel using IKEv2.
The MAC address of the certificate on the Master.
(Optional) the MAC address of the certificate on the backup master controller.
Specify the uplink or VLAN interface on the master controller to initiate IKE.
Use the master controller's current active uplink to initiate IKE.
Specify a VLAN interface on the master controller to initiate IKE. If you do not specify a VLAN, the controller IP will be used.
Identify a dynamically addressed local controller by entering the Fully Qualified Domain Name (FQDN) of the controller.
Usage Guidelines
Use this command on a local controller to configure the IP address and preshared key or certificate for secure communication with the master controller. On the master controller, use the localip command to configure the IP address and preshared key or certificate for a local controller.
Changing the IP address of the master on a local controller requires a reboot of the local controller
If your master and local controllers use a pre-shared key for authentication, they will create the IPsec tunnel using IKEv1. If your master and local controllers use certificates for authentication, the IPsec tunnel will be created using IKEv2.
Example
The following command configures the master controller with a pre-shared key: (host) (config) #masterip 10.1.1.250 ipsec gw1234567
639 | masterip
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 3.0 ArubaOS 6.1
Modification
Command introduced.
The ipsec-factory-cert and ipsec-custom-cert parameters were introduced to allow certificate-based authentication of master and local controllers.
Command Information
Platform
Available on all platforms
License
The suite-b gcm-128 and suite-b gcm-256 encryption options for IPsec custom certificates requires the Advanced Cryptography (ACR) license. All other parameters are available in the base operating system
Command Mode
Available in Config mode on local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
masterip | 640
master-redundancy peer-ip
master-redundancy peer-ip <ipaddr> ipsec <key> ipsec-custom-cert master-mac <mac> ca-cert <ca> server-cert <cert> [suite-b gcm-128|gcm256] ipsec-factory-cert master-mac <mac>
Description
This command configures the IP address and preshared key or certificate for a redundant master controller on another master controller.
Syntax
Parameter <ipaddr>
Description
IP address of the redundant controller. Use the 0.0.0.0 address to configure a global preshared key for all inter-controller communications.
ipsec <key>
To establish the master-master IPsec tunnel using IKEv1, enter a preshared key between 6-64 characters.
ipsec-custom-cert
Use a custom-installed certificate on the controller to establish the mastermaster IPsec tunnel using IKEv2
master-mac <mac>
The MAC address of the certificate on the redundant master controller.
ca-cert <ca>
User-defined name of a trusted CA certificate installed on the redundant master controller. Use the show crypto-local pki TrustedCA command to display the CA certificates that have been imported into the controller.
server-cert <cert>
User-defined name of a server certificate installed on on the redundant master controller. Use the show crypto-local pki ServerCert command to display the server certificates that have been imported into the controller.
suite-b
If you configure your master controllers to use IKEv2 and custom-installed certificates, you can optionally use Suite-B cryptographic algorithms for IPsec encryption. Specify one of the following options:
l gcm-128 Use 128-bit AES-GCM Suite-B encryption
l gcm-256 Use 256-bit AES-GCM Suite-B encryption
ipsec-factory-cert
Use the factory-installed certificate on the master controller to establish a master-local IPsec tunnel using IKEv2.
master-mac <mac>
The MAC address of the certificate on the redundant master controller.
Usage Guidelines
Use this command on a master controller to configure the IP address and preshared key or certificates for communication with a redundant master controller.
641 | master-redundancy peer-ip
Dell Networking W-Series ArubaOS 6.4.x | User Guide
If your master controllers use a pre-shared key for authentication, they will create the IPsec tunnel using IKEv1. If your master and local controllers use certificates for authentication, the IPsec tunnel will be created using IKEv2.
Example
The following command configures the local controller on a master controller: (host) (config) #peer-ip 10.4.62.5 ipsec-custom-cert master-mac 00:02:2D:11:55:4D ca-cert cacert1 server-cert server1
Command History
Release ArubaOS 3.0 ArubaOS 6.1
Modification
Command introduced.
The ipsec-factory-cert and ipsec-custom-cert parameters were introduced to allow certificate-based authentication of master and local controllers.
Command Information
Platform
License
Available on all platforms
The suite-b gcm-128 and suite-b gcm-256 encryption options for IPsec custom certificates requires the Advanced Cryptography (ACR) license. All other parameters are available in the base operating system
Command Mode
Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
master-redundancy peer-ip | 642
mgmt-server profile
wlan
mgmt-server profile <profile-name> clone airgroupinfo-enable location-enable misc-enable monitored-info-enable monitored-stats-enable no sessions-enable stats-enable tag-enable uccmonitoring-enable voiceinfo-enable
Description
Configure a management server profile on the controller for an W-AirWave management server or for an Analytics Location Engine (ALE) that should receive Advanced Monitoring (AMON) protocol messages filtered based on the profile settings. The default profiles provided for the AMP server (default-amp) and ALE (defaultale) are editable using this command.
Syntax
Parameter <profile-name> clone airgroup-enable location-enable misc-enable monitored-info-enable monitored-stats-enable no sessions-enable stats-enable
Description
Associate the controller to an W-AirWave management server by entering the IP address of the W-AirWaveserver.
Use this command to copy from another configuration profile.
If enabled, the messages related to the AirGroup feature will be sent to the management server.
If enabled, Station RSSI/AP Neighbor messages will be sent to the management server.
If enabled, the AP system statistics, specifications, and station steer information will be sent to the management server.
If enabled, the monitored AP or station information will be sent to the management server.
If enabled, the monitored AP or station statistics will be sent to the management server.
Disables the specified message filter.
If enabled, the firewall DNA, application, and aggregate session messages will be sent to the management server.
If enabled, the statistics for Radio, virtual APs, and clients will be sent to the management server.
643 | mgmt-server profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter tag-enable uccmonitoring-enable
voiceinfo-enable
Description If enabled, tag messages will be sent to the management server.
If enabled, the messages about the unified communications manager will be sent to the management server.
If enabled, the voice call records will be sent to the management server.
Usage Guidelines
Use this command to create a new management server profile on the controller or to edit the default profiles.
If you delete a management server profile that is applied to a destination server, you must re-apply a different profile to the server or re-create the same profile for the message filtering process to continue.
Example
The following command configures a management server profile: (host) (config) #mgmt-server profile AMP-profile (host) (Mgmt Config profile "AMP-profile") #location-enable (host) (Mgmt Config profile "AMP-profile") #voiceinfo-enable
Command History
ArubaOS 6.3.1
Modification Command introduced.
ArubaOS 6.4
The uccmonitoring-enable and airgroup-enable parameters were introduced.
Command Information
Platforms All platforms
Licensing
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
mgmt-server profile | 644
mgmt-server type
wlan
mgmt-server type ale primary-server <ip-addr> profile <profile-name> amp primary-server <ip-addr> profile <profile-name>
Description
Register a management server with the controller by specifying the IP address of an W-AirWave management server or Analytics and Location Engine that should receive messages from the controller using the Advanced Monitoring (AMON) protocol. You must also specify the management configuration profile in which the AMON message filtering settings can be done.
Syntax
Parameter
Description
ale primary-server <ip-addr> profile <profile>
Associate the controller to analytics and location engine by entering the IP address of the location server and the management configuration profile.
amp primary-server <ip-addr> profile <profile>
Associate the controller to an W-AirWave management server by entering the IP address of the W-AirWaveserver and the management configuration profile.
Example
The following command defines a primary W-AirWaveManagement server. (host) (config) #mgmt-server type amp primary-server 192.168.6.2 profile default-amp
Command History
ArubaOS 3.4
Modification Command introduced.
ArubaOS 6.1
The secondary-server parameter was deprecated.
ArubaOS 6.3
The xc parameter was introduced.
ArubaOS 6.3.1
The xc parameter was changed to ale and a new profile parameter was introduced.
Command Information
Platforms All platforms
Licensing
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
mgmt-server type | 646
mgmt-user
mgmt-user <username> <role> <password> mgmt-user localauth-disable mgmt-user ssh-pubkey client-cert <certificate> <username> <role> <rcp> mgmt-user webui-cacert <certificate_name> serial <number> <username> <role>
Description
This command configures an administrative user.
Syntax
Parameter <username>
<role>
<password>
localauth-disable
Description
Default
Name of the user.
--
You can create a maximum of 10 management users.
NOTE: If you configure a root management user, you can use special characters except for double-byte characters.
Role assigned to the user. Predefined roles include:
--
l guest-provisioning: Allows the user to create guest accounts on a special WebUI page.
l location-api-mgmt: Permits access to location API information. You can log into the CLI; however, you cannot use any CLI commands.
l network-operations: Permits access to Monitoring, Reports, and Events pages in the WebUI. You can log into the CLI; however, you can only use a subset of CLI commands to monitor the controller.
l read-only: Permits access to CLI show commands or WebUI monitoring pages only.
l root: Permits access to all management functions on the controller.
NOTE: You are prompted for the <password> for this user
--
after you type in <role> and press Enter.
The password must have a minimum of six characters.
You can use special characters in the management user password. The restrictions are as follows:
l You cannot use double-byte characters
l You cannot use the question mark (?)
l You cannot use white space <space >
Disables authentication of management users based on the results returned by the authentication server.
To cancel this setting, use the no form of the command: no mgmt-user localauth-disable
Enabled
647 | mgmt-user
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
ssh-pubkey client-cert <username> <role> <rcp>
webui-cacert <certificate_name>
serial <username> <role>
Description
To verify if authentication of local management user accounts is enabled or disabled, use the following command: show mgmt-user local-authentication-mode
Configures certificate authentication of administrative users using the CLI through SSH.
Name of the X.509 client certificate for authenticating administrative users using SSH.
Name of the user.
Role assigned to the authenticated user.
Revocation Checkpoint for the ssh user's client certificate. The rcp checks the revocation status of the SSH user's client certificate before permitting access.
The client certificate for authenticating administrative users using the WebUI.
The CA certificate. If configured, certificate authentication and authorization are automatically completed using an authentication server.
Serial number of the client certificate.
Name of the user.
Role assigned to the authenticated user.
Default
-- -- -- -- -- -- --
-- -- --
Usage Guidelines
You can configure client certificate authentication of WebUI or SSH management users (by default, only username/password is used). To configure certificate authentication for the WebUI or SSH, use the web-server mgmt-auth certificate or ssh mgmt-auth public-key commands, respectively.
Use webui-cacert <certificate name> command if you want an external authentication server to derive the management user role. This is helpful if there are a large number of users who need to be authenticated.
Or, use the mgmt-user webui-cacert <certificate_name> serial <number> <username> <role> if you want the authentication process to use previously configured certificate name and serial number to derive the user role.
Use the mgmt-user webui-cacert <certificate_name> serial <number> <username> <role> <rcp>command if you want to configure an optional RCP for an ssh-pubkey user.
Example
See the web-server and ssh command descriptions for examples of certificate and public key authentication. The following command configures a management user and role: (host) (config) #mgmt-user zach_jennings root
Dell Networking W-Series ArubaOS 6.4.x | User Guide
mgmt-user | 648
Password: ***** Re-Type password: *****
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.1
The ssh-pubkey and webui-cacert parameters were introduced.
ArubaOS 3.2
The network-operations role was introduced.
ArubaOS 3.3
The location-api-mgmt role and localauth-disable parameters were introduced.
ArubaOS 3.4
The webui-cacert <certificate name> parameter had additional functionality introduced.
ArubaOS 6.3
The <rcp> parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
649 | mgmt-user
Dell Networking W-Series ArubaOS 6.4.x | User Guide
mobility-manager
mobility-manager <ipaddr> user <username> <password> [interval <secs>] [retrycount <number>] [udp-port <port>] [rtls <rtls-udp-port>] trap-version {1|2c|3}
Description
This command allows the controller to communicate with an MMS server.
Usage Guidelines
This command needs to be configured before the controller can communicate with the MMS server. This command performs three tasks: l Configures the IP address of the MMS server. In previous ArubaOS releases, this was done with the mobility-
server command. l Creates an SNMP version 3 user profile with the configured <username> and <password>. This allows
SNMP SETs from the MMS server to be received by the controller. The authentication protocol is Secure Hash Algorithm (SHA) and Data Encryption Standard (DES) is used for encryption. If <username> and <password> match an existing SNMP v3 user profile, the existing one is used. Otherwise, a new profile is created. This username and password must be used when adding this controller to the MMS server in the MMS Dashboard. l Allows SNMP traps and notifications to be sent to the MMS server IP address, by adding this MMS server as a trap receiver. l Optionally enables the MMS server to function as a Real Time Location System (RTLS) server to receive location information via APs from RTLS tags or other devices. Use the show mobility-manager command to check the current status of the configured MMS servers.
Example
The following command configures the IP address and SNMP user profile for the MMS server: (host) (config)# mobility-manager 10.2.1.245 user mms-user my-password.
Command History
This command was introduced in ArubaOS 3.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
mobility-manager | 650
netdestination
netdestination <name> description <description6> host <ipaddr> [position <number>] invert name network <ipaddr> <netmask> [position <number>] no ... range <start-ipaddr> <end-ipaddr> [position <number>]
Description
This command configures an alias for an IPv4 network host, subnetwork, or range of addresses.
Syntax
Parameter <name> description host invert
network no range
Description
Name for this host or domain. Maximum length is 63 characters.
Description about the this destination up to 128 characters long.
Configures a single IPv4 host and its position in the list.
Specifies that the inverse of the network addresses configured are used. For example, if a network of 172.16.0.0 255.255.0.0 is configured, this parameter specifies that the alias matches everything except this subnetwork.
An IPv4 subnetwork consisting of an IP address and netmask.
Negates any configured parameter.
A range of IPv4 addresses consisting of sequential addresses between a lower and an upper value. The maximum number of addresses in the range is 16. If larger ranges are needed, convert the range into a subnetwork and use the network parameter.
Usage
Aliases can simplify configuration of session ACLs, as you can use an alias when specifying the traffic source and/or destination it in multiple session ACLs. Once you configure an alias, you can use it to manage network and host destinations from a central configuration point, because all policies that reference the alias will be updated automatically when you change the alias.
When using the invert option, use caution when defining multiple aliases, as entries are processed one at a time. As an example, consider a netdestination configured with the following two network hosts:
netdestination dest1 invert network 1.0.0.0 255.0.0.0 network 2.0.0.0 255.0.0.0
A frame from http://1.0.0.1 would match the first alias entry, (which allows everything except for 1.0.0.0/8) so the frame would be rejected. However, it would then be compared against the second alias, which allows everything except for 2.0.0.0/8, and the frame would be permitted.
651 | netdestination
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Example
The following command configures an alias for an internal network: (host) (config) #netdestination Internal
network 10.1.0.0 255.255.0.0
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
Host functionality now only supports IPv4 subnets.
ArubaOS 6.2
Name parameter has maximum character length.
Command Information
Platforms All platforms
Licensing
Requires the Policy Enforcement Firewall license.
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
netdestination | 652
netdestination6
netdestination6 <name> description <description6> host <ipaddr> [position <number>] invert name network <ipaddr> <netmask> [position <number>] no ... range <start-ipaddr> <end-ipaddr> [position <number>]
Description
This command configures an alias for an IPv6 network host, subnetwork, or range of addresses.
Syntax
Parameter Description
<name>
Name of the IPv6 destination host or subnetwork up to 63 characters long.
Default
description Description about the IPv6 netdestination up to 128 characters long.
-
host
Configures a single IPv6 host and position in the list.
--
invert
Specifies that the inverse of the network addresses configured are used. For
--
example, if a network of fe80:0:0:0:0:0:ac10:0/128 is configured, this
parameter specifies that the alias matches everything except this subnetwork.
network
An IPv6 subnetwork consisting of an IP address and netmask.
--
no
Negates any configured parameter.
--
range
A range of IPv6 addresses consisting of sequential addresses between a lower -- and an upper value. The maximum number of addresses in the range is 16. If larger ranges are needed, convert the range into a subnetwork and use the network parameter.
Usage Guidelines
Aliases can simplify configuration of session ACLs, as you can use an alias when specifying the traffic source and/or destination. Once you configure an alias, you can use it in multiple session ACLs.
When using the invert option, use caution when defining multiple aliases, as entries are processed one at a time. As an example, consider a netdestination configured with the following two network hosts:
netdestination6 dest1 invert network 2002:0:0:0:0:0:100:0/128 network 2002:0:0:0:0:0:200:0/128
A frame from http://1.0.0.1 would match the first alias entry, (which allows everything except for 2002:0:0:0:0:0:100:0/128) so the frame would be rejected. However, it would then be compared against the second alias, which allows everything except for 2002:0:0:0:0:0:200:0/128, and the frame would be permitted.
653 | netdestination6
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Example
The following command configures an alias for an internal network: (host) (config) #netdestination6 Internal
network fe80:0:0:0:0:0:a01:0/128
Command History
Release ArubaOS 6.1
Modification Command introduced
ArubaOS 6.3 ArubaOS 6.3
A new field, description has been introduced to provide a description about the netdestination up to 128 characters long.
Maximum length allowed for netdestination6 <name> is now 63 characters.
Command Information
Platforms All platforms
Licensing
Requires the Policy Enforcement Firewall license.
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
netdestination6 | 654
netexthdr
netexthdr <alias-name> eh <eh-type> deny | permit
Description
This command allows you to edit the packet filter options in the extension header (EH).
Syntax
Parameter <alias-name>
Description Specify the EH alias name.
eh <eh-type>
Specify one of the following EH types: l <0-255>: Matches the IPv6 next header type l authentication: Matches the IPv6 authentication header l dest-option: Matches the IPv6 destination-option header l esp: Matches the IPv6 encapsulation security payload header l fragment: Matches the IPv6 fragment header l hop-by-hop: Matches the IPv6 hop-by-hop header l mobility: Matches the IPv6 mobility header l routing: Matches the IPv6 routing header
deny
Denies the IPv6 packets matching the specified extended header type.
permit
Permits the IPv6 packets matching the specified extended header type. NOTE: By default, all the EH types are supported in the default EH.
Default
default --
-- --
Usage Guidelines
ArubaOS firewall is enhanced to process the IPv6 extension header (EH) to enable IPv6 packet filtering. You can filter the incoming IPv6 packets based on the EH type. You can edit the packet filter options in the default EH, using this command. By default, the default EH alias permits all EH types.
Example
The following command denies the IPv6 packets matching the specified extended header type in the default EH: (host) (config) #netexthdr default (host) (config-exthdr) #eh authentication deny
Related Commands
(host) #show netexthdr <alias-name>
655 | netexthdr
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 6.1
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
netexthdr | 656
netservice
netservice <name> <protocol>|tcp|udp {list <port>,<port>}|{<port> [<port>]} [ALG <service>]
Description
This command configures an alias for network protocols.
Syntax
Parameter netservice
Description Name for this alias.
Range --
<protocol>
IP protocol number.
0-255
tcp
Configure an alias for a TCP protocol
udp
Configure an alias for a UDP protocol
list <port>,<port> Specify a list of non-contiguous port numbers, by entering up to six port numbers, separated by commas.
0-65535
<port> [<port>]
TCP or UDP port number. You can specify a single port number, or define a port range by specifying both the lower and upper port numbers.
0-65535
ALG
Application-level gateway (ALG) for this alias.
--
<service>
Specify one of the following service types: l dhcp: Service is DHCP
l dns: Service is DNS l ftp: Service is FTP l h323: Service is H323 l noe: Service is Alcatel NOE l rtsp: Service is RTSP l sccp: Service is SCCP l sip: Service is SIP l sips: Service is Secure SIP l svp: Service is SVP l tftp: Service is TFTP l vocera: Service is VOCERA
657 | netservice
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Usage Guidelines
Aliases can simplify configuration of session ACLs, as you can use an alias when specifying the network service. Once you configure an alias, you can use it in multiple session ACLs.
Example
The following command configures an alias for a network service: (host) (config) #netservice HTTP tcp 80
Command History
Version ArubaOS 3.0
Modification Command introduced.
ArubaOS 6.0
The list parameter for defining non-contiguous ports was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
netservice | 658
network-printer [deprecated]
network-printer [max-clients <2-20> | max-clients-per-host <1-20> | max-jobs <1-1000>]
Description
This command allows you to configure client and print job for the USB printer connected to a W-600 Series controller.
Syntax
Parameter max-clients
Description
Specify the maximum number of clients that can use the printer. Currently, the W-600 Series supports a maximum of 20 concurrent clients.
max-clients-per-host
Specify the maximum number of concurrent clients for a single host. Currently, the W-600 Series supports a maximum of 20 concurrent clients.
max-jobs
Specify the maximum number of jobs that can be saved in the memory Currently, the W-600 Series controller will support a storage of 1000 jobs.
Usage Guidelines
Use this command in the config mode. In the enable mode, you can use the network-printer delete <printer-name> job <job-id> command to delete print jobs in specific printer.
Command History
Release ArubaOS 3.4
Modification Command introduced.
ArubaOS 6.2
Command deprecated.
Command Information
Platforms W-600 Series
Licensing Base operating system
Command Mode Config or enable mode
659 | network-printer [deprecated]
Dell Networking W-Series ArubaOS 6.4.x | User Guide
network-storage [deprecated]
network-storage [share <share-name>] share [usb: disk <disk-name> <filesystem-path> mode {read-only | read-write} no share
Description
This command allows you to perform the following operation on a network share: l Configure a file system path for the shareThis allows users to access the share from their computer. l Remove the share access using the no share command.
Syntax
Parameter share
Description
Enter a name for the share on the controller. After you enter this command, the CLI mode will shift to operations on that share.
Usage Guidelines
To access the share, you must create a filesystem path to the share. enter: (host) (config-network-storage share)# share usb: disk <disk name> <filesystem path> mode
Where, disk name is the name of the disk. You can also specify the disk alias instead of the disk name. filesystem path is the path to access the share. This path contains the partition name and the shared folder name. mode is the permission settings. You can either specify read-only or read-write modes.
Example
The following command associates a share to a file system path and configures the access mode.
(host) (config-network-storage share)#share usb: disk Maxtor1TB Maxtor-Basics_Desktop-
2HBADMJ4_p1/documents mode read-write
(host) (config-network-storage share)#show network-storage shares
NAS Shares
----------
Disk Name Partition Name Folder Name Share Name Share Path
Share Mode Status
--------- -------------- ----------- ---------- ----------
--------- ------
Maxtor1TB MxDocs
docum
p1/documents Read-Write Active
Command History
Release ArubaOS 3.4
Modification Command introduced.
ArubaOS 6.2
Command deprecated.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
network-storage [deprecated] | 660
Command Information
Platforms W-600 Series
Licensing Base operating system
Command Mode Enable mode
661 | network-storage [deprecated]
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ntp authenticate
ntp authenticate
Description
This command enables or disables NTP authentication.
Syntax
No parameters.
Usage Guidelines
Network Time Protocol (NTP) authentication enables the controller to authenticate the NTP server before synchronizing local time with server. This helps identify secure servers from fradulent servers. This command has to be enabled for NTP authentication to work.
Example
The following command configures an NTP server: (host) (config) #ntp authenticate
Command History
Release ArubaOS 6.1
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ntp authenticate | 662
ntp authentication-key
ntp authentication-key <key-id> md5 <keyvalue>
Description
This command configures a key identifier and secret key and adds them into the database. NTP authentication works with a symmetric key configured by user. The key is shared by the client (Dell controller) and an external NTP server.
Syntax
Parameter <key-id>
md5 <keyvalue>
Description
The key identifier is a string that is shared by the client (Dell controller) and an external NTP server. This value is added into the database.
Default --
The key value is a secret string, which along with the key
--
identifier, is used for authentication. This is added into the
database.
Usage Guidelines
NTP authentication works with a symmetric key configured by user. The key is shared by the client (Dell controller) and an external NTP server. This command adds both the key identifier and secret string into the database.
Example
The following command configures the NTP authentication key. The key identifier is 12345 and the shared secret is 67890. Both key identifier and shared secret: (host) (config) #ntp authentication-key 12345 md5 67890
Command History
Release ArubaOS 6.1
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
663 | ntp authentication-key
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ntp server
#ntp server {<IPv4/IPv6 Address>|[iburst] [key]}
Description
This command configures a Network Time Protocol (NTP) server.
Syntax
Parameter IPv4/IPv6 Address iburst
key <key-id>
Description IPv4/IPv6 Address of the Peer.
Default --
(Optional) This parameter causes the controller to send up to ten queries within the first minute to the NTP server. This option is considered "aggressive" by some public NTP servers.
disabled
This is the key identifier used to authenticate the NTP server. -- This needs to match the key identifier configured in the ntp authentication-key command.
Usage Guidelines
You can configure the controller to set its system clock using NTP by specifying one or more NTP servers.
Example
The following command configures an NTP server using the iburst optional parameter and using a key identifier "123456." (host) (config) #ntp server 10.1.1.245 iburst key 12345
Command History
Release ArubaOS 1.0
Modification Command introduced
ArubaOS 3.0
The iburst parameter was introduced
ArubaOS 6.1
The key parameter was introduced
ArubaOS 6.4
The IPv6 parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ntp server | 664
ntp trusted-key
ntp trusted-key <keyid>
Description
This command configures an additional subset of trusted keys which can be used for NTP authentication.
Syntax
Parameter <keyid>
Description
An additional trusted string that can be used for authentication
Default --
Usage Guidelines
You can configure additional subset of keys which are trusted and can be used for NTP authentication.
Example
The following command configures an additional trusted key(84956) which can be used for NTP authentication. (host) (config) #ntp trusted-key 84956
Command History
Release ArubaOS 6.1
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
665 | ntp trusted-key
Dell Networking W-Series ArubaOS 6.4.x | User Guide
packet-capture
packet-capture controlpath [interprocess {all | <ports>}] [other] [sysmsg {all | <opcodes>] [tcp {all | <ports>}] [udp {all | <ports>]] copy-to-flash {controlpath-pcap | datapath-pcap} datapath {ipsec <peer-ip>} [wifi-client <mac-address> {decrypted | encrypted | all}] destination [interface <slot/port>] [ip-address <ip-address>] [local-filesystem] no reset-pcap {controlpath-pcap | datapath-pcap}
Description
Use this command to enable or disable packet capturing and set packet capturing options for a single packet capture session.
Syntax
Parameter controlpath
interprocess other sysmsg
tcp
udp
copy-to-flash controlpath-pcap
Description
Default
Enables controlpath packet capture. Captured pack- Disabled ets are stored in /var/log/oslog/filter.pcap.
NOTE: Only capture to local-filesystem is supported for controlpath capture.
Enables or disables interprocess packet capturing. . Specify up to ten comma-separated ports to capture; use all to sniff all ports. All CLI ports, which are TCP, are always skipped.
Disabled
Enable or disable all other types of packets.
Disabled
Enable or disable internal messaging packets. Specify up to ten comma-separated opcodes to
capture; use all to sniff all opcodes. All CLI ports, which are TCP, are always skipped.
Disabled
Enable or disable TCP packet capturing. Specify up to ten comma-separated ports to capture; use
all to sniff all TCP ports. All CLI ports, which are TCP, are always skipped.
Disabled
Enable or disable UDP packet capturing. Specify up to ten comma-separated ports to capture; use
all to sniff all UDP ports. All CLI ports, which are TCP, are always skipped.
Disabled
Copies captured packets to the flash.
--
Copies controlpath captures. They are saved as -- controlpath-pcap.tar.gz.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
packet-capture | 666
Parameter datapath-pcap
Description
Copies datapath captures. They are saved as datapath-pcap.tar.gz.
Default --
datapath
Enables datapath packet capture. Captured packets are stored in /var/log/oslog/datapath.pcap or mirrored out of the controller.
Disabled
ipsec <peer-ip>
Enable or disable IPSec packet capturing. Enter the IPSec peer IP address to specify a given peer.
NOTE: Capture to local-filesystem is not supported with this option.
Disabled
wifi-client <mac-address> {decrypted | encrypted | all}
Enable or disable packet capturing from a wifi client. Specify the client device by entering the device's MAC address.
Disabled
Additionally, you can specify what type of traffic captured: decrypted, encrypted, or all.
destination
Configures the capture destination.
--
interface <slot/port> or <slot/module/port>
Sends packet captures to a specific interface on the -- controller. Specify the interface using the slot/port format or <slot/module/port> for the W-7200 Series controllers.
ip-address <ip-address>
Sends packet captures to a specific IP address.
--
local-filesystem
Stores captured packets on the controller in pcap
--
files.
no
Negates any configured parameter.
reset-pcap
Deletes old pcap files and restarts the active cap-
--
ture.
controlpath-pcap
Deletes old controlpath pcap files and restarts the -- active controlpath capture.
datapath-pcap
Deletes old datapath pcap files and restarts the act- -- ive datapath capture.
Usage Guidelines
The packet-capture command can perform two types of packet capture: controlpath and datapath. Controlpath only captures packet destined for the controller. Datapath captures packets that are being forwarded by the controller, such as packets from a wifi client.
Packets can be retrieved through the tar logs command; look for the filter.pcap or datapath.pcap file. This command activates packet capture options on the current session. They are not saved and applied across all reboots.
If you do want to enable a packet capture session without setting values that can be saved and used for another session, use the command packet-capture. The related command packet-capture-defaults lets you define a set of packet capture options and save them in the configuration file. These setting will be
667 | packet-capture
Dell Networking W-Series ArubaOS 6.4.x | User Guide
automatically enabled when the controller boots up. Any settings defined using the command packet-capture will override packet-capture-defaults.
Example
The following command enables packet capturing for debugging a wireless WEP station doing VPN. This example uses the following parameters and values: l Station up/down: sysmsg opcode 30 l WEP key plumbing: sysmsg opcode 29 l DHCP: sysmsg opcode 90 l IKE: UDP port 500 and 4500 l Layer 2 Tunneling Protocol (L2TP): UDP port 1701 (host) #packet-capture sysmsg 30,29,90 (host) #packet-capture udp 500,4500,1701,1812,1645
Command History
This command was introduced in ArubaOS 2.3.
Release ArubaOS 2.3
Modification Command introduced
ArubaOS 6.3
The following parameters were added: l controlpath l copy-to-flash l datapath ipsec and datapath wifi-client l destination l reset-pcap l no parameter has replaced disable The following parameters were moved under the controlpath parameter: l interprocess l other l sysmsg l tcp l udp
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
packet-capture | 668
packet-capture-defaults
packet-capture controlpath [interprocess {all | <ports>}] [other] [sysmsg {all | <opcodes>] [tcp {all | <ports>}] [udp {all | <ports>]] datapath {ipsec <peer-ip>} [wifi-client <mac-address> {decrypted | encrypted | all}] destination [interface <slot/port>] [ip-address <ip-address>] [local-filesystem] no
Description
Use this command to enable or disable packet capturing and define a set of default packet capturing options on the control path for debugging purposes.
Syntax
Parameter controlpath
interprocess other sysmsg
tcp
udp
datapath ipsec <peer-ip>
Description
Default
Enables controlpath packet capture. Captured pack- Disabled ets are stored in /var/log/oslog/filter.pcap.
NOTE: Only capture to local-filesystem is supported for controlpath capture.
Enables or disables interprocess packet capturing. . Specify up to ten comma-separated ports to capture; use all to sniff all ports. All CLI ports, which are TCP, are always skipped.
Disabled
Enable or disable all other types of packets.
Disabled
Enable or disable internal messaging packets. Specify up to ten comma-separated opcodes to
capture; use all to sniff all opcodes. All CLI ports, which are TCP, are always skipped.
Disabled
Enable or disable TCP packet capturing. Specify up to ten comma-separated ports to capture; use
all to sniff all TCP ports. All CLI ports, which are TCP, are always skipped.
Disabled
Enable or disable UDP packet capturing. Specify up to ten comma-separated ports to capture; use
all to sniff all UDP ports. All CLI ports, which are TCP, are always skipped.
Disabled
Enables datapath packet capture. Captured packets are stored in /var/log/oslog/datapath.pcap or mirrored out of the controller.
Disabled
Enable or disable IPSec packet capturing. Enter the IPSec peer IP address to specify a given peer.
NOTE: Capture to local-filesystem is not supported with this option.
Disabled
669 | packet-capture-defaults
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
Default
wifi-client <mac-address> {decrypted | encrypted | all}
Enable or disable packet capturing from a wifi client. Specify the client device by entering the device's MAC address.
Disabled
Additionally, you can specify what type of traffic captured: decrypted, encrypted, or all.
destination
Configures the capture destination.
--
interface <slot/port> or <slot/module/port>
Sends packet captures to a specific interface on the -- controller. Specify the interface using the slot/port format or <slot/module/port> for the W-7200 Series controllers.
ip-address <ip-address>
Sends packet captures to a specific IP address.
--
local-filesystem
Stores captured packets on the controller in pcap
--
files.
no
Negates any configured parameter.
Usage Guidelines
This command applies to control path packets; not datapath packets. Packets can be retrieved through the tar log command; look for the filter.pcap file. This command activates packet capture options on the current switch. They are not saved and applied across switches.
Example
The following command sets the default packet capture values to debug a wireless WEP station doing VPN. Once these default settings are defined, you can use the packet-capture command to enable packet capturing with these values. This example uses the following parameters and values:
l Station up/down: sysmsg opcode 30 l WEP key plumbing: sysmsg opcode 29 l DHCP: sysmsg opcode 90 l IKE: UDP port 500 and 4500 l Layer 2 Tunneling Protocol (L2TP): UDP port 1701 packet-capture-defaults sysmsg 30,29,90 udp 500,4500,1701,1812,1645
Use the show packet-capture command to show the current action and the default values. (host) show packet-capture
Current Active Packet Capture Actions(current switch) ===================================================== Packet filtering TCP with 2 port(s) enabled:
2 1 Packet filtering UDP with 1 port(s) enabled: 1 Packet filtering for internal messaging opcodes disabled. Packet filtering for all other packets disabled.
Packet Capture Defaults(across switches and reboots if saved)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
packet-capture-defaults | 670
============================================================ Packet filtering TCP with 2 port(s) enabled:
2 1 Packet filtering UDP with 1 port(s) enabled: 1
Command History
This command was introduced in ArubaOS 2.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
671 | packet-capture-defaults
Dell Networking W-Series ArubaOS 6.4.x | User Guide
page
page <length>
Description
This command sets the number of lines of text the terminal will display when paging is enabled.
Syntax
Parameter length
Description Specifies the number of lines of text displayed.
Range 24 - 100
Usage Guidelines
Use this command in conjunction with the paging command to specify the number of lines of text to display. For more information on the pause mechanism that stops the command output from printing continuously to the terminal, see paging on page 673. If you need to adjust the screen size, use your terminal application to do so.
Example
The following command sets 80 as the number of lines of text displayed: (host) (config) #page 80
Command History
This command was introduced in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config and Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
page | 672
paging
paging
Description
This command stops the command output from printing continuously to the terminal.
Syntax
No parameters
Usage Guidelines
By default, paging is enabled. With paging enabled, there is a pause mechanism that stops the command output from printing continuously to the terminal. If paging is disabled, the output prints continuously to the terminal. To disable paging, use the no paging command. You must be in enable mode to disable paging. The paging setting is active on a per-user session. For example, if you disable paging from the CLI, it only affects that session. For new or existing sessions, paging is enabled by default. You can also configure the number of lines of text displayed when paging is enabled. For more information, refer to the command page on page 672. If you need to adjust the screen size, use your terminal application to do so.
Example
The following command enables paging: (host) (config) #paging
Command History
This command was introduced in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config and Enable mode on master controllers
673 | paging
Dell Networking W-Series ArubaOS 6.4.x | User Guide
pan active-profile
pan active-profile profile <profile name>
Description
This command makes a Palo Alto Network (PAN) profile active from a set of profiles.
Syntax
Parameter
Description
profile <profile name> The name of the PAN profile to be activated.
Usage Guidelines
This command makes a PAN profile active from a set of profiles, if any. Only one PAN profile can be active at a time. (host) (config) #pan active-profile (host) (Palo Alto Networks Active Profile) #profile default
Command History
ArubaOS 6.4
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
pan active-profile | 674
pan profile
pan profile <profile-name> clone firewall host <host> port <port> username <username> passwd <password> no
Description
This command configures a Palo Alto Networks (PAN) profile to allow a controller to communicate with a PAN firewall.
Syntax
Parameter clone
Description
Name of an existing PAN profile configuration from which parameter values are copied.
firewall
Configures the information for the associated PAN firewall.
host <host>
IP address or hostname of the PAN firewall.
port <port>
Port number of the PAN firewall.
username <username> The username of the PAN firewall.
passwd <password>
The password of the PAN firewall.
no
Negates any configured parameter.
Usage Guidelines
This command is used to configure the PAN firewall that the controller will be communicating with. The username and password must match the name of the admin account configured on the PAN firewall. (host) (config) #pan profile default (host) (Palo Alto Networks Servers Profile "default") #firewall host 192.0.2.1 port 5642 username axde passwd ZAQ!2wsx
Command History
ArubaOS 6.4
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master or local controllers
675 | pan profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
panic
panic {clear | info {file <filename> <symbolfile>|nvram <symbolfile>} | list {file <filename>|nvram} | save <filename>}
Description
This command manages information created during a system crash.
Syntax
Parameter clear
info list save
Description Removes panic information from non-volatile random access memory (NVRAM).
Displays the content of specified panic files.
Lists panic information in the specified file in flash or in NVRAM.
Saves panic information from NVRAM into the specified file in flash.
Usage Guidelines
To troubleshoot system crashes, use the panic save command to save information from NVRAM into the specified file, then use the panic clear command to clear the information from NVRAM.
Example
The following command lists panic information in NVRAM: (host) #panic list nvram
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
panic | 676
pan-options
pan-options portal <IP-address>|<FQDN> cert <cert-name> no
Description
This command configures options to integrate a branch controller with a Palo Alto Networks (PAN) firewall.
Syntax
Parameter <IP-address> <FQDN> <cert-name>
Description The IP address of the portal
The fully qualified domain name (FQDN) of the portal
Specify the name of the self-signed or external certification authority (CA) certificate to establish an SSL connection to the portal.
Usage Guidelines
Issue this command on controllers configured as branch controllers to securely redirect internet inbound traffic from the controller into the PAN firewall. Although this configuration setting can be used on standalone or local controllers, this feature can only be used on controllers in these types of deployments when used in conjunction with the controller uplink VLAN manager feature. The uplink VLAN manager is enabled by default on branch controller uplinks. Master or local (non-branch) controllers using the PAN portal feature must enable the uplink VLAN manager using the uplink command in the controller command-line interface.
Integration Workflow
The following steps describes the work flow to integrate a branch controller with a Palo Alto Networks LSVPN firewall.
1. The Palo Alto portal is configured with the MAC address of the branch controller(s) at each remote office site. This allows the branch controller to authenticate to the portal.
2. Once the branch controller is authenticated, the Palo Alto portal sends the branch controller a list of firewall gateways and priority levels.
3. The branch controller uses the gateway list and credentials from the portal to contact all gateways. Each gateway then sends the branch controller information that allows the controller to automatically generate and populate the ip nexthop list pan-gp-ipsec-map-list, and sends the branch controller the information that allows the branch controller to create an IPsec tunnel to that gateway.
4. Once the controller has established a functional IPsec tunnel to the first gateway that comes up, it begins routing traffic to that gateway, even if the controller has not yet contacted all gateways. Other gatweays are added based upon the preemption policy in the nexthop list.
677 | pan-options
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Figure 1 Branch-office Controller and PAN Firewall Integration
Configuration Prerequisites
The Palo Alto Networks Large-Scale VPN (LSVPN) framework can integrate with a branch-office controller by establishing an IPsec tunnels between the firewall and the controller. Integrating a Palo Alto Networks firewall with a W-7000 Series controller requires that all user traffic is routed, so it can be managed by a policy-based routing access control list. If PAN gateways are deployed across multiple datacenters, PAN devices must have a public IP or be behind a single NAT device so that reverse traffic comes back to the correct PAN gateway.
The following certificate requirements must be fulfilled before the cloud services controller can integrate with the Palo Alto Networks Large-Scale VPN (LSVPN) framework:
l The CA certificate used by the firewall portal must be installed on the master controller, so that it can be pushed down to the branch controllers.
l On the gateway devices, the accept published routes option must be enabled, and the devices must install the server certificates derived from the management portal root CA.
In deployments with multiple PAN firewalls, the PAN management portal needs to be configured with a list of gateways and the priorities for each gateway. Even if the PAN management portal uses serial number registration with preregistered serial numbers or MAC addresses, best practices is to configure LDAP, Radius, Kerberos or Local Database authentication as well. This allows a controller to authenticate to the portal even if the portal does not recognize the controller's MAC address.
Examples
(host) (config)# pan-options
Dell Networking W-Series ArubaOS 6.4.x | User Guide
pan-options | 678
(host) (Configure Palo Alto Network options)# portal 192.0.2.3 cert MyServerCert
Next, create a policy-based routing access control list (ACL) and apply that ACL to all the roles that need redirection. Best practices is to define a default rule at the end of the policy-based routing ACL that redirects all non-corporate traffic to the PAN firewalls in the predefined next-hop list.
If you use the predefined nexthop list pan-gp-ipsec-map-list in your policy-based routing ACL, multiple branch controllers can use the same ACL configuration. (host) (config)# ip access-list route my_PBR_policy (host) (config-route-my_PBR_policy)# any network 192.0.2.0 255.255.255.0 any forward (host) (config-route-my_PBR_policy)# any any any route nexthop-list pan-gp-ipsec-map-list
Related Commands
ip nexthop-list pan active-profile pan profile show pan-gp show pan-options uplink
Modification
Define a nexthop list for policy-based routing.
This command selects an active Palo Alto Network (PAN) profile from a set of profiles.
This command configures a Palo Alto Networks (PAN) profile to allow a controller to communicate with a PAN firewall.
This command displays Palo Alto Networks portal or gateway settings on a branch or local controller.
This command displays configured options to integrate a branch with a Palo Alto Networks (PAN) firewall.
Manage and configure the uplink network connection on W-600 Series or W7000 Series controllers.
Command History
ArubaOS 6.4.3.0
Modification Command introduced.
Command Information
Platforms
Licensing
W-7000 Series controllers, when configured as a branch controller, or any controller model when used in conjunction with uplink manager feature.
Base operating system
Command Mode
Config mode on master or local controllers
679 | pan-options
Dell Networking W-Series ArubaOS 6.4.x | User Guide
perf-test
perf-test server start|stop controller|{ap [ap-name <name>}|{ip-addr <ip>}|{ip6-addr <ip6>} [tcp|udp] client start|stop controller|{ap [ap-name <name>}|{ip-addr <ip>}|{ip6-addr <ip6>}<host-ip> tcp|udp duration <duration> parallel <parallel> window bandwidth <value> port open|close
Description
Use this command under the guidance of Dell technical support to launch or halt an Iperf throughput test between the controller and the AP.
Syntax
Parameter
Description
server start|stop
ap-name <ap-name>
Run Iperf tests in server mode.
Start or stop the iperf test. Tests run in server mode must be manually stopped using the command perf-test server stop.
Name of the AP.
ip-addr <ip-addr>
IPv4 address of the AP.
ip6-addr <ip6-addr> IPv6 address of the AP.
TCP
Run Iperf tests using the TCP protocol.
UDP
Run Iperf tests using the UDP protocol.
client host <ip>|<ipv6>
Run Iperf tests in client mode by specifying the IPV4 or IPv6 address of the host. Tests run in client mode automatically stop when they are complete, although they can also be manually stopped using the perf-test client stop command.
start|stop ap-name <ap-name>
Start or stop the iperf test. Tests run in server mode must be manually stopped using the command perf-test server stop.
Name of the AP.
ip-addr <ip-addr>
IPv4 address of the AP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
perf-test | 680
Parameter
Description
ip6-addr <ip6-addr> IPv6 address of the AP.
TCP UDP bandwidth <value>
duration parallel window
Run Iperf tests using the TCP protocol.
Run Iperf tests using the UDP protocol.
Rate at which the Iperf test data should be sent, in bits/sec. The default value is 1 Mbit/sec. This parameter supports the suffixes K (to represent Kbits/sec) and M (to represent Mbits/sec.)
Number of seconds for which the test runs. The supported range is 10-120 seconds, and the default value is 10 seconds.
Number of parallel clients threads to run.
TCP window size. This parameter supports the suffixes K (to represent Kbits/sec) and M (to represent Mbits/sec.)
port open|close
Use this command under the guidance of Dell technical support to open port 5001 to allow Iperf throughput tests between the controller and the AP.
Usage Guidelines
Only W-AP130 Series, W-AP220 Series, and W-AP105 access points connected to a W-7200 Series or W6000M3 controller support this feature. The report generated by an Iperf throughput test can be viewed by issuing the command .
Related Commands
Command show perf-test reports
Description
Use this command under the guidance of Delltechnical support to view the results of an Iperf throughput test launched from the controller.
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms W-6000M3 controllers
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
681 | perf-test
Dell Networking W-Series ArubaOS 6.4.x | User Guide
pcap (deprecated)
pcap {raw-start <ipaddr> <target-ipaddr> <target-port> <format> [bssid <bssid>] [channel <number>] [maxlen <maxlen>]}|{interactive <am-ip> <filter> <target-ipaddr> <target-port> [bssid <bssid>][channel <number>]}|{clear|pause|resume|stop <am-ip> <id> [bssid <bssid>]}
Description
These commands manage packet capture (PCAP) on Dell air monitors.
Syntax
Parameter raw-start
<ipaddr> <target-ipaddr> <target-port> <format>
bssid <bssid>
channel maxlen
<maxlen> interactive
<am-ip> <filter-spec>
Description Stream raw packets to an external viewer.
IP address of the air monitor collecting packets.
IP address of the client station running Wildpacket's AiroPeek monitoring application.
UDP port number on the client station where the captured packets are sent.
Specify a number to indicate one of the following formats for captured packets: l 0 : pcap l 1 : peek l 2 : airmagnet l 3 : pcap+radio header l 4 : ppi
(Optional) BSSID of the Air Monitor interface for the PCAP session.
BSSID of the Air Monitor Interface, which is usually its MAC address.
(Optional) Number of a radio channel to tune into to capture packets
(Optional) Limit the length of 802.11 frames to include in the capture to a specified maximum.
(Optional) Maximum number of packets to be captured.
Start an interactive packet capture session.
IP address of the air monitor collecting packets.
Packet Capture filter specification.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
pcap (deprecated) | 682
Parameter <target-ipaddr> <target-port> bssid <bssid> channel
clear pause resume start stop
<am-ip> <id> bssid
<bssid>
Description
(Optional) Specify the BSSID of the Air Monitor interface for the PCAP session. BSSID of the Air Monitor Interface, which is usually its MAC address. (Optional) Number of a radio channel to tune into to capture packets Clears the packet capture session. Pause a packet capture session. Resume a packet capture session. Start a new packet capture session. Stop a packet capture session. IP address of the air monitor collecting packets. ID of the PCAP session. (Optional) Specify the BSSID of the Air Monitor interface for the PCAP session. BSSID of the Air Monitor Interface, which is usually its MAC address.
Usage Guidelines
These commands direct a Dell air monitor to send packet captures to the Wildpacket's AiroPeek monitoring application on a remote client. The AiroPeek application listens for packets sent by the air monitor.
The following pcap commands are available:
Command clear pause resume start stop
Description Clears the packet capture session. Pause a packet capture session. Resume a packet capture session. Start a new packet capture session. Stop a packet capture session.
683 | pcap (deprecated)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Before using these commands, you need to start the AiroPeek application on the client and open a capture window for the air monitor. The AiroPeek application cannot be used to control the flow or type of packets sent from Dell air monitors. The AiroPeek application processes all packets, however, you can apply display filters on the capture window to control the number and type of packets being displayed. In the capture window, the time stamp displayed corresponds to the time that the packet is received by the client and is not synchronized with the time on the Dell air monitor.
Example
The following command starts a raw packet capture session for the air monitor at 10.100.100.1 and sends the packets to the client at 192.168.22.44 on port 604 with pcap format: (host) (config) #pcap raw-start 10.100.100.1 192.168.22.44 604 0
Command History
Version ArubaOS 3.0
Change Command Introduced
ArubaOS 3.4
The maxlen parameter was introduced, and the pcap start command deprecated.
ArubaOS 6.2
Functionality with 2 new parameters, now subsumed by the ap packet capture command.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
pcap (deprecated) | 684
phonehome
phonehome https <from_addr>
Description
This command configures the PhoneHome auto reporting feature.
Syntax
Parameter https <from_addr>
Description
Configure controllers running ArubaOS 6.4 send PhoneHome reports to an Activate server using HTTPS. Earlier versions of ArubaOS allow the PhoneHome feature to send reports to an SMTP server only. The <from-addr> email address is used to properly identify the user sending the report.
Command History
Version ArubaOS 6.0 ArubaOS 6.4
Description
Command Introduced
The https parameter was introduced to allow the controller to send reports to Dell support through Activate.
Command Information
Platforms All platforms
Licensing
Base operating system
Command Mode
The phonehome now command must be issued in enable mode. All other PhoneHome commands require config mode.
685 | phonehome
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ping
ping <ipaddress> | ipv6 {<global-address> | interface vlan <vlanid> <linklocal-address>} count df-flag packet-size source
Description
This command sends five ICMP echo packets to the specified ip address. You can also ping the specified IPv6 address.
Syntax
Parameter <ipaddress>
Description Destination IP Address
Default --
ipv6
l <global-address>
l interface vlan <vlanid> <linklocaladdress>
Specify this parameter to ping an IPv6
--
address.
l Specify the IPv6 global address.
l Specify the IPv6 link local address of a specific VLAN interface.
count
df-flag packet-size source
The number of ping packets sent to the tar- 5 get IP address.
Sets the Don't Fragment flag.
--
The size, in bytes, of a ping datagram
100 bytes
Sets the source interface for a ping data-
--
gram. The source can be a valid VLAN ID
or a Management Interface.
Range -- --
1 - 100 -- 10 - 2000 --
Usage Guidelines
You can send five ICMP echo packets to a specified IP address. The controller times out after two seconds. You can also ping the specified IPv6 address.
Examples
The following example pings 10.10.10.5. (host) #ping 10.10.10.5 The sample controller output is: Press 'q' to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.5, timeout is 2 seconds:!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0.408/0.5434/1.073 ms
The following example pings the specified IPv6 global address: (host) #ping ipv6 2005:d81f:f9f0:1001::14
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ping | 686
The sample controller output is: Press 'q' to abort. Sending 5, 100-byte ICMPv6 Echos to 2005:d81f:f9f0:1001::14, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0.309/0.3726/0.463 ms
Command History
Release ArubaOS 1.0
Modification Command introduced
ArubaOS 6.1
Introduced ipv6 parameter to provide support for IPv6.
ArubaOS 6.3
Introduced the following parameters:
l count l df-flag l packet-size l source
This command was introduced in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
User, Enable, and Config modes on master controllers
687 | ping
Dell Networking W-Series ArubaOS 6.4.x | User Guide
pkt-trace
pkt-trace acl <acl-name> {enable|disable} [trace {cptrace|pktrace} [trace-mask <tmask>]]]
Description
Enable packet tracing in the datapath. Use this feature only under the supervision of Dell technical support.
Syntax
Parameter <acl-name> enable disable cptrace pktrace tracemask <tmask>
Description Enable packet tracing for the specified access-control list. Enable packet tracing for the ACL. Disable packet tracing for the ACL. Send packet trace data into the Control Processor. Write packet trace data in the packet. Specify the trace mask. This value will be provided by Dell technical support.
Example
The following example enables packet tracing for the traffic matching the acl stateful-dot1x. (host) #pkt-trace acl stateful-dot1x enable trace cptrace trace-mask <val>
Command History
This command was introduced in ArubaOS 3.4.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
pkt-trace | 688
pkt-trace-global
pkt-trace-global {enable|disable} [trace-mask <tmask>]
Description
Enable global packet tracing in the datapath. Use this feature only under the supervision of Dell technical support.
Syntax
Parameter <acl-name> enable disable tracemask <tmask>
Description Enable packet tracing for the specified access-control list.
Enable global packet tracing for the ACL.
Disable global packet tracing for the ACL.
Specify a trace mask. Use this feature only under the supervision of Dell technical support.
Example
The following command enables the global packet tracing for all traffic. (host) (config) #pkt-trace-global enable
Command History
This command was introduced in ArubaOS 3.4.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
689 | pkt-trace-global
Dell Networking W-Series ArubaOS 6.4.x | User Guide
policer-profile (deprecated)
policer-profile <profile-name> cbs {k | m | g} cir <cir> clone <source> ebs [k | m | g] exceed-action drop | permit | remark exceed-profile <policerProfile> no.. violate-action drop | permit violate-profile <profile-name>
Description
This command configures a Policer profile to manage the transmission rate of a class of traffic based on userdefined criteria.
Command History
Release ArubaOS 6.2
Modification Command deprecated.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
policer-profile (deprecated) | 690
pptp ip local pool
pptp ip local pool <pool> <ipaddr> [<end-ipaddr>]
Description
This command configures an IP address pool for VPN users using Point-to-Point Tunneling Protocol (PPTP).
Syntax
Parameter <pool> <ipaddr> <end-ipaddr>
Description User-defined name for the address pool. Starting IP address for the pool. Ending IP address for the pool.
Usage Guidelines
If VPN is used as an access method, you specify the pool from which the user's IP address is assigned when the user negotiates a PPTP session. Use the show vpdn pptp local command to see the used and free addresses in the pool. PPTP is an alternative to IPsec that is supported by various hardware platforms. PPTP is considered to be less secure than IPsec but also requires less configuration. You configure PPTP with the vpdn command.
Example
The following command configures an IP address pool for PPTP VPN users: (host) (config) #pptp ip local pool pptp-pool1 172.16.18.1 172.16.18.24
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
691 | pptp ip local pool
Dell Networking W-Series ArubaOS 6.4.x | User Guide
priority-map
priority-map <name> dot1p <priority> high dscp <priority> high no ...
Description
This command configures the Type of Service (ToS) and Class of Service (CoS) values used to map traffic into high priority queues.
Syntax
Parameter <name> dot1p
dscp
no
Description User-defined name of the priority map.
Range --
IEEE 802.1p priority value, or a range of values separated by
0-7
a dash (-).
Differentiated Services Code Point (DSCP) priority value, or a range of values separated by a dash (-).
0-63
Negates any configured parameter.
--
Usage Guidelines
This command allows you to prioritize inbound traffic that is already tagged with 802.1p and/or IP ToS in hardware queues. You apply configured priority maps to ports on the controller (using the interface fastethernet or interface gigbitethernet command). This causes the controller to inspect inbound traffic on the port; when a matching QoS tag is found, the packet or flow is mapped to the specified queue.
Example
The following commands configure a priority map and apply it to a port: (host) (config) #priority-map pri1
dscp 4-20 high dscp 60 high dot1p 4-7 high interface gigabitethernet 1/24 priority-map pri1
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
priority-map | 692
process monitor
process monitor log|restart|
Description
The process monitor validates the integrity of processes every 120 seconds. If a process does not respond during three consecutive 120-second timeout intervals, that process is flagged as nonresponsive and the process monitor will create a log message, restart the process or reboot the controller
Syntax
Parameter log
restart
Description
The process monitor creates a log message when a process fails to responding properly. This is the default behavior for the process monitor
This parameter enables strict behavior for runtime processes. When you enable this option, the process monitor will restart processes that fail to responding properly.
Usage Guidelines
The CLI command process monitor log enables logging for process monitoring. By default, whenever a process does not update a required file or send a heartbeat pulse within the required time limit, the process monitor records a critical log message, but does not restart any process. If you want the configure watchdog to restart a process once it fails to respond, use the CLI command process monitor restart.
Example
The following changes the default process monitor behavior, so the process monitor restarts nonresponsive processes. (host) #process monitor restart
Related Commands
The show process monitor statistics command displays the current status of all the processes running under the process monitor watchdog. A partial example of the output of this command is shown below: host) (config) #show process monitor statistics
Process Monitor Statistics -------------------------Name
---/mswitch/bin/arci-cli-helper /mswitch/bin/fpcli /mswitch/bin/packet_filter /mswitch/bin/certmgr /mswitch/bin/dbstart /mswitch/bin/cryptoPOST /mswitch/bin/sbConsoled /mswitch/bin/pubsub /mswitch/bin/cfgm
State
----PROCESS_RUNNING PROCESS_RUNNING PROCESS_RUNNING PROCESS_RUNNING PROCESS_RUNNING PROCESS_RUNNING PROCESS_RUNNING PROCESS_RUNNING PROCESS_RUNNING
Restarts
-------0 0 0 0 0 0 0 0 0
Timeout Value Timeout
Chances
------------- ---------------
120
3
120
3
120
3
120
3
120
3
120
3
120
3
120
3
120
3
693 | process monitor
Dell Networking W-Series ArubaOS 6.4.x | User Guide
/mswitch/bin/syslogdwrap
PROCESS_RUNNING 0
120
3
/mswitch/bin/aaa
PROCESS_RUNNING 0
120
3
/mswitch/bin/fpapps
PROCESS_RUNNING 0
120
3
/mswitch/bin/pim
PROCESS_RUNNING 0
120
3
/mswitch/bin/lic
Command History
Release ArubaOS 3.4
Modification Command introduced
ArubaOS 3.4
The process restart command was deprecated.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
process monitor | 694
prompt
prompt <prompt>
Description
This command changes the prompt text.
Syntax
Parameter prompt
Description
Range
The prompt text displayed by the controller. 164
Default <hostname>
Usage Guidelines
You can use any alphanumeric character, punctuation, or symbol character. To use spaces, plus symbols (+), question marks (?), or asterisks (*), enclose the text in quotes. You cannot alter the parentheses that surround the prompt text, or the greater-than (>) or hash (#) symbols that indicate user or enable CLI mode.
Example
The following example changes the prompt text to "It's a new day!". (host) (config) #prompt "It's a new day!" (It's a new day!) (config) #
Command History
This command was introduced in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
695 | prompt
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap
provision-ap a-ant-bearing <bearing> a-ant-gain <gain> a-ant-tilt-angle <angle> a-antenna {1|2|both} altitude <altitude> ap-group <group> ap-name <name> apdot1x-passwd <string> apdot1x-username <name> cellular_nw_preference 3g-only|4g-only|advanced|auto copy-provisioning-params {ap-name <name> | ip-addr <ipaddr>} dns-server-ip <ipaddr> dns-server-ip6 <ipv6 address> domain-name <name> external-antenna fqln <name> g-ant-bearing <bearing> g-ant-gain <gain> g-ant-tilt-angle <angle> g-antenna {1|2|both} gateway <ipaddr> gateway6 <ipv6-address> ikepsk <key> installation default|indoor|outdoor ip6addr <ipv6-address> ip6prefix <ipv6-prefix> ipaddr <ipaddr> latitude <location> link-priority-cellular link-priority-ethernet longitude <location> master {<name>|<ipaddr>} mesh-role {mesh-point|mesh-portal|none|remote-mesh-portal} mesh-sae {sae-disable|sae-enable} netmask <netmask> no ... pap-passwd <string> pap-user <name> pkcs12-passphrase <string> pppoe-chap-secret<key> pppoe-passwd <string> pppoe-service-name <name> pppoe-user <name> read-bootinfo {ap-name <name>|ip-addr <ipaddr>|wired-mac <macaddr>} reprovision {all|ap-name <name>|ip-addr <ipaddr>|ip6-addr <ip6-addr>|serial-num <string>|service-tag <service-tag>|wired-mac <macaddr>} reset-bootinfo {ap-name <name>|ip-addr <ipaddr>|wired-mac <macaddr>} server-ip <ipaddr> sch-mode-radio-0 sch-mode-radio-1 server-name <name> set-ikepsk-by-addr <ip-addr> syslocation <string> uplink-vlan <uplink-vlan> usb-dev <usb-dev> usb-dial <usb-dial> usb-init <usb-init>
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 696
usb-passwd <usb-passwd> usb-power-mode auto|enable|disable usb-tty <usb-tty> usb-tty-control <usb-tty-control> usb-type <usb-type> usb-user <usb-user>
Description
This command provisions or reprovisions an AP.
697 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Syntax
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 698
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
a Determines the horizontal coverage distance of the 802.11a (5GHz) antenna from True North.
0-
a From a planning perspective, the horizontal coverage pattern does not consider the elevation or vertical n antenna pattern.
3-
t NOTE: This parameter is supported on outdoor APs only. If you use this parameter to configure an indoor 6-
- AP, an error message is displayed.
0
b
e
a
D-
r
e-
i
c-
n g
i-
m-
a-
l
Degrees
a Antenna gain for 802.11a (5GHz) antenna.
--
-
a
n
t
-
g
a
i
n
699 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
a Directs the angle of the 802.11a (5GHz) antenna for optimum coverage.
-
-
9
a Use a - (negative) value for downtilt and a + (positive) value for uptilt.
0
n NOTE: This parameter is supported on outdoor APs only. If you use this parameter to configure an indoor
t AP, an error message is displayed.
t
-
o
t
i
+
l
9
t
0
-
a
D
n
e
g
c
l
i
e
m
a
l
D e g r e e s
a Antenna use for 5 GHz (802.11a) frequency band.
1
-
,
a l 1: Use antenna 1
n l 2: Use antenna 2
2
t
,
e l both: Use both antennas (default)
n
b
n
o
a
t
h
(
d
e
f
a
u
l
t
)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 700
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
a Altitude, in meters, of the AP.
--
l NOTE: This parameter is supported on outdoor APs only. If you use this parameter to configure an indoor t AP, an error message is displayed. i
t
u
d
e
a Name of the AP group to which the AP belongs.
--
p
-
g
r
o
u
p
a Name of the AP to be provisioned.
--
p
-
n
a
m
e
a Password of the AP to authenticate to 802.1X using PEAP.
--
p
d
o
t
1
x
-
p
a
s
s
w
d
701 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
a Username of the AP to authenticate to 802.1X using PEAP.
--
p
d
o
t
1
x
-
u
s
e
r
n
a
m
e
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 702
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
This setting allows you to select how the modem should operate.
--
l auto (default): In this mode, the modem firmware will control the cellular network service selection; so the cellular network service failover and fallback is not interrupted by the remote AP (RAP).
l 3g_only: Locks the modem to operate only in 3G.
l 4g_only: Locks the modem to operate only in 4G.
l advanced: The RAP controls the cellular network service selection based on the Received Signal Strength Indication (RSSI) threshold-based approach. Initially the modem is set to the default auto mode. This allows the modem firmware to select the available network. The RAP determines the RSSI value for the available network type (for example 4G), checks whether the RSSI is within required range, and if so, connects to that network. If the RSSI for the modem's selected network is not within the required range, the RAP will then check the RSSI limit of an alternate network (for example, 3G), and reconnect to that alternate network. The RAP will repeat the above steps each time it tries to connect using a 4G multimode modem in this mode.
703 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
c Initializes the provisioning-params workspace with the current provisioning parameters of the specified
--
o AP, The provisioning parameters of the AP must have previously been retrieved with the read-bootinfo
p option.
y NOTE: This parameter can only be used on the master controller. -
p
r
o
v
i
s
i
o
n
i
n
g
-
p
a
r
a
m
s
d IP address of the DNS server for the AP.
--
n
s
-
s
e
r
v
e
r
-
i
p
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 704
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
d IPv6 address of the DNS server for the AP.
--
n
s
-
s
e
r
v
e
r
-
i
p
6
d Domain name for the AP.
--
o
m
a
i
n
-
n
a
m
e
e Use an external antenna with the AP.
--
x
t
e
r
n
a
l
-
a
n
t
e
n
n
a
f Fully-qualified location name (FQLN) for the AP, in the format <APname.floor.building.campus>.
--
q
l
n
705 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
g Determines the horizontal coverage distance of the 802.11g (2.4GHz) antenna from True North.
0-
a From a planning perspective, the horizontal coverage pattern does not consider the elevation or vertical n antenna pattern.
3-
t NOTE: This parameter is supported on outdoor APs only. If you use this parameter to configure an indoor 6-
- AP, an error message is displayed.
0
b
e
a
d-
r
e-
i
c-
n g
i-
m-
a-
l
degrees
g Antenna gain for 802.11g (2.4GHz) antenna.
--
-
a
n
t
-
g
a
i
n
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 706
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
g Directs the angle of the 802.11g (2.4GHz) antenna for optimum coverage.
-
-
9
a Use a - (negative) value for downtilt and a + (positive) value for uptilt.
0
n NOTE: This parameter is supported on outdoor APs only. If you use this parameter to configure an indoor
t AP, an error message is displayed.
t
-
o
t
i
+
l
9
t
0
-
a
D
n
e
g
c
l
i
e
m
a
l
D e g r e e s
g Antenna use for 2.4 GHz (802.11g) frequency band.
1
-
,
a l 1: Use antenna 1
n l 2: Use antenna 2
2
t
,
e l both: Use both antennas
n
b
n
o
a
t
h
g IP address of the default gateway for the AP.
--
a
t
e
w
a
y
707 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
g IPv6 address of the default gateway for the AP.
--
a
t
e
w
a
y
6
i IKE preshared key for the AP.
--
k
e
p
s
k
i Specify the type of installation (indoor or outdoor). The default parameter automatically selects an
d
n installation mode based upon the AP model type.
e
s
f
t
a
a
u
l
l
l
t
a
t
i
i
n
o
d
n
o
o
r
o u t d o o r
i Static IPv6 address of the AP.
--
p
6
a
d
d
r
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 708
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
i The prefix of static IPv6 address of the AP.
--
p
6
p
r
e
f
i
x
i Static IP address for the AP.
--
p
a
d
d
r
l Latitude coordinates of the AP. Use the format: Degrees, Minutes, Seconds (DMS). For example: 37 22 00 -- aN t i t u d e
709 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
l Set the priority of the cellular uplink. By default, the cellular uplink is a lower priority than the wired uplink; -- i making the wired link the primary link and the cellular link the secondary or backup link. n k Configuring the cellular link with a higher priority than your wired link priority will set your cellular link as - the primary controller link. p r i o r i t y c e l l u l a r
< l i n k p r i o r i t y c e l l u l a r >
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 710
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
l Set the priority of the wired uplink. Each uplink type has an associated priority; wired ports having the
--
i highest priority by default.
n
k
-
p
r
i
o
r
i
t
y
-
e
t
h
e
r
n
e
t
<
l
i
n
k
-
p
r
i
o
r
i
t
y
-
e
t
h
e
r
n
e
t
>
711 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
l Longitude coordinates of the AP. Use the DMS format.
--
o n For example: 122 02 00 W
g
i
t
u
d
e
m Name or IP address of the master controller.
--
a
s
t
e
r
m Configure the AP to operate as a mesh node. You assign one of three roles: mesh portal, mesh point or -- e remote mesh point. If you select "none," the AP operates as a thin AP. s h r o l e
m Enable or disable Simultaneous Authentication of Equals (SAE) on a mesh network. This option offers
--
e enhanced security over the default wpa2-psk-aes mesh security setting, and provides secure, attack-
s resistant authentication using a pre-shared key. SAE supports simultaneous initiation of a key exchange,
h allowing either party to initiate an exchange or both parties to initiate a key exchange simultaneously
s To use the SAE feature, you must enable this parameter on all mesh nodes (points and portals) in the a network, to prevent mesh link connectivity issues.
e NOTE: This is a Beta feature only. This parameter should be kept "disabled" for this release.
n Netmask for the IP address.
--
e
t
m
a
s
k
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 712
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
n Negates any configured parameter.
--
o
p Password Authentication Protocol (PAP) password for the AP.
--
a p You can use special characters in the PAP password. Following are the restrictions:
- l You cannot use double-byte characters p
a l You cannot use a tilde (~)
s s l You cannot use a tick (`)
w l If you use quotes (single or double), you must use the backslash (\) before and after the password d
p PAP username for the AP.
--
a
p
-
u
s
e
r
p- Passphrase in PKCS12 format.
--
kc-
s-
1-
2-
passphrase
713 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
p PPPoE CHAP secret key for the AP.
--
p
p
o
e
-
c
h
a
p
-
s
e
c
r
e
t
p Point-to-Point Protocol over Ethernet (PPPoE) password for the AP.
--
p
p
o
e
-
p
a
s
s
w
d
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 714
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
p PPPoE service name for the AP.
--
p
p
o
e
-
s
e
r
v
i
c
e
-
n
a
m
e
p PPPoE username for the AP.
--
p
p
o
e
-
u
s
e
r
r Retrieves current provisioning parameters of the specified AP.
--
e NOTE: This parameter can only be used on the master controller. a
d
-
b
o
o
t
i
n
f
o
715 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
r Provisions one or more APs with the values in the provisioning-params workspace. To use reprovision,
--
e you must use read-bootinfo to retrieve the current values of the APs into the provisioning-ap-list.
p NOTE: This parameter can only be used on the master controller. r
o
v
i
s
i
o
n
r Restores factory default provisioning parameters to the specified AP.
--
e NOTE: This parameter can only be used on the master controller. s
e
t
-
b
o
o
t
i
n
f
o
s If you are provisioning an 802.11n-capable AP, you can issue the sch-mode-radio-0 c command to enable single-chain mode for the selected radio. AP radios in single-chain h mode will transmit and receive data using only legacy rates and single-stream HT - rates up to MCS 7. This setting is disabled by default. m o d e r a d i o 0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 716
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
s If you are provisioning an 802.11n-capable AP, you can issue the sch-mode-radio-1 command to enable c single-chain mode for the selected radio. AP radios in single-chain mode will transmit and receive data h using only legacy rates and single-stream HT rates up to MCS 7. This setting is disabled by default. m o d e r a d i o 1
s IP address of the controller from which the AP boots. e r v e r i p
s DNS name of the controller from which the AP boots. e r v e r n a m e
717 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
s Set a IKE preshared key to correspond to a specific IP address. e t i k e p s k b y a d d r
s User-defined description of the location of the AP. y s l o c a t i o n
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 718
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
u If you configure an uplink VLAN on an AP connected to a port in trunk mode, the AP sends and receives p frames tagged with this VLAN on its Ethernet uplink. l i By default, an AP has an uplink vlan of 0, which disables this feature. n NOTE: If an AP is provisioned with an uplink VLAN, it must be connected to a trunk mode port or the AP's k frames will be dropped. v l a n
< u p l i n k v l a n >
u The USB device identifier, if the device is not already supported. s b d e v
u The dial string for the USB modem. This parameter only needs to be specified if the default string is not s correct. b d i a l
719 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
USB cellular devices on remote APs typically register as modems, but may occasionally register as a mass-storage device. If a remote AP cannot recognize its USB cellular modem, use the usb-modeswitch command to specify the parameters for the hardware model of the USB cellular data-card.
NOTE: You must enclose the entire modeswitch parameter string in quotation marks.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 720
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
u The initialization string for the USB modem. This parameter only needs to be specified if the default string s is not correct. b i n i t
u A PPP password, if provided by the cellular service provider s b p a s s w d
721 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
u Set the USB power mode to control the power to the USB port. s b p o w e r m o d e
a u t o |
e n a b l e | d i s a b l e
u The TTY device path for the USB modem. This parameter only needs to be specified if the default path is s not correct. b t t y
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 722
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
u The TTY device control path for the USB modem. This parameter only needs to be specified if the default s path is not correct. b t t y c o n t r o l
u Specify the USB driver type. s b l acm: Use ACM driver - l airprime: Use Airprime driver t y l beceem-wimax: Use Beceem driver for 4G-WiMAX p e l ether: Use CDC Ether driver for direct IP 4G device
l hso: Use HSO driver for newer Option
l none: Disable 3G or 2G network on USB
l option: Use Option driver
l pantech-3g: Same as "pantech-uml290" - to support upgrade
l pantech-uml290: Use Pantech USB driver for UML290 device
l ptumlusbnet: Use Pantech USB driver for 4G device
l rndis: Use a RNDIS driver for a 4G device
l sierra-evdo: Use EVDO Sierra Wireless driver
l sierra-gsm: Use GSM Sierra Wireless driver
l sierrausbnet:Use SIERRA Direct IP driver for 4G device
l storage: Use USB flash as storage device for storing RAP certificates
723 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
P-
a-
r-
R-
a-
a-
m- Description
n-
e-
g-
t-
e
e-
r
u The PPP username provided by the cellular service provider s b u s e r
Usage Guidelines
You do not need to provision APs before installing and using them. The exceptions are outdoor APs, which have antenna gains that you must provision before they can be used, and APs configured for mesh. You must provision the AP before you install it as a mesh node in a mesh deployment.
Users less familiar with this process may prefer to use the Provisioning page in the WebUI to provision an AP.
Provisioned or reprovisioned values do not take effect until the AP is rebooted. APs reboot automatically after they are successfully reprovisioned.
In order to enable cellular uplink for a remote AP (RAP), the RAP must have the device driver for the USB data card and the correct configuration parameters. ArubaOS includes device drivers for the most common hardware types, but you can use the usb commands in this profile to configure a RAP to recognize and use an unknown USB modem type.
Provisioning a Single AP
To provision a single AP:
1. Use the read-bootinfo option to read the current information from the deployed AP you wish to reprovision.
2. Use the show provisioning-ap-list command to see the AP to be provisioned. 3. Use the copy-provisioning-params option to copy the AP's parameter values to the provisioning-params
workspace. 4. Use the provision-ap options to set new values. Use the show provisioning-params command to display
parameters and values in the provisioning-params workspace. Use the clear provisioning-params command to reset the workspace to default values. 5. Use the reprovision option to provision the AP with the values in provisioning-params workspace. The AP automatically reboots.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 724
Provisioning Multiple APs at a Time
You can change parameter values for multiple APs at a time, however, note the following:
l You cannot provision the following AP-specific options on multiple APs: n ap-name n ipaddr n pap-user n pap-passwd n ikepsk If any of these options are already provisioned on the AP, their values are retained when the AP is reprovisioned.
l The values of the server-name, a-ant-gain, or g-ant-gain options are retained if they are not reprovisioned. l All other values in the provisioning-params workspace are copied to the APs.
To provision multiple APs at the same time:
1. Use the read-bootinfo to read the current information from each deployed AP that you wish to provision.
The AP parameter values are written to the provisioning-ap-list. To reprovision multiple APs, the APs must be present in the provisioning-ap-list. Use the show provisioning-ap-list command to see the APs that will be provisioned. Use the clear provisioning-ap-list command to clear the provisioning-ap-list.
2. Use the copy-provisioning-params option to copy an AP's parameter values to the provisioning-params workspace.
3. Use the provision-ap options to set new values. Use the show provisioning-params command to display parameters and values in the provisioning-params workspace. Use the clear provisioning-params command to reset the workspace to default values.
4. Use the reprovisionall option to provision the APs in the provisioning-ap-list with the values in provisioning-params workspace. All APs in the provisioning-ap-list automatically reboot.
The following are useful commands when provisioning one or more APs:
l show|clear provisioning-ap-list displays or clears the APs that will be provisioned. l show|clear provisioning-params displays or resets values in the provisioning-params workspace. l show ap provisioning shows the provisioning parameters an AP is currently using.
Example
The following commands change the IP address of the master controller on the AP: (host) (config) #provision-ap
read-bootinfo ap-name lab103 show provisioning-ap-list copy-provisioning-params ap-name lab103 master 10.100.102.210 reprovision ap-name lab103
725 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 3.0 ArubaOS 3.2 ArubaOS 3.4
ArubaOS 5.0 ArubaOS 6.0 ArubaOS 6.1
ArubaOS 6.2
Modification
Command introduced
Introduced support for the mesh parameters, additional antenna parameters, and AP location parameters.
Introduced support for the following parameters: l installation l mesh-sae l set-ikepsk-by-addr l usb-dev l usb-dial l usb-init l usb-passwd l usb-tty l usb-type l usb-user l link-priority-cellular l link-priority-ethernet
The mesh-sae parameter no longer has the sae-default option. Use the sae-disable option to return this parameter to its default disabled setting.
The uplink-vlan parameter was introduced.
The following new parameters were introduced for provisioning IPv6 APs: l dns-server-ip6 l ip6addr l ip6prefix l gateway6
The following new parameters provision APs in single-chain mode: l sch-mode-radio-0 l sch-mode-radio-1 The following new parameters provision APs for 802.1X authentication: l apdot1x-passwd l apdot1x-username The following new parameters provision Remote APs using USB modems: l usb-modeswitch
Dell Networking W-Series ArubaOS 6.4.x | User Guide
provision-ap | 726
Release
ArubaOS 6.2.1.0
ArubaOS 6.3 ArubaOS 6.3.1 ArubaOS 6.4.2.0
Modification l 4g-usb-type
The cellular_nw_preference parameter was introduced for provisioning multi-mode modems, and the 4g-usb-type parameter was deprecated. Specify a 2/3G or 4G modem type using the usb-type parameter. The sierrausbnet and storage usb-type parameters were introduced. the rndis usb-type parameter was introduced. The service-tag parameter was introduced under reprovision parameter.
Command Information
Platforms
Licensing
Command Mode
All platforms, except for the parameters noted in the Syntax table.
Base operating system, except for the parameters noted in the Syntax table.
Config mode on master controllers
727 | provision-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
qos-profile (deprecated)
qos-profile <profile-name> clone <source> dot1p <priority> drop-precedence {high | low} dscp <rewrite-value> no traffic-class <traffic-class-value>
Description
This command configures a QoS profile to assign TC/DP, DSCP, and 802.1p values to an interface or policer profile.
Command History
Release ArubaOS 6.2
Modification Command deprecated.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
qos-profile (deprecated) | 728
reload-peer-sc (deprecated)
reload-peer-sc
Description
This command performs a reboot of the W-6000M3 controller module.
Command History
Version ArubaOS 1.0
Description Command Introduced
ArubaOS 6.1
Command deprecated
729 | reload-peer-sc (deprecated)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
reload
reload
Description
This command performs a reboot of the controller.
Syntax
No parameters.
Usage Guidelines
Use this command to reboot the controller if required after making configuration changes or under the guidance of Dell Networks customer support. The reload command powers down the controller, making it unavailable for configuration. After the controller reboots, you can access it via a local console connected to the serial port, or through an SSH, Telnet, or WebUI session. If you need to troubleshoot the controller during a reboot, use a local console connection. After you use the reload command, the controller prompts you for confirmation of this action. If you have not saved your configuration, the controller returns the following message: Do you want to save the configuration (y/n): l Enter y to save the configuration. l Enter n to not save the configuration. l Press [Enter] to exit the command without saving changes or rebooting the controller. If your configuration has already been saved, the controller returns the following message: Do you really want to reset the system(y/n): l Enter y to reboot the controller. l Enter n to cancel this action. The command will timeout if you do not enter y or n.
Example
The following command assumes you have already saved your configuration and you must reboot the controller: (host) (config) #reload The controller returns the following messages: Do you really want to reset the system(y/n): y System will now restart! ... Restarting system.
Command History
This command was introduced in ArubaOS 1.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
reload | 730
Command Information
Platforms All platforms
Licensing
Base operating system
Command Mode Enable and Config modes on master controllers
731 | reload
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rename
rename <filename> <newfilename>
Description
This command renames an existing system file.
Syntax
Parameter filename
newfilename
Description
An alphanumeric string that specifies the current name of the file on the system.
An alphanumeric string that specifies the new name of the file on the system.
Usage Guidelines
Use this command to rename an existing system file on the controller. You can use a combination of numbers, letters, and punctuation (periods, underscores, and dashes) to rename a file. The new name takes affect immediately. Make sure the renamed file uses the same file extension as the original file. If you change the file extension, the file may be unrecognized by the system. For example, if you have an existing file named upgrade.log, the new file must include the .log file extension. You cannot rename the active configuration currently selected to boot the controller. If you attempt to rename the active configuration file, the controller returns the following message: Cannot rename active configuration file To view a list of system files, and for more information about the directory contents, see dir on page 362.
Example
The following command changes the file named test_configuration to deployed_configuration: (host) (config) #rename test_configuration deployed_configuration
Command History
This command was introduced in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Eanble and Config modes on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rename | 732
restore
restore flash
Description
This command restores flash directories backed up to the flashbackup.tar.gz file.
Syntax
Parameter flash
Description Restores flash directories from the flashbackup.tar.gz file.
Usage Guidelines
Use the backup flash command to tar and compress flash directories to the flashbackup.tar.gz file.
Example
The following command restores flash directories from the flashbackup.tar.gz file: (host) #restore flash
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
733 | restore
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf am-scan-profile
<profile-name> clone <profile> dwell-time-active-channel dwell-time-other-reg-domain-channel dwell-time-rare-channel dwell-time-reg-domain-channel no scan-mode
Description
Configure an Air Monitor (AM) scanning profile.
Syntax
Parameter <profile-name>
Description
Name of this instance of the profile.
Range
1-63 characters
clone <profile>
Copy data from another AM
--
scanning profile
dwell-time-active-channel
Dwell time (in ms) for channels where there is wireless activity.
100-32768 ms
dwell-time-other-reg-domain-channel
Dwell time (in ms) for channels not in the APs regulatory domain.
100-32768 ms
dwell-time-rare-channel
Dwell time (in ms) for rare channels.
100-32768 ms
dwell-time-reg-domain-channel
Dwell time (in ms ) for AP's Regulatory domain channels
100-32768 ms
no
Delete the command
--
scan-mode
Set the scanning mode for
--
the radio.
all-reg-domain
Scan channels in all
--
regulatory domain
rare
Scan all channels (all
--
regulatory domains and rare
channels)
reg-domain
Scan channels in the APs
--
regulatory domain
Default -- -- 500 ms
250 ms
100 ms 250 ms -- -- -- --
--
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf am-scan-profile | 734
Usage Guidelines
Channels are categorized into the following types:
l Active Channel: This qualifier indicates that wireless activity (for example, a probe request) is detected on this channel by the presence of an AP or other 802.11 activity.
l All Regulatory Domain Channels: A valid non-overlapping channel that is in the regulatory domain of at least one country.
l Rare Channels: Channels that fall into a frequency range outside of the regulatory domain; 2484 MHz and 4900MHz-4995MHz (J-channels), and 5000-5100Mhz.
l Regulatory Domain Channels: A channel that belongs to the regulatory domain of the country in which the AP is deployed. The set of channels that belong to this group is a subset of the channels in all-regdomain channel group.
Command History
Release ArubaOS 6.0
Modification Command introduced
Command Information
Platforms All Platforms
Licensing RFProtect
Command Mode Configuration Mode (config)
735 | rf am-scan-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rft
rft test profile antenna-connectivity ap-name <name> [dest-mac <macaddr> [phy {a|g}| radio {0|1}]]
rft test profile link-quality {ap-name <name> dest-mac <macaddr> [phy {a|g}| radio {0|1}] | bssid <bssid> dest-mac <macaddr> | ip-addr <ipaddr> dest-mac <macaddr> [phy {a|g}|radio {0|1}]}
rft test profile raw {ap-name <name> dest-mac <macaddr> [phy {a|g}|radio {0|1}] | bssid <bssid> dest-mac <macaddr> | ip-addr <ipaddr> dest-mac <macaddr> [phy {a|g}|radio {0|1}]}
Description
This command is used for RF troubleshooting.
Syntax
Parameter ap-name dest-mac phy radio bssid ip-addr
Description Name of the AP that performs the test. MAC address of the client to be tested. 802.11 type, either a or g. Radio ID, either 0 or 1. BSSID of the AP that performs the test. IP address of the AP that performs the test.
Range -- -- a|g 0|1 --
Usage Guidelines
This command can run predefined test profiles for antenna connectivity, link quality, or raw testing. You should only run these commands when directed to do so by a Dell support representative.
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rft | 736
rf arm-rf-domain-profile
rf arm-rf-domain profile arm-rf-domain-key <arm-rf-domain-key>
Description
This profile holds a non-editable key defined by the master controller, and used to sign over-the air (OTA) ARM updates exchanged between APs.
Syntax
Parameter <arm-rf-domain-key>
Description Non-editable key value
Command History
Release ArubaOS 6.2
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
737 | rf arm-rf-domain-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf arm-profile
rf arm-profile <profile> 40MHz-allowed-bands {All|None|a-only|g-only} 80MHz support acceptable-coverage-index <number> active-scan (not intended for use) aggressive-scan assignment {disable|maintain|multi-band|single-band} backoff-time <seconds> cellular-handoff-assist channel-quality-aware-arm channel-quality-threshold <channel-quality-threshold> channel-quality-wait-time <seconds> client-aware client-match clone <profile> cm-band-a-min-signal <cm-band-a-min-signal> cm-band-g-max-signal <cm-band-g-max-signal> cm-dot11v cm-lb-client-thresh <#-of-clients> cm-lb-signal-delta <cm-lb-signal-delta> cm-lb-snr-thresh <dB> cm-lb-thresh <%-of-clients> cm-max-steer-fails <#-of-fails> cm-report-interval cm-stale-age <secs> cm-steer-timeout <secs> cm-sticky-check_intvl <secs> cm-sticky-min-signal <-dB> cm-sticky-snr <dB> cm-sticky-snr-delta cm-update-interval <dB> cm-unst-ageout-interval days <days> hours <hours> error-rate-threshold <percent> error-rate-wait-time <seconds> free-channel-index <number> ideal-coverage-index <number> load-aware-scan-threshold max-tx-power <dBm> min-scan-time <# of scans> min-tx-power <dBm> mode-aware multi-band-scan no ... ota-updates ps-aware-scan rogue-ap-aware scan mode {all-reg-domain|reg-domain} scan-interval scanning video-aware-scan voip-aware-scan
Description
This command configures the Adaptive Radio Management (ARM) profile.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf arm-profile | 738
Syntax
Parameter <profile>
Description
Name of this instance of the profile. The name must be 1-63 characters.
Range --
40MHz-allowed- bands
The specified setting allows ARM to determine if 40 MHz mode of operation is allowed on the 5 GHz or 2.4 GHz frequency band only, on both frequency bands, or on neither frequency band.
All/None/ a-only/g-only
All
Allows 40 MHz channels on both the
--
5 GHZ (802.11a) and 2.4 GHZ
(802.11b/g) frequency bands.
None
Disallows use of 40 MHz channels.
--
a-only
Allows use of 40 MHz channels on the -- 5 GHZ (802.11a) frequency band only.
g-only
Allows use of 40 MHz channels on the -- 2.4 GHZ (802.11b/g) frequency band only.
80MHz-support
If enabled, 80 MHz channels can be
--
used in the 5 GHz frequency band on
APs that support 802.11ac.
acceptable-coverage-index The minimal coverage that the AP
1-6
should try to achieve on its channel.
The denser the AP deployment, the
lower this value should be.
This setting applies to multi-band implementations only.
active-scan
When active-scan is enabled, an AP
--
initiates active scanning via probe
request. This option elicits more
information from nearby APs, but
also creates additional management
traffic on the network. This feature is
disabled by default, and should not be
enabled except under the direct
supervision of Dell Technical Support.
Default: disabled
aggressive-scan
When this feature is enabled, an AP
--
radio with no clients will scan
channels every second.
Default "default" a-only
-- -- -- -- enabled 4
disabled
enabled
739 | rf arm-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter assignment
Description
Activates one of four ARM channel/power assignment modes.
Range --
disable
Disables ARM channel/power
--
assignments.
maintain
Maintains existing channel
--
assignments.
multi-band
Computes ARM assignments for both -- 5 GHZ (802.11a) and 2.4 GHZ (802.11b/g) frequency bands.
single-band
Computes ARM assignments for a
--
single band.
backoff-time
Time, in seconds, an AP backs off after requesting a new channel or power.
120-3600
cellular-handoff-assist
When both the client match and
--
cellular handoff assist features are
enabled, the cellular handoff assist
feature can help a dual-mode, 3G/4G-
capable Wi-Fi device such as an
iPhone, iPad, or Android client at the
edge of Wi-Fi network coverage
switch from Wi-Fi to an alternate
3G/4G radio that provides better
network access. This feature is
disabled by default, and is
recommended only for Wi-Fi hotspot
deployments.
channel-quality-aware-arm Base ARM changes on channel
--
quality and noise floor values. If this
parameter is disabled, only noise-
floor values will be used to change
channels. Default: Disabled
channel-quality-threshold
Channel quality percentage below which ARM initiates a channel change.
0-100
channel-quality-wait-time
If channel quality is below the specified channel quality threshold for this wait time period, ARM initiates a channel change.
1-3600
Default single-band (new installation s only) -- -- --
-- 240 seconds disabled
disabled
70
120
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf arm-profile | 740
Parameter client-aware
Description
Range
If the Client Aware option is enabled,
--
the AP does not change channels if
there is active client traffic on that AP.
If Client Aware is disabled, the AP
may change to a more optimal
channel, but this change may also
disrupt current client traffic.
client match
The client match feature helps
--
optimize network resources by
balancing clients across channels,
regardless of whether the AP or the
controller is responding to the
wireless client's probe requests.
If enabled, the controller compares whether or not an AP has more clients than its neighboring APs on other channels. If an AP's client load is at or over a predetermined threshold as compared to its immediate neighbors, or if a neighboring Dell AP on another channel does not have any clients, load balancing will be enabled on that AP. This feature is enabled by default
clone
Name of an existing ARM profile from -- which parameter values are copied.
cm-band-a-min-signal <cm- Minimum signal level required for the --
band-a-min-signal>
targeted A band radio in a Client
Match band steer move (-dBm).
cm-band-g-max-signal <cm- Maximum signal level of the G band
--
band-g-max-signal>
radio that can trigger a Client Match
band steer move (-dBm)
cm-dot11v
Client Match steers using 802.11v
--
BSS Transition Management.
cm-lb-client-thresh <#-of-clients>
If an AP radio has fewer clients than the client match load balancing threshold defined by this parameter, the AP will not participate in load balancing.
0-100 clients
Default enabled
enabled
-- 75 45 enabled 30
741 | rf arm-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter cm-lb-signal-delta
Description
Range
Client match will not move a client to a new radio if the signal strength of the target AP is this dB value lower than the radio to which the client is currently associated. This parameter works differently than the cm-lb-snrthresh value, which imposes a definite value on the target AP's signal-to-noise radio. the cm-lbsignal-delta imposes a relative constraint based upon the signal strength of the radio to which the client is currently associated.
0-20 dB
Default 5 dB
cm-lb-snr-thresh <dB>
Clients must detect a SNR from an
0-100 dB
25
underutilized AP radio at or above
this threshold before the client match
feature considers load balancing a
client to that radio.
cm-lb-thresh <%-of-clients>
When the client match feature is
0-100 %
20
enabled, clients may be steered from
a highly utilized channel on an AP to a
channel with fewer clients. If a
channel on an AP radio has this
percentage fewer clients than
another channel supported by the
client, the client match feature may
move clients from the busier channel
to the channel with fewer clients.
cm-max-steer-fails <#-of-fails>
The controller keeps track of the
0-100 failures
5
number of times the client match
feature failed to steer a client to a
different radio, and the reason that
each steer attempt was triggered. If
the client match feature attempts to
steer a client to a new radio multiple
consecutive times for the same
reason but client steering fails each
time, the controller notifies the AP to
mark the client as unsteerable for
that specific trigger.
This parameter defines the maximum allowed number of client match steering fails with the same trigger before the client is marked as unsteerable for that trigger.
cm-report-interval <secs> This interval defines how often an AP
0-255 secs
30
sends an updated client probe report
to the controller. Each client probe
report contains a list of
MAC addresses for clients that have
been active in the last two minutes,
and the AP radio SNR values seen by
those clients.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf arm-profile | 742
Parameter cm-stale-age <secs>
Description
Range
The controller maintains client match data for up to clients showing the detected SNR values for up to 16 candidate APs per client. This table is periodically updated as APs send client probe reports to the controller. This parameter defines the amount of time that the controller should retain client match data from each client probe report.
Different controller types support varying numbers of clients.
l W-650 : 4096 clients
l W-3000 Series: 4096 clients
l W-7005: 1024 client
l W-7010: 2048 clients
l W-7030: 4096 clients
l W-7240: 32000 clients
l W-7220: 24000 clients
l W-7210: 16000 clients
l W-6000M3 = 8000 clients
0- 65535 seconds
cm-steer-timeout
When a client is steered from one AP to a more desirable AP, the steer timeout feature helps facilitate the move by defining the amount of time that any APs to which the client should NOT associate will not respond to the AP.
0-255 secs
cm-sticky-check-interval <secs>
Frequency at which the AP checks for client's received SNR values. If the SNR value drops below the threshold defined by the cm-sticky-snr parameter for three consecutive check intervals, that client may be moved to an different AP.
0-255 secs
cm-sticky-min-signal <-dB>
A client triggered to move to a different AP may consider an AP radio a better match if the client detects that the signal from the candidate AP radio is at or higher than the minimum signal level defined by this parameterand the candidate radio has a higher signal strength than the radio to which the client is currently associated. (The required improvement in signal strength can be defined using the cm-sticky-snr-delta command.)
0-255 (-dB)
Default 900 secs
3 secs 65
743 | rf arm-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter cm-sticky-snr <dB>
cm-sticky-snr-delta
Description
Range
If the client's received signal strength indicator (RSSI) is above this signalto-noise ratio (SNR) threshold, that client will be allowed to stay associated to its current AP. If the client's received signal strength is below this threshold, it may be moved to a different AP.
0-255 dB
A client triggered to move to a different AP may consider an AP radio a better match if the client detects that the signal from the AP radio is stronger than its current radio by the dB level defined by the cm-sticky-snr-thresh parameter, and the candidate radio also has a minimum signal level defined by the cm-sticky-min-signal parameter.
0-100 dB
cm-unst-ageout-interval days The client entries in an unsteerable
--
<days> hours <hours>
client list remain in effect for the
interval defined by this parameter
before they age out.
cm-unst-ageout
When client match and the client
--
match unsteerable client ageout
feature are enabled, the controller
periodically sends APs that are not a
desired AP match for a client in a list
of unsteerable clients. These lists
contain a list of MAC addresses for
up to 128 clients that should not be
steered to that AP.
The following controller types support a aggregate maximum of unsteerable clients for all APs associated to that controller.
l W-650 : 1024 unsteerable clients
l W-3000 Series: 1024 unsteerable clients
l W-7005: 256 unsteerable clients
l W-7010: 512 unsteerable clients
l W-7030: 1024 unsteerable clients
l W-7240: 8000 unsteerable clients
l W-7220: 6000 unsteerable clients
l W-7210: 4000 unsteerable clients
l W-6000M3 = 2000 unsteerable clients
Default 18
10
2 days --
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf arm-profile | 744
Parameter
error-ratethreshold
Description
Range
The percentage of errors in the channel that triggers a channel change. Recommended value is 50%. A value of 0% disables this feature.
0-100
Default 50%
error-rate-wait -time
Time, in seconds, that the error rate has to be at least the error rate threshold to trigger a channel change.
12,147,483,647
Recommende d Values: 1100
30 seconds
free-channelindex
The difference in the interference
10-40
25
index between the new channel and
current channel must exceed this
value for the AP to move to a new
channel. The higher this value, the
lower the chance an AP will move to
the new channel. Recommended
value is 25.
ideal-coverageindex
The coverage that the AP should try
2-20
10
to achieve on its channel. The denser
the AP deployment, the lower this
value should be. Recommended value
is 10.
load-aware-scan-threshold Load aware ARM preserves network
--
resources during periods of high
traffic by temporarily halting ARM
scanning if the load for the AP gets
too high.
The Load Aware Scan Threshold is the traffic throughput level an AP must reach before it stops scanning. The supported range for this setting is 0-20000000 bytes/second. (Specify 0 to disable this feature.)
1250000 bytes/seco nd
max-tx-power
Maximum effective isotropic radiated power (EIRP) from 3 to 33 dBm in 3 dBm increments. You may also specify a special value of 127 dBm for regulatory maximum to disable power adjustments for environments such as outdoor mesh links. This value takes into account both radio transmit power and antenna gain.
Higher power level settings may be constrained by local regulatory requirements and AP capabilities.
3, 6, 9, 12, 15, 18, 21, 24, 27, 30, 33, 127
127 dBm
745 | rf arm-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter min-scan-time
min-tx-power
mode-aware
multi-band-scan no ota-updates
Description
Range
Default
Minimum number of times a channel must be scanned before it is considered for assignment. The supported range for this setting is 02,147,483,647 scans. Best practices are to configure a Minimum Scan Time between 1-20 scans.
Default: 8 scans
12,147,483,647
Recommende d Values: 1-20
8 scans
Minimum effective isotropic radiated power (EIRP) from 3 to 33 dBm in 3 dBm increments. You may also specify a special value of 127 dBm for regulatory minimum. This value takes into account both radio transmit power and antenna gain.
Higher power level settings may be constrained by local regulatory requirements and AP capabilities.
3, 6, 9, 12, 15, 18, 21, 24, 27, 30, 33, 127
9 dBm
If enabled, ARM will turn APs into Air
--
Monitors (AMs) if it detects higher
coverage levels than necessary. This
helps avoid higher levels of
interference on the WLAN. Although
this setting is disabled by default, you
may want to enable this feature if
your APs are deployed in close
proximity (e.g. less than 60 feet
apart).
disabled
When enabled, single-radio APs try to -- scan across bands for rogue AP detection.
enabled
Negates any configured parameter.
--
--
The ota-updates option allows an AP -- to get information about its RF environment from its neighbors, even the AP cannot scan. If this feature is enabled, when an AP on the network scans a foreign (non-home) channel, it sends other APs an Overthe-Air (OTA) update in an 802.11 management frame that contains information about the scanning AP's home channel, the current transmission EIRP value of its home channel, and one-hop neighbors seen by that AP.
Default: enabled
enabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf arm-profile | 746
Parameter ps-aware-scan rogue-ap-aware scan-interval
scan-mode
scanning
Description
When enabled, the AP will not scan if Power Save is active.
Range --
When enabled, the AP will try to
--
contain off-channel rogue APs.
If scanning is enabled, the scan interval defines how often the AP will leave its current channel to scan other channels in the band. Offchannel scanning can impact client performance. Typically, the shorter the scan interval, the higher the impact on performance. If you are deploying a large number of new APs on the network, you may want to lower the Scan Interval to help those APs find their optimal settings more quickly. Raise the Scan Interval back to its default setting after the APs are functioning as desired.
Recommended Values: 0-30 seconds
0-2,147,483, 647 seconds
Select the scan mode for the AP:
--
l all-reg-domain: The AP scans channels within all regulatory domains. This is the default setting.
l reg-domain:Limit the AP scans to just the regulatory domain for that AP.
The Scanning checkbox enables or
--
disables AP scanning across multiple
channels. Disabling this option also
disables the following scanning
features:
l Multi Band Scan
l Rogue AP Aware
l Voip Aware Scan
l Power Save Scan
Do not disable Scanning unless you want to disable ARM and manually configure AP channel and transmission power.
Default disabled disabled 10 seconds
all-regdomain
enabled
747 | rf arm-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter video-aware-scan
voip-aware-scan
Description
Range
As long as there is at least one video
--
frame every 100 mSec the AP will
reject an ARM scanning request. Note
that for each radio interface, video
frames must be defined in one of two
ways:
l Classify the frame as video traffic via a session ACL.
l Enable WMM on the WLAN's SSID profile and define a specific DSCP value as a video stream. Next, create a session ACL to tag the video traffic with the that DSCP value.
Dell's VoIP Call Admission Control
--
(CAC) prevents any single AP from
becoming congested with voice calls.
When you enable CAC, you should
also enable voip-aware-scan
parameter in the ARM profile, so the
AP will not attempt to scan a different
channel if one of its clients has an
active VoIP call. This option requires
that scanning is also enabled.
Default enabled
disabled
Usage Guidelines
Adaptive Radio Management (ARM) is a radio frequency (RF) resource allocation algorithm that allows each AP to determine the optimum channel selection and transmit power setting to minimize interference and maximize coverage and throughput. This command configures an ARM profile that you apply to a radio profile for the 5 GHz or 2.4 GHz frequency band (see rf dot11a-radio-profile on page 752 or rf dot11g-radio-profile on page 763).
Channel Quality
Hybrid APs and Spectrum Monitors determine channel quality by measuring channel noise, non-Wi-Fi (interferer) utilization and duty-cycles, and certain types of Wi-Fi retries. Regular APs using the ARM feature derive channel quality values by measuring the noise floor for that channel.
Client Match
the ARM client match feature continually monitors a client's RF neighborhood to provide ongoing client bandsteering and load balancing, and enhanced AP reassignment for roaming mobile clients. This feature is recommended over the legacy bandsteering and spectrum load balancing features, which, unlike client match, do not trigger AP changes for clients already associated to an AP.
Legacy 802.11a/b/g devices do not support the client match feature. When client match is enabled on 802.11ncapable devices, the client match feature overrides any settings configured for the legacy bandsteering, station handoff assist or load balancing features. 802.11ac-capable devices do not support the legacy bandsteering, station hand off or load balancing settings, so these APs must be managed on using client match.
When this feature is enabled on an AP, that AP is responsible for measuring the RF health of its associated clients. The AP receives and collects information about clients in its neighborhood, and periodically sends this information to the controller. The controller aggregates information it receives from all APs using client match,
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf arm-profile | 748
and maintains information for all associated clients in a database. The controller shares this database with the APs (for their associated clients) and the APs use the information to compute the client-based RF neighborhood and determine which APs should be considered candidate APs for each client. When the controller receives a client steer request from an AP, the controller identifies the optimal AP candidate and manages the client's relocation to the desired radio. This is an improvement from previous releases, where the ARM feature was managed exclusively by APs, the without the larger perspective of the client's RF neighborhood.
The following client/AP mismatch conditions are managed by the client match feature:
l Load Balancing: Client match balances clients across APs on different channels, based upon the client load on the APs and the SNR levels the client detects from an underutilized AP. If an AP radio can support additional clients, the AP will participate in client match load balancing and clients can be directed to that AP radio, subject to predefined SNR thresholds.
l Sticky Clients: The client match feature also helps mobile clients that tend to stay associated to an AP despite low signal levels. APs using client match continually monitor the client's RSSI as it roams between APs, and move the client to an AP when a better radio match can be found. This prevents mobile clients from remaining associated to an APs with less than ideal RSSI, which can cause poor connectivity and reduce performance for other clients associated with that AP.
l Band Steering/Band Balancing: APs using the client match feature monitor the RSSI for clients that advertise a dual-band capability. If a client is currently associated to a 2.4 GHz radio and the AP detects that the client has a good RSSI from the 5 Ghz radio, the controller will attempt to steer the client to the 5 Ghz radio, as long as the 5 Ghz RSSI is not significantly worse than the 2.4 GHz RSSI, and the AP retains a suitable distribution of clients on each of its radios.
ARM Scanning
The default ARM scanning interval is determined by the scan-interval parameter in the ARM profile. If the AP does not have any associated clients (or if most of its clients are inactive) the ARM feature will dynamically readjust this default scan interval, allowing the AP obtain better information about its RF neighborhood by scanning non-home channels more frequently. Starting with ArubaOS 6.2, if an AP attempts to scan a nonhome channel but is unsuccessful, the AP will make additional attempts to rescan that channel before skipping it and continuing on to other channels.
Using Adaptive Radio Management (ARM) in a Mesh Network
When a mesh portal operates on a mesh network, the mesh portal determines the channel used by the mesh feature. When a mesh point locates an upstream mesh portal, it will scan the regulatory domain channels list to determine the channel assigned to it, for a mesh point always uses the channel selected by its mesh portal. However, if a mesh portal uses an ARM profile enabled with a single-band or multi-band channel/power assignment and the scanning feature, the mesh portal will scan the configured channel lists and the ARM algorithm will assign the proper channel to the mesh portal.
If you are using ARM in your network, is important to note that mesh points, unlike mesh portals, do not scan channels. This means that once a mesh point has selected a mesh portal or an upstream mesh point, it will tune to this channel, form the link, and will not scan again unless the mesh link gets broken. This provides good mesh link stability, but may adversely affect system throughput in networks with mesh portals and mesh points. When ARM assigns optimal channels to mesh portals, those portals use different channels, and once the mesh network has formed and all the mesh points have selected a portal (or upstream mesh point), those mesh points will not be able to detect other portals on other channels that could offer better throughput. This type of suboptimal mesh network may form if, for example, two or three mesh points select the same mesh portal after booting, form the mesh network, and leave a nearby mesh portal without any mesh points. Again, this will not affect mesh functionality, but may affect total system throughput.
749 | rf arm-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Example
The following command configures VoIP-aware scanning for the arm-profile named "voice-arm:" (config) (host) #rf arm-profile voice-arm
voip-aware-scan
Command History
Release ArubaOS 3.0
Modification Command introduced.
ArubaOS 3.3.
Support for the high-throughput IEEE 802.11n standard was introduced.
ArubaOS 3.3.2
Support for the wait-time parameter was removed.
ArubaOS 3.4.1
The voip-aware-scan parameter no longer requires a license, and is available in the base OS.
ArubaOS 6.1
The ps-aware-scan parameter is now disabled by default.
ArubaOS 6.3
The noise-wait-time, and noise-threshold parameters were deprecated, and the following parameters were introduced. l 80MHz support l aggressive-scanning l client-match l channel-quality-aware l channel-quality-threshold l channel-quality-wait-time l cm-lb-client-thresh l cm-lb-snr-thresh l cm-lb-thresh l cm-max-steer-fails l cm-report-interval l cm-stale-age l cm-sticky-check-interval l cm-sticky-min-signal l cm-sticky-snr l cm-sticky-snr-delta l cm-update-interval l cm-unst-ageout-interval
ArubaOS 6.3.1.0
The cellular-handoff-assist parameter was introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf arm-profile | 750
Release ArubaOS 6.4 ArubaOS 6.4.1.0
ArubaOS 6.4.2.3
Modification
The cm-lb-signal-delta parameter was introduced.
The default values for the following parameters were changed: l cm-band-g-max-signal (from N/A to 45) l cm-sticky-snr (from 25 to 18) l cm-sticky-min-signal (from 70 to 65) l cm-lb-client-thresh (from 10 to 30)
The cm-dot11v parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
751 | rf arm-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf dot11a-radio-profile
rf dot11a-radio-profile <profile> am-scan-profile <profile-name> arm-profile <profile> beacon-period <milliseconds> beacon-regulate cap-reg-eirp <cap-reg-eirp> cell-size-reduction <cell-size-reduction> channel <num|num+|num-> channel-reuse {static|dynamic|disable} channel-reuse-threshold clone <profile> csa csa-count <number> disable-arm-wids-function dot11h high-throughput-enable ht-radio-profile <profile> interference-immunity maximum-distance <maximum-distance> mgmt-frame-throttle-interval <seconds> mgmt-frame-throttle-limit <number> mode {ap-mode|am-mode|spectrum-mode} no ... radio-enable slb-mode channel|radio slb-threshold slb-update-interval <secs> spectrum-load-bal-domain spectrum-load-balancing spectrum-monitoring spectrum-profile <profile> tpc-power <tpc-power> tx-power <dBm> very-high-throughput-enable
Description
This command configures AP radio settings for the 5 GHz frequency band, including the Adaptive Radio Management (ARM) profile and the high-throughput (802.11n) radio profile.
Syntax
Parameter <profile>
am-scan-profile <name> arm-profile
Description
Name of this instance of the profile. The name must be 1-63 characters.
Range --
Configure an Air Monitor (AM) scanning
--
profile
Configures Adaptive Radio Management
--
(ARM) feature. See rf arm-profile on page
738.
Default "default" "default" "default"
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf dot11a-radio-profile | 752
Parameter beacon-period beacon-regulate cap-reg-eirp <cap-reg-eirp>
cell-size-reduction <cell-size-reduction>
channel
Description
Range
Default
Time, in milliseconds, between successive beacon transmissions. The beacon advertises the AP's presence, identity, and radio characteristics to wireless clients.
60 (minimum)
100 milliseconds
Enabling this setting introduces
--
randomness in the beacon generation so
that multiple APs on the same channel do
not send beacons at the same time, which
causes collisions over the air.
disabled
Work around a known issue on Cisco 7921G telephones by specifying a cap for a radio's maximum equivalent isotropic radiated power (EIRP). When you enable this parameter, even if the regulatory approved maximum for a given channel is higher than this EIRP cap, the AP radio using this profile will advertise only this capped maximum EIRP in its radio beacons.
131 dBm.
The cell size reduction feature allows you manage dense deployments and to increase overall system performance and capacity by shrinking an AP's receive coverage area, thereby minimizing co-channel interference and optimizing channel reuse. This value should only be changed if the network is experiencing performance issues. The possible range of values for this feature is 0-55 dB. The default 0 dB reduction allows the radio to retain its current default Rx sensitivity value.
Values from 1 dB - 55 dB reduce the power level that the radio can hear by that amount. If you configure this feature to use a nondefault value, you must also reduce the radio's transmission (Tx) power to match its new received (Rx) power level. Failure to match a device's Tx power level to its Rx power level can result in a configuration that allows the radio to send messages to a device that it cannot hear.
1-5 5dB
0 dB
Channel number for the AP
Depends
--
802.11a/802.11n.802.11ac physical layer.
on
The available channels depend on the
regulatory
regulatory domain (country). Channel
domain
number configuration options for 20 MHz,
40 MHz, and 80 Mhz modes:
l num: Entering a channel number disables 40 MHz mode and activates 20 MHz mode for the entered channel.
l num+: Entering a channel number with
753 | rf dot11a-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter channel-reuse
Description
Range
a plus (+) sign selects a primary and secondary channel for 40 MHz and 80 Mhz modes. The number entered becomes the primary channel and the secondary channel is determined by increasing the primary channel number by 4. Example: 157+ represents 157 as the primary channel and 161 as the secondary channel.
l num-: Entering a channel number with a minus (-) sign selects a primary and secondary channel for 40 MHz and 80 Mhz modes. The number entered becomes the primary channel and the secondary channel is determined by decreasing the primary channel number by 4. Example: 157represents 157 as the primary channel and 153 as the secondary channel.
NOTE: 20 MHz clients are allowed to associate when a primary and secondary channel are configured; however, the client will only use the primary channel.
When you enable the channel reuse feature, it can operate in either of the following three modes; static, dynamic or disable. (This feature is disabled by default.)
l Static mode: This mode of operation is a coverage-based adaptation of the Clear Channel Assessment (CCA) thresholds. In the static mode of operation, the CCA is adjusted according to the configured transmission power level on the AP, so as the AP transmit power decreases as the CCA threshold increases, and vice versa.
l Dynamic mode: In this mode, the Clear Channel Assessment (CCA) thresholds are based on channel loads, and take into account the location of the associated clients. When you set the Channel Reuse This feature is automatically enabled when the wireless medium around the AP is busy greater than half the time. When this mode is enabled, the CCA threshold adjusts to accommodate transmissions between the AP its most distant associated client.
l Disable mode: This mode does not support the tuning of the CCA Detect Threshold.
enabled disabled
Default enabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf dot11a-radio-profile | 754
Parameter
Description
channel-reuse-threshold
RX Sensitivity Tuning Based Channel Reuse Threshold, in - dBm.
If the Rx Sensitivity Tuning Based Channel reuse feature is set to static mode, this parameter manually sets the AP's Rx sensitivity threshold (in -dBm). The AP will filter out and ignore weak signals that are below the channel threshold signal strength.
If the value is set to zero, the feature will automatically determine an appropriate threshold.
Range
Depends on regulatory domain
client-match
The ARM client match feature continually
--
monitors a client's RF neighborhood to
provide ongoing client bandsteering and
load balancing, and enhanced AP
reassignment for roaming mobile clients.
This feature is recommended over the
legacy bandsteering and spectrum load
balancing features, which, unlike client
match, do not trigger AP changes for
clients already associated to an AP.
When this feature is enabled on an AP, that AP is responsible for measuring the RF health of its associated clients. The AP receives and collects information about clients in its neighborhood, and periodically sends this information to the controller. The controller aggregates information it receives from all APs using client match, and maintains information for all associated clients in a database. The controller shares this database with the APs (for their associated clients) and the APs use the information to compute the client-based RF neighborhood and determine which APs should be considered candidate APs for each client. When the controller receives a client steer request from an AP, the controller identifies the optimal AP candidate and manages the client's relocation to the desired radio. This is an improvement from previous releases, where the ARM feature was managed exclusively by APs, the without the larger perspective of the client's RF neighborhood
clone
Name of an existing radio profile from
--
which parameter values are copied.
csa
Channel Switch Announcement (CSA), as
--
defined by IEEE 802.11h, allows an AP to
announce that it is switching to a new
channel before it begins transmitting on
that channel.
Default -- Disabled
-- disabled
755 | rf dot11a-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
Range
Clients must support CSA in order to track the channel change without experiencing disruption.
csa-count
Number of CSA announcements that are sent before the AP begins transmitting on the new channel.
1-16
disable-armwids-function
Disables Adaptive Radio Management (ARM) and Wireless IDS functions. These can be disabled if a small increase in packet processing performance is desired. If a radio is configured to operate in Air Monitor mode, then these functions are always enabled irrespective of this option. CAUTION: Use carefully, since this effectively disables ARM and WIDS
1-16
dot11h
Enable advertisement of 802.11d (Country -- Information) and 802.11h (TPC or Transmit Power Control) capabilities This parameter is disabled by default.
high-throughput-enable Enables high-throughput (802.11n)
--
features on a radio using the 5 GHz
frequency band.
ht-radio-profile
Name of high-throughput radio profile to
--
use for configuring high-throughput
support on the 5 GHz frequency band. See
rf ht-radio-profile on page 779.
interference-immunity
Set a value for 802.11 Interference Immunity. The default setting for this parameter is level 2. When performance drops due to interference from non802.11 interferers (such as DECT or Bluetooth devices), the level can be increased up to level 5 for improved performance. However, increasing the level makes the AP slightly "deaf" to its surroundings, causing the AP to lose a small amount of range.
The levels for this parameter are:
l Level-0: no ANI adaptation.
l Level-1: noise immunity only.
l Level-2: noise and spur immunity. This is the default setting
l Level-3: level 2 and weak OFDM immunity.
l Level-4: level 3 and FIR immunity.
l Level-5: disable PHY reporting.
Level-0 Level-15
Default 4 4
disabled enabled "default-a" Level-2
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf dot11a-radio-profile | 756
Parameter
maximum-distance
mgmt-frame-throttleinterval mgmt-framethrottle-limit mode
ap-mode am-mode
Description
Range
NOTE: Do not raise the noise immunity feature's default setting if the channelreuse-threshold on page 755 feature is also enabled. A level-3 to level-5 Noise Immunity setting is not compatible with the Channel Reuse feature.
Maximum distance between a client and an AP or between a mesh point and a mesh portal, in meters. This value is used to derive ACK and CTS timeout times. A value of 0 specifies default settings for this parameter, where timeouts are only modified for outdoor mesh radios which use a distance of 16km.
The upper limit for this parameter varies, depending on the 20/40 MHz mode for a 5 GHz frequency band radio:
l 20MHz mode: 58km
l 40MHz mode: 27km
Note that if you configure a value above the supported maximum, the maximum supported value will be used instead. Values below 600m will use default settings.
0-57km (40MHz mode)
0-27km (20MHz mode)
Averaging interval for rate limiting management frames in seconds. Zero disables rate limiting.
Note: This parameter only applies to AUTH and ASSOC/RE-ASSOC management frames.
0-60
Maximum number of management frames allowed in each throttle interval.
NOTE: This parameter only applies to AUTH and ASSOC/RE-ASSOC management frames.
0-999999
One of the operating modes for the AP.
Device provides transparent, secure, high- -- speed data communications between wireless network devices and the wired LAN.
Device behaves as an air monitor to
--
collect statistics, monitor traffic, detect
intrusions, enforce security policies,
balance traffic load, self-heal coverage
gaps, etc.
Default
0 meters
1 second interval 20 frames per interval ap-mode -- --
757 | rf dot11a-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter spectrum-mode
Description
Device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
For a list of APs that can be converted into a spectrum monitor or hybrid AP, refer to the Spectrum Analysis chapter of the Dell Networking W-Dell Networking W-Series ArubaOS 6.4.x User Guide.
Range --
Default --
no
Negates any configured parameter.
--
--
radio-enable
Enables or disables radio configuration.
--
enabled
slb-mode channel|radio
SLB Mode allows control over how to balance clients. Select one of the following options
l channel: Channel-based loadbalancing balances clients across channels. This is the default loadbalancing mode
l radio: Radio-based load-balancing balances clients across APs
channel
slb-update-interval <secs>
Specify how often spectrum load balancing calculations are made (in seconds). The default value is 30 seconds.
1214748364 7 seconds
30 seconds
spectrum-load-bal
Define a spectrum load balancing domain --
--
-domain
to manually create RF neighborhoods.
Use this option to create RF neighborhood information for networks that have disabled Adaptive Radio Management (ARM) scanning and channel assignment.
l If spectrum load balancing is enabled in a 802.11a radio profile but the spectrum load balancing domain is not defined, ArubaOS uses the ARM feature to calculate RF neighborhoods.
l If spectrum load balancing is enabled in a 802.11a radio profile and a spectrum load balancing domain isalso defined, AP radios belonging to the same spectrum load balancing domain will be considered part of the same RF neighborhood for load balancing, and will not recognize RF neighborhoods defined by the ARM feature.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf dot11a-radio-profile | 758
Parameter spectrum-loadbalancing
spectrum-monitoring
spectrum-profile <profile> tpc-power tx-power
Description
Range
The Spectrum Load Balancing feature
--
helps optimize network resources by
balancing clients across channels,
regardless of whether the AP or the
controller is responding to the wireless
clients' probe requests.
If enabled, the controller compares whether or not an AP has more clients than its neighboring APs on other channels. If an AP's client load is at or over a predetermined threshold as compared to its immediate neighbors, or if a neighboring Dell AP on another channel does not have any clients, load balancing will be enabled on that AP. This feature is disabled by default.
Default disabled
Issue this command to turn APs in ap-
--
mode into a hybrid AP. An AP in hybrid AP
mode will continue to serve clients as an
access point while it scans and analyzes
spectrum analysis data for a single radio
channel.
For further details on using hybrid APs and spectrum monitors to examine the radio frequency (RF) environment in which the Wi-Fi network is operating, refer to the Spectrum Analysis chapter of the Dell Networking W-Series ArubaOS User Guide.
For a list of APs that can be converted into a spectrum monitor or hybrid AP, refer to the Spectrum Analysis chapter of the Dell Networking W-Dell Networking W-Series ArubaOS 6.4.x User Guide.
default
Specify the rf spectrum profile used by
--
hybrid APs and spectrum monitors. This
profile sets the spectrum band and device
ageout times used by a spectrum monitor
or hybrid AP radio. For details, see rf
spectrum-profile on page 784.
default
The transmit power advertised in the TPC IE of beacons and probe responses. Range: 0-51 dBm
0-51 dBm
15 dBm
Sets the initial transmit power (dBm) on which the AP operates, unless a better choice is available through calibration .
This parameter can be set from 0 to 51 in .5 dBm increments, or set to the regulatory maximum value of 127 dBm.
0-51 dBm, 127 dBm
14 dBm
759 | rf dot11a-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
very-highthroughput-enable
Description
Transmission power may be further limited by regulatory domain constraints and AP capabilities.
Enable or disable support for Very High Throughput (802.11ac) on the radio.
Range --
Default Enabled
Usage Guidelines
This command configures radios that operate in the 5 GHz frequency band, which includes radios utilizing the IEEE 802.11a or IEEE 802.11n standard. Channels must be valid for the country configured in the AP regulatory domain profile (see ap regulatory-domain-profile on page 217).To view the supported channels, use the show ap allowed-channels command.
APs initially start up with default ack-timeout, cts-timeout and slot-time values. When you modify the maximum-distance parameter in an rf dot11a radio profile or rf dot11g radio profile, new ack-timeout, ctstimeout and slot-time values may be derived, but those values are never less then the default values for an indoor AP.
Mesh radios on outdoor APs have additional constraints, as mesh links may need to span long distances. For mesh radios on outdoor APs, the effect of the default maximum-distance parameter on the ack-timeout, cts-timeout and slot-time values depends on whether the APs are configured as mesh portals or mesh points. This is because mesh portals use a default maximum-distance value of 16,050 meters, and mesh points use, by default, the maximum possible maximum-distance value.
The maximum-distance value should be set correctly to span the largest link distance in the mesh network so that when a mesh point gets the configuration from the network it will apply the correct ack-timeout, ctstimeout and slot-time values.The values derived from the maximum-distance setting depend on the band and whether 20Mhz/40MHz mode of operation is in use.
The following table indicates values for a range of distances:
Timeouts[usec] --- 5GHz radio ---
--- 2.4GHz radio ---
Distance[m]
Ack
CTS
Slot
Ack
CTS
Slot
--------------------------------------------------------------------------
0 (outdoor:16050m) 128
128
63
128
128
63
0 (indoor:600a,6450g) 25
25
9
64
48
9
200 (==default)
25
25
9
64
48
9
500
25
25
9
64
48
9
600
25
25
9
64
48
9
1050
28
28
13
64
48
31
5100
55
55
26
64
55
31
10050
88
88
43
88
88
43
15000
121
121
59
121
121
59
16050
128
128
63
128
128
63
58200(5G limit 20M) 409
409
203
-
-
-
52650(2.4G limit 20M) -
-
-
372
372
185
27450(5G limit 40M) 204
204
101
-
-
-
24750(2.4G limit 40M) -
-
-
186
186
92
Examples
The following command configures APs to operate in AM mode for the selected dot11a-radio-profile named "samplea:" (host) (config) #rf dot11a-radio-profile samplea mode am-mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf dot11a-radio-profile | 760
The following command configures APs to operate in high-throughput (802.11n) mode on the 5 Ghz frequency band for the selected dot11a-radio profile named "samplea" and assigns a high-throughout radio profile named "default-a:" (host) (config) #rf dot11a-radio-profile samplea
high-throughput-enable ht-radio-profile default-a
The following command configures a primary channel number of 157 and a secondary channel number of 161 for 40 MHz mode of operation for the selected dot11a-radio profile named "samplea:" (host) (config) #rf dot11a-radio-profile samplea
channel <157+>
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.3.2
Introduced support for the high-throughput IEEE 802.11n standard.
ArubaOS 3.4
Support for the following parameters: l Spectrum load balancing l Spectrum load balancing domain l RX Sensitivity Tuning Based Channel Reuse l RX Sensitivity Threshold l ARM/WIDS Override
ArubaOS 3.4.1
The maximum-distance parameter was introduced.
ArubaOS 3.4.2
The beacon-regulate parameter was introduced.
ArubaOS 6.0
Support for the following parameters: l am-scan-profile l cap-reg-eirp l slb-mode l slb-update-interval
ArubaOS 6.1
The spectrum-monitoring and slb-threshold parameters were introduced.
ArubaOS 6.1.3.2
The cell-size-reduction parameter was introduced.
ArubaOS 6.3
The very-high-throughput-enable parameter was introduced.
761 | rf dot11a-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf dot11a-radio-profile | 762
rf dot11g-radio-profile
rf dot11g-radio-profile <profile> am-scan-profile <profile-name> arm-profile <profile> beacon-period <milliseconds> beacon-regulate cap-reg-eirp <cap-reg-eirp> cell-size-reduction <cell-size-reduction> channel <num|num+|num-> channel-reuse {static|dynamic|disable} channel-reuse-threshold clone <profile> csa csa-count <number> disable-arm-wids-function dot11b-protection dot11h high-throughput-enable ht-radio-profile <profile> interference-immunity maximum-distance <maximum-distance> mgmt-frame-throttle-interval <seconds> mgmt-frame-throttle-limit <number> mode {ap-mode|am-mode|spectrum-mode} no ... radio-enable slb-mode channel|radio slb-threshold slb-update-interval <secs> spectrum-load-bal-domain spectrum-load-balancing spectrum-monitoring spectrum-profile tpc-power <tpc-power> tx-power <dBm> very-high-throughput-rates-enable
Description
This command configures AP radio settings for the 2.4 GHz frequency band, including the Adaptive Radio Management (ARM) profile and the high-throughput (802.11n) radio profile.
Syntax
Parameter <profile>
Description
Name of this instance of the profile. The name must be 1-63 characters.
am-scan-profile <profile-name>
Configure an Air Monitor (AM) scanning profile.
Range --
--
Default "default"
--
763 | rf dot11g-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter arm-profile
Description
Range
Configures Adaptive Radio
--
Management (ARM) feature. See
rf arm-profile on page 738.
Default "default"
beacon-period
Time, in milliseconds, between successive beacon transmissions. The beacon advertises the AP's presence, identity, and radio characteristics to wireless clients.
60 (minimum)
100 millisecon ds
beacon-regulate
Enabling this setting introduces
--
randomness in the beacon
generation so that multiple APs
on the same channel do not send
beacons at the same time, which
causes collisions over the air.
disabled
cap-reg-eirp <cap-reg-eirp>
Work around a known issue on Cisco 7921G telephones by specifying a cap for a radio's maximum equivalent isotropic radiated power (EIRP). When you enable this parameter, even if the regulatory approved maximum for a given channel is higher than this EIRP cap, the AP radio using this profile will advertise only this capped maximum EIRP in its radio beacons.
131 dBm.
cell-size-reduction <cell-sizereduction>
The cell size reduction feature allows you manage dense deployments and to increase overall system performance and capacity by shrinking an AP's receive coverage area, thereby minimizing co-channel interference and optimizing channel reuse. This value should only be changed if the network is experiencing performance issues. The possible range of values for this feature is 0-55 dB. The default 0 dB reduction allows the radio to retain its current default Rx sensitivity value.
1-5 5dB
Values from 1 dB - 55 dB reduce the power level that the radio can hear by that amount. If you configure this feature to use a non-default value, you must also reduce the radio's transmission (Tx) power to match its new received (Rx) power level. Failure to match a device's Tx power level to its Rx power level can result in a configuration that allows the radio to send messages to a device
0 dB
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf dot11g-radio-profile | 764
Parameter channel
clone csa 765 | rf dot11g-radio-profile
Description that it cannot hear.
Range
Channel number for the AP 802.11g/802.11n.802.11ac physical layer. The available channels depend on the regulatory domain (country). Channel number configuration options for 20 MHz, 40 MHz, and 80 Mhz modes:
l num: Entering a channel number disables 40 MHz mode and activates 20 MHz mode for the entered channel.
l num+: Entering a channel number with a plus (+) sign selects a primary and secondary channel for 40 MHz and 80 Mhz modes. The number entered becomes the primary channel and the secondary channel is determined by increasing the primary channel number by 4. Example: 157+ represents 157 as the primary channel and 161 as the secondary channel.
l num-: Entering a channel number with a minus (-) sign selects a primary and secondary channel for 40 MHz and 80 Mhz modes. The number entered becomes the primary channel and the secondary channel is determined by decreasing the primary channel number by 4. Example: 157- represents 157 as the primary channel and 153 as the secondary channel.
NOTE: 20 MHz clients are allowed to associate when a primary and secondary channel are configured; however, the client will only use the primary channel.
Depends on regulatory domain
Name of an existing radio profile -- from which parameter values are copied.
Default --
--
Channel Switch Announcement
--
(CSA), as defined by IEEE
802.11h, allows an AP to
announce that it is switching to a
new channel before it begins
transmitting on that channel.
disabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter csa-count channel
Description
Range
Clients must support CSA in order to track the channel change without experiencing disruption.
Default
Number of CSA announcements
1-16
4
that are sent before the AP
begins transmitting on the new
channel.
Channel number for the AP
Depends
--
802.11g/802.11n physical layer.
on
The available channels depend
regulatory
on the regulatory domain
domain
(country). Channel number
configuration options for 20 MHz
and 40 MHz modes:
l num: Entering a channel number disables 40 MHz mode and activates 20 MHz mode for the entered channel.
l num+: Entering a channel number with a plus (+) sign selects a primary and secondary channel for 40 MHz mode. The number entered becomes the primary channel and the secondary channel is determined by increasing the primary channel number by 4. Example: 157+ represents 157 as the primary channel and 161 as the secondary channel.
l num-: Entering a channel number with a minus (-) sign selects a primary and secondary channel for 40 MHz mode. The number entered becomes the primary channel and the secondary channel is determined by decreasing the primary channel number by 4. Example: 157- represents 157 as the primary channel and 153 as the secondary channel.
NOTE: 20 MHz clients are allowed to associate when a primary and secondary channel are configured; however, the client will only use the primary channel.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf dot11g-radio-profile | 766
Parameter channel-reuse
channel-reuse-threshold
Description
Range
When you enable the channel reuse feature, it can operate in either of the following three modes; static, dynamic or disable. (This feature is disabled by default.)
l Static mode: This mode of operation is a coverage-based adaptation of the Clear Channel Assessment (CCA) thresholds. In the static mode of operation, the CCA is adjusted according to the configured transmission power level on the AP, so as the AP transmit power decreases as the CCA threshold increases, and vice versa.
l Dynamic mode: In this mode, the Clear Channel Assessment (CCA) thresholds are based on channel loads, and take into account the location of the associated clients. When you set the Channel Reuse This feature is automatically enabled when the wireless medium around the AP is busy greater than half the time. When this mode is enabled, the CCA threshold adjusts to accommodate transmissions between the AP its most distant associated client.
l Disable mode: This mode does not support the tuning of the CCA Detect Threshold.
enabled disabled
Default enabled
RX Sensitivity Tuning Based Channel Reuse Threshold, in dBm.
If the Rx Sensitivity Tuning Based Channel reuse feature is set to static mode, this parameter manually sets the AP's Rx sensitivity threshold (in -dBm). The AP will filter out and ignore weak signals that are below the channel threshold signal strength.
If the value is set to zero, the feature will automatically determine an appropriate threshold.
depends on -- regulatory domain
767 | rf dot11g-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter disable-arm-wids-function
dot11b-protection
dot11h high-throughput-enable ht-radio-profile
Description
Range
Disables Adaptive Radio Management (ARM) and Wireless IDS functions. These can be disabled if a small increase in packet processing performance is desired. If a radio is configured to operate in Air Monitor mode, then these functions are always enabled irrespective of this option. CAUTION: Use carefully, since this effectively disables ARM and WIDS
1-16
Enable or disable protection for
--
802.11b clients. This parameter is
enabled by default. Disabling this
feature may improve
performance if there are no
802.11b clients on the WLAN.
WARNING: Disabling protection violates the 802.11 standard and may cause interoperability issues. If this feature is disabled on a WLAN with 802.11b clients, the 802.11b clients will not detect an 802.11g client talking and can potentially transmit at the same time, thus garbling both frames.
Enable advertisement of 802.11d -- (Country Information) and 802.11h (TPC or Transmit Power Control) capabilities This parameter is disabled by default.
Enables high-throughput
--
(802.11n) features on a radio
using the 2.4 GHz frequency
band.
Name of high-throughput radio
--
profile to use for configuring
high-throughput support on the 5
GHz frequency band. See rf ht-
radio-profile on page 779.
Default 4
enabled
disabled enabled "default-a"
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf dot11g-radio-profile | 768
Parameter interference-immunity
maximum-distance
Description
Range
Set a value for 802.11 Interference Immunity. The default setting for this parameter is level 2. When performance drops due to interference from non-802.11 interferers (such as DECT or Bluetooth devices), the level can be increased up to level 5 for improved performance. However, increasing the level makes the AP slightly "deaf" to its surroundings, causing the AP to lose a small amount of range.
The levels for this parameter are:
l Level-0: no ANI adaptation.
l Level-1: noise immunity only.
l Level-2: noise and spur immunity. This is the default setting
l Level-3: level 2 and weak OFDM immunity.
l Level-4: level 3 and FIR immunity.
l Level-5: disable PHY reporting.
NOTE: Do not raise the noise immunity feature's default setting if the channel-reuse-threshold on page 755 feature is also enabled. A level-3 to level-5 Noise Immunity setting is not compatible with the Channel Reuse feature.
Level-0 Level-5
Maximum distance between a client and an AP or between a mesh point and a mesh portal, in meters. This value is used to derive ACK and CTS timeout times. A value of 0 specifies default settings for this parameter, where timeouts are only modified for outdoor mesh radios which use a distance of 16km.
0-24km (40MHz mode)
0-54km (20MHz mode)
The upper limit for this parameter varies, depending on the 20/40 MHz mode for a 2.4GHz frequency band radio:
l 20MHz mode: 54km
l 40MHz mode: 24km
Default Level-2
0 meters
769 | rf dot11g-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter mgmt-frame-throttleinterval mgmt-frame-throttle-limit mode
ap-mode am-mode spectrum-mode
no
Description
Range
Note that if you configure a value above the supported maximum, the maximum supported value will be used instead. Values below 600m will use default settings.
Averaging interval for rate limiting management frames in seconds. Zero disables rate limiting.
Note: This parameter only applies to AUTH and ASSOC/RE-ASSOC management frames.
0-60
Maximum number of management frames allowed in each throttle interval.
NOTE: This parameter only applies to AUTH and ASSOC/RE-ASSOC management frames.
0-999999
One of the operating modes for the AP.
Device provides transparent, secure, high-speed data communications between wireless network devices and the wired LAN.
Device behaves as an air monitor to collect statistics, monitor traffic, detect intrusions, enforce security policies, balance traffic load, self-heal coverage gaps, etc.
Device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
For a list of APs that can be converted into a spectrum monitor or hybrid AP, refer to the Spectrum Analysis chapter of the Dell Networking W-Dell Networking W-Series ArubaOS 6.4.x User Guide.
Negates any configured
--
parameter.
Default 1 second interval 20 frames per interval ap-mode
--
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf dot11g-radio-profile | 770
Parameter radio-enable slb-mode channel|radio
slb-threshold
slb-update-interval <secs> spectrum-load-bal-domain
Description
Enables or disables radio configuration.
Range --
Default enabled
SLB Mode allows control over how to balance clients. Select one of the following options:
l channel: Channel-based loadbalancing balances clients across channels. This is the default load-balancing mode
l radio: Radio-based loadbalancing balances clients across APs
channel
If the spectrum load balancing feature is enabled, this parameter controls the percentage difference between number of clients on a channel channel that triggers load balancing. The default value is 20%, meaning that spectrum load balancing is activated when there are 20% more clients on one channel than on another channel used by the AP radio.
1-100%
20%
Specify how often spectrum load balancing calculations are made (in seconds). The default value is 30 seconds.
1214748364 7 seconds
30 seconds
Define a spectrum load balancing --
--
domain to manually create RF
neighborhoods.
Use this option to create RF neighborhood information for networks that have disabled Adaptive Radio Management (ARM) scanning and channel assignment.
l If spectrum load balancing is enabled in a 802.11g radio profile but the spectrum load balancing domain is not defined, ArubaOS uses the ARM feature to calculate RF neighborhoods.
l If spectrum load balancing is enabled in a 802.11g radio profile and a spectrum load balancing domain isalso defined, AP radios belonging to the same spectrum load balancing domain will be
771 | rf dot11g-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter spectrum-load-balancing
spectrum-monitoring
Description
considered part of the same RF neighborhood for load balancing, and will not recognize RF neighborhoods defined by the ARM feature.
Range
The Spectrum Load Balancing
--
feature helps optimize network
resources by balancing clients
across channels, regardless of
whether the AP or the controller
is responding to the wireless
clients' probe requests.
If enabled, the controller compares whether or not an AP has more clients than its neighboring APs on other channels. If an AP's client load is at or over a predetermined threshold as compared to its immediate neighbors, or if a neighboring Dell AP on another channel does not have any clients, load balancing will be enabled on that AP. This feature is disabled by default.
Issue this command to turn APs in -- ap-mode into a hybrid AP. An AP in hybrid AP mode will continue to serve clients as an access point while it scans and analyzes spectrum analysis data for a single radio channel.
For further details on using hybrid APs and spectrum monitors to examine the radio frequency (RF) environment in which the Wi-Fi network is operating, refer to the Spectrum Analysis chapter of the Dell Networking W-Series ArubaOS User Guide.
For a list of APs that can be converted into a spectrum monitor or hybrid AP, refer to the Spectrum Analysis chapter of the Dell Networking W-Dell Networking W-Series ArubaOS 6.4.x User Guide.
Default disabled
default
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf dot11g-radio-profile | 772
Parameter spectrum-profile <profile>
tpc-power tx-power
very-high-throughput-ratesenable
Description
Range
Specify the rf spectrum profile
--
used by hybrid APs and spectrum
monitors. This profile sets the
spectrum band and device
ageout times used by a spectrum
monitor or hybrid AP radio. For
details, see rf spectrum-profile on
page 784.
Default default
The transmit power advertised in the TPC IE of beacons and probe responses. Range: 0-51 dBm
0-51 dBm
15 dBm
Sets the initial transmit power (dBm) on which the AP operates, unless a better choice is available through calibration.
This parameter can be set from 0 to 51 in .5 dBm increments, or set to the regulatory maximum value of 127 dBm.
Transmission power may be further limited by regulatory domain constraints and AP capabilities.
0-51 dBm, 127 dBm
This feature enables Very High
--
Throughput (VHT) rates on the
2.4 GHz band, providing 256-
QAM modulation and encoding
that allows for 600 Mbit/sec
performance over 802.11n
networks. Maximum data rates
are increased on the 2.4 GHz
band through the addition of VHT
Modulation and Coding Scheme
(MCS) values 8 and 9, which
support the highly efficient
modulation rates in 256-QAM.
Starting with ArubaOS 6.4.2.0,
VHT is supported on W-AP220
Series access points on both 20
and 40 MHz channels.
Using the controller's CLI or WebUI, VHT MCS values 0-9 are enabled, overriding the existing high-throughput (HT) MCS values 0-7, which have a lower maximum data rate. However, this feature should be disabled if individual rate selection is required.
14 dBm disabled
Usage Guidelines
This command configures radios that operate in the 2.4 GHz frequency band, which includes radios utilizing the IEEE 802.11b/g or IEEE 802.11n standard. Channels must be valid for the country configured in the AP
773 | rf dot11g-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
regulatory domain profile (see ap regulatory-domain-profile on page 217).To view the supported channels, use the show ap allowed-channels command.
APs initially start up with default ack-timeout, cts-timeout and slot-time values. When you modify the maximum-distance parameter in an rf dot11a radio profile or rf dot11g radio profile, new ack-timeout, ctstimeout and slot-time values may be derived, but those values are never less then the default values for an indoor AP.
Mesh radios on outdoor APs have additional constraints, as mesh links may need to span long distances. For mesh radios on outdoor APs, the effect of the default maximum-distance parameter on the ack-timeout, cts-timeout and slot-time values depends on whether the APs are configured as mesh portals or mesh points. This is because mesh portals use a default maximum-distance value of 16,050 meters, and mesh points use, by default, the maximum possible maximum-distance value.
The maximum-distance value should be set correctly to span the largest link distance in the mesh network so that when a mesh point gets the configuration from the network it will apply the correct ack-timeout, ctstimeout and slot-time values.The values derived from the maximum-distance setting depend on the band and whether 20Mhz/40MHz mode of operation is in use.
The following table indicates values for a range of distances:
Timeouts[usec] --- 5GHz radio ---
--- 2.4GHz radio ---
Distance[m]
Ack
CTS
Slot
Ack
CTS
Slot
--------------------------------------------------------------------------
0 (outdoor:16050m) 128
128
63
128
128
63
0 (indoor:600a,6450g) 25
25
9
64
48
9
200 (==default)
25
25
9
64
48
9
500
25
25
9
64
48
9
600
25
25
9
64
48
9
1050
28
28
13
64
48
31
5100
55
55
26
64
55
31
10050
88
88
43
88
88
43
15000
121
121
59
121
121
59
16050
128
128
63
128
128
63
58200(5G limit 20M) 409
409
203
-
-
-
52650(2.4G limit 20M) -
-
-
372
372
185
27450(5G limit 40M) 204
204
101
-
-
-
24750(2.4G limit 40M) -
-
-
186
186
92
Examples
The following command configures APs to operate in AM mode for the selected dot11g-radio-profile named "sampleg:"
rf dot11g-radio-profile sampleg mode am-mode
The following command configures APs to operate in high-throughput (802.11n) mode on the 2.4 Ghz frequency band for the selected dot11g-radio profile named "sampleg" and assigns a high-throughout radio profile named "default-g:"
rf dot11g-radio-profile sampleg high-throughput-enable ht-radio-profile default-g
The following command configures a primary channel number of 1 and a secondary channel number of 5 for 40 MHz mode of operation for the selected dot11g-radio profile named "sampleg:"
rf dot11g-radio-profile sampleg channel <1+>
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf dot11g-radio-profile | 774
Command History
Release ArubaOS 3.0 ArubaOS 3.3.2 ArubaOS 3.4
ArubaOS 3.4.1 ArubaOS 3.4.2 ArubaOS 6.0
ArubaOS 6.1 ArubaOS 6.1.3.2 ArubaOS 6.4.2.0
Modification
Command introduced
Introduced protection for 802.11b clients and support for the highthroughput IEEE 802.11n standard.
Support for the following parameters: l Spectrum load balancing l Spectrum load balancing domain l RX Sensitivity Tuning Based Channel Reuse l RX Sensitivity Threshold l ARM/WIDS Override
The maximum-distance parameter was introduced.
The beacon-regulate parameter was introduced.
The following parameteters were introduced l am-scan-profile l cap-reg-eirp l slb-mode l slb-update-interval
The spectrum-monitoring and slb-threshold parameters were introduced.
The cell-size-reduction parameter was introduced.
The very-high-throughput-rates-enable parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
775 | rf dot11g-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf event-thresholds-profile
rf event-thresholds-profile <profile> bwr-high-wm <percent> bwr-low-wm <percent> clone <profile> detect-frame-rate-anomalies fer-high-wm <percent> fer-low-wm <percent> ffr-high-wm <percent> ffr-low-wm <percent> flsr-high-wm <percent> flsr-low-wm <percent> fnur-high-wm <percent> fnur-low-wm <percent> frer-high-wm <percent> frer-low-wm <percent> frr-high-wm <percent> frr-low-wm <percent> no ...
Description
This command configures the event thresholds profile.
Syntax
Parameter <profile> bwr-high-wm
bwr-low-wm
clone detect-framerate-anomalies
Description
Range
Name of this instance of the profile. The name
--
must be 1-63 characters.
If bandwidth in an AP exceeds this value, a bandwidth exceeded condition exists. The value represents the percentage of maximum for a given radio. (For 802.11b, the maximum bandwidth is 7 Mbps. For 802.11 a and g, the maximum is 30 Mbps.) The recommended value is 85%.
0-100
After a bandwidth exceeded condition exists, the condition persists until bandwidth drops below this value. The recommended value is 70%.
0-100
Name of an existing radio profile from which
--
parameter values are copied.
Enable or disables detection of frame rate
--
anomalies.
Default "default" 0%
0% -- disabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf event-thresholds-profile | 776
Parameter fer-high-wm fer-low-wm ffr-high-wm ffr-low-wm flsr-high-wm flsr-low-wm fnur-high-wm fnur-low-wm frer-high-wm frer-low-wm
Description
Range
If the frame error rate (as a percentage of total frames in an AP) exceeds this value, a frame error rate exceeded condition exists. The recommended value is 16%.
0-100
After a frame error rate exceeded condition exists, the condition persists until the frame error rate drops below this value. The recommended value is 8%.
0-100
If the frame fragmentation rate (as a percentage of total frames in an AP) exceeds this value, a frame fragmentation rate exceeded condition exists. The recommended value is 16%.
0-100
After a frame fragmentation rate exceeded condition exists, the condition persists until the frame fragmentation rate drops below this value. The recommended value is 8%.
0-100
If the rate of low-speed frames (as a percentage of total frames in an AP) exceeds this value, a low-speed rate exceeded condition exists. This could indicate a coverage hole. The recommended value is 16%.
0-100
After a low-speed rate exceeded condition exists, the condition persists until the percentage of low-speed frames drops below this value. The recommended value is 8%.
0-100
If the non-unicast rate (as a percentage of total frames in an AP) exceeds this value, a nonunicast rate exceeded condition exists. This value depends upon the applications used on the network.
0-100
After a non-unicast rate exceeded condition exists, the condition persists until the nonunicast rate drops below this value.
0-100
If the frame receive error rate (as a percentage of total frames in an AP) exceeds this value, a frame receive error rate exceeded condition exists. The recommended value is 16%.
0-100
After a frame receive error rate exceeded condition exists, the condition persists until the frame receive error rate drops below this value. The recommended value is 8%.
0-100
Default 0% 0% 16% 8% 16% 8% 0% 0% 16% 8%
777 | rf event-thresholds-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter frr-high-wm
frr-low-wm
no
Description
Range
If the frame retry rate (as a percentage of total frames in an AP) exceeds this value, a frame retry rate exceeded condition exists. The recommended value is 16%.
0-100
After a frame retry rate exceeded condition exists, the condition persists until the frame retry rate drops below this value. The recommended value is 8%.
0-100
Negates any configured parameter.
--
Default 16%
8%
--
Usage Guidelines
The event threshold profile configures Received Signal Strength Indication (RSSI) metrics. When certain RF parameters are exceeded, these events can signal excessive load on the network, excessive interference, or faulty equipment. This profile and many of the detection parameters are disabled (value is 0) by default.
Example
The following command configures an event threshold profile: (host) (config) #rf event-thresholds-profile et1
detect-frame-rate-anomalies
Command History
This command was introduced in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf event-thresholds-profile | 778
rf ht-radio-profile
rf ht-radio-profile <profile> 40MHz-intolerance clone <profile> diversity-spreading-workaround honor-40MHz-intolerance no
Description
This command configures high-throughput AP radio settings. High-throughput features use the IEEE 802.11n standard.
Syntax
Parameter <profile>
40MHzintolerance clone honor-40MHzintolerance no
Description
Name of this instance of the profile. The name must be 1-63 characters.
Default Options:
l "Default-a" is generally used in association with high-throughput devices running on the 5 GHz frequency band, see rf dot11aradio-profile on page 752.
l "Default-g" is generally used in association with high-throughput devices running on the 2.4 GHz frequency band, see rf dot11gradio-profile on page 763.
l "Default" is generally used when the same ht-radio-profile is desired for use with both frequency bands.
Range --
Controls whether or not APs using this -- radio profile will advertise intolerance of 40 MHz operation. By default, 40 MHz operation is allowed.
Name of an existing high-throughput
--
radio profile from which parameter
values are copied.
When enabled, the radio will stop
--
using the 40 MHz channels if the 40
MHz intolerance indication is received
from another AP or station.
Negates any configured parameter.
--
Default defaulta defaultg default
disabled
-- enabled
--
779 | rf ht-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
Range
diversity-spreading-workaround
When this feature is enabled, all legacy transmissions will be sent using a single antenna. This enables interoperability for legacy or highthroughput stations that cannot decode 802.11n cyclic shift diversity (CSD) data.
This feature is disabled by default and should be kept disabled unless necessary.
Default disabled
Usage Guidelines
The ht-radio-profile configures high-throughput settings for networks utilizing the IEEE 802.11n standard, which supports 40 MHZ channels and operates in both the 2.4 GHZ and 5 GHZ frequency bands.
Most transmissions to high throughput (HT) stations are sent through multiple antennas using cyclic shift diversity (CSD). When you enable the single-chain-legacydisable-diversity-spreadingparameter, CSD is disabled and only one antenna transmits data, even if they are being sent to high-throughput stations. Use this feature to turn off antenna diversity when the AP must support legacy clients such as Cisco 7921g VoIP phones, or older 802.11g clients (e.g. Intel Centrino clients). Note, however, that enabling this feature can reduce overall throughput rates.
The ht-radio-profile you wish to use must be assigned to a dot11a and/or dot11g-radio-profile. You can assign the same profile or different profiles to the 2.4 GHZ and 5 GHZ frequency bands. See rf dot11a-radio-profile on page 752 and rf dot11g-radio-profile on page 763.
Example
The following command configures an ht-radio-profile named "default-g" and enables 40MHz-intolerance: (host) (config) #rf ht-radio-profile default-g
40MHz-intolerance
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.3.2
Support for the dsss-cck-40mhz parameterwas removed
ArubaOS 3.4
Introduced the single-chain-legacy parameter.
ArubaOS 6.2
The single-chain-legacy parameter was renamed to diversityspreading-workaround.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf ht-radio-profile | 780
Command Information
Platforms
All platforms, but operates with IEEE 802.11n compliant devices only
Licensing Base operating system
Command Mode Config mode on master controllers
781 | rf ht-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf optimization-profile
rf optimization-profile <profile-name> clone <profile> handoff-assist low-rssi-threshold <number> no ... rssi-check-frequency <number> rssi-falloff-wait-time <number>
Description
This command configures the RF optimization profile.
Syntax
Parameter <profile-name> clone
handoff-assist
low-rssi-threshold no rssi-check-frequency
Description
Name of this instance of the profile. The name must be 1-63 characters.
Range --
Name of an existing optimization
--
profile from which parameter values
are copied.
Allows the controller to force a client
--
off an AP when the RSSI drops below
a defined minimum threshold.
Minimum RSSI, above which deauth should never be sent.
1-255
Negates any configured parameter.
--
Interval, in seconds, to sample RSSI.
9-255
rssi-falloff-wait-time <number> Number of times the detected client
0-8
RSSI level must fall below the
minimum RSSI threshold the before
the AP sends a deauthorization
message to the client. The maximum
value is 8 times.
Example
The following command configures an RF optimization profile:
(host) (config) #rf optimization-profile Angela1 (host) (RF Optimization Profile "Angela1") #rssi-falloff-wait-time 3 (host) (RF Optimization Profile "Angela1") #rssi-check-frequency 2
Default "default" --
disabled
10 -- 3 seconds 4
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf optimization-profile | 782
Command History
Version ArubaOS 3.0 ArubaOS 3.4
ArubaOS 5.0
ArubaOS 6.0
Modification
Command introduced
The following parameters were deprecated: l ap-lb-max-retries <number> l ap-lb-user-high-wm <percent> l ap-lb-user-low-wm <percent> l ap-lb-util-high-wm <percent> l ap-lb-util-low-wm <percent> l ap-lb-util-wait-time <seconds l ap-load-balancing Use the command rf dot11a-radio-profile spectrum-load-balancing and rf dot11g-radio-profile spectrum-load-balancing to enable the spectrum load balancing feature.
The following parameters were deprecated: l coverage-hole-detection hole-detection-interval l hole-good-rssi-threshold l hole-good-sta-ageout l hole-idle-sta-ageout l hole-poor-rssi-threshold
The following parameters were deprecated: l detect-association-failure l detect-interference l hole-detection-interval l hole-good-rssi-threshold l hole-good-sta-ageout l hole-idle-sta-ageout l hole-poor-rssi-threshold l interference-baseline l interference-exceed-time l interference-threshold
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
783 | rf optimization-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf spectrum-profile
rf spectrum-profile <profile-name> age-out audio|bluetooth|cordless-ff-phone|cordless-fh-base|cordless-fh-network|genericff|generic-fh|microwave|microwave-inverter|unknown|video|wifi|xbox clone <source> no ...
Description
Define the device ageout times used by a spectrum monitor, or hybrid AP radio.
Syntax
Parameter age-out
Description
Use the age-out parameter to define the number of seconds for which a specific device type must stop sending a signal before the spectrum monitor considers that device no longer active on the network.
Range
audio bluetooth
Some audio devices such as wireless speakers and microphones also use fixed frequency to continuously transmit audio. These devices are classified as Fixed Frequency (Audio).
5-65535 seconds
Bluetooth devices. Note that this setting is applicable to 2.4GHz spectrum monitor radios only.
5-65535 seconds
cordless-ff-phone
Some cordless phones use a fixed frequency to transmit data (much like the fixed frequency video devices). These devices are classified as Fixed Frequency (Cordless Phones).
5-65535 seconds
cordless-fh-base
Frequency hopping cordless phone base units transmit periodic beacon-like frames at all times. When the handsets are not transmitting (i.e., no active phone calls), the cordless base is classified as Frequency Hopper (Cordless Base).
5-65535 seconds
cordless-fh-network
When there is an active phone call and one or more handsets are part of the phone conversation, the device is classified as Frequency Hopper (Cordless Network). Cordless phones may operate in 2.4 GHz or 5 GHz bands. Some phones use both 2.4 GHz and 5 GHz bands (for example, 5 GHz for Base-to-handset and 2.4 GHz for Handset-tobase). These phones may be classified as unique Frequency Hopper devices on both bands..
5-65535 seconds
Default
10 sec 25 sec 10 sec 240 sec
60 sec
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf spectrum-profile | 784
Parameter generic-ff generic-fh generic-interferer
microwave
Description
Range
All fixed frequency devices that do not fall into one of the other categories are classified as Fixed Frequency (Other). Note that the RF signatures of the fixed frequency audio, video and cordless phone devices are very similar and that some of these devices may be occasionally classified as Fixed Frequency (Other).
5-65535 seconds
When the classifier detects a frequency hopper that does not fall into one of the above categories, it is classified as Frequency Hopper (Other). Some examples include IEEE 802.11 FHSS devices, game consoles and cordless/hands-free devices that do not use one of the known cordless phone protocols.
5-65535 seconds
Any non-frequency hopping device that does not fall into one of the other categories described in this table is classified as a Generic Interferer. For example a Microwave-like device that does not operate in the known operating frequencies used by the Microwave ovens may be classified as a Generic Interferer. Similarly wide-band interfering devices may be classified as Generic Interferers.
5-65535 seconds
Common residential microwave ovens with a single magnetron are classified as a Microwave. These types of microwave ovens may be used in cafeterias, break rooms, dormitories and similar environments. Some industrial, healthcare or manufacturing environments may also have other equipment that behave like a microwave and may also be classified as a Microwave device. Note that this setting is applicable to 2.4GHz spectrum monitor radios only.
5-65535 seconds
microwave-inverter video
Some newer-model microwave ovens have the inverter technology to control the power output and these microwave ovens may have a duty cycle close to 100%. These microwave ovens are classified as Microwave (Inverter). Dualmagnetron industrial microwave ovens with higher duty cycle may also be classified as Microwave (Inverter). As in the Microwave category described above, there may be other equipment that behave like inverter microwaves in some industrial, healthcare or manufacturing environments. Those devices may also be classified as Microwave (Inverter).
5-65535 seconds
Video transmitters that continuously transmit video on a single frequency are classified as Fixed Frequency (Video). These devices typically have close to a 100% duty cycle. These
5-65535 seconds
Default 10 sec 25 sec 30 sec 15 sec
15 sec
60 sec
785 | rf spectrum-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
wifi xbox
clone <source> no
Description
types of devices may be used for video surveillance, TV or other video distribution, and similar applications.
Wi-Fi devices.
Range
5-65535 seconds
The Microsoft Xbox device uses a frequency hopping protocol in the 2.4 GHz band. These devices are classified as Frequency Hopper (Xbox). Note that this setting is applicable to 2.4GHz spectrum monitor radios only.
5-65535 seconds
Make a copy of an existing spectrum profile.
Remove a spectrum profile or negate a configured parameter.
Default
600 sec 25 sec
600 sec
Usage Guidelines
The Spectrum Analysis software module provides visibility into RF coverage, allowing you to troubleshoot RF interference and identify the 802.11 devices on the network. APs that gather spectrum data are called Spectrum Monitors, or SMs, and reference a spectrum profile that determines the band monitored by that SM radio. Use this profile to modify default device ageout times for spectrum monitors and hybrid APs using this profile. For a list of APs that can be converted into a spectrum monitor or hybrid AP, refer to the Spectrum Analysis chapter of the Dell Networking W-Dell Networking W-Series ArubaOS 6.4.x User Guide.
Example
The following command creates the spectrum profile spectrum2. (host) (config) #rf spectrum-profile spectrum2
Related Commands
show rf spectrum-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
rf spectrum-profile | 786
Command History
Release
Modification
ArubaOS 6.0 Command introduced
ArubaOS 6.2
The spectrum-band parameter was deprecated. The following default ageout times were changed: l cordless-fh-base default timeout is 240 seconds (was 25 sect in previous releases) l cordless-fh-network default timeout is 60 sect (was 10 sect in previous releases) l generic-interferer default timeout is 30 sect (was 25 sect in previous releases) l video default timeout is 60 sect (was 10 sect in previous releases)
Command Information
Platforms All platforms
Licensing RF Protect license
Command Mode
Config mode on master and local controllers
787 | rf spectrum-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
router mobile
router mobile
Description
This command enables Layer-3 (IP) mobility.
Syntax
No parameters.
Usage Guidelines
Use this command to enable IP mobility on a controller. IP mobility is disabled by default on the controller. This command must be executed on all controllers(master and local) that need to provide support for layer-3 roaming in a mobility domain. You can enable or disable IP mobility on a virtual AP profile with the wlan virtual-ap command (IP mobility is enabled by default in a virtual AP profile).
It is recommended to reboot the controller every time you enable or disable IP mobility.
Example
This command enables IP mobility: (host) (config) #router mobile
Command History
Release ArubaOS 3.0
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
router mobile | 788
router ospf
router ospf aggregate-route rapng-vpn <addr> area <area-id> default-cost <cost> nssa [default-information no-redistribution | no-summary] stub [no-summary] default-information originate always redistribute loopback rapng-vpn vlan [<vlan-ids> | add <vlan-ids> | remove <vlan-ids>] router-id <rtr-id> subnet exclude <addr> <mask>
Description
Global OSPF configuration for the upstream router.
Syntax
Parameter aggregate-route area <area-id>
Description
Enter the aggregate route information.
Enter the keyword area followed by the area identification, in dotted decimal format, to configure an OSPF area.
default-cost <cost>
Set the summary cost of a NSSA/stub area (in route metric) Range: 0 to 16777215
nssa
Set an area as a NSSA
default-information-originate
Originate Type 7 default into the NSSA area
no-redistribution
Set the NSSA area for no distribution into this NSSA area
no-summary
Do not send summary LSA into this NSSA area
stub [no-summary]
Set an area as a Total Stub Area and optionally do not send summary LSA into this area
default-information originate always Control distribution of default information by distributing a default route.
redistribute
Redistributes the route.
loopback rapng-vpn
Redistributes loopback addresses. Redistribute IAP-VPN addresses.
789 | router ospf
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter vlan <vlan-ids>
add <vlan-ids> remove <vlan-ids> router-id <rtr-id> subnet exclude <addr> <mask>
Description Redistribute the vlan user subnet.
Add the user VLANs to the list
Remove user VLANs to the list.
Enter the router ID in IP address format.
Specify the subnet that OSPF will not advertise. Enter the subnet and mask address in dotted decimal format (A.B.C.D).
Usage Guidelines
OSPFv2 is a dynamic Interior Gateway routing Protocol (IGP) based on IETF RFC 2328. The ArubaOS implementation of OSPF allows controllers to deploy effectively in a Layer 3 topology. For more detailed information, refer to the OSPF Chapter in the Dell Networking W-Series ArubaOS User Guide.
Example
By default OSPF will advertise all the user VLAN subnet addresses in the router LSA (Link-State Advertisement). To control the OSPF advertisement, execute the following command:
(host) (config) # router ospf subnet exclude 75.1.1.0 255.255.0.0 With the above command, any user VLAN subnet matching 75.1/16 will not be advertised in the router LSA. To return to the default advertisement, execute the command:
(host) (config) # no router ospf subnet exclude 75.1.1.0 255.255.0.0
Related Commands
Command show ip ospf
Description View OSPF configuration
Command History
Release ArubaOS 3.4 ArubaOS 6.0
ArubaOS 6.3
Modification Command introduced Added the options: area, default-cost, nssa, and default-information originate always The aggregate-route and rapng-vpn parameters were introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
router ospf | 790
Command Information
Platforms All Platforms
Licensing Base operating system
Command Mode Configuration Mode (config)
791 | router ospf
Dell Networking W-Series ArubaOS 6.4.x | User Guide
routing-policy-map
routing-policy-map role <user-role> access-list <route-acl>
Description
This command associates a routing access control list (ACL) with a user role.
Syntax
Parameter role <user-role>
access-list <route-acl>
Description Name of the user role to be associated with the specified routing ACL. Name of the route ACL to be associated to the specified user role.
Usage Guidelines
The commands to associate an access list to a user role vary, depending upon the type of access list being associated to that role. User roles are applied globally across all controllers, so Ethertype, MAC and session ACLs can be applied to global user roles. However, routing access lists may vary between locations, so they are mapped to a user role in a local configuration setting.
Example
The following example maps a user role to a routing ACL. (host)(config) #routing-policy-map
role employee access-list branch1
To associate the user role with an ethertype, MAC or session ACL, use the command user-role <role> access-list eth|mac|session <acl>.
Related Commands
Command ip access-list route
ip nexthop-list
Description Use this command to configure an access control list (ACL) for policy-based routing (PBR).
Use this command to define a next-hop list for a routing policy
Command History
Version ArubaOS 6.4.3.0
Description Command introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
routing-policy-map | 792
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
793 | routing-policy-map
Dell Networking W-Series ArubaOS 6.4.x | User Guide
service
service [dhcp] [dhcpv6] [network-storage] [print-server]
Description
This command enables the DHCP server on the controller.
Syntax
Parameter dhcp
Description Enables the DHCP server
dhcpv6
Enables the DHCPv6 server
network-storage
Enables the NAS service
print-server
Enables the printer service
Default disabled disabled disabled disabled
Usage Guidelines
You can enable and configure DHCP, DHCPv6, network-storage or print server in the controller to provide the following: l DHCP: IP addresses to wireless clients if an external DHCP server is not available. l DHCPv6: IPv6 addresses to wireless clients if an external DHCPv6 server is not available. l Network-storage: To provide access to the storage devices attached to the controller. l Printer-server: To provide access to printers attached to the controller.
Example
The following command enables the DHCP server in the controller: (host) (config) #service dhcp The following command enables the DHCPv6 server in the controller: (host) (config) #service dhcpv6 The following command enables the NAS services in the controller: (host) (config) #service network-storage The following command enables the printer services in the controller: (host) (config) #service print-server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
service | 794
Command History
Version ArubaOS 3.0 ArubaOS 3.4 ArubaOS 6.3
Description Command introduced. The network-storage and print-server options were introduced. The dhcpv6 command was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
795 | service
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa accounting tacacs
show aaa accounting tacacs
Description
Show configuration information for TACACS+ accounting servers.
Usage Guidelines
This command displays TACACS+ data for your controller if you have previously configured a TACACS+ server and server group. The output includes the current TACACS+ accounting mode (enabled or disabled), and the name of the TACACS+ server group.
Example
The output of the show aaa accounting tacacs command displays configuration information for a TACACS+ accounting server. The output of this command includes the following parameters:
(host) #show aaa accounting tacacs
TACACS Accounting Configuration
-------------------------------
Parameter
Value
---------
-----
Mode
Enabled
Commands
configuration
Server-Group tacacs1
Parameter Mode Commands
Description
Shows whether this server group is Enabled or Disabled.
Displays the types of commands that are reported to the TACACS server group. l action reports action commands only. l all reports all commands. l configuration reports configuration commands only l show reports show commands only
Server-Group
Shows whether this server is Enabled or Disabled.
Related Commands
Command aaa authentication-server tacacs
Description Configure the TACACS+ accounting feature.
Mode
Config mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa accounting tacacs | 796
Command aaa server-group
Description
Add a configured authentication server to an ordered list in a server group, and configure server rules to derive a user role, VLAN ID or VLAN name from attributes returned by the server during authentication
Mode
Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
797 | show aaa accounting tacacs
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication all
show
show aaa authentication all
Description
Show authentication statistics for your controller, including authentication methods, successes and failures.
Usage Guidelines
This command displays a general overview of authentication statistics. To view authentication information for specific profiles such as a captive-portal, MAC or 801.x authentication profile, issue the commands specific to those features.
Example
The output of this command displays an authentication overview for your controller, including the authentication methods used, and the numbers of successes or failures for each method. This example shows the numbers of authentication successes and failures for a controller using TACACS+ and RADIUS authentication methods.
(host) #show aaa authentication all
Auth Method Statistics
----------------------
Method Success Failures
------ ------- --------
tacacs
12
Command History
This command was introduced in ArubaOS 3.0.
Command Information
2Radius
9
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication all | 798
show aaa authentication captive-portal
show aaa authentication captive-portal [<profile-name>]
Description
This command shows configuration information for captive portal authentication profiles.
Syntax
Parameter <profile-name>
Description The name of an existing captive portal authentication profile.
Usage Guidelines
Issue this command without the <profile-name> parameter to display the entire Captive Portal Authentication profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
If you do not yet have any captive portal authentication profiles defined, use the command aaa authentication captive-portal to configure your captive portal profiles.
Examples
This first example shows that there are three configured captive portal profiles in the Captive Profile Authentication Profile List. The References column lists the number of other profiles with references to a captive portal authentication profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) #show aaa authentication captive-portal
Captive Portal Authentication Profile List
------------------------------------------
Name
References Profile Status
----
---------- --------------
c-portal
2
remoteuser
1
portal1
1
Total: 4
Include a captive portal profile name to display a complete list of configuration settings for that profile. The example below shows settings for the captive portal profile portal1.
Captive Portal Authentication Profile "portal1" -----------------------------------------------Parameter --------Default Role Default Guest Role Server Group Redirect Pause User Login Guest Login Logout popup window
Value ----guest guest default 10 sec Enabled Disabled Enabled
799 | show aaa authentication captive-portal
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Use HTTP for authentication Logon wait minimum wait Logon wait maximum wait logon wait CPU utilization threshold Max Authentication failures Show FQDN Authentication Protocol Login page Welcome page Show Welcome Page Add switch IP address in the redirection URL Adding user vlan in redirection URL Add a controller interface in the redirection URL Allow only one active user session White List Black List Show the acceptable use policy page User idle timeout Redirect URL Bypass Apple Captive Network Assistant URL Hash Key
Disabled 5 sec 10 sec 60 % 0 Disabled PAP /auth/index. /auth/welcom Yes Disabled Disabled N/A Disabled N/A N/A Disabled N/A N/A Disabled ********
The output of this command includes the following parameters:
Parameter Default Role Default Guest Role Server Group Redirect Pause
User Login Guest Login Logout popup window
Description
Role assigned to the captive portal user upon login.
Guest role assigned to the captive portal user upon login.
Name of the group of servers used to authenticate captive portal users.
Time, in seconds, that the system remains in the initial welcome page before redirecting the user to the final web URL. If set to 0, the welcome page displays until the user clicks on the indicated link.
Shows whether the profile has enabled or disabled captive portal with authentication of user credentials.
Shows whether the profile has enabled or disabled captive portal guest login without authentication.
Shows whether the profile has enabled or disabled a pop-up window that allows a user to log out. If this is disabled, the user remains logged in until the user timeout period has elapsed or the station resets.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication captive-portal | 800
Parameter Use HTTP for authentication
Description
Shows whether the profile has enabled or disabled the ability to use the HTTP protocol to redirect users to the captive portal page.
Logon wait minimum wait
Minimum time, in seconds, the user will have to wait for the logon page to pop up if the CPU load is high.
Logon wait maximum wait
Maximum time, in seconds, the user will have to wait for the logon page to pop up if the CPU load is high.
logon wait CPU utilization threshold
CPU utilization percentage above which the logon wait interval is applied when directing a captive portal user with the logon page.
Max Authentication failures
Maximum number of authentication failures before the user is blacklisted.
Show FQDN
If enabled, the user can see and select the fully-qualified domain name (FQDN) on the captive portal login page.
Authentication Protocol Login page
This parameter specifies the type of authentication required by this profile, PAP is the default authentication type
URL of the page that appears for the user logon.
Welcome page
URL of the page that appears after logon and before the user is redirected to the web URL.
Add controller IP address in the redirection URL
If enabled, this option sends he controller's IP address in the redirection URL when external captive portal servers are used. An external captive portal server can determine the controller from which a request originated by parsing the `switchip' variable in the URL.
Adding user vlan in redirection URL
Shows the user's VLAN ID sent in the redirection URL, if enabled
Add a controller interface in the redirection URL
Shows the IP address of a controller interface added to the redirection URL, if enabled.
801 | show aaa authentication captive-portal
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Allow only one active user session White List Black List Show the acceptable use policy page User Idle Timeout
redirect-url <url> URL hash key
Description
If enabled, only one active user session is allowed at any time. This feature is disabled by default.
Shows the configured white list on an IPv4 or IPv6 network destination. The white list contains authenticated websites that a guest can access.
Shows the configured black list on an IPv4 or IPv6 network destination. The black list contains websites (unauthenticated) that a guest cannot access.
If enabled, the captive portal page will show the acceptable use policy page before the user logon page. This feature is disabled by default.
The user idle timeout for this profile. The valid range is 30-15300 in multiples of 30 seconds. Enabling this option overrides the global settings configured in the AAA timers. If this is disabled, the global settings are used.
URL to which an authenticated user will be directed.
If this value is set, the redirection URL is hashed using the defined hash key. The characters in the hash key are hidden in the output of this command
Related Commands
Command
Description
Mode
aaa authentication captive-portal
Use aaa authentication captive-portal to configure the parameters displayed in the output of this show command.
Config mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication captive-portal | 802
Command History
Version ArubaOS 3.0 ArubaOS 6.1
ArubaOS 6.2
Description
Command introduced.
The sygate-on-demand parameter was deprecated, and the white-list and black-list parameters were added.
the Authentication Protocol parameter was added, and the Use CHAP parameter was deprecated.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
803 | show aaa authentication captive-portal
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication captive-portal customization
show aaa authentication captive-portal customization <profile-name>
Description
Display customization settings for a captive portal profile
Syntax
Parameter <profile-name>
Description The name of an existing captive portal authentication profile.
Usage Guidelines
The this command shows how a captive portal profile has been customized with non-default configuration settings. If you do not yet have any captive portal authentication profiles defined, use the command aaa authentication captive-portal to configure your captive portal profiles
Example
The output of the following command shows how the captive portal profile c-portal has been customized. If an individual parameter has not been changed from its default settings, its value entry will be blank.
(host) #show aaa authentication captive-portal customization c-portal
Captive-Portal Customization
----------------------------
Parameter
Value
---------
-----
Login page design theme
3
Login page logo image
Login page text URL
/flash/upload/custom/ssu-guest-cp/logintext.html
Login policy text URL
/upload/custom/ssu-guest-cp/acceptableusepolicy.html
Custom page background color
Custom page background image /upload/custom/default/auth-slider-1.gif
The output of this command includes the following parameters:
Parameters Login page design theme
Login page logo image
Login page text Login policy text
Description Indicates whether the controller is using one of the two predefined login page designs (1 or 2) or has a custom background (3).
Path and filename for a custom captive portal logo. This option is only available if the controller has a predefined login design.
Path and filename of the page that appears for the user logon.
Path and filename of the page that displays user policy text.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication captive-portal customization | 804
Parameters
Description
Custom page background color Hexadecimal value for a custom background color. This option is only available if the controller has a custom login page design theme.
Custom page background image
Path and filename for a custom JPEG captive portal background image. This option is only available if the controller has a custom login page design theme.
Related Commands
Command
Description
aaa authentication captive-portal
If you do not yet have any captive portal profiles defined, use the command aaa authentication captiveportal to configure your captive portal profiles.
Mode Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
805 | show aaa authentication captive-portal customization
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication dot1x
show aaa authentication dot1x [<profile-name>|countermeasures]
Description
This command shows information for 802.1X authentication profiles.
Syntax
Parameter <profile-name> countermeasures
Description
The name of an existing 802.1X authentication profile.
Reports if WPA/WPA2 Countermeasures have been enabled for 802.1X profiles. If enabled, the AP scans for message integrity code (MIC) failures in traffic received from clients.
Usage Guidelines
Issue this command without the <profile-name> or countermeasures options to display the entire 802.1X Authentication profile list, including profile status and the number of references to each profile. Include a profile name to display detailed dot1x authentication configuration information for that profile. The countermeasures option indicates whether the 802.1X profiles have been configured for WPA/WPS2 countermeasures. If countermeasures have not been configured, the output for this command will be blank.
Examples
The following example lists all dot1x authentication profiles. The References column lists the number of other profiles with references to a 802.1X authentication profile, and the Profile Status column indicates whether the profile is predefined. User-defined 802.1X profiles will not have an entry in the Profile Status column.
(host) #show aaa authentication dot1x
802.1X Authentication Profile List
----------------------------------
Name
References Profile Status
----
---------- --------------
default
2
default-psk 1
Predefined (editable)
dot1x
5
dot1xtest
0
Total:4
To display a complete list of parameters for an individual profile, include the <profile> parameter. The example below displays some of the profile details for the authentication profile pDotix.
(host) #show aaa authentication dot1x pDot1x
802.1X Authentication Profile "pDot1x" -------------------------------------Parameter --------Max authentication failures
Value ----0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication dot1x | 806
Enforce Machine Authentication Machine Authentication: Default Machine Role Machine Authentication Cache Timeout Blacklist on Machine Authentication Failure Machine Authentication: Default User Role Interval between Identity Requests Quiet Period after Failed Authentication Reauthentication Interval Use Server provided Reauthentication Interval Multicast Key Rotation Time Interval Unicast Key Rotation Time Interval ...
Disabled guest 24 hrs Disabled guest 30 sec 30 sec 86400 sec Disabled 1800 sec 900 sec
The output of the show aaa authentication dot1xcommand includes the following parameters:
Parameter Max authentication failures
Enforce Machine Authentication
Machine Authentication: Default Machine Role Machine Authentication Cache Timeout Blacklist on Machine Authentication Failure Machine Authentication: Default User Role
Value
Number of times a user can try to login with wrong credentials after which the user is blacklisted as a security threat. Blacklisting is disabled if this parameter is set to 0.
Shows if machine authentication is enabled or disabled for Windows environments. If enabled, If enabled, either the machine-default-role or the user-default-role is assigned to the user, depending on which authentication is successful.
Default role assigned to the user after completing only machine authentication.
The timeout period, in hours, for machine authentication. After this period passes, the use will have to re-authenticate.
If enabled, the client is blacklisted if machine authentication fails.
Default role assigned to the user after 802.1X authentication.
807 | show aaa authentication dot1x
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Interval between Identity Requests Quiet Period after Failed Authentication Reauthentication Interval Use Server provided Reauthentication Interval
Multicast Key Rotation Time Interval
Unicast Key Rotation Time Interval Authentication Server Retry Interval Authentication Server Retry Count Framed MTU Number of times ID-Requests are retried Maximum Number of Reauthentication Attempts
Value
Interval, in seconds, between identity request retries
Interval, in seconds, following failed authentication.
Interval, in seconds, between reauthentication attempts.
If enabled, 802.1X authentication will use the server-provided reauthentication period.
Interval, in seconds, between multicast key rotations.
Interval, in seconds, between unicast key rotations.
Server group retry interval, in seconds.
The number of server group retries.
Shows the framed MTU attribute sent to the authentication server.
Maximum number of times ID requests are sent to the client.
Maximum number of reauthentication attempts.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication dot1x | 808
Parameter Maximum number of times Held State can be bypassed
Dynamic WEP Key Message Retry Count Dynamic WEP Key Size Interval between WPA/WPA2 Key Messages
Delay between EAP-Success and WPA2 Unicast Key Exchange
Delay between WPA/WPA2 Unicast Key and Group Key Exchange Time interval after which the PMKSA will be deleted Delete Keycache upon user deletion Enabled WPA/WPA2 Key Message Retry Count
Value
Number of consecutive authentication failures which, when reached, causes the controller to not respond to authentication requests from a client while the controller is in a held state after the authentication failure.
Number of times unicast/multicast EAPOL key messages are sent to the client.
Dynamic WEP key size, either 40 or 128 bits.
Interval, in milliseconds, between each WPA key exchange. The allowed range of values is 10005000 msecs, and the default value is 1000 msecs.
Show the delay interval between EAP-Success and unicast key exchanges, in msec.
Range: 0-2000msec. Default: 0 (no delay).
Interval, in milliseconds, between unicast and multicast key exchanges.
Show the PMKSA cache interval. Time interval in Hours. Range: 1-2000. Default: 8 hrs.
If enabled, the controller deletes the key cache entry when the user entry is deleted.
Number of times WPA/WPA2 key messages are retried.
809 | show aaa authentication dot1x
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Multicast Key Rotation Unicast Key Rotation Reauthentication
Opportunistic Key Caching Validate PMKID
Use Session Key Use Static Key xSec MTU Termination Dell Networking W-Series ArubaOS 6.4.x | User Guide
Value
Shows if multicast key rotation is enabled or disabled.
Shows if unicast key rotation is enabled or disabled.
If enabled, this option forces the client to do a 802.1X reauthentication after the expiration of the default timer for reauthentication. (The default value of the timer is 24 hours.)
If enabled, a cached pairwise master key (PMK) is derived with a client and an associated AP and used when the client roams to a new AP.
Shows if the Validate PMKID feature is enabled or disabled. When this option is enabled, the client must send a PMKID in the associate or reassociate frame to indicate that it supports OKC; otherwise, full 802.1X authentication takes place. (This feature is optional, since most clients that support OKC do not send the PMKID in their association request.)
If enabled, the controller will use a RADIUS session key as the unicast WEP key.
If enabled, the controller will use a static key as the unicast/multicast WEP key.
Shows the size of the MTU for xSec.
Shows if 802.1X termination is enabled or disabled on the controller.
show aaa authentication dot1x | 810
Parameter Termination EAP-Type
Value
Shows the current Extensible Authentication Protocol (EAP) method, either EAP-PEAP or EAPTLS.
Termination Inner EAP-Type
When EAP-PEAP is the EAP method, this parameter displays the inner EAP type.
Enforce Suite-B 128 bit or more security level Authentication
Shows if Suite-B 128 bit or more security level authentication enforcement is enabled or disabled.
Enforce Suite-B 192 bit security level Authentication
Shows if Suite-B 192 bit or more security level authentication enforcement is enabled or disabled.
Token Caching
If this feature enabled (and EAP-GTC is configured as the inner EAP method), token caching allows the controller to cache the username and password of each authenticated user.
Token Caching Period
Timeout period, in hours, for the cached information.
CA-Certificate
Name of the CA certificate for client authentication loaded in the controller.
Server-Certificate
Name of the Server certificate used by the controller to authenticate itself to the client.
TLS Guest Access
Shows if guest access for valid EAP-TLS users is enabled or disabled.
TLS Guest Role
User role assigned to EAPTLS guest.
811 | show aaa authentication dot1x
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Ignore EAPOL-START after authentication Handle EAPOL-Logoff Ignore EAP ID during negotiation WPA-Fast-Handover
Disable rekey and reauthentication for clients on call
Check certificate common name against AAA server
Value
If enabled, the controller ignores EAPOL-START messages after authentication.
Shows if handling of EAPOL-LOGOFF messages is enabled or disabled.
If enabled, the controller will Ignore EAP IDs during negotiation.
Shows if WPA-fasthandover is enabled or disabled. This feature is only applicable for phones that support WPA.
Shows if the rekey and reauthentication features for voice-over-WLAN clients has been enabled or disabled.
If enabled, this parameter verifies that the certificate's common name exists in the server. This parameter is disabled by default dot1x profiles.
Related Commands
Command
Description
aaa authentication dot1x
If you do not yet have any 802.1X authentication profiles defined, use the command aaa authentication dot1x to configure your 802.1X profiles.
Mode Config mode
Command History
Version ArubaOS 3.0 ArubaOS 6.1
ArubaOS 6.3.1.2
Description Command introduced.
The Check certificate common name against AAA server, Enforce Suite-b-128 and Enforce Suite-b-192 parameters were introduced.
The Delete Keycache upon user deletion parameter was introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication dot1x | 812
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
813 | show aaa authentication dot1x
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication mac
show aaa authentication mac [<profile-name>]
Description
This command shows information for MAC authentication profiles.Issue this command without the <profile-name> option to display the entire MAC Authentication profile list, including profile status and the number of references to each profile. Include a profile name to display detailed MAC authentication configuration information for that profile.
Syntax
Parameter <profile-name>
Description The name of an existing MAC authentication profile.
Examples
The output of the example below shows two MAC authentication profiles, default and macProfile1, which are referenced three times by other profiles. the Profile Status columns are blank, indicating that these profiles are both user-defined. (If a profile is predefined, the value Predefined appears in the Profile Status column.)
(host) #show aaa authentication dot1x pDot1x
802.1X Authentication Profile "pDot1x" -------------------------------------Parameter --------Max authentication failures Enforce Machine Authentication Machine Authentication: Default Machine Role Machine Authentication Cache Timeout Blacklist on Machine Authentication Failure Machine Authentication: Default User Role Interval between Identity Requests Quiet Period after Failed Authentication Reauthentication Interval Use Server provided Reauthentication Interval Multicast Key Rotation Time Interval Unicast Key Rotation Time Interval ...
Value ----0 Disabled guest 24 hrs Disabled guest 30 sec 30 sec 86400 sec Disabled 1800 sec 900 sec
The following example displays configuration details for the MAC authentication profile "MacProfile1," including the delimiter and case used in the authentication request, and the maximum number of times a client can fail to authenticate before it is blacklisted.
(host) #show aaa authentication mac MacProfile1
MAC Authentication Profile "MacProfile1"
----------------------------------------
Parameter
Value
---------
-----
Delimiter
colon
Case
upperMax Authentication failures 3
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication mac | 814
Related Commands
Command
Description
aaa authentication mac Configure MAC authentication values on your controller.
Mode Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
815 | show aaa authentication mac
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication mgmt
show aaa authentication mgmt
Description
This command displays administrative user authentication information, including management authentication roles and servers.
Usage Guidelines
Issue this command to identify the default management role assigned to authenticated administrative users, and the name of the group of servers used to authenticate these users.
Example
The output of the following example displays management authentication information for your controller.
(host) #show aaa authentication mgmt
Management Authentication Profile
---------------------------------
Parameter
Value
---------
-----
Default Role root
Server Group ServerGroup1
Enable
Enabled
Parameter Default Role
Server Group Enable
Description
This parameter shows which of the following roles the controller uses for authentication management. l root, the super user role (default). l guest-provisioning, guest provisioning role. l network-operations, network operator role. l read-only, read only role. l location-api-mgmt, location API management role. l no-access, no commands are accessible.
The name of a server group.
The Enable parameter indicates whether or not this feature is enabled or disabled.
The output of the show aaa authentication mgmt command includes the following parameters:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication mgmt | 816
Related Commands
Command aaa authentication mgmt
Description
Configure management authentication settings.
Mode Config mode
Command History
Version ArubaOS 3.0 ArubaOS 6.1
Description Command introduced. The Mode parameter in the command output was renamed Enable.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
817 | show aaa authentication mgmt
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication stateful-dot1x
show aaa authentication stateful-dot1x [config-entries]
Description
This command displays configuration settings for 802.1X authentication for clients on non-Dell APs.
Syntax
Parameter config-entries
Description Display details for the AP Server configuration list.
Usage Guidelines
Issue this command to identify the default role assigned to the 802.1X user group, name of the group of RADIUS servers used to authenticate the 802.1X users, and the 802.1X authentication timeout period, in seconds.
Example
The output of the following example displays 802.1X authentication information for your controller.
(host) #show aaa authentication stateful-dot1x
Stateful 802.1X Authentication Profile
--------------------------------------
Parameter
Value
---------
-----
Default Role guest
Server Group newgroup2
Timeout
10 sec
Mode
Enabled
Parameter Default Role
Server Group Timeout Mode
Description This parameter shows which role the controller uses for 802.1X authentication management.
The name of a server group.
Timeout period for an authentication request, in seconds.
The Mode parameter indicates whether or not this feature is enabled or disabled.
The output of this command includes the following parameters: When you include the config-entries parameter, the output shows the AP - Server Configuration List.
(host) #show aaa authentication stateful-dot1x config-entries
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication stateful-dot1x | 818
AP-Server Configuration List ---------------------------Cfg-Name AP-IP -------- ----cfg22
10.3.14.6
Server ------
RADIUS1
Parameter Cfg-Name AP-IP Server
Description is a auto-generated name IP address of the AP. Name of the authentication server.
Shared-Secret
Shared authentication secret.
Shared-Secret -------------
secret-pwd
The output of this command includes the following parameters:
Related Commands
Command
aaa authentication statefuldot1x
Description
Mode
Use the command aaa authentication statefuldot1x to configure the settings displayed in the output of this show command.
Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
819 | show aaa authentication stateful-dot1x
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication stateful-ntlm
show aaa authentication stateful-ntlm
Description
This command displays configuration settings for the Stateful NTLM Authentication profile.Issue this command without the <profile-name> option to display the entire Stateful NTLM Authentication profile list, including profile status and the number of references to each profile. Include a profile name to display detailed Stateful NTLM authentication configuration information for that profile.
Syntax
Parameter <profile-name>
Description The name of an existing Stateful NTLM authentication profile.
Usage Guidelines
Issue this command to identify the default role assigned to users who have successfully authenticated using the NT LAN Manager (NTLM) authentication protocol, the name of the group of windows servers used to authenticate these users, and the NTLM authentication timeout period, in seconds.
Examples
The output of the example below shows two stateful NTLM authentication profiles, default and NTLMprofile1, which are each referenced one time by other profiles. the Profile Status columns are blank, indicating that these profiles are both user-defined. (If a profile is predefined, the value Predefined appears in the Profile Status column.)
(host) #show aaa authentication stateful-ntlm
Stateful NTLM Authentication Profile List
-----------------------------------------
Name
References Profile Status
----
---------- --------------
default
1
NTLMprofile1
1
Total:2 The following example displays configuration details for the stateful NTLM authentication profile "default".
(host) #show aaa authentication stateful-ntlm default
Stateful NTLM Authentication Profile "default"
----------------------------------------------
Parameter
Value
---------
-----
Default Role guest
Server Group default
Mode
Disabled
Timeout
10 sec
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication stateful-ntlm | 820
Parameter Default Role Server Group Mode
Timeout
Description This parameter shows the role assigned to NTLM authenticated users.
The name of a windows server group.
The Mode parameter indicates whether or not this authentication profile is enabled or disabled.
Timeout period for an authentication request, in seconds.
The output of this command includes the following parameters:
Related Commands
Command aaa authentication stateful-ntlm
Description
Use the command aaa authentication stateful-ntlm to configure the settings displayed in the output of this show command.
Command History
This command was introduced in ArubaOS 3.4.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
821 | show aaa authentication stateful-ntlm
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication via auth-profile
show aaa authentication via auth-profile [<profile-name>]
Description
This command displays configuration settings for the VIA Authentication profile. Issue this command without the <profile-name> option to display the entire VIA Authentication profile list, including profile status and the number of references to each profile. Include a profile name to display detailed VIA authentication configuration information for that profile.
Syntax
Parameter <profile-name>
Description The name of an existing VIA authentication profile.
Usage Guidelines
Issue this command without the <profile-name> parameter to display the entire VIA Authentication profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
If you do not yet have any VIA authentication profiles defined, use the command aaa authentication via authprofile to configure your VIA authentication profiles.
Examples
This first example shows that there are three configured captive portal profiles in the Captive Profile Authentication Profile List. The References column lists the number of other profiles with references to a VIA authentication profile, and the Profile Status column indicates whether the profile is predefined. Userdefined profiles will not have an entry in the Profile Status column.
(host) #show aaa authentication via auth-profile
VIA Authentication Profile List
-------------------------------
Name
References Profile Status
----
---------- --------------
default 0
via1
2
via2
1
Total:3
Include a VIA authentication profile name to display a complete list of configuration settings for that profile. The example below shows settings for the VIA authentication profile via1.
VIA Authentication Profile "via1"
---------------------------------
Parameter
Value
---------
-----
Default Role
default-via-role
Server Group
internal
Max Authentication failures 2
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication via auth-profile | 822
Description
VIA config for the MV office
The output of this command includes the following parameters:
Parameter Default Role
Description Role assigned to the captive portal user upon login.
Server Group
Name of the group of servers used to authenticate captive portal users.
Max Authentication failures
Maximum number of authentication failures before the user is blacklisted.
Description
Description of the VIA authentication profile.
Related Commands
Command
Description
aaa authentication via auth-profile
Use aaa authentication via authprofile to configure the parameters displayed in the output of this show command.
Mode Config mode
Command History
This command was introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
823 | show aaa authentication via auth-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication via connection-profile
show aaa authentication via connection-profile [<profile-name>]
Description
This command displays configuration settings for the VIA connection profile. Issue this command without the <profile-name> option to display the entire VIA Connection profile list, including profile status and the number of references to each profile. Include a profile name to display detailed VIA connection configuration information for that profile.
Syntax
Parameter <profile-name>
Description The name of an existing VIA connection profile.
Usage Guidelines
Issue this command without the <profile-name> parameter to display the entire VIA connection profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
If you do not yet have any VIA connection profiles defined, use the command aaa authentication via connection-profile to configure your VIA connection profiles.
Examples
This first example shows that there are three configured connection profiles in the Captive Profile Authentication Profile List. The References column lists the number of other profiles with references to a VIA connection profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) #show aaa authentication via connection-profile
VIA Connection Profile List
---------------------------
Name
References Profile Status
----
---------- --------------
connection_1 3
connection_2 1
default
0
Total:3
Include a connection profile name to display a complete list of configuration settings for that profile. The example below shows settings for the captive portal profile connection_1.
VIA Connection Profile "default" -------------------------------Parameter --------VIA Servers Client Auto-Login VIA Authentication Profiles to provision
Value ----N/A Enabled N/A
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication via connection-profile | 824
Allow client to auto-upgrade VIA tunneled networks Enable split tunneling VIA Client WLAN profiles Allow client side logging VIA IKE V2 Policy VIA IKE Policy Use Windows Credentials Enable IKEv2 Use Suite B Cryptography IKEv2 Authentication method VIA IPSec V2 Crypto Map VIA IPSec Crypto Map Allow user to save passwords Enable Supplicant Enable FIPS Module Auto-launch Supplicant Lockdown All Settings Domain Suffix in VIA Authentication Enable Controllers Load Balance Enable Domain Pre-connect VIA Banner Message Reappearance Timeout(minutes) VIA Client Network Mask Validate Server Certificate VIA Client DNS Suffix List VIA max session timeout VIA Logon Script VIA Logoff Script VIA Support E-Mail Address Maximum reconnection attempts VIA external download URL Allow user to disconnect VIA Content Security Gateway URL Comma seperated list of HTTP ports to be inspected (apart from default port 80) Enable Content Security Services Keep VIA window minimized Block traffic until VPN tunnel is up Block traffic rules
The output of this command includes the following parameters:
Enabled N/A Disabled N/A Enabled Default Default Enabled Disabled Disabled user-cert default-ikev2-dynamicmap/10000 default-dynamicmap/10000 Enabled Disabled Disabled Disabled Disabled Disabled Disabled Enabled 60 255.255.255.255 Enabled N/A 1440 min N/A N/A N/A 3 N/A Enabled N/A
N/A Disabled Disabled Disabled N/A
Parameter VIA servers
Description
Displays the following information about the VIA server:
l Controller Hostname/IP Address: This is the public IP address or the DNS hostname of the VIA controller. Users will connect to remote server using this IP address or the hostname.
l Controller Internal IP Address: This is the IP address of any of the VLAN interface IP addresses belongs to this controller.
l Controller Description: This is a human-readable description of the controller.
Client Auto-Login
Enable or disable VIA client to auto login and establish a secure connection to the controller.
Default: Enabled
825 | show aaa authentication via connection-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
VIA Authentication Profiles to provision
Description
This is the list of VIA authentication profiles that will be displayed to users in the VIA client.
Allow client to autoupgrade
Enable or disable VIA client to automatically upgrade when an updated version of the client is available on the controller.
Default: Enabled
VIA tunneled networks
A list of network destination (IP address and netmask) that the VIA client will tunnel through the controller. All other network destinations will be reachable directly by the VIA client.
Enable split-tunneling
Enable or disable split tunneling. l If enabled, all traffic to the VIA tunneled networks will go through the
controller and the rest is just bridged directly on the client. l If disabled, all traffic will flow through the controller. Default: off
Allow client-side logging
Enable or disable client side logging. If enabled, VIA client will collect logs that can be sent to the support email-address for troubleshooting.
Default: Enabled
VIA Client WLAN profiles
A list of VIA client WLAN profiles that needs to be pushed to the client machines that use Windows Zero Config (WZC) to configure or manage their wireless networks.
VIA IKEv2 Policy
A list of IPsec crypto maps that the VIA client uses to connect to the controller. These IPsec Crypto Maps are configured in the CLI using the crypto-local ipsec-map <ipsec-map-name> command.
VIA IKE Policy
List of IKE policies that the VIA Client has to use to connect to the controller.
Use Windows Credentials
Enable or disable the use of the Windows credentials to login to VIA. If enabled, the SSO (Single Sign-on) feature can be utilized by remote users to connect to internal resources.
Default: Enabled
Enable IKEv2
Select this option to enable or disable the use of IKEv2 policies for VIA.
Use Suite B Cryptography
Select this option to use Suite B cryptography methods. You must install the Advanced Cryptography license to use the Suite B cryptography.
IKEv2 Authentication method
List of all IKEv2 authentication methods.
VIA IPSec V2 Crypto Map
List of all IPSec V2 that the VIA client uses to connect to the controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication via connection-profile | 826
Parameter VIA IPsec Crypto Map
Description
List of IPsec Crypto Map that the VIA client uses to connect to the controller. These IPsec Crypto Maps are configured in CLI using the crypto-local ipsec-map <ipsec-map-name> command.
Allow user to save passwords
Enable or disable users to save passwords entered in VIA. Default: Enabled
Enable Supplicant
If enabled, VIA starts in bSec mode using L2 suite-b cryptography. This option is disabled by default.
Enable FIPS Module
Shows if the VIA (Federal Information Processing Standard) FIPS module is enabled, so VIA checks for FIPS compliance during startup. This option is disabled by default.
Auto-Launch Supplicant
Select this option to automatically connect to a configured WLAN network.
Lockdown All Settings
If enabled, all user options on the VIA client are disabled.
Domain Suffix in VIA Authentication
Enables a domain suffix on VIA Authentication, so client credentials are sent as domainname\username instead of just username.
Enable Controllers Load Balance
This option allows the VIA client to failover to the next available selected randomly from the list as configured in the VIA Servers option. If disabled, VIA will failover to the next in the sequence of ordered list of VIA Servers.
Enable Domain PreConnect
This option allows users with lost or expired passwords to establish a VIA connection to corporate network. This option authenticates the user's device and establishes a VIA connection that allows users to reset credentials and continue with corporate access.
VIA Banner Reappearance Timeout
The maximum time (in minutes) allowed before the VIA login banner reappears. Default: 1440 min
VIA Client Network Mask
The network mask that has to be set on the client after the VPN connection is established.
Default: 255.255.255.255
Validate Server Certificate
Enable or disable VIA from validating the server certificate presented by the controller.
Default: Enabled
VIA Client DNS Suffix List
The DNS suffix list (comma separated) that has be set on the client once the VPN connection is established.
Default: None.
VIA max session timeout
The maximum time (minutes) allowed before the VIA session is disconnected.
Default: 1440 min
827 | show aaa authentication via connection-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter VIA Logon Script
Description
Name of the logon script that must be executed after VIA establishes a secure connection. The logon script must reside in the client computer.
VIA Logoff Script
Name of the log-off script that must be executed after the VIA connection is disconnected. The logoff script must reside in the client computer.
VIA Support E-mail Address
The support e-mail address to which VIA users will send client logs. Default: None.
Maximum reconnection attempts
The maximum number of re-connection attempts by the VIA client due to authentication failures.
Default: 3
VIA external download URL
End users will use this URL to download VIA on their computers.
Allow user to disconnect VIA
Enable or disable users to disconnect their VIA sessions. Default: Enabled
Comma Separated List of HTTP Ports
Traffic from the specified ports will be verified by the content security service provider.
Keep VIA window minimized
Enable this option to minimize the VIA client to system tray during the connection phase. Applicable to VIA client installed in computers running Microsoft Windows operating system.
Block traffic until VPN tunnel is up
If enabled, this feature will block network access until the VIA VPN connection is established.
Block traffic rules
Specify a hostname or IP address and network mask to define a whitelist of users to which the Block traffic until VPN tunnel is up setting will not apply.
Related Commands
Command
Description
aaa authentication via connection-profile
Use aaa authentication via connection-profile to configure the parameters displayed in the output of this show command.
Mode Config mode
Command History
This command was introduced in ArubaOS 5.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication via connection-profile | 828
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
829 | show aaa authentication via connection-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication via web-auth
show aaa authentication via web-auth [default]
Description
A VIA web authentication profile contains an ordered list of VIA authentication profiles. The web authentication profile is used by end users to login to the VIA download page (https://<server-IP-address>/via) for downloading the VIA client. Only one VIA web authentication profile is available. If more than one VIA authentication profile is configured, users can view this list and select one during the client login.
Syntax
No parameters.
Usage Guidelines
Issue this command to view the authentication profiles associated with the default web authentication profile. Use it without the profile name to see the list of authentication profiles.
Examples
(host) #show aaa authentication via web-auth
VIA Web Authentication List
---------------------------
Name
References Profile Status
----
---------- --------------
default 2
Total:1
(host) #show aaa authentication via web-auth default
VIA Web Authentication "default"
--------------------------------
Parameter
Value
---------
-----
VIA Authentication Profiles via1
The output of this command includes the following parameters:
Parameter
Description
VIA Authentication Profiles
This is the name of the VIA authentication profile. The value column displays the order of priority in which the profiles are displayed in the VIA client login.
Related Commands
Command
Description
Mode
aaa authentication via web-auth
Use aaa authentication via web-auth to configure the parameters displayed in the output of this show command.
Config mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication via web-auth | 830
Command History
This command was introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
831 | show aaa authentication via web-auth
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication vpn
show aaa authentication vpn [default|default-cap|default-rap]
Description
This command displays VPN authentication settings, including authentication roles and servers.
Usage Guidelines
Issue this command to identify the default role assigned to VPN users, the name of the group of servers used to authenticate the VPN users, and the maximum number of authentication failures allowed before the user is blacklisted.
Example
The following example displays configuration details for the VPN authentication profile default, default-cap and default-rap. (host) #show aaa authentication vpn default
VPN Authentication Profile "default"
------------------------------------
Parameter
Value
---------
-----
Default Role
default-vpn-role
Server Group
default
Max Authentication failures 2
(TechPubs) #show aaa authentication vpn default-cap
VPN Authentication Profile "default-cap" (Predefined)
-----------------------------------------------------
Parameter
Value
---------
-----
Default Role
ap-role
Server Group
internal
Max Authentication failures 0
(TechPubs) #show aaa authentication vpn default-rap
VPN Authentication Profile "default-rap" (Predefined (changed))
---------------------------------------------------------------
Parameter
Value
---------
-----
Default Role
default-vpn-role
Server Group
default
Max Authentication failures 0
Parameter Default Role Server Group
Description The default role to be assigned to VPN users. The name of the server group that performs the authentication.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication vpn | 832
Parameter Max Authentication failures
Description Number of times a user attempted to authenticate, but failed.
Related Commands
Command
Description
aaa authentication via auth-profile
Use the command aaa authentication via auth-profile to configure the settings displayed in the output of this show command.
Mode Config mode
Command History
Version ArubaOS 3.0 ArubaOS 5.0 ArubaOS 6.1
Description Command introduced.
The default-cap and default-rap profiles were introduced.
The Check certificate common name against AAA server parameter was introduced.
Command Information
Platforms All platforms
Licensing
Command Mode
The PEFV license and the base operating system.
Enable or Config mode on master or local controllers
833 | show aaa authentication vpn
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication wired
show aaa authentication wired
Description
View wired authentication settings for a client device that is directly connected to a port onthe controller.
Usage Guidelines
This command displays the name of the AAA profile currently used for wired authentication.
Example
The following example shows the current wired profile for the controller is a profile named "secure_profile_3." (host) #show aaa authentication wired Wired Authentication Profile ---------------------------Parameter Value --------- ----AAA Profile Secure_profile_3
Related Commands
Command aaa authentication wired
Description
Mode
Use the command aaa authentication wired to configure the settings displayed in the output of this show command.
Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication wired | 834
show aaa authentication wispr
show aaa authentication wispr <profile-name)
Description
This command shows information for a WISPr authentication profiles. Issue this command without the <profile-name> option to display the entire WISPr Authentication profile list, including profile status and the number of references to each profile. Include a profile name to display detailed WISPr authentication configuration information for that profile.
Parameter <profile-name>
Description The name of an existing MAC authentication profile.
Examples
The output of the example below shows two WISPr authentication profiles, default and WISPR1, which are referenced two times by other profiles. the Profile Status columns are blank, indicating that these profiles are both user-defined. (If a profile is predefined, the value Predefined appears in the Profile Status column.)
(host) #show aaa authentication wispr
WISPr Authentication Profile List
-------------------------------
Name
References Profile Status
----
---------- --------------
default
2
WISPr1 2
Total:2
(host) #show aaa authentication wispr WISPr1
WISPr Authentication Profile "WISPr1"
--------------------------------------
Parameter
Value
---------
-----
Default Role
guest
Server Group
default
Logon wait minimum wait
5 sec
Logon wait maximum wait
10 sec
logon wait CPU utilization threshold 60 %
WISPr Location-ID ISO Country Code US
WISPr Location-ID E.164 Country Code 1
WISPr Location-ID E.164 Area Code
408
WISPr Location-ID SSID/Zone
Corp1
WISPr Operator Name
MyCompany
WISPr Location Name
Sunnyvale
The following example displays configuration details for the WISPr authentication profile "WISPr1".
(host) #show aaa authentication wispr WISPr1 WISPr Authentication Profile "WISPr1" --------------------------------------
835 | show aaa authentication wispr
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter --------Default Role Server Group Logon wait minimum wait Logon wait maximum wait logon wait CPU utilization threshold WISPr Location-ID ISO Country Code WISPr Location-ID E.164 Country Code WISPr Location-ID E.164 Area Code WISPr Location-ID SSID/Zone WISPr Operator Name WISPr Location Name
Value ----guest default 5 sec 10 sec 60 % US 1 408 Corp1 MyCompany Sunnyvale
The output of this command includes the following parameters:
Parameter Default Role
Description
The default role to be assigned to users that have completed WISPr authentication.
Server Group
The name of the server group that performs the authentication.
Logon wait minimum wait
If the controller's CPU utilization has surpassed the Login wait CPU utilization threshold value, the Logon wait minimum wait parameter defines the minimum number of seconds a user will have to wait to retry a login attempt. Range: 1-10 seconds. Default: 5 seconds.
Logon wait maximum wait
If the controller's CPU utilization has surpassed the logon wait CPU utilization threshold value, the Logon wait maximum wait parameter defines the maximum number of seconds a user will have to wait to retry a login attempt. Range: 1-10 seconds. Default: 10 seconds.
WISPr Location-ID E.164 Area Code
The E.164 Area Code in the WISPr Location ID.
WISPr Location-ID E.164 Country Code 1 The 1-3 digit E.164 Country Code in the WISPr Location ID.
WISPr Location-ID ISO Country Code WISPr Location-ID SSID/Zone WISPr Location Name
WISPr Operator Name
The ISO Country Code in the WISPr Location ID.
The SSID/network name in the WISPr Location ID.
A name identifying the hotspot location. If no name is defined, the default ap-name is used.
A name identifying the hotspot operator.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication wispr | 836
Related Commands
Command
Description
aaa authentication wispr Configure WISPr authentication values on your controller.
Mode
Config mode on master or local controllers.
Command History
This command was introduced in ArubaOS 3.4.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
837 | show aaa authentication wispr
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication-server all
show aaa authentication-server all
Description
View authentication server settings for both external authentication servers and the internal controller database.
Usage Guidelines
The output of this command displays statistics for the Authentication Server Table, including the name and address of each server, server type and configured authorization and accounting ports.
Examples
The following command shows information for the internal Authentication server, and another RADIUS server named RADIUS-1. (host) #show aaa authentication-server all
Auth Server Table
-----------------
Name
Type FQDN IP addr
AuthPort
----
---- ---- -------
--------
Internal Local n/a 10.4.62.11 n/a
server Ldap n/a 0.0.0.0
389
server Radius SRVR1 127.9.9.61 1812
default Tacacs n/a 127.9.10.61 49
AcctPort -------n/a n/a 1813 n/a
Status -----Enabled Enabled Enabled Enabled
The following data columns appear in the output of this command:
Requests -------0 0 0 0
Parameter Name Type
FQDN IP addr AuthPort
AcctPort
Description
Name of the authentication server.
The type of authentication server. ArubaOS supports LDAP, RADIUS and TACACS+ servers, in addition to its own local, internal authentication server.
The Fully-Qualified Domain Name of the server, if configured.
IP address of the server, in dotted-decimal format.
Port number used for authentication. An LDAP server uses port 636 for LDAP over SSL, and port 389 for SSL over LDAP, Start TLS operation andclear text. The default RADIUS authentication port is port 1812.
Accounting port on the server. The default RADIUS accounting port is port 1813.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication-server all | 838
Parameter AcctPort Status Requests
Description Accounting port on the server. Shows whether the Authentication server is enable or disabled. Number of authentication requests received by the server.
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
839 | show aaa authentication-server all
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication-server internal
show aaa authentication-server internal [statistics]
Description
View authentication server settings for the internal controller database.
Examples
The output of the command below shows that the internal authentication server has been disabled
(host) #show aaa authentication-server internal
Internal Server
---------------
Host
IP addr
----
-------
Internal 10.168.254.221
Retries ------3
Timeout ------5
Status -----Disabled
The following data columns appear in the output of this command:
Parameter Host IP addr Retries
Timeout Status
Description Name of the internal authentication server. Address of the internal server, in dotted-decimal format. Number of retries allowed before the server stops attempting to authenticate a request. Timeout period, in seconds. Shows if the server is enabled of disabled
Include the statistics parameter to display additional details for the internal server.
(host) #show aaa authentication-server internal statistics
Internal Database Server Statistics
-----------------------------------
PAP Requests
8
PAP Accepts
8
PAP Rejects
0
MSCHAPv2 Requests
0
MSCHAPv2 Accepts
0
MSCHAPv2 Rejects
0
Mismatch Response
0
Users Expired
1
Unknown Response
0
Timeouts
1
AvgRespTime (ms)
0
Uptime (d:h:m)
4:3:32
SEQ first/last/free
1,255,255
The following data columns appear in the output of this command:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication-server internal | 840
Parameter PAP Requests PAP Accepts PAP Rejects MSCHAPv2 Requests MSCHAPv2 Accepts MSCHAPv2 Rejects Mismatch Response
Users Expired
Unknown Response
Timeouts AvgRespTime (ms) Uptime (d:h:m) SEQ first/last/free
Description Number of PAP requests received by the internal server.
Number of PAP requests accepted by the internal server.
Number of PAP requests rejected by the internal server.
Number of MSCHAPv2 requests received by the internal server.
Number of MSCHAPv2 requests accepted by the internal server.
Number of MSCHAPv2 requests rejected by the internal server.
Number of times the server received an authentication response to a request after another request had been sent.
Number of users that were deauthenticated because they stopped responding.
Number of times the server did not recognize the response, possibly due to internal errors.
Number of times that the controller timed out an authentication request.
Time it takes the server to respond to an authentication request, in seconds.
Time elapsed since the last server reboot.
This internal buffer counter keeps track of the requests to the authentication server.
Related Commands
Command aaa authentication-server internal
Description
Issue the command aaa authentication-server internal to use the internal database on a local controller for authenticating clients.
Mode Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
841 | show aaa authentication-server internal
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication-server internal | 842
show aaa authentication-server ldap
show aaa authentication-server ldap [<ldap_server_name>]
Description
Display configuration settings for your LDAP servers.
Syntax
Parameter <ldap_server_name>
Description Name that identifies an LDAP server.
Examples
The output of the example below displays the LDAP server list with the names of all the LDAP servers. The References column lists the number of other profiles that reference an LDAP server, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) #aaa authentication-server ldap
LDAP Server List ---------------Name References ---- ---------ldap1 5 ldap2 3 ldap3 1
Profile Status --------------
Total:3 Include the <ldap_server_name> parameter to display additional details for an individual server. (host) #show aaa authentication-server ldap ldap1
LDAP Server "ldap1" ------------------Parameter --------Host Admin-DN Admin-Passwd Allow Clear-Text Auth Port Base-DN Filter Key Attribute Timeout Mode Preferred Connection Type
Value ----10.1.1.234 cn=corp,cn=Users,dc=1m,dc=corp,dc=com ******** Disabled 389 cn=Users,dc=1m,dc=corp,dc=com (objectclass=*) sAMAccountName 20 sec Enabled ldap-s
The output of this command includes the following parameters:
843 | show aaa authentication-server ldap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter host
Description IP address of the LDAP server
Admin-DN
Distinguished name for the admin user who has read/search privileges across all of the entries in the LDAP database.
Admin Passwd
Password for the admin user.
Allow Clear-Text
If enabled, this parameter allows clear-text (unencrypted) communication with the LDAP server.
Auth Port
Port number used for authentication. Port 636 will be attempted for LDAP over SSL, while port 389 will be attempted for SSL over LDAP, Start TLS operation and clear text.
Base-DN
Distinguished Name of the node which contains the required user database.
Filter
Filter that should be applied to search of the user in the LDAP database (default filter string is: ì(objectclass=*)î ).
Key attribute
Attribute that should be used as a key in search for the LDAP server.
Timeout
Timeout period of a LDAP request, in seconds.
Mode
Shows whether this server is Enabled or Disabled.
Preferred Connection Type
Preferred type of connection to the server. Possible values are l Clear text l LDAP-S l START-TLS
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication-server ldap | 844
show aaa authentication-server radius
show aaa authentication-server radius [<rad_server_name>|statistics]
Description
Displays the configuration settings of your RADIUS servers.
Syntax
Parameter <rad_server_name> statistics
Description Name that identifies a RADIUS server. Displays the statistics for all RADIUS servers.
Usage Guidelines
Timeouts information in the output of this command includes RADIUS accounting requests. Timeouts are kept track for every request the controller sends to the RADIUS server,so each retry is counted towards a timeout.
Examples
The output of the example below displays the RADIUS server list with the names of all the RADIUS servers. The References column lists the number of other profiles that reference a RADIUS server, and the Profile Status column indicates whether the profile is predefined. User-defined servers will not have an entry in the Profile Status column.
(host) #show aaa authentication-server radius
RADIUS Server List
------------------
Name
References
----
----------
myserver 3
radius
0
servername 0
Profile Status --------------
Total:3
Include the <rad_server_name> parameter to display additional details for an individual server. (host) #show aaa authentication-server radius radsec
RADIUS Server "radsec" ---------------------Parameter --------Host Key CPPM credentials Auth Port Acct Port Radsec Port Retransmits Timeout NAS ID
Value ----10.15.28.101 ******** ade/******** 1812 1813 2083 3 5 sec N/A
845 | show aaa authentication-server radius
Dell Networking W-Series ArubaOS 6.4.x | User Guide
NAS IP Enable IPv6 NAS IPv6 Source Interface Use MD5 Use IP address for calling station ID Mode Lowercase MAC addresses MAC address delimiter Service-type of FRAMED-USER Radsec Radsec Trusted CA Name Radsec Server Cert Name Radsec Client Cert called-station-id
N/A Disabled N/A N/A Disabled Disabled Enabled Disabled none Disabled Enabled can-new N/A client-new macaddr colon disable
The output of this command includes the following information:
Parameter host Key CPPM credentials
Auth port Acct Port Radsec Port Retransmits Timeout NAS ID NAS IP
Enable IPv6
Description
IP address of the RADIUS server
Shared secret between the controller and the authentication server.
Setting this parameter allows the controller to use configurable username and password instead of a support password.
Authentication port on the server.
Accounting port on the server.
Displays the Radsec port for RADIUS data transport.
Maximum number of retries sent to the server by the controller before the server is marked as down.
Maximum time, in seconds, that the controller waits before timing out the request and resending it.
Network Access Server (NAS) identifier to use in RADIUS packets.
NAS IP address to send in RADIUS packets. If you do not configure a server-specific NAS IP, the global NAS IP is used.
Shows if the RADIUS server is enabled in IPv6 mode.
NAS IPv6
IPv6 address for the global NAS IP which the controller uses to communicate with all the RADIUS servers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication-server radius | 846
Parameter Source Interface Use MD5 Use IP address for calling station ID Mode Lowercase MAC addresses MAC address delimiter
Service-type of FRAMED-USER
Radsec Radsec Trusted CA Radsec Server Cert Name Radsec Client Cert called-station-id
Description
The source interface VLAN ID number.
If enabled, the RADIUS server will use a MD5 hash of cleartext password.
If enabled, the RADIUS server will use an IP address instead of a MAC address for calling station IDs.
Shows whether this server is Enabled or Disabled.
If this feature is enabled, the server will send MAC addresses in lowercase letters.
The character used as a MAC address delimiter. If no character is specified, the RADIUS server will use a colon (:) by default.
If this option is enabled, the server sends the servicetype as FRAMED-USER instead of LOGIN-USER. This option is disabled by default
Displays the status of the Radsec server.
Displays the Certificate Authority to sign Radsec certificates.
Displays the trusted Radsec server certificate.
Displays the Radsec client certificate on the RADIUS server that identifies and authenticates clients.
Configure this parameter to be sent with the RADIUS attribute Called Station ID for authentication and accounting requests. The called-station-id parameter can be configured to include AP group, AP MAC address, AP name, controller IP, controller MAC address, or user vlan. The default value is controller MAC address.
Include the optional statistics parameter in this command to display the following statistics for all RADIUS servers:
Parameter Server
Description Name of the RADIUS server.
847 | show aaa authentication-server radius
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Acct Rq
Raw Rq PAP Rq CHAP Rq MSCHAP Rq MSCHAPv2 Rq Mismatch Rsp Bad Auth Acc Rej Acct Rsp Chal Ukn Rsp Tmout
AvgRspTme
Description
Accounting requests. This reports of the number of accounting messages (for example, start/stop/interim update) sent by the controller to a RADIUS server. This counter increments whenever the controller sends one of these messages.
Raw requests. Number of raw authentication requests the controller sent to a RADIUS server.
Pap Requests. Number of PAP authentication requests the controller sent to a RADIUS server.
CHAP requests. Number of CHAP authentication requests the controller sent to a RADIUS server.
MSCHAP requests. Number of MS-CHAP authentication requests the controller sent to a RADIUS server.
MSCHAPv2 requests. Number of MS-CHAPv2 requests the controller sent to a RADIUS server.
Mismatch responses. Number of responses from a RADIUS server for which the controller does not have the proper request context.
Bad authenticator. Number of responses from the RADIUS server with an invalid secret or bad reply digest.
Access accept. Number of responses from the RADIUS server with invalid secret or bad reply digest.
Access reject. Number of responses from the RADIUS server that indicate that client authentication failed.
Accounting response. Number of responses sent from the RADIUS server in response to accounting requests sent from the controller.
Access challenge. Number of responses from the RADIUS server containing a challenge for the client (to complete authentication).
Unknown Response code. Number of responses from the RADIUS server that were not understood by the controller due to the purpose or type of the response
Timeouts. Number of messages sent by the controller for which the controller did not receive a response before the message timed out. NOTE: Timeouts include RADIUS accounting requests. Every request controller sends to the RADIUS server is monitored for a timeout, so each retry increments this counter.
Average response time. Time taken, on an average, for the RADIUS server to respond to a message from the controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication-server radius | 848
Parameter Tot Rq Tot Rsp Rd Err Uptime
SEQ
Description
Total errors. This counter reflects the total number of requests sent to the RADIUS server (auth and accounting requests).
This counter reflects the total number of responses received by the RADIUS server (auth and accounting responses).
Read errors. This counter reflects the total number of errors encountered while reading off socket corresponding to that RADIUS server.
Amount of for which the RADIUS server has been active/up. The RADIUS server is considered to have an UP status if the server is active and serving requests. The RADIUS server is considered to be DOWN if the server is not responding. For example, if the RADIUS server does not respond for (<no of retries> *< timeout>) seconds, the controller takes the RADIUS server down. It brings the radius server back into service after the dead timeout.
Information corresponding to the sequence number of requests. SEQ total corresponds to the total number of sequence numbers that can be used to communicate with the RADIUS server. SEQ free corresponds to the free/available/not in use sequence numbers for a particular RADIUS server.
(host) #show aaa authentication-server radius <servername> dsec radsec status
Radius Server "radsec" Radsec Status
------------------------------------
Radsec Server Attribute Value
----------------------- -----
In Service
Yes
Connected Sockets
1
The output of this command includes the following information:
Parameter In Service Connected Sockets
Description Shows the status of the Radsec RADIUS server. Shows the number of TLS connections with the RADIUS server.
Command History
Version ArubaOS 3.0 ArubaOS 6.1 ArubaOS 6.3
Description Command introduced.
The Source Interface parameter was introduced.
The enable-ipv6 and nas-ip6 fields were added to the output of this command.
849 | show aaa authentication-server radius
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Version ArubaOS 6.4
ArubaOS 6.4.2.5 ArubaOS 6.4.3.0
Description
The called-station-id and cppm credentials parameter was added to the output of this command.
The CPPM credentials parameter was introduced.
The following parameters were introduced: l enable-radsec l radsec-client-cert-name l radsec-port l radsec-trusted-cacert-name l radsec-trusted-servercert-name
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication-server radius | 850
show aaa authentication-server tacacs
show aaa authentication-server tacacs [<tacacs_server_name>]|statistics
Description
Display configuration settings for your TACACS+ servers.
Syntax
Parameter
Description
<tacacs_server_name> Name that identifies an TACACS+ server.
statistics
Displays accounting, authorization, and authentication request and response statistics for the TACACS server.
Examples
The output of the example below displays the TACACS+ server list with the names of all the TACACS+ servers. The References column lists the number of other profiles that reference a TACACS+ server, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) #aaa authentication-server tacacs
TACACS Server List ---------------Name ---LabAuth TACACS1
References ----------
5 3
Profile Status --------------
Total:2 Include the <tacacs_server_name> parameter to display additional details for an individual server
(host) #show aaa authentication-server tacacs tacacs1
TACACS Server "tacacs1"
---------------------
Parameter Value
--------- -----
Host
10.1.1.16
Key
********
TCP Port
49
Retransmits 3
Timeout
20 sec
Mode
Enabled
Parameter host
Description IP address of the TACACS+ server
851 | show aaa authentication-server tacacs
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Key TCP Port Retransmits
Timeout
Mode
Description Shared secret between the controller and the authentication server.
TCP port used by the server.
Maximum number of retries sent to the server by the controller before the server is marked as down.
Maximum time, in seconds, that the controller waits before timing out the request and resending it.
Shows whether this server is Enabled or Disabled.
The output of this command includes the following parameters:
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.0
The Statistics parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication-server tacacs | 852
show aaa authentication-server windows
show aaa authentication-server windows [<windows_server_name>]
Description
Display configuration settings for your Windows servers.
Syntax
Parameter
Description
<windows_server_name> Name that identifies a Windows server.
Examples
The output of the example below displays the Windows server list with the names of all the Windows servers used for NTLM authentication. The References column lists the number of other profiles that reference a Windows server, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) #aaa authentication-server tacacs
Windows Server List
----------------
Name
References
----
----------
NTLM
1
Windows2
1
Profile Status --------------
Total:2 Include the <windows_server_name> parameter to display additional details for an individual server.
(host) #show aaa authentication-server windows Windows2
Windows Server "windows"
------------------------
Parameter
Value
---------
-----
Host
172.21.18.170
Mode
Enabled
Windows Domain MyCompanyDomain
The output of this command includes the following parameters:
Parameter host Mode Windows Domain
Description IP address of the Windows server Shows whether this server is Enabled or Disabled. Name of the Windows domain to which this server is assigned.
853 | show aaa authentication-server windows
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
This command was introduced in ArubaOS 3.4.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa authentication-server windows | 854
show aaa bandwidth-contracts
show aaa bandwidth-contracts [<bwname>]
Description
This command shows the contract names, ID numbers and Rate limits for your bandwidth contracts.
Syntax
Parameter <bwname>
Description (Optional) Name of a bandwidth contract.
Example
Specify a bandwidth contract name to view information for a specific bandwidth contract, or omit that parameter to veiw information for all configured bandwidth contracts. The output of the following command shows that the bandwidth contract VLAN has a configured rate of 6 Mbps, and the contract User has a rate of 2048 Kbps.
(host) #show aaa bandwidth-contracts VLAN
Bandwidth ContractInstances
-------------------
Contract
Id Rate (bits/second)
--------
-- ------------------
VLAN
1 6000000
User
2 2048000
Total contracts = 2 Per-user contract total = 4096 Per-user contract usage = 0
Related Commands
Command aaa bandwidth-contract
Description
Use this command to define contracts to limit traffic for a user or VLAN.
Mode Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
855 | show aaa bandwidth-contracts
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa debug
show aaa debug age {dev-id-cache [mac <A:B:C:D:E:F>]|key-cache [mac <A:B:C:D:E:F>]|pmk-cache [mac <A:B:C:D:E:F>]} pmk bss-table [<A:B:C:D:E:F>] role user {ip <A.B.C.D>|ipv6 <ipv6addr>|mac <A:B:C:D:E:F>} vlan user {ip <A.B.C.D>|ipv6 <ipv6addr>|mac <A:B:C:D:E:F>}
Description
Displays AAA related debug information.
Syntax
Parameter age
dev-id-cache key-cache pmk-cache
pmk bss-table
role user ip ipv6 mac
vlan user ip ipv6 mac
Description
Displays the age of the GSM entry since the previous refresh (in seconds) based on: l dev-id-cache--Device ID information in memory. l key-cache--Key cache information in memory. l pmk-cache--Pairwise Master Key (PMK) cache information in memory.
Displays PMK related debug information based on the BSSID address.
Displays role derivation related debug information based on: l ip--IPv4 address of the client. l ipv6--IPv6 address of the client. l mac--MAC address of the client.
Displays VLAN derivation related debug information based on: l ip--IPv4 address of the client. l ipv6--IPv6 address of the client. l mac--MAC address of the client.
Example
The output of the example below displays the VLAN derivation debug information of an user with IPv4 address. (host) #show aaa debug vlan user ip 192.0.2.1
VLAN types present for this User
================================
Default VLAN
:3
Initial Role Contained
:1
User Dot1x Role Contained
:5
Dot1x Server Rule
:5
VLAN Derivation History ======================= VLAN Derivation History Index : 8
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa debug | 856
1. VLAN 1 2. VLAN 1 3. VLAN 0 4. VLAN 3 5. VLAN 1 6. VLAN 5 7. VLAN 5 8. VLAN 5
for Default VLAN for Current VLAN updated for Reset VLANs for Station up for Default VLAN for Initial Role Contained for Dot1x Server Rule for User Dot1x Role Contained for Current VLAN updated
Current VLAN : 5 (Dot1x Server Rule)
Command History
Release ArubaOS 6.3
Modification Command introduced.
ArubaOS 6.4.3.0
The following parameters were introduced: l age l role The dev-id-cache sub-parameter was moved under the age parameter.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
857 | show aaa debug
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa derivation-rules
show aaa derivation-rules [server-group <group-name>|user <name>]
Syntax
Parameter <group-name> <name>
Description Name of a server group Name of a user rule group
Description
Show derivation rules based on user information or configured for server groups.
Example
The output of the following command shows that the server group group1 has the internal database configured as its authentication server, and that there is a single rule assigned to that group. You can omit the <group-name> parameter to show a table of all your server groups.
(host) #show aaa derivation-rules server-group group1
Server Group
Name
Inservice trim-FQDN match-FQDN
----
--------- --------- ----------
Internal
Yes
No
Server Rule Table
-----------------
Priority Attribute
-------- ---------
1
Filter-Id
Rule Entries: 1
Operation --------equals
Operand ------nsFilter
Action -----set vlan
Value ----111
Total Hits ---------24
New Hits --------
The following data columns appear in the output of this command:
Parameter Name Inservice trim-FDQN
match-FDQN
Description Name of the authentication server assigned to this server group
Specifies if the server is in service or out-of-service.
If enabled, user information in an authentication request is edited before the request is sent to the server.
If enabled, the authentication server is associated with a specified domain.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa derivation-rules | 858
Parameter Priority Attribute Operation
Operand Action Value Total Hits New Hits
Description
The priority in which the rules are applied. Rules at the top of the list are applied before rules at the bottom.
This is the attribute returned by the authentication server that is examined for Operation and Operand match
This is the match method by which the string in Operand is matched with the attribute value returned by the authentication server. l contains The rule is applied if and only if the attribute value contains the
string in parameter Operand. l starts-with The rule is applied if and only if the attribute value returned
starts with the string in parameter Operand. l ends-with The rule is applied if and only if the attribute value returned
ends with the string in parameter Operand. l equals The rule is applied if and only if the attribute value returned
equals the string in parameter Operand. l not-equals The rule is applied if and only if the attribute value returned
is not equal to the string in parameter Operand. l value-of This is a special condition. What this implies is that the role or
VLAN is set to the value of the attribute returned. For this to be successful, the role and the VLAN ID returned as the value of the attribute selected must be already configured on the controller when the rule is applied.
This is the string to which the value of the returned attribute is matched.
This parameter identifies whether the rule sets a server group role (set role) or a VLAN (set vlan).
Sets the user role or VLAN ID to be assigned to the client if the condition is met.
Number of times the rule has been applied since the last server reboot.
Number of times the rule has been applied since the show aaa derivationrules command was last issued.
To display derivation rules for a user group, include the user <name> parameter. You can also display a table of all user rules by including the user parameter, but omitting the <name> parameter
(host) #show aaa derivation-rules user user44
User Rule Table
---------------
Priority Attribute Operation Operand Action
Description
-------- --------- --------- ------- ------
-
1
location equals
ap23
Value Total Hits New Hits
----- ---------- --------
set role guest 56 guestrole1
The following data columns appear in the output of this command:
------
859 | show aaa derivation-rules
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Priority Attribute Operation
Operand Action Value Total Hits New Hits Description
Description
The priority in which the rules are applied. Rules at the top of the list are applied before rules at the bottom.
This is the attribute returned by the authentication server that is examined for Operation and Operand match.
This is the match method by which the string in Operand is matched with the attribute value returned by the authentication server. l contains The rule is applied if and only if the attribute value contains the
string in parameter Operand. l starts-with The rule is applied if and only if the attribute value returned
starts with the string in parameter Operand. l ends-with The rule is applied if and only if the attribute value returned
ends with the string in parameter Operand. l equals The rule is applied if and only if the attribute value returned
equals the string in parameter Operand. l not-equals The rule is applied if and only if the attribute value returned
is not equal to the string in parameter Operand. l value-of This is a special condition. What this implies is that the role or
VLAN is set to the value of the attribute returned. For this to be successful, the role and the VLAN ID returned as the value of the attribute selected must be already configured on the controller when the rule is applied.
This is the string to which the value of the returned attribute is matched.
This parameter identifies whether the rule sets a server group role (set role) or a VLAN (set vlan).
Sets the user role or VLAN ID to be assigned to the client if the condition is met.
Number of times the rule has been applied since the last server reboot.
Number of times the rule has been applied since the show aaa derivationrules command was last issued.
This optional parameter describes the rule. If no description was configured then it does not appear when you view the User Table.
Related Commands
Command aaa derivation-rules
Description
Use aaa derivation-rules to define the parameters displayed in the output of this show command.
Mode Config mode
Command History
This command was introduced in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa derivation-rules | 860
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
861 | show aaa derivation-rules
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa dns-query-interval
show aaa dns-query-interval <minutes>
Description
View the configured interval between DNS requests sent from the controller to the DNS server.
Syntax
No parameters
Usage Guidelines
If you define a RADIUS server using the FQDN of the server rather than its IP address, the controller will periodically generate a DNS request and cache the IP address returned in the DNS response. By default, DNS requests are sent every 15 minute, but the interval can be changed using the aaa dns-query-period command. Issue the show aaa dns-query-period command to view the current DNS query interval.
Example
This command shows that the controller will send a DNS query every 30 minutes
(host) # show aaa dns-query-period DNS Query Interval = 30 minutes
Related Commands
To configure the DNS query interval, issue the command aaa dns-query-interval.
Command History
This command was available in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa dns-query-interval | 862
show aaa fqdn-server-names
show aaa fqdn-server-names
Description
Show a table of IP addresses that have been mapped to fully qualified domain names (FQDNs).
Syntax
No parameters.
Usage Guidelines
If you define a RADIUS server using the FQDN of the server rather than its IP address, the controller will periodically generate a DNS request and cache the IP address returned in the DNS response. Issue this command to view the IP addreses that currently correlate to each RADIUS server FQDN.
Example
The output of this command shows the IP addresses for two RADIUS servers.
(host) #show aaa fqdn-server-names
Auth Server FQDN names --------------------FQDN ---myhost1.example.com 2myhost2.example.com
IP Address ---------192.0.2.3 192.0.2.5
IPv6 Address --------
Refcount --------
3
Related Commands
To configure a RADIUS authentication server using that server's fully qualified domain name, use the command aaa authentication-server radius.
Command History
This command was available in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
863 | show aaa fqdn-server-names
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa load-balance statistics
show aaa load-balance statistics server-group <sg_name>
Description
Display the load balancing statistics for RADIUS servers.
Syntax
Parameter <sg_name>
Description Name of the server group.
Example
(host) #show aaa load-balance statistics server-group dot1x-test-apsim
Statistics for Radius Servers in Server Group
---------------------------------------------
Server
Acct Rq Raw Rq PAP Rq CHAP Rq MSCHAP Rq MSCHAPv2 Rq Mismatch Rsp Bad
Auth Acc Rej Acct Rsp Chal Ukn Rsp Tmout Tot Rq Tot Rsp Rd Err Outstanding Auths
------
------- ------ ------ ------- --------- ----------- ------------ -------
- --- --- -------- ---- ------- ----- ------ ------- ------ -----------------
abc _RADIUS 0
0
0
0
0
26
0
0
26 0 0
0
0
0
26
26
0
0
AUTOMATIONRAD 0
0
0
0
0
207
0
0
207 0 0
0
0
0
207
207
0
0
Parameter Server Acct Rq
Raw Rq PAP Rq CHAP Rq MSCHAP Rq MSCHAPv2 Rq Mismatch Rsp Bad Auth
Description
Name of the RADIUS server.
Accounting requests. This reports the number of accounting messages (for example, start/stop/interim update) sent by the controller to a RADIUS server. This counter increments whenever the controller sends one of these messages.
Raw requests. Number of raw authentication requests the controller sent to a RADIUS server.
PAP Requests. Number of PAP authentication requests the controller sent to a RADIUS server.
CHAP requests. Number of CHAP authentication requests the controller sent to a RADIUS server.
MSCHAP requests. Number of MS-CHAP authentication requests the controller sent to a RADIUS server.
MSCHAPv2 requests. Number of MS-CHAPv2 requests the controller sent to a RADIUS server.
Mismatch responses. Number of responses from a RADIUS server for which the controller does not have the proper request context.
Bad authenticator. Number of responses from the RADIUS server with an invalid
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa load-balance statistics | 864
Parameter Acc Rej Acct Rsp Chal Ukn Rsp Tmout
AvgRspTme Tot Rq Tot Rsp Rd Err Uptime
SEQ
Outstanding Auths
Description
secret or bad reply digest.
Access accept. Number of responses from the RADIUS server with invalid secret or bad reply digest.
Access reject. Number of responses from the RADIUS server that indicate that client authentication failed.
Accounting response. Number of responses sent from the RADIUS server in response to accounting requests sent from the controller.
Access challenge. Number of responses from the RADIUS server containing a challenge for the client (to complete authentication).
Unknown Response code. Number of responses from the RADIUS server that were not understood by the controller due to the purpose or type of the response
Timeouts. Number of messages sent by the controller for which the controller did not receive a response before the message timed out. NOTE: Timeouts include RADIUS accounting requests. Every request controller sends to the RADIUS server is monitored for a timeout, so each retry increments this counter.
Average response time. Time taken, on an average, for the RADIUS server to respond to a message from the controller.
Total errors. This counter reflects the total number of requests sent to the RADIUS server (auth and accounting requests).
This counter reflects the total number of responses received by the RADIUS server (auth and accounting responses).
Read errors. This counter reflects the total number of errors encountered while reading off socket corresponding to that RADIUS server.
Amount of for which the RADIUS server has been active/up. The RADIUS server is considered to have an UP status if the server is active and serving requests. The RADIUS server is considered to be DOWN if the server is not responding. For example, if the RADIUS server does not respond for (<no of retries> *< timeout>) seconds, the controller takes the RADIUS server down. It brings the radius server back into service after the dead timeout.
Information corresponding to the sequence number of requests. SEQ total corresponds to the total number of sequence numbers that can be used to communicate with the RADIUS server. SEQ free corresponds to the free/available/not in use sequence numbers for a particular RADIUS server.
This value keeps track of the number of clients that are currently getting authenticated against this authentication server, i.e. clients for which the controller has sent Access-Request but has not yet received Access-Accept or Access-Reject and also the Access-Request has not timed out completely.
865 | show aaa load-balance statistics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 3.0 ArubaOS 6.1 ArubaOS 6.3
ArubaOS 6.4
Description Command introduced.
The Source Interface parameter was introduced.
The enable-ipv6 and nas-ip6 fields were added to the output of this command.
The Outstanding Auths parameter was added to the output of this command.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa load-balance statistics | 866
show aaa main-profile
show aaa main-profile summary
Description
Show a summary of all AAA profiles.
Example
The output of the show aaa main-profile summary command shows roles, server group settings, and wireto-wireless-roaming statistics for each AAA profile. (host) #show aaa main-profile summary
AAA Profile summary -------------------
Name ---aaa_dot1x default default guest
role ---logon logon guest
mac-auth -------macprof2 macprof2 macprof1
dot1x- rad-
UDR- ww- enforce
auth acct XML-api RFC3576 group roam devtype -dhcp
------ ---- ------- ------- ----- ---- ------- -------
dot1x RADIUS 10.3.1.15 10.3.15.2 Usr1 Disable enabled disabled
dot1x RADIUS 10.3.1.15 10.3.15.2 Usr1 Disable enabled disabled
default RADIUS 10.3.1.15 10.3.15.2 Usr2 Disable enabled disabled
The following data columns appear in the output of this command:
Parameter Name
Description Name of the AAA profile.
role
Role for unauthenticated users.
mac-auth
Name of the server group used for MAC authentication.
dot1x-auth
Name of the server group used for dot1x authentication.
rad-act
Name of the server group used for RADIUS authentication.
XML-api
IP address of a configured XML API server.
RFC3576
IP address of a RADIUS server that can send user disconnect, session timeout and change-of-authorization messages, as described in RFC 3576.
UDR-group
Name of the user derivation rule profile.
ww-roam
Shows if wired-to-wireless roaming is enabled or disabled.
devtype
Shows if the device identification feature is enabled or disabled. When devtype-classification parameter is enabled, the output of the show user and show user-table commands shows each client's device type, if that client device can be identified.
867 | show aaa main-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter enforce-dhcp
Description
When this option is enabled, clients must complete a DHCP exchange to obtain an IP address. Best practices are to enable this option when you use the aaa derivation-rules command to create a rule with the DHCP-Option rule type. This parameter is disabled by default.
Related Commands
Command aaa profile
Description
Mode
Use aaa profile define the parameters displayed in the output of this show command.
Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa main-profile | 868
show aaa password-policy mgmt
show aaa password-policy mgmt [statistics]
Description
Show the current password policy for management users.
Syntax
Parameter statistics
Description
Include this optional parameter to show the numbers of failed login attempts and any lockout periods for management user accounts.
Examples
The output of the show aaa password-policy mgmt command below shows that the current password policy requires a management user to have a password with a minimum of 9 characters, including one numeric character and one special character
(host) #show aaa password-policy mgmt
Mgmt Password Policy
--------------------
Parameter Value
--------- -----
Enable password policy
Yes
Minimum password length required
9
Minimum number of Upper Case characters
0
Minimum number of Lower Case characters
0
Minimum number of Digits
1
Minimum number of Special characters (!, @, #, $, %, ^, &, *, <, >, {, }, [, ], :, ., comma,
|, +, ~, `)
1
Username or Reverse of username NOT in Password
No
Maximum Number of failed attempts in 3 minute window to lockout user
0
Time duration to lockout the user upon crossing the "lock-out" threshold
3
Maximum consecutive character repeats
0
The following data columns appear in the output of this command:
Parameter Enable password policy
Description Shows if the defined policy has been enabled
Minimum password length required
Minimum number of characters required for a management user password. The default setting is 6 characters.
Minimum number of Upper Case characters
The maximum number of uppercase letters required for a management user password. By default, there is no requirement for uppercase letters in a password, and the parameter has a default value of 0.
869 | show aaa password-policy mgmt
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Minimum number of Lower Case characters
Description
The maximum number of lowercase letters required for a management user password. By default, there is no requirement for lowercase letters in a password, and the parameter has a default value of 0.
Minimum number of Digits
Minimum number of numeric digits required in a management user password. By default, there is no requirement for digits in a password, and the parameter has a default value of 0.
Minimum number of Special characters
Minimum number of special characters required in a management user password. By default, there is no requirement for special characters in a password, and the parameter has a default value of 0.
Username or Reverse of username NOT in Password
If Yes, a management user's password cannot be the user's username or the username spelled backwards. If No, the password can be the username or username spelled backwards.
Maximum Number of failed attempts in 3 minute window to lockout user
Number of times a user can unsuccessfully attempt to log in to the controller before that user gets locked out for the time period specified by the lock-out threshold below. By default, the password lockout feature is disabled, and the default value of this parameter is 0 attempts.
Time duration to lockout the user upon crossing the "lock-out" threshold
Amount of time a management user will be "locked out" and prevented from logging into the controller after exceeding the maximum number of failed attempts setting show above. The default lockout time is 3 minutes.
Maximum consecutive character repeats
The maximum number of consecutive repeating characters allowed in a management user password.
By default, there is no limitation on the numbers of character that can repeat within a password, and the parameter has a default value of 0 characters.
(host) #show aaa password-policy mgmt statistics
Management User Table --------------------USER ROLE FAILED_ATTEMPTS ---- ---- --------------admin14 root 1
STATUS -----Locked until 12/1/2009 22:28
Include the optional statistics parameter to show failed login statistics in the Management User table. The example below shows that a single failed login attempt locked out the root user admin14, and displays the time when that user can attempt to login to the controller again.
Related Commands
Command aaa profile
Description
Mode
Use aaa profile define the parameters displayed in the output of this show command.
Config mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa password-policy mgmt | 870
Command History
This command was introduced in ArubaOS 3.4.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
871 | show aaa password-policy mgmt
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa profile
show aaa profile <profile-name>
Description
Show configuration details for an individual AAA profile.
Example
The output of the following command shows roles, servers and server group settings, and wire-to-wirelessroaming statistics for each AAA profile. (host) #show aaa profile default
AAA Profile "default" --------------------Parameter --------Initial role MAC Authentication Profile MAC Authentication Default Role MAC Authentication Server Group 802.1X Authentication Profile 802.1X Authentication Default Role 802.1X Authentication Server Group Download Role from CPPM L2 Authentication Fail Through Multiple Server Accounting User idle timeout RADIUS Accounting Server Group RADIUS Interim Accounting XML API server RFC 3576 server User derivation rules Wired to Wireless Roaming SIP authentication role Device Type Classification Enforce DHCP
Value ----guest N/A guest default default guest N/A Disabled Disabled Disabled N/A N/A Disabled N/A N/A N/A Enabled N/A Enabled Disabled
The following data columns appear in the output of this command:
Parameter Name
Description The name of the AAA profile.
Initial Role
Role for unauthenticated users.
MAC Authentication Profile
Name of the MAC authentication profile.
MAC Authentication Default Role
Configured role assigned to the user after MAC authentication.
MAC Authentication Server Group
Name of the server group used for MAC authentication.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa profile | 872
Parameter 8021.X Authentication Profile 8021.X Authentication Default Role 8021.X Authentication Server Group Download Role from CPPM
L2 Authentication Fail Through Multiple Server Accounting
User idle timeout
RADIUS Accounting Server Group RADIUS Interim Accounting
XML API server RFC 3576 server
User derivation rules Wired to Wireless Roaming
Description
Name of the 802.1X authentication profile.
Configured role assigned to the user after 802.1X authentication.
Name of the server group used for 802.1X authentication.
Status of role download from CPPM. If enabled, the controller downloads the role from ClearPass Policy Manager (CPPM) if not defined.
To select the other authentication method if one fails.
Status of multiple server accounting. If enabled, the controller sends RADIUS accounting to all servers in RADIUS accounting server group.
The user idle timeout for this profile. Specify the idle timeout value for the client in seconds. A value of 0, deletes the user immediately after disassociation from the wireless network. Valid range is 30-15300 in multiples of 30 seconds.
Name of the server group used for RADIUS authentication.
By default, the RADIUS accounting feature sends only start and stop messages to the RADIUS accounting server. If RADIUS Interim Accounting is enabled, the controller to can also end Interim-Update messages with current user statistics to the server at regular intervals.
IP address of a configured XML API server.
IP address of a RADIUS server hat can send user disconnect, session timeout and change-of-authorization messages, as described in RFC 3576.
User attribute profile from which the user role or VLAN is derived.
Shows whether Wired to Wireless Roaming is Enabled or Disabled.
873 | show aaa profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter SIP authentication role Device Type Classification
Enforce DHCP
Description
For controllers with an installed PEFNG license, this parameter displays the configured role assigned to a session initiation protocol (SIP) client upon registration.
Shows if the device identification feature is enabled or disabled. When devtype-classification parameter is enabled, the output of the show user and show user-table commands shows each client's device type, if that client device can be identified.
When this option is enabled, clients must complete a DHCP exchange to obtain an IP address. Best practices are to enable this option when you use the aaa derivation-rules command to create a rule with the DHCP-Option rule type. This parameter is disabled by default.
Related Commands
Command aaa profile
Description
Use the command aaa profile to define AAA profiles.
Mode Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command History
Version ArubaOS 3.0
Description Command introduced.
ArubaOS 3.4.1
License requirements changed in ArubaOS 3.4.1, so the sipauthentication-role parameter required the Policy Enforcement Firewall license instead of the Voice Services Module license required in earlier versions.
ArubaOS 6.1
The radius-interim-accounting, devtype-classification and enforcedhcp parameters were introduced.
ArubaOS 6.3
The user-idle-timeout parameter was introduced.
ArubaOS 6.4
The multiple-server-accounting and download-role parameters were introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa profile | 874
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
875 | show aaa profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa radius-attributes
show aaa radius-attributes
Description
Show RADIUS attributes recognized by the controller.
Example
The output of the following command shows the name, currently configured value, type, vendor and RADIUS ID for each attribute. (host) #show aaa radius-attributes
Dictionary ---------Attribute --------MS-CHAP-NT-Enc-PW Suffix Menu Acct-Session-Time Framed-AppleTalk-Zone Connect-Info Acct-Ouput-Packets Aruba-Location-Id Service-Type Rad-Length CHAP-Password Aruba-Template-User Event-Timestamp Login-Service Exec-Program-Wait Tunnel-Password Framed-IP-Netmask Acct-Output-Gigawords MS-CHAP-CPW-2 Acct-Tunnel-Packets-Lost ...
Value ----6 1004 1001 46 39 77 48 6 6 310 3 8 55 15 1039 69 9 53 4 86
Type ---String String String Integer String String Integer String Integer Integer String String Date Integer String String IP Addr Integer String Integer
Vendor -----Microsoft
Aruba Aruba
Microsoft
Id -311
14823 14823
311
Related Commands
Command aaa profile
Description
Use the command aaa profile to define AAA profiles.
Mode Config mode
Command History
This command was introduced in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa radius-attributes | 876
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers.
877 | show aaa radius-attributes
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa rfc-3576-server
show aaa rfc-3576-server <server-ip> statistics udp-port
Description
Show configuration details for an RFC-3576 server, which is a RADIUS server that can send user disconnect, session timeout and change-of-authorization (CoA) messages, as described in RFC 3576.
Syntax
Parameter <server-ip>
Description IP address of an RFC-3576 server
statistics udp-port
View detailed connection and authentication information for all RFC 3575 servers.
Show the configured RFC3576 server port. The default value is port 3799.
Example
This first example shows that there are two configured servers in the RFC 3567 Server List. The References column lists the number of other profiles with references to the RFC 3567 server, and the Profile Status column indicates whether the server is predefined. User-defined servers will not have an entry in the Profile Status column.
(host) #show aaa rfc-3567-server
RFC 3576 Server List
--------------------
Name
References
----
----------
10.2.14.6 2
Profile Status --------------
To view details for a specific server, include the IP address of that server in the command.
(host) #show aaa rfc-3576-server 192.0.2.31
RFC 3576 Server "192.0.2.31"
---------------------------
Parameter Value
--------- -----
Key
********
To view information for all RFC 3576 servers, include the statistics parameter.
(host) #show aaa rfc-3576-server statistics
RADIUS RFC 3576 Statistics
--------------------------
Statistics
10.1.2.3
----------
--------
Disconnect Requests 13
Disconnect Accepts 12
10.1.2.34 ---------
3 3
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa rfc-3576-server | 878
Disconnect Rejects 1
0
No Secret
0
0
No Session ID
0
0
Bad Authenticator 0
0
Invalid Request
0
0
Packets Dropped
0
2
Unknown service
0
0
CoA Requests
1
0
CoA Accepts
1
0
CoA Rejects
0
0
No permission
0
0
Packets received from unknown clients: 0
Packets received with unknown request: 0
Total RFC3576 packets Received
:0
The output of the show aaa rfc-3576-server statistics command includes the following parameters:
Parameter Disconnect Requests
Description Number of disconnect requests sent by the server.
Disconnect Accepts
Number of disconnect requests sent by the server that were accepted by the user.
Disconnect Rejects
Number of disconnect requests sent by the server that were rejected by the user.
No Secret
Number of authentication requests that did not contain a RADIUS secret.
No Session ID
Number of authentication requests that did not contain a session ID.
Bad Authenticator
Number of authentication requests that contained a missing or invalid authenticator field in the packet.
Invalid Request
Number of invalid requests.
Packets Dropped
Number of packets dropped.
Unknown service
Number of requests for an unknown service type.
CoA Requests
Number of requests for a Change of Authorization (CoA).
CoA Accepts
Number of times a CoA request was accepted.
CoA Rejects
Number of times a CoA request was rejected.
No permission
Number of requests for a service that has been defined, but has not been administratively enabled.
879 | show aaa rfc-3576-server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands
Command aaa rfc-3576-server
Description Define RFC 3576 server profiles.
Mode Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa rfc-3576-server | 880
show aaa server-group
show aaa server-group [<group-name>|summary]
Description
Show configuration details for your AAA server groups.
Syntax
Parameter <group-name>
Description The name of an existing AAA server group.
Usage Guidelines
Issue this command without the ><group-name orsummary options to display the entire server group list, including profile status and the number of references to each profile. The References column lists the number of other profiles that reference a server group, and the Profile Status column indicates whether the server group is predefined. User-defined server groups will not have an entry in the Profile Status column. Examples
This first example shows that there are five configured server groups
(host) #show aaa server-group summary
Server Group List ----------------Name ---auth-profile-2 coltrane-server-group default group1 internal
References ---------1 1 25 0 0
Profile Status --------------
Predefined
Total:5
To view additional statistics for all server groups, include the statistics parameter.
(host) #show aaa server-group summary
Server Groups
-------------
Name
Servers Rules
----
------- -----
auth-profile-2
1
0
coltrane-server-group 1
0
default
1
0
group1
1
1
internal
1
1
hits ---0 0 0 0 0
Out-of-service --------------
The output of the show aaa server-group summary command includes the following parameters:
881 | show aaa server-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter name Servers Rules hits Out-of-Service
Description Name of an existing AAA server group. Number of servers in the group. Number of rules configured for the server group. Number of hits for the server's rules. Indicates whether the server is active, or out of service. Active servers may not have an entry in the Out-of-Service column.
To display detailed authorization, role and vlan statistics for an individual server group, include the name of the group for which you want more information.
(host) #show aaa server-group summary group1
Fail Through:No
Auth Servers
------------
Name
Server-Type
----
-----------
rad1
Radius
rad3
Radius
trim-FQDN --------No No
Match-Type ----------
Match-Op --------
Match-Str ---------
Role/VLAN derivation rules
---------------------------
Priority Attribute Operation
-------- --------- ---------
1
class
Operand Action Value ------- ------ -----
contains admin set role
root
The output of the show aaa server-group <group-name> command includes the following parameters:
Parameter Name
Description Specifies if the server is in service or out-of-service.
Server-Type
If enabled, user information in an authentication request is edited before the request is sent to the server.
trim-FDQN
If enabled, user information in an authentication request is edited before the request is sent to the server.
Match-Type
If the match type is authstring he authentication server associates with a match rule that the controller can compare with the user/client information in the authentication request.
A fdqn match type associates the authentication server with a specified domain. An authentication request is sent to the server only if there is an exact match between the specified domain and the <domain> portion of the user information sent in the authentication request.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa server-group | 882
Parameter Match-Op
Match-Str Priority Attribute Operation
Operand Action 883 | show aaa server-group
Description
This is the match method by which the string in Match-Str is matched with the attribute value returned by the authentication server. l contains The rule is applied if and only if the attribute value contains the
string in parameter Operand. l starts-with The rule is applied if and only if the attribute value returned
starts with the string in parameter Operand. l ends-with The rule is applied if and only if the attribute value returned
ends with the string in parameter Operand. l equals The rule is applied if and only if the attribute value returned
equals the string in parameter Operand. l not-equals The rule is applied if and only if the attribute value returned
is not equal to the string in parameter Operand. l value-of This is a special condition. What this implies is that the role or
VLAN is set to the value of the attribute returned. For this to be successful, the role and the VLAN ID returned as the value of the attribute selected must be already configured on the controller when the rule is applied
This is the string to which the value of the returned attribute is matched.
The priority in which role or VLAN derivation rules are applied. Rules at the top of the list are applied before rules at the bottom.
For role or VLAN derivation rules, this is the attribute returned by the authentication server that is examined for Operation and Operand match.
For role or VLAN derivation rules, this is the match method by which the string in Operand is matched with the attribute value returned by the authentication server. l contains The rule is applied if and only if the attribute value contains the
string in parameter Operand. l starts-with The rule is applied if and only if the attribute value returned
starts with the string in parameter Operand. l ends-with The rule is applied if and only if the attribute value returned
ends with the string in parameter Operand. l equals The rule is applied if and only if the attribute value returned
equals the string in parameter Operand. l not-equals The rule is applied if and only if the attribute value returned
is not equal to the string in parameter Operand. l value-of This is a special condition. What this implies is that the role or
VLAN is set to the value of the attribute returned. For this to be successful, the role and the VLAN ID returned as the value of the attribute selected must be already configured on the controller when the rule is applied.
For role or VLAN derivation rules, this is the string to which the value of the returned attribute is matched.
This parameter identifies whether the derivation rule sets a server group role (set role) or a VLAN (set vlan).
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Value
Description
Sets the user role or VLAN ID to be assigned to the client if the rule condition is met.
Related Commands
Command aaa server-group
Description
Mode
Use aaa server-group to configure the settings displayed in the output of this show command.
Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa server-group | 884
show aaa state ap-group
show aaa state ap-group
Description
Show the names and ID numbers of your AP groups
Example
This first example shows that the selected controller has two defined AP groups.
(host) #show aaa state ap-group
AP Group Table
--------------
Name ID
---- --
ap1
1
ap2
2
Related Commands
Command aaa server-group
Description
Use aaa server-group to define the AP groups displayed in the output of this show command
Mode Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
.
Command Mode
Enable or Config mode on master or local controllers
885 | show aaa state ap-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa state configuration
show aaa state configuration
Description
Display authentication state configuration information, including the numbers of successful and failed authentications.
Example
This example shows authentication settings and values for a controller with no current users.
(host) #show aaa state configuration
Authentication State -------------------Name ---Switch IP Switch IPv6 Master IP Switch Role Current/Max/Total IPv4 Users Current/Max/Total IPv6 Users Current/Max/Total User Entries Current/Max/Total Stations Captive Portal Users 802.1x Users VPN Users MAC Users Stateful 802.1x Users Tunneled users Configured user roles Configured session ACL Configured destinations Configured services Configured Auth servers Auth server in service Radius server timeouts
Value ----10.6.2.253
10.100.103.253 local 0/6/14 0/1/1 0/4/15 121/190/367550 4 119 0
0 0
0 21 41 32 77 9 9 7062
Successful authentications -------------------------Web MAC VPN 802.1x Krb --- --- --- ------ --138 0 0 10117 0
RadAcct ------0
SecureID -------0
Stateful-802.1x --------------0
Management ---------0
Failed authentications ---------------------Web MAC VPN 802.1x Krb --- --- --- ------ --48 0 0 32235 0
RadAcct ------0
SecureID -------0
Stateful-802.1x --------------0
Management ---------0
Idled users Mobility fast age per-user log Bandwidth contracts IP takeovers
= 3366 = Enabled = Disabled = Disabled
= 2/1 = 21
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa state configuration | 886
Ping/SYN/Session attacks = 0/0/0
The output of the show aaa state configuration command includes the following parameters:
Parameter Switch IP
Description IP address of the local controller.
Master IP
IP address of the master controller.
Switch Role
Role assigned to the controller on which you issued the show aaa state command.
Current/Max/Total IPv4 Users
Current number of IPv4 users on the controller/Maximum number of IPv4 users that can be assigned to the controller at any time/Total number of IPv4 users that have been assigned to the controller since the last controller reboot.
Current/Max/Total IPv6 Users
Current number of IPv6 users on the controller/Maximum number of IPv6 users that can be assigned to the controller at any time/Total number of IPv6 users that have been assigned to the controller since the last controller reboot.
Current/Max/Total Users
Current number of users on the controller/Maximum number of users that can be assigned to the controller at any time/Total number of users that have been assigned to the controller since the last controller reboot.
Current/Max/Total Stations
Current number of stations registered with the controller/Maximum number of stations that can be registered with the controller at any time/Total number of stations that have registered the controller since the last controller reboot.
Captive Portal Users
Number of current users authenticated via captive portal.
802.1x Users
Number of current users authenticated via 802.1X authentication.
VPN Users
Number of current users authenticated via VPN authentication.
MAC Users
Number of current users authenticated via MAC authentication.
Stateful 802.1x Users
Number of current users authenticated via stateful 802.1X authentication.
Tunneled users
Number of stations in tunneled forwarding mode, where 802.11 frames are tunneled to the controller using generic routing encapsulation (GRE).
Configured user roles
Number of configured user roles.
Configured session ACL
Number of configured session ACLs.
887 | show aaa state configuration
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Configured destinations Configured services Configured Auth servers Auth server in service Radius server timeouts Web MAC VPN 802.1x Krb RadAcct SecureID
Stateful-802.1x Management Idled users Mobility
Description
Number of destinations configured using the netdestination command.
Number of service aliases configured using the netservice command.
Number of configured authentication servers.
Number of authentication servers currently in service.
Number of times the RADIUS server did not respond to the authentication request.
Total number of captive portal authentications or authentication failures since the last controller reset.
Total number of MAC authentications or authentication failures since the last controller reset.
Total number of VPN authentications or authentication failures since the last controller reset.
Total number of 802.1X authentications or authentication failures since the last controller reset.
Total number of Kerberos authentications or authentication failures since the last controller reset.
Total number of RADIUS accounting verifications or accounting failures since the last controller reset.
Number of authentication verifications or failures using methods which use one-time passwords. (For example, EAP-GTC being used as the inner EAP protocol of EAP-PEAP.)
Total number of Stateful 802.1X authentications or authentication failures since the last controller reset.
Total number of Management user authentications or authentication failures since the last controller reset.
Total number of users that are not broadcasting data to an AP.
Shows whether the IP mobility feature has been enabled or disabled on the controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa state configuration | 888
Parameter fast age
Per-User Log
Bandwidth contracts IP takeovers Ping/SYN/Session attacks
Description
When the fast age feature allows the controller actively sends probe packets to all users with the same MAC address but different IP addresses. The users that fail to respond are purged from the system. This parameter shows if fast aging of user table entries has been enabled or disabled.
Shows if a W-6000, W-3600 or W-7200 Series controller collects peruser log files for debugging. NOTE: This option is enabled using the aaa log command.
Number of configured bandwidth contracts on the controller.
Number of times a two different stations have attempted to use the same IP address (IP spoofing).
Number of reported ping, SYN and session attacks.
Command History
Release ArubaOS 3.0 ArubaOS 6.3
Modification Command introduced. The per-user log field was added to the output of this command
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
889 | show aaa state configuration
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa state debug-statistics
show aaa state debug statistics
Description
show debug statistics for controller authentication, authorization and accounting.
Syntax
No parameters.
Example
The following example displays debug statistics for a variety of authentication errors:
(host) #show aaa state debug-statistics user miss: ARP=47, 8021Q=5216, non-IP=0, zero-IP=0, loopback=0 user miss: mac mismatch=0, spoof=269 (74), drop=390, ncfg=0 user miss: non-auth opcode=0, no-l2-user=0, l2tp=0, vrrp=0, special mac=0, iap l3 user=0 Idled users = 3376 Idled users due to MAC mismatch = 0 Idled users due to SOS: wireless tunnel=0 wireless dtunnel=0 Idled users due to SOS: wired tunnel=0 wired dtunnel=0 Idled users due to SOS: other=0 Idled users due STM deauth: tunnel=0 dtunnel=0 Idled users from STM timeout: tunnel=0 dtunnel=0 Idled users from STM: other=0 Current users with STM idle flag = 0 Idle messages: SOS=0 STM deauth=0 STM timeout=0 Logon lifetime iterations = 4501, entries deleted = 121 SIP authentication messages received 29227, dropped 29227 Missing auth user deletes: 0 Captive-portal forced user deletes: 1 Mobility Stats
INTRA_MS 0, MAC mismatch 0, HA mismatch 0 INTER_MS 0, MAC mismatch 0, HA mismatch 0 MIP Update 0, Move 0, Del 0, TunAcl 0 AAA Done 0, Del 2 IPIP Loop forced Del: 0, Validate Visitor 0 Auth User rejects Received L2 User:0, IPV4 :0, IPV6:0 Auth User rejects Processed L2 User:0, IPV4 :0, IPV6:0
The output of this command includes the following parameters:
Parameter User Miss
ARP 8021q
Description
Number of ARP packets sent between the datapath and the controlpath. Number of 802.1q (VLAN tag) packets sent between the datapath and the controlpath.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa state debug-statistics | 890
Parameter non-ip
zero-ip loopback
mac mismatch spoof drop ncfg
Non-auth opcode No-l2-user l2tp vrrp special mac iap idled users
Description Number of non-IP type packets sent between the datapath and the controlpath.
Number of packets sent without an internet protocol (IP).
If 1, the controller has a defined loopback address. If 0, a loopback address has not yet been configured.
Number of users that were not authenticated due to MAC mismatches.
Number of users that were not authenticated due to spoofed IP addresses.
Number of user authentication attempts that were dropped.
Number of packets sent between datapath and controlpath, where the authentication module has not completed the initialization required to process the traffic.
Number of packets whose opcode is non-auth opcode. This is a check to find if auth is responsible for processing received packet. Number of user packets dropped due to absence ofan L2 entry for the user. Number of l2tp users. Number of VRRP users. Number of users with a special MAC address. Number of instant AP users.
Number of inactive stations that are not broadcasting data to an AP.
idled users due to MAC mismatch
For internal use only.
Idled users due to SOS
wireless tunnel
Number of wireless users in tunnel forwarding mode that were aged out by the controller.
wireless dtunnel
Number of wireless users in decrypt tunnel forwarding mode that were aged out by the controller.
wired tunnel
Number of wired users in tunnel forwarding mode that were aged out by the controller.
wired dtunnel
Number of wired users in decrypt tunnel forwarding mode that were aged out by the controller.
Other
Number of users using modes other than tunneled or Decrypt tunneled aged out by the controller.
891 | show aaa state debug-statistics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
Idled users due STM deauth
tunnel dtunnel
Number of users in tunnel forwarding mode that aged out after STM deauthentication, and timer expiration.
Number of users in decrypt tunnel forwarding mode that aged out after STM deauthentication, and timer expiration.
Idled users from STM timeout
tunnel dtunnel
Number of users in tunnel forwarding mode that aged out after the STM timer expired.
Number of users in decrypt tunnel forwarding mode that aged out after the STM timer expired.
Idled users from STM
other
Number of users in fowarding modes other than decrypt tunnel or tunnel mode that aged out after the STM timer expired.
Logon lifetime iteration
Number of users deleted for lack of activity.
SIP authentication message
Number of session initiation protocol (SIP) authentication messages received.
Missing auth user deletes
Number of users removed from the datapath by the auth module, even without a mapping entry in control path. This counter can help identify problems with messages sent between the controlpath and the datapath.
Mobility Stats
Number of different messages exchanged between the mobile IP and the auth module.
NOTE: This is used for troubleshooting purposes only.
Captive-portal forced user deletes
Number of idle users deleted after captive portal authentication.
Auth User Rejects Received
L2 User
Number of authentication rejects received for L2 users from the datapath due to a failure of the operation.
IPv4
Number of authentication rejects received for IPv4 users from the datapath due to a failure of the operation.
IPv6
Number of authentication rejects received for IPv6 users from the datapath due to a failure of the operation.
Auth User Rejects Processed
L2 User
Number of authentication rejects for L2 users that were processed after the reject was received.
IPv4
Number of authentication rejects for IPv4 users that were processed after the
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa state debug-statistics | 892
Parameter IPv6
Description
reject was received.
Number of authentication rejects for IPv6 users that were processed after the reject was received.
Command History
Release ArubaOS 3.0 ArubaOS 6.1 ArubaOS 6.2
Modification Command introduced The Mobility Stats parameter was introduced. Additional statistics for idled users and user rejects were introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local or local controllers
893 | show aaa state debug-statistics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa state log
show aaa state log [info]
Description
Display global log files for AAA events.
Syntax
Parameter info
Description This parameter displays debugging information for internal use only.
Usage Guidelines
If you have enabled per-user logging using the aaa log command, the output of this command displays global AAA log files for events that are not triggered by individual user authentication, such as AP authentication and the initial pre-authentication processes that occur before a client authenticates to the controller.
To display log files for events triggered by a specific user, use the command show user or show ipv6 usertable ip <ipv6-addr> log.
Example
The example below shows a partial list of the global log files displayed by the show aaa state log command..
(host) #show aaa state log
1: At Thu Apr 11 10:41:27: [L] Type cert-downloaded
* id 0 len 0, bssid
00:00:00:00:00:00 | mac: 00:00:00:00:00:00
2: At Thu Apr 11 10:43:17: [L] Type ap-up
* id 0 len 0, bssid
6c:f3:7f:5f:2c:b0 | mac: 00:00:00:00:00:00
3: At Thu Apr 11 10:43:17: [L] Type ap-up
* id 0 len 0, bssid
6c:f3:7f:5f:2c:a0 | mac: 00:00:00:00:00:00
4: At Thu Apr 11 10:43:50: [L] Type station-term-start
* id 10 len 0, bssid
6c:f3:7f:5f:2c:a0 | mac: 50:a4:c8:bd:be:41
5: At Thu Apr 11 10:43:50: [L] Type station-data-ready_ack * id 10 len 0, bssid
00:00:00:00:00:00 | mac: 50:a4:c8:bd:be:41
Related Commands
Parameter
Description
aaa log
Issue this command to enable per-user logging.
show user show ipv6 user-table
Display log files for authentication events triggered by a specific IPv4 or IPV6 user.
Command History
This command was introduced in ArubaOS 6.3.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa state log | 894
Command Information
Platforms
W-6000, W-3600 and W7200 Series controllers
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
895 | show aaa state log
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa state messages
Description
Display numbers of authentication messages sent and received.
Syntax
No parameters.
Usage Guidelines
This command displays a general overview of authentication statistics. To view authentication information for specific profiles such as a captive-portal, MAC or 801.x authentication profile, issue the commands specific to those features.
Example
The output of this command displays tables of statistics for PAPI, RAW socket and Sibyte messages.
(host) #show aaa state messages
PAPI Messages
-------------
Msg ID Name
Since last Read
------ ----
---------------
5004 set master ip
2
7005 Set switch ip
1
7007 Set VLAN ip
5
66
delete xauth vpn users 1
Total ----2 1 5 1
RAW socket Messages
-------------------
Msg ID Name
------ ----
1
raw PAP req
33
captive portal config
59
TACACS ACCT config for cli
60
TACACS ACCT config for web
Since last Read --------------188 11113 1 1
Total ----188 11113 1 1
Sibyte Messages
---------------
Opcode Name
------ ----
2
bridge
4
session
11
ping
13
8021x
15
acl
16
ace
17
user
27
bwm
29
wkey
42
nat
43
user tmout
56
forw unenc
64
auth
94
aesccm key
111
dot1x term
Sent Since Last Read -------------------21 4877 768 114563 803 5519 781821 3 27109 1 4164 1787103 5268 17885 196813
Sent Total ---------21 4877 768 114563 803 5519 781821 3 27109 1 4164 1787103 5268 17885 196813
Recv Since Last Read -------------------0 0 768 229126 0 0 0 0 4 0 4160 0 5267 0 151161
Recv Total ---------0 0 768 229126 0 0 0 0 4 0 4160 0 5267 0 151161
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa state messages | 896
114
rand
126
eapkey
114
rand
1614 1316231
2
1614 1316231
2
1612 2632462
0
1612 2632462
0
The output of this command contains the following parameters:
Parameter Msg ID
Description ID number for the message type.
Name
Message name.
Since last Read
Number of messages received since the buffer was last read.
Total
Total number of message received since the controller was last reset.
opcode
Code number of the message type.
Sent Since last Read Number of messages sent since the buffer was last read.
Sent Total
Total number of message sent since the controller was last reset.
Recv Since last Read Number of messages received since the buffer was last read.
Recv Total
Total number of message received since the controller was last reset.
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
897 | show aaa state messages
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa state station
show aaa state station <A:B:C:D:E:F>
Description
Display AAA statistics for a station.
Syntax
Parameter <A:B:C:D:E:F>
Description MAC address of a station.
Example
The example below shows statistics for a station with four associated user IP addresses. The output of this command shows station data, the AAA profiles assigned to the station, and the station's authentication method.
(host) #show aaa state station 00:21:5c:85:d0:4b Association count = 1, User count = 4 User list = 10.1.10.10 10.6.5.168 192.168.229.1 192.168.244.1 essid: ethersphere-wpa2, bssid: 00:1a:1e:8d:5b:31 AP name/group: AL40/corp1344 PHY: a, ingress=0x10e8 (tunnel 136) vlan default: 65, assigned: 0, current: 65 cached: 0, user derived: 0, vlan-how: 0 name: MYCOMPANY\tgonzales, role:employee (default:logon, cached:employee, dot1x:), role-how: 1, acl:51/0, age: 00:02:50 Authentication: Yes, status: successful, method: 802.1x, protocol: EAP-MD5, server: vortex dot1xctx:1 sap:1 Flags: mba=0 AAA prof: default-corp1344, Auth dot1x prof: default, AAA mac prof:, def role: logon ncfg flags udr 1, mac 0, dot1x 1 Born: 1233767066 (Wed Feb 4 09:04:26 2009
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa state station | 898
show aaa state user
show aaa state user <A.B.C.D>
Description
Display statistics for an authenticated user.
Syntax
Parameter <A.B.C.D>
Description IP address of a user.
Example
The example below shows statics for a user with the IP address 10.1.10.11. The output of this command shows user data, the user's authentication method. and statistics for assigned roles, timers and flags.
(host) #show aaa state user 10.1.10.11 Name: MYCOMPANY\tsenter, IP: 10.1.10.11, MAC: 00:21:5c:85:d0:4a, Role:employee, ACL:51/0, Age: 00:01:46 Authentication: Yes, status: successful, method: 802.1x, protocol: EAP-MD5, server: vortex Bandwidth = No Limit Bandwidth = No Limit Role Derivation: Default VLAN Derivation: Matched user rule Idle timeouts: 0, ICMP requests sent: 0, replies received: 0, Valid ARP: 0 Mobility state: Associated, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0 Flags: internal=0, trusted_ap=0, delete=0, l3auth=0, l2=1 mba=0 Flags: innerip=0, outerip=0, guest=0, station=0, download=1, nodatapath=0 Auth fails: 0, phy_type: a-HT, reauth: 0, BW Contract: up:0 down:0, user-how: 1 Vlan default: 65, Assigned: 0, Current: 65 vlan-how: 0 Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, ProxyArp=0, Flags=0x0 Tunnel=0, SlotPort=0x1018, Port=0x10e2 (tunnel 130) Role assigned: n/a, VPN: n/a, Dot1x: Name: employee role-how: 0 Essid: ethersphere-wpa2, Bssid: 00:1a:1e:11:6b:91 AP name/group: AL31/corp1344 Phy-type: a-HT RadAcct sessionID:n/a RadAcct Traffic In 0/0 Out 0/0 (0:0/0:0:0:0,0:0/0:0:0:0) Timers: arp_reply 0, spoof reply 0, reauth 0 Profiles AAA:default-corp1344, dot1x:default, mac: CP: def-role:'logon' sip-role:'' ncfg flags udr 0, mac 0, dot1x 0 Born: 1233772328 (Wed Feb 4 10:32:08 2009)
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
899 | show aaa state user
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa sygate-on-demand (deprecated)
show aaa sysgate-on-demand
Syntax
No parameters.
Command History
Release ArubaOS 3.0
Modification Command introduced.
ArubaOS 3.4
Command deprecated.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa sygate-on-demand (deprecated) | 900
show aaa tacacs-accounting
Description
Show TACACS accounting configuration.
Syntax
No parameters.
Example
The example below shows that TACACS accounting has been enabled, and that the TACACS server is in the server group acct-server.
(host) #show aaa tacacs-accounting
TACACS Accounting Configuration
-------------------------------
Parameter
Value
---------
-----
Mode
Enabled
Server-Group acct-server
The output of this command includes the following parameters:
Parameter Mode
Description Shows if the TACACS accounting feature is enabled or disable
Server-Group
The server group that contains the active TACACS server.
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
901 | show aaa tacacs-accounting
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa timers
Description
Show AAA timer values.
Syntax
No parameters
Example
The example below shows that the controller has all default timer values:
(host) #show aaa timers User idle timeout = 6 minutes Auth Server dead time = 10 minutes Logon user lifetime = 5 minutes
Related Commands
Command aaa timers
Description
Mode
Use aaa timers to define the settings displayed in the output of this show command.
Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa timers | 902
show aaa web admin-port
show aaa web admin-port
Description
Show the port numbers of HTTP and HTTPS ports used for web administration.
Syntax
No parameters.
Example
The example below shows that the controller is configured to use HTTPS on port 4343 or 443, and HTTP on port 8888.
(host) #show aaa web admin-port https port = 4343 http port = 8888
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
903 | show aaa web admin-port
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa xml-api server
show aaa xml-api server [<server_ip>]
Description
Show a list of XML servers used for authentication, authorization and accounting.
Syntax
Parameter <server_ip>
Description
IP address of an XML API server. Include this parameter to see if a secret key is configured for the specified server.
Example
The output of this command shows that the controller has two configured XML API servers that are each referenced by two different AAA profiles. Note that user-defined servers will not have an entry in the Profile Status column.
(host) #show aaa xml-api statistics
XML API Server List
-------------------
Name
References Profile Status
----
---------- --------------
10.1.2.3 2
10.4.3.2 2
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa xml-api server | 904
show aaa xml-api statistics
show aaa xml-api statistics
Description
Display statistics for an external XML API server.
Syntax
Parameter <server_ip>
Description IP address of XML API server.
Usage Guidelines
Issue this command to troubleshoot AAA problems and monitor usage on an XML server.
Example
The example below shows AAA statistics for an external XML server with the IP address 10.1.2.3. This command shows the number of times that a particular event has occurred per client. The first number is the number of times this event occurred. The number of new events since the last time the counters were displayed is shown in parentheses.
(host) #show aaa xml-api statistics
Statistics
10.1.2.3
----------
--------
user_authenticate
0 (0)
user_add
0 (0)
user_delete
0 (0)
user_blacklist
0 (0)
user_query
0 (0)
unknown user
0 (0)
unknown role
0 (0)
unknown external agent
0 (0)
authentication failed
0 (0)
invalid command
0 (0)
invalid message authentication method 0 (0)
invalid message digest
0 (0)
missing message authentication
0 (0)
missing or invalid version number
0 (0)
internal error
0 (0)
client not authorized
0 (0)
Cant use VLAN IP
0 (0)
Invalid IP
0 (0)
Cant use Switch IP
0 (0)
missing MAC address
0 (0)
Packets received from unknown clients: 0 (0)
Packets received with unknown request: 0 (0)
Requests Received/Success/Failed : 0/0/0 (0/0/0)
The output of this command includes the following parameters:
905 | show aaa xml-api statistics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
user_authenticate Number of users authenticated on the XML server since the last controller reboot.
user_add
Number of users added to the controller's user table.
user_delete
Number of users removed from the controller's user table.
user_blacklist
Number of denied user association requests.
user_query
Number of user queries performed.
unknown user
Number of unknown users.
unknown role
Number of unknown user roles.
unknown external agent
Number of requests by an unknown external agent.
authentication failed
Number of failed authentication requests.
invalid command
Number of invalid XML commands
invalid message authentication method
Number of XML commands with an invalid authentication method (when a key is configured on the controller).
invalid message digest
Number of XML commands with an invalid digest type (when a key is configured on the controller).
missing message authentication
Number of XML commands with an missing authentication method (when a key is configured on the controller).
missing or invalid version number
Number of commands with a missing or invalid version number. The version number should always be 1.0.
internal error
Number of internal server errors
client not authorized
Number of unauthorized clients
Cant use VLAN IP
Number of time a user IP is same as the VLAN IP.
Invalid IP
Number of XML commands with an invalid IP address.
Cant use Switch IP Redirection to a IP failed, possibly because the source IP has been NATted.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show aaa xml-api statistics | 906
Parameter
missing MAC address
Description Number of XML commands with a missing MAC address.
Packets received from unknown clients
Number of packets received from unknown clients.
Packets received with unknown request
Number of packets received with unknown request
Requests Received/Success /Failed
Total number of requests received / number of successful requests / number of failed requests
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
907 | show aaa xml-api statistics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show acl ace-table
show acl ace-table {ace <0-1999>}|{acl <1-2700>}
Description
Show an access list entry (ACE) table for an access control list (ACL).
Syntax
Parameter ace <0-1999> acl <1-2700>
Description Show a single ACE entry. Show all ACE entries for a single ACL.
Example
The following example shows that there are eighteen access control entries for ACL 1.
(host) #show acl ace-table acl 1 1020: any any 1 0-65535 0-65535 f80001:permit 1021: any any 17 0-65535 53-53 f80001:permit 1022: any any 17 0-65535 8211-8211 f80001:permit 1023: any any 17 0-65535 8200-8200 f80001:permit 1024: any any 17 0-65535 69-69 f80001:permit 1025: any any 17 0-65535 67-68 f80001:permit 1026: any any 17 0-65535 137-137 f80001:permit 1027: any any 17 0-65535 138-138 f80001:permit 1028: any any 17 0-65535 123-123 f80001:permit 1029: user 10.6.2.253 255.255.255.255 6 0-65535 443-443 f80001:permit 1030: user any 6 0-65535 80-80 d1f90,0000 f80021:permit dnat 1031: user any 6 0-65535 443-443 d1f91,0000 f80021:permit dnat 1032: any any 17 0-65535 500-500 f80001:permit 1033: any any 50 0-65535 0-65535 f80001:permit 1034: any any 17 0-65535 1701-1701 f80001:permit 1035: any any 6 0-65535 1723-1723 f80001:permit 1036: any any 47 0-65535 0-65535 f80001:permit 1037: any any 0 0-0 0-0 f180000:deny
Related Commands
Configure ACLs using the command ip access-list session.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show acl ace-table | 908
show acl acl-table
show acl acl-table <1-2700>
Description
Display information for a specified access control list (ACL).
Syntax
Parameter acl-table <1-2700>
Description Specify the number of the ACL for which you want to view information.
Example
The following example displays the ACL table for the controller.
(host) #show acl acl-table acl 1
AclTable -------ACL Type --- ---1 role
ACE Index --------1459
Ace Count --------18
Name ---logon
Applied ------0
Total free ACE entries = 3591 Free ACE entries at the bottom = 2552 Next ACE entry to use = 1480 (table 1) Ace entries reused 622 times ACL count 64, tunnel acl 0
Ace entries reused 373 times ACL count 64, tunnel acl 0 The output of this command displays the following parameters:
Parameter ACL
Description Number of the specified ACL
Type
Shows the ACL type:
l role: Access list is used to define a user role.
l mac: MAC ACLs allow filtering of non-IP traffic. This ACL filters on a specific source MAC address or range of MAC addresses.
l session: Session ACLs define traffic and firewall policies on the controller.
l ether-type: This type of ACL filters on the Ethertype field in the Ethernet frame header, and is useful when filtering non-IP traffic on a physical port.
l standard: Standard ACLs are supported for compatibility with router
909 | show acl acl-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
ACE Index ACE count Name Applied Total free ACE entries
Free ACE entries at the bottom Next ACE entry to use ACE entries reused ACL count Tunnel ACL
Description software from other vendors. This ACL permits or denies traffic based on the source address of the packet.
Starting index entry for the ACL's access control entries Number of access control entries in the ACL Name of the access control list Number of times the ACL was applied to a role. The total number of free ACE entries. This includes available ACE entries at the bottom of the list, as well as free ACE entries in the middle of the table from previous access list entries that were later removed. The total number of free ACE entries at the bottom of the list.
Ace number of the first free entry at the bottom of the list. For internal use only. Total number of defined ACLs Total number of defined tunnel ACLs.
The following example displays the ACL table for ACL 1.
(host) #show acl ace-table acl 1
Acl Table
--------
ACL Type ACE Index Ace Count Name
--- ---- --------- --------- ----
1 role 1020
18
logon
Applied ------0
Total free ACE entries = 3591 Free ACE entries at the bottom = 2991 Next ACE entry to use = 1041 (table 1) Ace entries reused 373 times
ACL count 64, tunnel acl 0
Related Commands
Configure ACLs using the command ip access-list session.
Command History
This command was available in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show acl acl-table | 910
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master controllers
911 | show acl acl-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show acl hits
show acl hits
Description
Show internal ACL hit counters.
Syntax
No parameters.
Usage Guidelines
Issue this command to see the number of times an access control list defined a user's role, or traffic and firewall policies for a user session.
Example
In the example below, the output of the User Role ACL Hits table is shown in two separate tables to allow the output to fit on a single page of this document. In the actual controller command-line interface, the User Role ACL Hits table is shown in a single, wide table.
(host) #show acl ace-table acl 1
User Role ACL Hits
------------------
Role
Policy
----
------
logon
control
logon
control
logon
visitor
vp-control
visitor
vp-control
visitor
vp-access
visitor
vp-access
visitor
vp-access
Src --any any any any any any user any
Dst --any any any any any any mswitch-master any
User Role ACL Hits------------------
Service
Action Dest/Opcode New Hits Total Hits Index
-------
------ ----------- -------- ---------- -----
svc-icmp
permit
0
6
5052
svc-dhcp
permit
0
2
5057
0
deny
0
53
5069
svc-dns
permit
9
46079
4885
svc-dhcp
permit
0
788
4886
svc-icmp
permit
0
536
4887
svc-http
permit
0
41
4889
6 9100-9100 permit
0
31
4892
Port Based Session ACL
----------------------
Policy
Src
Dst Service Action Dest/Opcode New Hits Total Hits
Index
------
---
--- ------- ------ ----------- -------- ---------- --
---
validuser 10.1.1.0 255.255.255.0 any any
deny
0
214
4655
validuser any
any any
permit
6
2502
4656
Port ACL Hits
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show acl hits | 912
-------------
ACL ACE New Hits Total Hits Index
--- --- -------- ---------- -----
5
22
0
The output of this command includes the following information:
Parameter Role
Description Name of the role assigned by the ACL.
Policy
Name of the policy used by the ACL
Src
The traffic source, which can be one of the following:
l <alias>: Name of a user-defined alias for a network host, subnetwork, or range of addresses.
l any: match any traffic.
l host: specify a single host IP address.
l network: specify the IP address and netmask.
l user: represents the IP address of the user.
Dst
The traffic destination, which can be one of the following:
l <alias>: Name of a user-defined alias for a network host, subnetwork, or range of addresses.
l any: match any traffic.
l host: specify a single host IP address.
l network: specify the IP address and netmask.
l user: represents the IP address of the user.
Service
Network service, which can be one of the following: l IP protocol number (0-255) l name of a network service (use the show netservice command to see
configured services) l any: match any traffic l tcp: specify the TCP port number (0-65535) l udp: specify the UDP port number (0-65535)
Action
Action if rule is applied, which can be one of the following: l deny: reject packets l dst-nat: perform destination NAT on packets l dual-nat: perform both source and destination NAT on packets l permit: forward packets l redirect: specify the location to which packets are redirected l src-nat: perform source NAT on packets
913 | show acl hits
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Dest/Opcode New Hits Total Hits Index ACL ACE New Hits Total Hits Index
Description The datapath destination ID. Number of ACL hits that occurred since this command was last issued. Total number of ACL hits recorded since the controller last reset. Index number of the ACL. ACL number ACE number Number of times the ACL was applied since this command was last issued. Number of times the ACL was applied since the controller was last reset. Index number of the ACL.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show acl hits | 914
show activate-service-whitelist
show activate-service-whitelist
Description
This command displays the profile that allows the controller to synchronize its remote AP whitelist with the Dell Activate cloud-based services.
Syntax
No parameters.
Usage Guidelines
Use this command to view the credentials the controlleruses to synchronize the remote AP whitelist with an Activate server.
Example
The following example displays the Activate whitelist service settings on the controller:
(host)(config)# show activate-service-whitelist
(host)(activate-service-whitelist) #username user2 password pA$$w0rd whitelist-enable
activate-service-whitelist
--------------------------
Parameter
Value
---------
-----
Activate Whitelist Service
Enabled
Activate Login Username
Marin
Activate Login Password
********
Periodic Interval for WhiteList Download 1
Add-Only Operation
Enabled
Related Commands
Parameter activate
Description
This command synchronizes the remote AP whitelist on the controller with the Activate whitelist database.
Command History
This command was introduced in ArubaOS 6.3
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or enable mode on master or local controllers
915 | show activate-service-whitelist
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show adp config
show adp config
Description
Show Aruba Discovery Protocol (ADP) configuration settings.
Syntax
No parameters.
Example
The following example shows that the controller has all default settings for ADP.
(host) #show adp config
ADP Configuration
-----------------
key
value
---
-----
discovery enable
igmp-join enable
igmp-vlan 0
The output of this command includes the following parameters:
Parameter discovery
Description
Dell APs send out periodic multicast and broadcast queries to locate the master controller. If the APs are in the same broadcast domain as the master controller and ADP is enabled on the controller, the controller automatically responds to the APs' queries with its IP address.
This command shows whether ADP is enabled or disabled on the controller.
igmp-join
Shows whether the controller has enabled or disabled the sending of Internet Group Management Protocol (IGMP) join requests.
igmp-vlan
ID of the VLAN to which IGMP reports are sent. If this value is set to 0, the controller will use the default route VLAN used.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show adp config | 916
show adp counters
show adp counters
Description
Show Aruba Discovery Protocol (ADP) counters.
Syntax
No parameters.
Example
The following example shows the ADP counter table for the controller.
(host) #show adp counters
ADP Counters
------------
key
value
---
-----
IGMP Join Tx 1
IGMP Drop Tx 0
ADP Tx
0
ADP Rx
0
The output of this command includes the following parameters:
Parameter IGMP Join Tx
IGMP Drop Tx
ADP Tx ADP Rx
Description
Number of Internet Group Management Protocol (IGMP) join requests sent by the controller.
Number of Internet Group Management Protocol (IGMP) drop requests sent by the controller.
Number of ADP responses sent to APs.
Number of multicast and broadcast queries received from APs trying to locate the master controller.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
917 | show adp counters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup
show airgroup active-domains aps blocked-queries {dlna|mdns} blocked-service-id {dlna|mdns} cache entries {dlna|mdns|static} cppm {entries | server-group} cppm-server {aaa | query-interval | radius statistics | rfc3576 statistics} domain global-credits internal-state statistics {dlna|mdns} multi-controller-table servers {dlna | mdns | verbose} status users {dlna|mdns|verbose} vlan
Description
This command displays AirGroup global settings, domain, active-domain, and more AirGroup configuration information on the controller.
Syntax
Parameter active-domains
aps
Description
This command displays a list of AirGroup active-domains configured on the controller. For more information, see show airgroup active-domains on page 923
This command displays the AP table on the controller.
blocked-queries {dlna|mdns}
blocked-service-id {dlna|mdns}
cache entries {dlna|mdns|static}
l dlna - This command displays the DLNA blocked queries. l mdns - This command displays the mDNS blocked
queries. For more information, see show airgroup blocked-queries on page 924
l dlna - This command displays the DLNA blocked service IDs.
l mdns - This command displays the mDNS blocked service IDs.
For more information, see show airgroup blocked-service-id on page 926
l dlna - This command displays the DLNA cache entries. l mdns - This command displays the mDNS cache entries.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup | 918
Parameter
cppm {entries|server-group}
cppm-server aaa query-interval radius statistics rfc3576 statistics
domain
global-credits
internal-state statistics {dlna|mdns}
multi-controller-table servers {dlna|mdns|verbose}
919 | show airgroup
Description
l static - This command displays the AirGroup static cache entries.
For more information, see show airgroup cache entries
l cppm entries: This command displays information for devices registered in ClearPass Policy Manager (CPPM).
l cppm server-group: This command displays AirGroup CPPM server group defined in the controller.
For more information, see show airgroup cppm on page 930
l aaa: This command displays the AAA parameters for AirGroup.
l query-interval: The AirGroup CPPM query interval is used to refresh the CPPM entries at periodic intervals. This command displays the CPPM query interval value configured in the controller.
l radius statistics: This command displays the RADIUS statistics for AirGroup.
l rfc3576 statistics: This command displays the Dynamic Authorization Extensions to RADIUS statistics for AirGroup.
For more information, see show airgroup cppm-server on page 932
This command displays the IP address of all the controllers participating in an AirGroup multi controller environment. For more information, see show airgroup domain on page 935
This command displays tokens assigned to query and response packets. It displays configured and current global tokens. For more information, see show airgroup global-credits on page 940
l dlna - This command displays the DLNA statistics. l mdns - This command displays the mDNS statistics. For more information, see show airgroup internal-state statistics on page 937
This command displays the AirGroup cluster information. For more information, see show airgroup multi-controllertable on page 942
l dlna - This command displays the DLNA servers. l mdns - This command displays the mDNS servers. l Verbose - This command displays the AirGroup server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
status
users {dlna|mdns|verbose} vlan
Description
(Apple TV, AirPrint Printer) status in the controller. For more information, see show airgroup servers on page 944
This command displays the current status of the AirGroup configuration and AirGroup services configured on the controller. For more information, see show airgroup status on page 947
l dlna - This command displays the DLNA users. l mdns - This command displays the mDNS users. l Verbose - This command displays the AirGroup client or
user status in the controller. For more information, see show airgroup users on page 950
This command displays the status of all the disallowed AirGroup VLANs. For more information, see show airgroup vlan on page 952
Example
Access the controller's command-line interface and use the following command to display the current status of the AirGroup configuration and AirGroup services configured on the controller:
(host) #show airgroup status
AirGroup Feature ---------------Status -----Enabled AirGroup- MDNS Feature ---------------------Status -----Enabled AirGroup- DLNA Feature ---------------------Status -----Enabled AirGroup Location Discovery --------------------------Status -----Enabled AirGroup Active Wireless Discovery ---------------------------------Status -----Disabled AirGroup Enforce Registration -----------------------------
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup | 920
Status
------
Enabled
AirGroup IPV6 Support
---------------------
Status
------
Disabled
AirGroup Service Information
----------------------------
Service
Status
-------
------
airplay
Enabled
airprint Enabled
itunes
Disabled
remotemgmt Disabled
sharing
Disabled
chat
Disabled
googlecast Disabled
DIAL
Enabled
DLNA Media Enabled
DLNA Print Disabled
allowall Disabled
Use the following command to display the IP address of all the controllers participating in an AirGroup multi controller environment:
(host) #show airgroup domain
AirGroup Domains
----------------
Name
Description
----
-----------
Campus1 AirGroup_campus1
Campus2 AirGroup_campus2
Num domains:2
IP-Address ---------10.10.10.1 11.11.11.1 9.9.9.1 8.8.8.1
Use the following command to displays a list of AirGroup active-domains configured on the controller:
(host) #show airgroup active-domains
AirGroup Active-Domains
-----------------------
Domain Name Status
----------- ------
Campus1
Included
Campus2
Included
Num active-domains:2
Related Commands
Command airgroup
Description
This command configures AirGroup global settings, domain, and activedomain parameters.
921 | show airgroup
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History:
Release ArubaOS 6.3 ArubaOS 6.3.1 ArubaOS 6.4
Modification
Command introduced.
The unsolicited-responses-received parameter was deprecated.
The dlna,and mdns parameters were introduced in the following commands: l show airgroup blocked-queries l show airgroup blocked-service-id l show airgroup internal-state statistics The dlna, mdns , and verbose parameters were introduced in the following commands: l show airgroupservice l show airgroup servers l show airgroup users
The dlna, mdns , and static parameters were introduced in the following command: l show airgroup cache entries
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup | 922
show airgroup active-domains
show airgroup active-domains
Description
This command displays a list of AirGroup active-domains configured.
Syntax
No parameters.
Example
The following example displays a list of AirGroup active-domains configured:
(host) #show airgroup active-domains
AirGroup Active-Domains
-----------------------
Domain Name Status
----------- ------
Campus1
Included
Campus2
Included
Num active-domains:2
The output of this command includes the following parameters:
Column Domain Name Status
Description Displays the name of the domain. Displays the status of the domain if it is part of the active-domain list.
Command History:
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
923 | show airgroup active-domains
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup blocked-queries
show airgroup blocked-queries [mdns|dlna]
Description
This command displays the service ID that was queried but not available in the AirGroup service table.
Syntax
Parameter mdns
Description Specifies the mDNS blocked queries.
Range --
Default --
dlna
Specifies the DLNA blocked queries.
--
--
Example
The following example displays the service ID that was queried but not available in the AirGroup service table:
(host) #show airgroup blocked-queries AirGroup dropped Query IDs -------------------------Service ID ---------urn:schemas-upnp-org:device:InternetGatewayDevice:1 urn:schemas-microsoft-com:nhed:presence:1 uuid:10000000-0000-0000-0200-7CED8DAB677F _touch-remote._tcp _00000000-54ce-c0a7-a21f-369c70ae4de6._sub._home-sharing._tcp _00000000-54ce-c0a7-a21f-369c70ae4de6._sub._hs-dpap._tcp 47dd055b._sub._apple-mobdev2._tcp urn:schemas-upnp-org:service:WANPPPConnection:1 urn:schemas-upnp-org:service:WANIPConnection:1 50.64.15.10.in-addr.arpa urn:schemas-opencable-com:service:Tuner:1 urn:schemas-microsoft-com:service:pbda:tuner:1 _atc._tcp 10.15.121.240.in-addr.arpa 10.15.121.240.in-addr.arpa Num dropped Query IDs:15
#query-hits ----------744 9 9 5 5 5 55 4 4 1 9 9 6 6 3
The output of this command includes the following parameters:
Parameter Service ID
#query-hits
Description
Displays the service ID that was queried but not available in the AirGroup service table. An AirGroup service ID is the name of a DLNA or mDNS service.
Displays the number of query hits for a service blocked by AirGroup.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup blocked-queries | 924
Command History:
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
925 | show airgroup blocked-queries
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup blocked-service-id
show airgroup blocked-service-id [mdns|dlna]
Description
This command displays the list of blocked services.
Syntax
Parameter mdns
Description Specifies the mDNS blocked services.
dlna
Specifies the DLNA blocked services.
Range -- --
Default -- --
Example
The airgroup service <servicename> disable command disables an AirGroup service by blocking the service IDs for that service. When you enable an AirGroup service, service IDs of that service are enabled automatically. The following example displays the list of blocked services:
(host) (config) #show airgroup blocked-service-id
AirGroup Blocked Service IDs
----------------------------
Origin
Service ID
------
----------
10.15.121.240 urn:schemas-upnp-org:service:RenderingControl:1
10.15.121.240 urn:schemas-upnp-org:service:ContentDirectory:1
10.15.121.240 urn:schemas-upnp-org:service:ConnectionManager:1
10.15.121.240 _sleep-proxy._udp
10.15.121.240 _touch-able._tcp
10.15.121.240 urn:schemas-upnp-org:service:AVTransport:1
10.15.121.240 _apple-mobdev._tcp
10.15.121.240 _workstation._tcp
10.15.121.240 _LifeLineDevice._tcp
10.15.121.240 _daap._tcp
10.15.121.240 _adisk._tcp
10.15.121.240 urn:schemas-emc-com:device:sohodevice:1
10.15.121.240 urn:schemas-emc-com:service:sohoOSabout:1
Num Blocked Service-ID:13
#response-hits -------------3196 7048 7082 34 12 30 83 8 8 16 16 1007 1006
The output of this command includes the following parameters:
Parameter Origin Service ID #response-hits
Description Displays the source IP address of the AirGroup server that advertises this service. Displays the blocked service ID of the server. Displays the number of response messages received for this service ID.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup blocked-service-id | 926
Command History:
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
927 | show airgroup blocked-service-id
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup cache entries
show airgroup cache <entries> [mdns|dlna|static]
Description
This command displays the AirGroup mDNS and DLNA resource records in cache in a controller:
Syntax
Parameter <entries>
mdns
Description
Range
Displays the AirGroup mDNS and DLNA resource -- records in the cache.
Displays the mDNS cache entries.
--
Default -- --
dlna
Displays the DLNA cache entries.
--
--
static
Displays static cache entries.
--
--
Example
The following example displays the AirGroup mDNS and DLNA resource records in cache in a controller: (host) #show airgroup cache entries
Cache Entries ------------Name Last Update -------------_http._tcp.local
Mon Dec 2 02:01:48 2013 hmnhd-TID44Q.local
Mon Dec 2 02:01:48 2013 hmnhd-TID44Q Web Management._http._tcp.local
Mon Dec 2 02:01:48 2013 hmnhd-TID44Q Web Management._http._tcp.local
Mon Dec 2 02:01:48 2013 urn:schemas-upnp-org:device:MediaRenderer:1
Mon Dec 2 07:28:52 2013 urn:schemas-upnp-org:device:MediaServer:1
Mon Dec 2 07:34:05 2013 urn:schemas-upnp-org:device:MediaRenderer:1
Mon Dec 2 07:21:06 2013 urn:schemas-upnp-org:device:MediaServer:1
Mon Dec 2 07:32:25 2013 urn:schemas-upnp-org:device:MediaServer:1
Mon Dec 2 07:33:39 2013 urn:schemas-upnp-org:device:MediaServer:1
Mon Dec 2 07:33:39 2013 urn:schemas-upnp-org:device:MediaRenderer:1
Mon Dec 2 07:21:06 2013 Num Cache Entries:11
Type ---PTR A SRV/NBSTAT TXT N/A N/A N/A N/A N/A N/A N/A
Class ----IN IN IN IN N/A N/A N/A N/A N/A N/A N/A
TTL --4500 120 120 4500 1800 1810 1800 900 900 900 1800
Origin
Expiry
------
------
10.15.121.240 wireless
10.15.121.240 wireless
10.15.121.240 wireless
10.15.121.240 wireless
10.15.121.240 N/A
10.15.121.240 N/A
10.15.121.240 N/A
10.15.121.240 N/A
10.15.121.240 N/A
10.15.121.240 N/A
10.15.121.240 N/A
The output of this command includes the following parameters:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup cache entries | 928
Column Name Type Class TTL Origin Expiry Last Update
Description Displays the name of the Service ID. Displays the type of mDNS or DLNA record. Displays the class of the record. This is usually IN. Displays the time to live value of the service ID in seconds. Displays the source IP of the AirGroup server. Displays the expiry period of the mDNS or DLNA record in seconds. Displays the time stamp of the last cache update.
Command History:
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
929 | show airgroup cache entries
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup cppm
show airgroup cppm {<entries>|<server-group>}
Description
This command displays the information for devices registered in ClearPass Policy Manager.
Syntax
Parameter <entries> <server-group>
Description Displays the CPPM registration information. Displays the Server Group information.
Range -- --
Default -- --
Example
The following example displays the information for devices registered in ClearPass Policy Manager:
(host) #show airgroup cppm entries
ClearPass Guest Device Registration Information
-----------------------------------------------
Device
device-owner shared location-id AP-name shared location-id AP-FQLN
shared location-id AP-group shared user-list shared group-list shared role-list CPPM-Req
CPPM-Resp
------
------------ -------------------------- -------------------------- -----
---------------------- ---------------- ----------------- ---------------- -------- -----
----
cc:3a:61:b1:4a:cc lecturer
lecturer2
1
1
c4:85:08:a2:15:1b N/A
DEPT1
1
1
00:1e:65:2d:ae:44 N/A
Physics
1
1
Chemistry
Biology
Num CPPM Entries:3
The following example displays the server group information:
(host) (config) #show airgroup cppm server-group
Airgroup AAA Server Group
-------------------------
Name Inservice trim-FQDN match-FQDN
---- --------- --------- ----------
cppm Yes
No
The output of this command includes the following parameters:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup cppm | 930
Column Device
Description Displays the MAC address of the AirGroup device.
device-owner
Displays the user name of the AirGroup device.
shared location-id AP-name
Displays the location ID based on an AP name.
NOTE: The geographical location of AirGroup device can be tracked with respect to its RF neighbors. AirGroup devices connected to APs can be located based on nearby APs. In this case, an AirGroup user's AP could be any of the APs in AirGroup server's neighbor AP list, in addition to the server's own associated AP to receive the service advertisements from the corresponding AirGroup server.
shared location-id AP-FQLN
Displays the location ID based on the Fully Qualified Location Name (FQLN) value of an AP.
AP FQLN is configured in the format apname>.<floor>.<building>.<campus>
shared location-id AP-group Displays the location ID based on the name of an AP group.
shared user-list
Displays one or more primary login IDs of an AirGroup user.
shared group-list
Displays one or more primary login IDs of an AirGroup user group.
shared role-list CPPM-Req CPPM-Resp
Displays the name of the controller role.
Displays the number of requests sent by the controller to CPPM server to populate the policy details for the given client.
Displays the number of responses received from the CPPM server for policy details of the given client.
Command History:
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
931 | show airgroup cppm
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup cppm-server
show airgroup cppm-server {<aaa>|<query-interval>|radius <statistics>|rfc3576 <statistics>}
Description
This command displays the information for devices registered in ClearPass Policy Manager.
Syntax
Parameter cppm-server <aaa> <query-interval>
radius <statistics> rfc3576 <statistics>
Description
Range Default
Displays the ClearPass Policy Manager server
--
--
information.
Displays the data for the ClearPass Policy Manager --
--
servers.
Specifies the value in which the AirGroup ClearPass Policy Manager query interval refreshes the ClearPass Policy Manager entries at periodic intervals.
1 - 24 hours
10 hours
Displays the AirGroup RADIUS server statistics.
--
--
Displays the AirGroup RFC3576 server statistics.
--
--
Example
The following example displays the information for devices registered in ClearPass Policy Manager:
(host) #show airgroup cppm entries
ClearPass Guest Device Registration Information
-----------------------------------------------
Device
device-owner shared location-id AP-name shared location-id AP-FQLN
shared location-id AP-group shared user-list shared group-list shared role-list CPPM-Req
CPPM-Resp
------
------------ -------------------------- -------------------------- -----
---------------------- ---------------- ----------------- ---------------- -------- -----
----
cc:3a:61:b1:4a:cc lecturer
lecturer2
1
1
c4:85:08:a2:15:1b N/A
DEPT1
1
1
00:1e:65:2d:ae:44 N/A
Physics
1
1
Chemistry
Biology
Num CPPM Entries:3
The following example displays the server group information:
(host) (config) #show airgroup cppm server-group Airgroup AAA Server Group ------------------------Name Inservice trim-FQDN match-FQDN ---- --------- --------- ----------
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup cppm-server | 932
cppm Yes
No
The output of this command includes the following parameters:
Column Device
Description Displays the MAC address of the AirGroup device.
device-owner
Displays the user name of the AirGroup device.
shared location-id AP-name
Displays the location ID based on an AP name.
NOTE: The geographical location of AirGroup device can be tracked with respect to its RF neighbors. AirGroup devices connected to APs can be located based on nearby APs. In this case, an AirGroup user's AP could be any of the APs in AirGroup server's neighbor AP list, in addition to the server's own associated AP to receive the service advertisements from the corresponding AirGroup server.
shared location-id AP-FQLN
Displays the location ID based on the Fully Qualified Location Name (FQLN) value of an AP.
AP FQLN is configured in the format apname>.<floor>.<building>.<campus>
shared location-id AP-group Displays the location ID based on the name of an AP group.
shared user-list
Displays one or more primary login IDs of an AirGroup user.
shared group-list
Displays one or more primary login IDs of an AirGroup user group.
shared role-list CPPM-Req CPPM-Resp
Displays the name of the controller role.
Displays the number of requests sent by the controller to ClearPass Policy Manager server to populate the policy details for the given client.
Displays the number of responses received from the ClearPass Policy Manager server for policy details of the given client.
Command History:
Release ArubaOS 6.3 ArubaOS 6.4
Modification Command introduced. The shared group-list parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
933 | show airgroup cppm-server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup cppm-server | 934
show airgroup domain
show airgroup domain
Description
This command displays a list of AirGroup domains configured.
Syntax
No parameters.
Example
Use this command to view a list of AirGroup domains configured:
(host) #show airgroup domain
AirGroup Domains
----------------
Name
Description
----
-----------
Campus1 AirGroup_campus1
Campus2 AirGroup_campus2
Num domains:2
IP-Address ---------10.15.121.240 11.11.11.1 9.9.9.1 8.8.8.1
The output of this command includes the following parameters:
Column Name Description
Description Displays the name of the AirGroup domain. Displays a short description of the domain.
IP-Address
Displays the controller or VRRP IP address.
Command History:
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
935 | show airgroup domain
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Dell Networking W-Series ArubaOS 6.4.x | User Guide
| 936
show airgroup internal-state statistics
show airgroup internal-state <statistics> [mdns|dlna]
Description
This command displays the statistics of packets sent and received per second by a controller:
Syntax
Parameter statistics dlna
Description Displays the Packets sent and received. Displays the DLNA statistics.
Range -- --
Default -- --
mdns
Displays the mDNS statistics.
--
--
Example
The following example displays the packets sent and received per second by the controller: (host) (config) #show airgroup internal-state statistics
PAPI Messages ------------Msg ID Name
Sent Since last Read Sent Total Recv
Since Last Read Recv Total ------ ----
-------------------- ---------- -----
--------------- ----------
10005 Auth - Request UserInfo
50
249
0
0
10006 Auth - Set UserInfo
0
0
50
249
7062 Set switch ip6
0
0
0
1
1003 mdns cli log config - LOG LEVEL 0
0
0
1
10004 Auth - User Role
0
0
62
302
RADIUS Client Messages
----------------------
Type
Sent Since Last Read Sent Total Recv Since Last Read Recv Total
----
-------------------- ---------- -------------------- ----------
Auth Req/Resp
111
569
61
322
RFC3576
N/A
N/A
11
17
CPPM Device-Entry Added N/A
N/A
16
56
CPPM Device-Entry Deleted N/A
N/A
1
1
Sibyte MDNS Messages
--------------------
Opcode Name
Sent Since Last Read Sent Total Recv Since Last Read
Recv Total
------ ----
-------------------- ---------- -------------------- -
---------
7
app
0
6
0
0
937 | show airgroup internal-state statistics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
193
N/A
859
2985
214
619
Rx
Request
N/A
N/A
71
318
Rx
Response
N/A
N/A
143
301
Tx
Request-Refresh
0
1
N/A
N/A
Tx
Request-discovery
55
300
N/A
N/A
Tx
Request-wildcard
0
0
N/A
N/A
Tx
Response-Solicited
0
0
N/A
N/A
Tx
Response-Solicited-Fragment 0
0
N/A
N/A
Tx
Response-Unsolicited
0
0
N/A
N/A
Sibyte DLNA Messages
--------------------
Opcode Name
Sent Since Last Read Sent Total Recv Since Last Read Recv Total
------ ----
-------------------- ---------- -------------------- ----------
193
N/A
711
3614
18182
97564
Rx
Query
N/A
N/A
8806
40946
Rx
Notify Announce N/A
N/A
1181
10090
Rx
Notify Bye
N/A
N/A
0
0
Tx
Response
651
2800
N/A
N/A
Internal MDNS Statistics
------------------------
Functionality
Hit Count Since Last Read Hit Count Total Average Time in
microsec (since last read) Average Time in microsec (alltime)
-------------
------------------------- --------------- ----------------
-------------------------- ----------------------------------
Response - Cache Update
799
1842
608
612
Response
143
301
4136
4869
Query - prepare records + Policy 71
318
964
1372
Query - Policy
0
195
0
51
Query - resp pkt gen & send
0
0
0
0
Query - Response packet send
833
2831
351
339
Query
71
318
2377
2373
Internal DLNA Statistics
------------------------
Functionality
Hit Count Since Last Read Hit Count Total Average Time in
microsec (since last read) Average Time in microsec (alltime)
-------------
------------------------- --------------- ----------------
-------------------------- ----------------------------------
Response - Cache Update
4679
28293
395
394
Response
0
0
0
0
Query - prepare records + Policy 2153
4377
3468
2744
Query - Policy
7674
12526
572
395
Query - resp pkt gen & send
453
2537
1437
1149
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup internal-state statistics | 938
Query - Response packet send
4739
28569
549
552
Query
8806
40946
2162
1184
MDNS Multi-controller Cluster Messages
--------------------------------------
Type
Sent Since Last Read Sent Total Recv Since Last Read Recv Total
----
-------------------- ---------- -------------------- ----------
Unicast Response with tag 0
0
0
0
Request with tag
66
311
5
7
Raw Response
0
0
0
0
DLNA Multi-controller Cluster Messages
--------------------------------------
Type
Sent Since Last Read Sent Total Recv Since Last Read Recv Total
----
-------------------- ---------- -------------------- ----------
Request with tag 7517
39582
1289
1364
Raw Response
87
87
20
20
The output of this command includes the following parameters:
Column PAPI Messages
Description
Displays the statistics of Performance Application Programming Interface (PAPI) messages between mDNS and other processes.
RADIUS Client Messages
Displays the statistics of RADIUS messages sent and received by AirGroup.
Sibyte Messages
Displays the statistics of messages sent and received from the datapath.
Internal Statistics
Displays the statistics about the number of response and query messages received and the time taken to process each of these messages.
Multi-controller Cluster Messages Displays the statistics about the query and response messages among controllers in a multi-controller cluster.
Command History:
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
939 | show airgroup internal-state statistics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup global-credits
show airgroup global credits
Description
This command displays the current and user configured global tokens assigned to query and response packets.
Syntax
No parameters.
Example
In an AirGroup network, AirGroup devices generate excess mDNS query and response packets. Using airgroup global-credits command, the AirGroup controller restricts these packets by assigning tokens. The controller processes these mDNS packets based on this token value. The controller rejects any packets beyond this token limit. The token renews every 15 seconds. The renewal interval is not a configurable parameter.
In the following example, the AirGroup controller restricts the number of query packets to 450 and response packets to 90 from AirGroup devices in a time frame of 15 seconds.
(host)(config) #airgroup global-credits 450 90
The following command displays tokens assigned to query and response packets. It displays the current and user configured global tokens.
(host) #show airgroup global-credits
Global Credits - Default
------------------------
Type
Value
----
-----
Query Packets
450
Response Packets 90
Global Credits - Current
------------------------
Type
Value
----
-----
Query Packets
400
Response Packets 85
The output of this command includes the following parameters:
Column Type Value
Description Displays the mDNS or DLNA packet type. Displays the limit of the token.
Command History:
Release ArubaOS 6.3
Modification Command introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup global-credits | 940
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
941 | show airgroup global-credits
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup multi-controller-table
show airgroup multi-controller-table [mdns|dlna] [verbose]
Description
This command displays the IP address of all the controllers participating in an AirGroup multi-controller environment.
Syntax
Parameter mdns
Description Displays the mDNS statistics.
Range --
Default --
dlna
Displays the DLNA statistics.
--
--
verbose
Displays additional information in a tabular
--
--
format.
Example
All controllers communicate with each other based on the multi-controller table in an AirGroup cluster. This table is a combination of controllers specified in each domain, as part of active-domains. Use the following command to view the IP address of all the controllers participating in an AirGroup multi-controller environment:
(host) (config) #show airgroup multi-controller-table
AirGroup Multi-Controller-Table
---------------------------------------
IP-Address Type Request with Tag Tx Unicast Response with tag Tx
Request with Tag Rx Unicast Response with tag Rx Raw Response Rx
---------- ---- ------------------- ----------------------------
------------- ---------------------------- ---------------
10.15.121.240 mDNS 43
0
0
0
10.15.121.240 mDNS 43
0
0
0
Num IP-Address:2
Raw Response Tx ---------------
0 0
-----0 0
The output of this command includes the following parameters:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup multi-controller-table | 942
Table 7: show airgroup multi-controller-table
Column
Description
IP-Address
Displays the IP address of all the controllers participating in an AirGroup multi-controller environment.
Type Request with Tag Tx
Displays the type of record.
Displays the number of AirGroup multi-controller queries transmitted with meta-tag information by the controller to other controllers in its multi-controller domain.
Unicast Response with tag Tx
Displays the number of AirGroup multi-controller responses transmitted with meta-tag information by the controller to other controllers in its multi-controller domain.
Raw Response Tx
Displays the number of mDNS or DLNA responses transmitted by the controller in response to multi-controller queries from other controllers in the domain.
Request with Tag Rx
Displays the number of AirGroup multi-controller queries received with meta-tag information by the controller from other controllers in its multi-controller domain.
Unicast Response with tag Rx
Displays the number of AirGroup multi-controller responses received with meta-tag information by the controller from other controllers in its multi-controller domain.
Raw Response Rx
Displays the number of mDNS or DLNA responses received by the controller in response to multi-controller queries sent by the controller.
Command History:
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
943 | show airgroup multi-controller-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup servers
show airgroup servers [mdns|dlna] [verbose]
Description
This command displays the status of the AirGroup server (Apple TV, AirPrint Printer, Google ChromeCast, and so on) in a controller:
Syntax
Parameter mdns
Description Displays the mDNS servers.
Range --
Default --
dlna
Displays the DLNA servers.
--
--
verbose
Displays additional information in a tabular
--
--
format.
Example
The following example displays the status of the AirGroup server (Apple TV, AirPrint Printer, Google ChromeCast, and so on) in a controller:
(host) (config) #show airgroup servers AirGroup Servers ---------------MAC IP Type Host Name Service VLAN Wired/Wireless Role Group Username AP-Name --- -- ---- --------- ------- ---- -------------- -------- -------- ------00:25:11:3c:a3:5a 10.15.121.240 mDNS nandan allowall 64 N/A 00:25:90:cc:6e:b3 10.15.121.240 DLNA allowall 64 N/A d4:be:d9:1f:83:c9 10.15.121.240 DLNA allowall 1 N/A DLNA Media 00:1e:65:2d:ae:44 10.15.121.240 DLNA allowall 3 wireless authenticated Mathematics user1 104_ AP105 DLNA Media Num Servers: 4, Max Servers: 2000.
The output of this command includes the following parameters:
Column MAC IP Type Host Name
Description Displays the MAC address of the AirGroup server. Displays the IP address of the AirGroup server. Displays the type of the device. Displays the host name of the AirGroup server.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup servers | 944
Column Service VLAN Wired/Wireless
Role Group Username AP-Name Rec-dropped Rec-filtered Rec-responded Last-query CPPM-Req CPPM-Rsp CoA CPPM Dev-Added CPPM Dev-Deleted
Description
Displays the AirGroup service hosted by the server.
Displays the VLAN ID of the AirGroup server.
Indicates if the AirGroup server is connected to a Wired LAN or Wireless LAN. NOTE: The column displays Wired when the server is connected to an untrusted wired port. When the server is connected to a trusted wired port, the column displays N/A. Displays the user role of the AirGroup server.
Displays the group of the AirGroup user.
Displays the user name of the AirGroup server.
Displays the AP name to which the AirGroup server is connected.
Displays the number of queries dropped from the AirGroup server.
Displays the number of queries filtered as a result of the policies.
Displays the number of queries responded from the AirGroup server.
Displays the time stamp of the last query received.
Displays the number of requests sent by the controller to the CPPM server to populate the policy details for the given AirGroup server.
Displays the number of responses received from the CPPM server for policy details of the given AirGroup server.
Displays the number of Change of Authorization (CoA) requests sent by CPPM to notify the controller about the registered device.
Displays the last time stamp the controller learned about the CPPM policy information.
Displays the last time stamp when this device entry was deleted from the CPPM table.
Command History:
Release ArubaOS 6.3
Modification Command introduced.
945 | show airgroup servers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup servers | 946
show airgroup status
show airgroup status
Description
This command displays the global settings of the AirGroup configuration and AirGroup services configured in the WLAN controller.
Syntax
No parameters.
Example
Issue this command to view the global settings of the AirGroup configuration and AirGroup services configured in the WLAN controller. (host) #show airgroup status
AirGroup Feature
----------------
Status
------
Enabled
AirGroup- MDNS Feature
----------------------
Status
------
Enabled
AirGroup- DLNA Feature
----------------------
Status
------
Enabled
AirGroup Location Discovery
---------------------------
Status
------
Enabled
AirGroup Active Wireless Discovery
----------------------------------
Status
------
Disabled
AirGroup Enforce Registration
-----------------------------
Status
------
Disabled
AirGroup IPV6 Support
---------------------
Status
------
Disabled
AirGroup Service Information
----------------------------
Service
Status
-------
------
airplay
Enabled
airprint Enabled
itunes
Disabled
947 | show airgroup status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
remotemgmt sharing chat googlecast DIAL DLNA Media DLNA Print allowall test airplay
Disabled Disabled Disabled Disabled Enabled Enabled Disabled Enabled Enabled Enabled
The output of this command includes the following parameters:
Column AirGroup Feature Status
AirGroup - MDNS Feature
Description Displays the status of AirGroup in the controller. Displays the status of mDNS.
AirGroup - DLNA Feature
Displays the status of DLNA.
AirGroup Location Discovery
Displays the status of AirGroup location discovery.
If enabled, AirGroup user can see shared devices based on the user's proximity.
AirGroup Active Wireless Discovery
Displays the status of wireless AirGroup server discovery.
If enabled, AirGroup controller actively sends refresh requests to discover wireless servers. If disabled, the controller sends refresh requests to wired AirGroup servers only.
AirGroup Enforce Registration Status
Displays the status of AirGroup server registration with the CPPM server.
AirGroup IPV6 Support
Displays the status of AirGroup IPv6 support on the controller.
AirGroup Service Information
Displays the status of all the AirGroup services.
Command History:
Release ArubaOS 6.3 ArubaOS 6.4.1
Modification Command introduced.
l The Chromecast service was renamed to DIAL. l The googlecast service was introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup status | 948
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
949 | show airgroup status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup users
show airgroup users [mdns|dlna] [verbose]
Description
This command displays the user table.
Syntax
Parameter mdns
Description Displays the mDNS users.
Range --
Default --
dlna
Displays the DLNA users.
--
--
verbose
Displays additional information in a tabular
--
--
format.
Example
The following example displays the AirGroup users:
(host) (config) #show airgroup users AirGroup Users -------------MAC IP Type Host Name VLAN Role Group Username AP-Name --- -- ---- --------- ---- ---- ----- -------- ------d4:be:d9:1f:83:c9 10.15.121.240 DLNA 1 Num Users: 1, Max Users: 6000.
The output of this command includes the following parameters:
Column MAC IP Type Host Name VLAN Role Group Username AP-Name
Description Displays the MAC address of the AirGroup user. Displays the IP address of the AirGroup user. Displays the type of the AirGroup device. Displays the host name of the AirGroup user. Displays the VLAN ID of the AirGroup user. Displays the user role of the AirGroup user. Displays the group of the AirGroup user. Displays the user name of the AirGroup user. Displays the AP name to which the AirGroup user is connected.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup users | 950
Column Rec-dropped Rec-filtered Rec-responded Last-query CPPM-Req
CPPM-Rsp
CoA
CPPM Dev-Added
CPPM Dev-Deleted
Description
Displays the number of queries dropped from the AirGroup user.
Displays the number of queries filtered as a result of the policies.
Displays the number of queries responded from the AirGroup user.
Displays the time stamp of the last query received.
Displays the number of requests sent by the controller to the CPPM server to populate the policy details for the given AirGroup client.
Displays the number of responses received from the CPPM server for policy details of the given AirGroup client.
Displays the number of Change of Authorization (CoA) requests sent by CPPM to notify the controller about the registered device.
Displays the last time stamp when the controller learned about the CPPM policy information.
Displays the last time stamp when this device entry was deleted from the CPPM table.
Command History:
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
951 | show airgroup users
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup vlan
show airgroup vlan
Description
This command displays the status of the disallowed AirGroup VLANs.
Syntax
No parameters.
Example
The following example displays the status of the disallowed AirGroup VLANs:
(host) #show airgroup vlan
VLAN Table
----------
Vlan-Id
IP-Address
-------
----------
1
10.15.121.240
2
0.0.0.0
3
10.15.121.240
4
10.15.121.240
Num Vlans:4
IPv6-Address -----------2001:1:1:16::165/64 2002:1:1:17::165/64 2003:1:1:18::165/64 2004:1:1:19::165/64
Status -----Allowed Disallowed Allowed Allowed
The output of this command includes the following parameters:
Column Vlan-Id IP-Address IPv6-Address Status
Description Displays the identification number of the AirGroup VLAN. Displays the IP address of the VLAN interface. Displays the IPv6 address of the VLAN interface. Displays the status of AirGroup access to devices for the VLAN.
Command History:
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroup vlan | 952
show airgroupservice
show airgroupservice [dlna|mdns] [verbose]
Description
This command displays the service details of all AirGroup services in the controller.
Syntax
Parameter airgroupservice
Description
Range Default
This command displays the service details of
--
--
all AirGroup services in the controller.
mdns
Displays the mDNS services.
--
--
dlna Verbose
Displays the DLNA services.
--
--
Displays additional services information in a tab- --
--
ular format.
Example
The following example displays the service details of all AirGroup services in the controller. In this example, the output has been divided into multiple sections to better fit on the pages of this document. In the actual command-line interface, the output appears in a single, long table.
(host) (config) #show airgroupservice
AirGroupService Details
-----------------------
Service
Description
Status Disallowed-Role Disallowed-VLAN ID
-------
-----------
------ --------------- --------------- --
airplay
AirPlay
Enabled
_airplay._tcp
_raop._tcp
_appletv-v2._tcp
airprint AirPrint
Enabled
_ipp._tcp
_pdl-datastream._tcp
_printer._tcp
_scanner._tcp
-----text removed for brevity--------
itunes
iTunes
Disabled
_home-sharing._tcp
_apple-mobdev._tcp
_daap._tcp
_dacp._tcp
remotemgmt Remote management Disabled
_ssh._tcp
_sftp-ssh._tcp
_ftp._tcp
_telnet._tcp
_rfb._tcp
_net-assistant._tcp
AirGroupService Details
-----------------------
Service
Description
Status Disallowed-Role
-------
-----------
------ ---------------
sharing
Sharing
Disabled
953 | show airgroupservice
Dell Networking W-Series ArubaOS 6.4.x | User Guide
chat
Chat
Disabled
googlecast GoogleCast supported by Chromecast etc
Disabled
DIAL
DIAL supported by Chromecast,FireTV,Roku etc Enabled
DLNA Media Media
Disabled -----text removed for brevity--------
DLNA Print Print
Disabled
allowall Remaining-Services
Disabled
Disallowed-VLAN ID --------------- --
_odisk._tcp _afpovertcp._tcp _xgrid._tcp _presence._tcp _googlecast._tcp urn:dial-multiscreen-org:service:dial:1 urn:dial-multiscreen-org:device:dial:1 urn:schemas-upnp-org:device:MediaServer:1 -----text removed for brevity-------urn:schemas-upnp-org:device:MediaPlayer:1 urn:schemas-upnp-org:device:Printer:1 urn:schemas-upnp-org:service:PrintBasic:1 urn:schemas-upnp-org:service:PrintEnhanced:1
Num Services:12 Num Service-ID:50
The output of this command includes the following parameters:
Column Service Description Status Disallow-Roles Disallow-VLANs ID #query-hits #servers
Description Displays the name of the AirGroup service. Displays the description of the AirGroup service. Displays the status of the service. Displays the User Roles restricted from accessing the service. Displays the User VLANs restricted from accessing the service. An AirGroup mDNS or DLNA service ID. Displays the number of query hits for a particular service. Displays the number of AirGroup servers advertising this service.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show airgroupservice | 954
Command History:
Release ArubaOS 6.3 ArubaOS 6.4 ArubaOS 6.4.1
Modification Command introduced. mDNS and DLNA parameters were introduced. l The Chromecast service was renamed to DIAL. l The googlecast service was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
955 | show airgroupservice
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap active
show ap active [ap-name <ap-name>|{arm-edge dot11a|dot11g|voip-only}|dot11a|dot11g|essid <essid>|ip-addr <ip-addr>|ip6-addr <ip6-addr>|{type access-point|air-monitor|(sensor dot11a|dot11g|voip-only)}|voip-only
Description
Show all active APs registered to a controller.
Syntax
Parameter ap-name <ap-name> arm-edge counters dot11a dot11g voip-only essid <essid>
ip-addr <ip-addr>
ip6-addr <ip6-addr> type
access-point air-monitor ap-monitor spectrum voip-only
Description View data for an AP with a specified name.
Show the state of ARM edge APs.
Show the counters.
Show 802.11a radio information.
Show 802.11g radio information.
Show AP information filtered by associated/active VoIP clients.
View data for a specific ESSID (Extended Service Set Identifier). An Extended Service Set Identifier (ESSID) is a alphanumeric name that uniquely identifies a wireless network. If the name includes spaces, you must enclose the ESSID in quotation marks.
View data for an AP with a specified IP address by entering an IP address in dotted-decimal format.
View data for an AP with a specified IPv6 address.
Show AP information filtered by type of AP.
Show information for Access Points only.
Show information for Air Monitors only.
Show information for AP Monitors only.
Show only Spectrum Sensor information.
Show AP information filtered by associated/active VoIP clients.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap active | 956
Usage Guidelines
This command displays details for all active APs on the controller. If an AP on your network does not appear in this table, it may have been classified as an inactive AP for any of the following reasons:
l The AP is configured with a missing or incorrect VLAN. (For example, the AP is configured to use a tunneled SSID of VLAN 2 but the controller doesn't have a VLAN 2.)
l The AP has an unknown AP group. l The AP has a duplicate AP name. l An AP with an external antenna is not provisioned with external antenna gain settings. l Both radios on the AP are disabled. l No virtual APs are defined on the AP. l The AP has profile errors. Issue the command "show profile errors" for details. l The GRE tunnel between the AP and the controller was blocked by a firewall after the AP became active. l The AP is temporarily down while it is upgrading its software. The AP will become active again after
upgrading. l An AP has conflicting configuration settings. For example, if the AP system profile on a single radio dual-
band AP configures the radio uses 802.11g, but the virtual AP profile on the AP is set to use 802.11a, the AP might not appear to be active.
Example
The output of the command in the example below shows that the controller sees an active AP. In this example, the output has been divided into multiple sections to better fit on the pages of this document. In the actual command-line interface, it will appear in a single, long table.
(host)# show ap active
Active AP Table
---------------
Name
Group IP Address 11g Clients
----
----- ---------- -----------
APname1 default 10.3.15.107 0
11g Ch/EIRP/MaxEIRP -------------------
AP:HT:1/15/21.5
11a Clients -----------
0
11a Ch/EIRP/MaxEIRP AP Type Flags Uptime Outer IP
------------------- ------- ----- ------ --------
AP:HT:44/15/21
125
1E2 5m:48s N/A
Flags: 1 = 802.1x authenticated AP; 2 = Using IKE version 2; A = Enet1 in active/standby mode; B = Battery Boost On; C = Cellular; D = Disconn. Extra Calls On; E = Wired AP enabled; F = AP failed 802.1x authentication; H = Hotspot Enabled; K = 802.11K Enabled; L = Client Balancing Enabled; M = Mesh; N = 802.11b protection disabled; P = PPPOE; R = Remote AP; S = AP connected as standby; X = Maintenance Mode; a = Reduce ARP packets in the air; d = Drop Mcast/Bcast On; u = Custom-Cert RAP; i = Provisioned as Indoor; o = Provisioned as Outdoor; r = 802.11r Enabled Q = DFS CAC timer running
The output of this command includes the following information:
957 | show ap active
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column Name
Description Name of an AP
Group
The AP is associated with this AP group.
IP address
IP address of the AP, in dotted decimal format.
11g Clients
Number of 802.11g clients using the AP.
11g Ch/EIRP/MaxEIRP
802.11g radio channel used by the AP/current effective Isotropic Radiated Power (EIRP) /maximum EIRP.
11a Clients
Number of 802.11a clients using the AP.
11a Ch/EIRP/MaxEIRP 802.11a radio channel used by the AP/current EIRP/maximum EIRP.
AP Type
AP model type.
Flags
This column displays any flags for this AP. The list of flag abbreviations is also included in the output of the show ap active command. l 1 = 802.1x authenticated AP l 2 = Using IKE version 2; l A = Enet1 in active/standby mode l B = Battery Boost On l C = Cellular; l D = Disconn. Extra Calls On l E = Wired AP enabled l F = AP failed 802.1x authentication l H = Hotspot Enabled l K = 802.11K Enabled l L = Client Balancing Enabled l M = Mesh l N = 802.11b protection disabled l P = PPPOE l R = Remote AP l S = AP connected as standby l X = Maintenance Mode l a = Reduce ARP packets in the air l d = Drop Mcast/Bcast On l u = Custom-Cert RAP l i = Provisioned as indoor l o = Provisioned as outdoor
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap active | 958
Column
Uptime Outer IP
Description
l r = 802.11r Enabled l Q = DFS CAC timer running
Number of hours, minutes and seconds since the last controller reboot or bootstrap, in the format hours:minutes:seconds.
The outer IP address of a remote AP (RAP) is used to establish an IPsec VPN tunnel to the terminating master controller. The RAP acquires an outer IP address from the locally connected network, usually via DHCP. (A RAP is typically behind a NAT device whose public IPis seen as the outer ip for the RAP).
Command History
Release ArubaOS 3.0 ArubaOS 6.1 ArubaOS 6.4.3.0
Modification Command introduced The parameter ip6-addr was added to view data for an IPv6 AP. The Q flag was introduced in the output of this command.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
959 | show ap active
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap-group
show ap-group [<ap-group>]
Description
Show settings for an AP group.
Syntax
Parameter <ap-group>
Description The name of an AP group.
Usage Guidelines
Issue this command without the optional <ap-group> parameter to display the entire AP group list, including profile status for each profile. Include an AP group name to display detailed configuration information for that AP group profile.
Example
This first example shows that the controller has nine configured AP groups. The Name column lists the names of all configured AP groups. the Profile Status column indicates whether the AP group is predefined. (Userdefined profiles will not have an entry in the Profile Status column.)
(host) #show ap-group
AP group List
-------------
Name
Profile Status
----
--------------
corp-office
branch-office-am
corp
corp1
Corp1-AM
Corp1-AM-Ch11
Corp1-AM-Ch6
corp1-AP85
corp1-lab
Total: 9
Include an AP group name to display a complete list of configuration settings for that profile. The example below shows settings for the AP group corp1.
(host) #show ap-group corp1 AP group "corp1" ------------------Parameter --------Virtual AP Virtual AP 802.11a radio profile 802.11g radio profile Wired AP profile
Value ----corp1-guest corp1-wpa2 default profile1-g default
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap-group | 960
Ethernet interface 0 link profile Ethernet interface 1 link profile AP system profile VoIP Call Admission Control profile 802.11a Traffic Management profile 802.11g Traffic Management profile Regulatory Domain profile SNMP profile RF Optimization profile RF Event Thresholds profile IDS profile Mesh Radio profile Mesh Cluster profile
default default corp1344 default N/A N/A corp1344-channel-profile default handoff-aggressive default ids-low-setting default N/A
The output of this command includes the following parameters:
Parameter Virtual AP
Description Virtual AP profile that which configures a specified WLAN.
802.11a radio profile
Profile that defines 802.11a radio settings for the AP group.
802.11g radio profile
Profile that defines 802.11g radio settings for the AP group.
Wired AP profile
Profile that defines wired port settings for APs assigned to the AP group.
Ethernet interface 0 link profile
Profile that defines the duplex and speed of the Ethernet 0 interface on the AP.
Ethernet interface 1 link profile
Profile that defines the duplex and speed of the Ethernet 0 interface on the AP.
AP system profile
Name of the AP system profile for the AP group.
VoIP Call Admission Control profile
Name of the AP system profile for the AP group.
802.11a Traffic Management profile
Name of the 802.11a WLAN traffic management profile for the AP group.
802.11g Traffic Management profile
Name of the 802.11g WLAN traffic management profile for the AP group.
Regulatory Domain profile
Name of the regulatory domain profile for the AP group.
SNMP profile
Name of the SNMP profile for the AP group.
RF Optimization profile
Name of the RF optimization profile for the AP group.
RF Event Thresholds profile
Name of the RF event thresholds profile for the AP group.
IDS profile
IDS profile for the AP group.
961 | show ap-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Mesh Radio profile Mesh Cluster profile
Description Mesh radio profile assigned to the AP group. Mesh cluster profile assigned to the AP group.
Related Commands
Configure AP group settings using the command ap-group.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap-group | 962
show ap-name
show ap-name [<ap-name>]
Description
Show a list of AP names. Include the <ap-name> parameter to display detailed configuration information for that AP.
Syntax
Parameter <ap-name>
Description The name of an AP.
Example
This first example shows that the controller has eight registered APs. The Name column lists the names of each registered AP. Note that APs are all user-defined, so they will not have an entry in the Profile Status column.
(host) #show ap-name
AP name List
------------
Name
Profile Status
----
--------------
mp3
sw-ad-W-AP124-11
sw-ad-W-AP125-13sw-ad-W-AP125-15sw-ad-W-AP125-17sw-ad-W-AP125-18sw-ad-W-AP125-19sw-ad-W-AP125-
3
Total: 8
Include an AP name to display a complete list of configuration settings for that AP. If the AP has default settings, the value may appear as N/A. The AP in the example below has all default profile settings.
(host) #show ap-group corp1 AP name "mp3" ------------Parameter --------Virtual AP Excluded Virtual AP 802.11a radio profile 802.11g radio profile Wired AP profile Ethernet interface 0 link profile Ethernet interface 1 link profile AP system profile VoIP Call Admission Control profile 802.11a Traffic Management profile 802.11g Traffic Management profile Regulatory Domain profile RF Optimization profile RF Event Thresholds profile IDS profile Mesh Radio profile Mesh Cluster profile Excluded Mesh Cluster profile
Value ----N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
The output of this command includes the following parameters:
963 | show ap-name
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Virtual AP
Description Virtual AP profile that which configures a specified WLAN.
Excluded Virtual AP
Excludes the specified mesh cluster profile from this AP.
802.11a radio profile
Profile that defines 802.11a radio settings for the AP.
802.11g radio profile
Profile that defines 802.11g radio settings for the AP.
Wired AP profile
Profile that defines wired port settings for APs assigned to the AP.
Ethernet interface 0 link profile
Profile that defines the duplex and speed of the Ethernet 0 interface on the AP.
Ethernet interface 1 link profile
Profile that defines the duplex and speed of the Ethernet 0 interface on the AP.
AP system profile
Name of the AP system profile for the AP.
VoIP Call Admission Control profile
Name of the AP system profile for the AP.
802.11a Traffic Management profile
Name of the 802.11a WLAN traffic management profile for the AP group.
802.11g Traffic Management profile
Name of the 802.11g WLAN traffic management profile for the AP.
Regulatory Domain profile
Name of the regulatory domain profile for the AP.
RF Optimization profile
Name of the RF optimization profile for the AP.
RF Event Thresholds profile Name of the RF event thresholds profile for the AP.
IDS profile
IDS profile for the AP.
Mesh Radio profile
Mesh radio profile assigned to the AP.
Mesh Cluster profile
Mesh cluster profile assigned to the AP.
Excluded Mesh Cluster profile
Excludes the specified mesh cluster profile from this AP.
Related Commands
Configure AP settings using the command ap-name.
Command History
This command was available in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap-name | 964
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
965 | show ap-name
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap allowed-channels
show ap allowed-channels ap-name <ap-name> country-code <country-code> [ap-type <ap-type>] ip-addr <ip-addr>
Description
This command shows the allowed channels on a specific AP or country code.
Syntax
Parameter ap-name <ap-name> country-code <country-code> [ap-type <ap-type>]
<ip-addr>
Description
Name of an AP.
Specify a country code to display allowed channels for that country. If you include the optional ap-type <aptype> parameter, the output displays allowed channels for the specified AP type in that country code.
The <ap-type> parameter is the two or three digit model number of the AP, such as 135 for the WAP135, or 225 for the W-AP225. Remote APs, such as the W-IAP3WN, require that you enter the prefix RAPbefore the model number. If the AP model number includes an alphabetic suffix, such as the W-AP175AC, you must enter the suffix after the model number. Note that this suffix may be case-sensitive.
IP address of an AP, in dotted-decimal format.
Usage Guidelines
Specify the country code for your controller during initial setup. Changing the country code causes the valid channel lists to be reset to the defaults for that country.
Examples
The output of this example shows all allowed channels for the country code US.
(host)# show ap allowed-channels US
Allowed Channels for Country Code "US"
--------------------------------------
PHY Type
Allowed Channels
--------
----------------
802.11g (indoor)
1 2 3 4 5 6 7 8 9 10 11
802.11a (indoor)
36 40 44 48 149 153 157 161 165
802.11g (outdoor)
1 2 3 4 5 6 7 8 9 10 11
802.11a (outdoor)
149 153 157 161 165
802.11g 40MHz (indoor) 1-5 2-6 3-7 4-8 5-9 6-10 7-11
802.11a 40MHz (indoor) 36-40 44-48 149-153 157-161
802.11g 40MHz (outdoor) 1-5 2-6 3-7 4-8 5-9 6-10 7-11
802.11a 40MHz (outdoor) 149-153 157-161
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap allowed-channels | 966
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
967 | show ap allowed-channels
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap ap-group
show ap ap-group {ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>}
Description
Show the AP group settings for an individual AP.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description
Show data for an AP with a specific name.
Show data for a specific Basic Service Set Identifier (BSSID). An AP's BSSID is usually the AP's MAC address.
Show data for an AP with a specific IP address. Enter the IP address in dotteddecimal format.
Usage Guidelines
Use this command to display the contents of an AP's group profile. If you know the name of the group whose profile settings you want to view, use the command show ap-group <profile-name>. To view a list of all configured AP groups on your controller, use the command show ap-group.
Examples
In the example below, the output of this command lists the profiles associated with the AP group Corp13.
(host) #show ap ap-group AP2 AP group "corp13" ------------------Parameter --------Virtual AP Virtual AP Virtual AP Virtual AP 802.11a radio profile 802.11g radio profile Wired AP profile Ethernet interface 0 link profile Ethernet interface 1 link profile AP system profile VoIP Call Admission Control profile 802.11a Traffic Management profile 802.11g Traffic Management profile Regulatory Domain profile SNMP profile RF Optimization profile RF Event Thresholds profile IDS profile Mesh Radio profile Mesh Cluster profile
Value ----corp13-guest corp13-ether-wpa2 corp13-ether-voip corp13-ether-comm default default default default default corp13 default N/A N/A corp13-channel-profile default handoff-aggressive default ids-low-setting default N/A
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap ap-group | 968
Related Commands
Command Description
ap-group
Configure your AP groups and AP group profiles.
Mode Config mode
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
969 | show ap ap-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm client-match history
show ap arm client-match history advanced client-mac <macaddr>
Description
If the client match feature is enabled, the output of this command shows the history of AP association changes triggered by the client match feature.
Syntax
Parameter advanced
Description
Provides additional client-match history information, including: l Eff_Signal l EIRP l ESSID
client-mac <macaddr>
MAC address of a client for which you want to view a history of AP association changes triggered by the client match feature.
Example
The following command displays information on the Client Match history. (AP-7010) # show ap arm client-match history
S: Source, T: Target, A: Actual Unit of Roam Time: second Unit of Signal: dBm
ARM Client match History
-------------------------
Time of Change
Station
Reason
Status/Roam Time/Mode Signal(S/T/A)
(S/T/A) Radio Bssid(S/T/A)
AP Name(S/T/A)
--------------
-------
------
--------------------- -------------
------ ------------------
--------------
2014-08-13 14:41:20 84:38:38:20:df:68 User-action Success/0/11v-BTM
-0/-0/-0
5G/5G/5G
d8:c7:c8:46:e0:10/6c:f3:7f:e7:1d:30/6c:f3:7f:e7:1d:30 ap135/ac/ac
Band -----
The output of this command includes the following parameters:
Parameter Time of Change
Station Reason
Description
Timestamp showing the date and time the client match feature associated the client to a different AP radio.
The station MAC address.
Reason why the client match feature made the change. Possible reasons include:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm client-match history | 970
Parameter
Description
l Sticky: A mobile roaming client was staying associated (sticking) to a suboptimal AP for too long.
l Band steer: A dual-band capable client was steered toward a 5Ghz radio on a dual-band AP.
l Band Balance: A dual-band capable client was steered toward a different radio to balance the load between the two radios on a single AP.
l Load Balance: Client match moved the client to a different AP, based upon the load on APs in the client's RF neighborhood, and the SNR levels the client detected from each underutilized AP.
Status/Roam Time/Mode
Signal (S/T/A)
The status, roam time, and mode of client steering using Client Match.
The output of this column shows the following values: l S: Radio signal strength of the source AP l T: Radio signal strength of the target AP l A: Radio signal strength of the AP that the client is actually associated to
Band (S/T/A)
The output of this column shows the following values: l S: Radio frequency band of the source AP (e.g. 2.4GHz and 5GHz) l T: Radio frequency band of the target AP l A: Radio frequency band of the AP that the client is actually associated to
Radio BSSID (S/T/A)
The output of this column shows the following values: l S: MAC address of the source AP radio l T: MAC address of the target AP radio l A: MAC address of the AP radio that the client is actually associated to
AP Name (S/T/A)
The output of this column shows the following values: l S: Name of the source AP l T: Name of the target AP l A: Name of the AP that the client is actually associated to
The advanced command provides additional information on the Client Match history. (host) #show ap arm client-match history advanced
S: Source, T: Target, A: Actual Unit of Roam Time: second Unit of Eff_Signal, Signal, EIRP: dBm
ARM Client match History
-------------------------
Time of Change
Station
Reason
Signal(S/T/A) EIRP(S/T/A) Band(S/T/A)
AP Name(S/T/A)
Essid(S/A)
--------------
-------
------
----------- ----------- -----------
--------------
----------
Status/Roam Time Eff_Signal(S/T/A) Radio Bssid(S/T/A)
---------------- ----------------- -------------------
971 | show ap arm client-match history
Dell Networking W-Series ArubaOS 6.4.x | User Guide
2014-05-13 16:30:08 f8:f1:b6:03:0d:ff Band-steer Success/1
-35/-50/-50
-
35/-50/-50 21/21/21
2.4G/5G/5G
6c:f3:7f:e7:2d:40/6c:f3:7f:e7:2d:50/6c:f3:7f:e7:2d:50 ap225/ap225/ap225 jxie2/jxie2
The output of this command includes the following additional parameters:
Parameter Eff_Signal (S/T/A)
EIRP (S/T/A) Essid (S/A)
Description
The output of this column shows the following values: l S: The relative received signal strength indicator (RSSI) of the source AP
radio. This value is derived from the transmit power of the source AP radio and received power from the client. l T: The relative RSSI of the target AP radio. This value is derived from the transmit power of the target AP radio and received power from the client. l A: The relative RSSI of the AP radio that the client is actually associated to. This value is derived from the transmit power of the AP radio and received power from the client.
The output of this column shows the following values: l S: The amount of power transmitted from an antennae in the source AP l T: The amount of power transmitted from an antennae in the target AP l A: The amount of power transmitted from an antennae in the AP that the
client is actually associated to
The output of this column shows the following values: l S: The identifying name of the source wireless network l A: The identifying name of the wireless network the client is actually
associated to
Related Commands
Use the following command to enable the client match feature: l rf arm-profile client-match The following commands display statistics for the client match feature: l show ap arm client-match probe-report l show ap arm client-match neighbors l show ap arm client-match restriction-table l show ap arm virtual-beacon-report l show ap arm client-match unsupported l show ap arm client-match summary
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm client-match history | 972
Command History
Version ArubaOS 6.3 ArubaOS 6.4.3.0
Description
Command Introduced
The following output parameters were introduced: l Station l Status/Roam Time/Mode l Signal l Band l Radio BSSID l AP Name The advanced parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
973 | show ap arm client-match history
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm client-match neighbors
show ap arm client-match neighbors ap-name <name> ip-addr <ipaddr> ip6-addr <ipaddr>
Description
If the client match feature is enabled, the output of this command displays the BSSID of other APs seen by clients in the select AP's RF neighborhood.
Syntax
Parameter ap-name <name>
ip-addr <ipaddr> ipv6-addr <ipaddr>
Description View neighboring clients for an AP with a specified name View neighboring clients for an AP with a specified IP address. View neighboring clients for an AP with a specified IPv6 address.
Usage Guidelines
Issue this command to view a list of other APs seen by clients currently associated to the selected AP.
Example
The example below indicates that the clients currently associated to the AP can detect signals from three other APs. (host)#show ap arm client-match neighbors ap-name <ap-name>
Client View -----------BSSID ----d8:c7:c8:37:84:70 d8:c7:c8:88:b6:50 d8:c7:c8:37:84:10 Num Neighbors:3
Channel ------132 132 124
The output of this command includes the following parameters:
Parameter
Description
Client MAC
AP name of the AP from which the client can detect a signal.
Signal
Signal strength, in dBm, of the probe request received from Client
Assoc
A "Y" in this field indicates that the client is currently associated to that AP radio.
Sec since last heard Time elapsed since the AP radio heard from the client.
Sec since last repor- Time elapsed since the AP radio heard from the client.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm client-match neighbors | 974
Parameter ted Last heard
Description Date and time at which the AP last heard from the client
Related Commands
Use the following command to enable the client match feature: l rf arm-profile client-match The following commands display additional statistics for the client match feature: l show ap arm client-match probe-report l show ap arm client-match restriction-table l show ap arm virtual-beacon-report l show ap arm client-match unsupported l show ap arm client-match summary l show ap arm client-match history
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
975 | show ap arm client-match neighbors
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm client-match probe-report
show ap arm client-match probe-report ap-name <name> ip-addr <ipaddr> ip6-addr <ip6-addr> assoc phy-type 802.11a|802.11b|80211g
Description
If the client match feature is enabled, the output of this command displays the client probe report for the specified AP.
Syntax
Parameter ap-name <name>
ip-addr <ip-addr> ip6-addr <ip6-addr> assoc phy-type
Description Name of the AP for which you want to view a client report.
IPv4 address of an AP for which you want to view a client probe report. IPv6 address of an AP for which you want to view a client probe report. Show information for associated clients only. Show information for one of the following phy types: l 802.11a l 802.11b l 80211g
Usage Guidelines
APs using the client match feature maintain a table of clients that have sent probe requests, and the signal-tonoise ratio (SNR) of the frame the AP received from the client. The AP sends these reports to the controller ever 30 seconds, and the controller uses the information in these reports to steer each client to its optimal AP.
Example
(host)#show ap arm client-match probe-report ap-name <ap-name>
AP Client Probe Report for Wifi0
--------------------------------
Client MAC
Signal Assoc Sec since Sec since
Last heard
last heard last reported
----------
------ ----- ------------ ----------
----------
00:24:d7:40:ca:88 15
0
49
10
Wed Apr 10 01:20:46 2013
00:26:c6:4d:2b:74 21
0
23
10
Wed Apr 10 01:21:12 2013
00:1e:65:2b:7a:3e 23
0
55
10
Wed Apr 10 01:20:40 2013
74:e5:43:4b:3b:ff 34
0
20
10
Wed Apr 10 01:21:15 2013
AP Client Probe Report for Wifi1
--------------------------------
Client MAC
Signal Assoc Sec since Sec since
Last heard
last heard last reported
----------
------ ----- ------------ -------------- ----------
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm client-match probe-report | 976
22:33:44:55:66:77 50
0
6
9
c8:f7:33:29:82:db 41
0
60
9
ac:81:12:59:5c:12 32
0
50
9
00:24:d7:40:bb:b0 31
0
58
9
00:1a:73:15:8c:5f 32
0
57
9
The output of this command includes the following parameters:
Wed Apr 10 01:21:29 2013 Wed Apr 10 01:20:35 2013 Wed Apr 10 01:20:45 2013 Wed Apr 10 01:20:37 2013 Wed Apr 10 01:20:38 2013
Parameter
Description
Client MAC
AP name of the AP from which the client can detect a signal.
Signal
Signal strength, in dBm, of the probe request received from the client.
Assoc
A "Y" in this field indicates that the client is currently associated to that AP radio.
Sec since last heard Time elapsed since the AP radio heard from the client.
Sec since last repor- Time elapsed since the AP radio heard from the client. ted
Last heard
Date and time at which the AP last heard from the client
Related Commands
Use the following command to enable the client match feature: l rf arm-profile client-match The following commands display additional statistics for the client match feature: l show ap arm client-match neighbors l show ap arm client-match restriction-table l show ap arm virtual-beacon-report l show ap arm client-match unsupported l show ap arm client-match summary l show ap arm client-match history
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
977 | show ap arm client-match probe-report
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm client-match restriction-table
show ap arm client-match restriction-table ap-name <name> ip-addr <ipaddr> ip6-addr <ip6-addr>
Description
If the client match feature is enabled, the output of this command displays the list of clients that the client match feature has restricted from the specified AP.
Syntax
Parameter ap-name <name>
ip-addr <ipaddr> ip6-addr <ipaddr>
Description Name of the AP for which you want to view the list of restricted clients IPv4 address of the AP for which you want to view the list of restricted clients IPv6 address of the AP for which you want to view the list of restricted clients
Usage Guidelines
If the client match feature is enabled, the controller sends APs a list of clients that should not be allowed to associate to that AP. These lists of restricted clients help the client associate to the best AP, by preventing the client from associating with a sub-optional AP radio. The output of this command shows a list of all clients that were ever blacklisted from the specified AP.
Example
(host)#show ap arm client-match restriction-table ap-name <ap-name>
Client Restriction Table for Wifi0
----------------------------------
Client MAC
Time last restricted
Restricted(Cur/Last)
----------
--------------------
--------------------
24:77:03:32:88:ec Wed Apr 10 03:51:00 2014 0
PS deauth Probe(home/scan/bc_ssid) Auth(home/scan)
--------- ------------------------ ---------------
-
2/0/no
4/0
Time since last restriction(sec) Radio Bssid
-------------------------------- -----------
18603
00:1a:1e:89:c0:d0
Client Restriction Table for Wifi1
----------------------------------
Client MAC
Time last restricted Restricted(Cur/Last)
----------
-------------------- --------------------
24:77:03:32:7b:cc Wed Apr 10 03:47:16 2014 0
PS deauth Probe(home/scan/bc_ssid) Auth(home/scan)
--------- ------------------------ ---------------
0/0/no
0/0/no
0/0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm client-match restriction-table | 978
Time since last restriction(sec) Radio Bssid
-------------------------------- -----------
3866
00:1a:1e:89:c0:c0
The output of this command includes the following parameters:
Parameter
Description
Client MAC
Displays the MAC address of the client that Client Match is attempting to steer.
Time last restricted Displays the date and time at which the client was last steered in the vicinity of this radio.
Restricted(Cur/Last) A "1" in this field indicates that the client is currently in the process of being steered to another radio.
PS deauth
Displays if the client is in power save mode when client match is attempting to steer the client.
Probe(home/scan/bc_ ssid)
Displays the number of probe requests received on home channel, AP scanning, and SSID broadcast probe.
Auth(home/scan)
Displays the number of probe requests received on home channel and AP scanning for 802.11 authentication frames.
Time since last restricted
Display the time (in seconds) since the client was last steered in the vicinity of this radio.
Radio Bssid
Displays the unique hard-wireless MAC address of the AP. A unique BSSID applies to each frequency-- 802.11a and 802.11g--used from the AP.
Related Commands
Use the following command to enable the client match feature l rf arm-profile client-match The following commands display additional statistics for the client match feature l show ap arm client-match probe-report l show ap arm client-match neighbors l show ap arm virtual-beacon-report l show ap arm client-match unsupported l show ap arm client-match summary l show ap arm client-match history
979 | show ap arm client-match restriction-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 6.3 ArubaOS 6.4.1.0
Modification
Command introduced.
Following parameters were introduced: l PS deauth l Probe(home/scan/bc_ssid) l Auth(home/scan) l Radio Bssid The following parameters were modified: l Time last restricted l Restricted(Cur/Last) l Time since last restricted
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm client-match restriction-table | 980
show ap arm client-match summary
show ap arm client-match summary [client-mac <macaddr>]|[advanced]
Description
If the client match feature is enabled, the output of this command shows the history of AP association changes triggered by the client match feature.
Syntax
Parameter
Description
client-mac <macaddr>
MAC address of a client for which you want to view a history of AP association changes triggered by the client match feature.
advanced
Display advanced debugging information. Include this parameter only under the supervision of Dell support.
Example
The following command displays information on the Client Match summary. (host) #show ap arm client-match summary
SM: Sticky Moves, BM: Bandsteer Moves, LM: Load Balance Moves, VM: VHTsteer Moves, T: Total,
S: Success, R: Reject, TO: Timeout
Client Match Summary
---------------------
MAC
SM (T/S) BM (T/S) LM (T/S) VM (T/S) Moves (T/S) Last Move
(Time/Rsn/Dur))
Device Type 11v Moves (T/S/R/TO)
---
-------- -------- -------- -------- ----------- ---------------------
----
----------- --------------------
84:38:38:20:df:68 0/0
1/1
0/0
0/0
1/1
Aug 13 15:58:51
2014/Bandsteer/X UNKNOWN
1/1/0/0
Total clients:1
Sticky Moves (T/S):0/0
Bandsteer Moves (T/S):1/1
VHTsteer Moves (T/S):0/0
Load Balance Moves (T/S):0/0
Moves using 11v BTM (T/S):1/1
The output of this command includes the following parameters:
Parameter MAC Sticky Moves(T/S)
Description
MAC address of the client that was moved to a different AP radio.
The output of this column shows the following two values: l T: Total number of times the client match feature attempted to move a
mobile roaming client because it was staying associated (sticking) to a suboptimal AP. l S: Number of times the client match successfully moved a mobile roaming client because it was staying associated (sticking) to a sub-optimal AP.
981 | show ap arm client-match summary
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
Bandsteer Moves(T/S)
The output of this column shows the following two values:
l T: Total number of times the client match feature attempted to steer a dual-band client to a 5GHz radio.
l S: Number of times the client match feature successfully moved a dualband client to a 5GHz radio.
Load Balance Moves (T/S)
The output of this column shows the following two values:
l T: Total number of times the client match feature attempted to move an AP to a different radio on dual-radio AP to balance the client load between the AP radios.
l S: Number of times the client match feature successfully moved an AP to a different radio on dual-radio AP to balance the client load between the AP radios.
VHT Steer Moves(T/S)
The output of this column shows the following two values:
l T: Total number of times the client match feature attempted to steer a VHT-capable (802.11ac) client from an 802.11n radio to a VHT radio that supports 802.11ac.
l S: Number of times the client match feature successfully steered a VHTcapable (802.11ac) client from an 802.11n radio to a VHT radio that supports 802.11ac.
Moves(T/S)
The output of this column shows the following two values:
l T: Total number of times the client match feature attempted to move an AP to a different radio.
l S: Number of times the client match feature successfully moved an AP to a different radio.
Last Move
This column shows the date and time the client was steered to a different AP radio, the reason why the client match feature made the change, and the number of seconds it took for the change to take place. Possible reasons include:
l Sticky: A mobile roaming client was staying associated (sticking) to a suboptimal AP for too long.
l Band steer: A dual-band capable client was steered toward a 5Ghz radio on a dual-band AP.
l Band Balance: A dual-band capable client was steered toward a different radio to balance the load between the two radios on a single AP.
l Load Balance: Client match moved the client to a different AP, based upon the load on APs in the client's RF neighborhood, and the SNR levels the client detected from each underutilized AP.
l VHT Steer: A client was steered to a very-high-throughput radio that supports 802.11ac.
Device type
Type of client, if the value can be determined.
11v Moves (T/S/R/TO)
The output of this column shows the following values: l T: Total number of times the client match feature attempted to move an AP
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm client-match summary | 982
Parameter
Description
to a different radio using the dot11v BSS transition management request.
l S: Number of times the client match feature successfully moved an AP to a different radio using the dot11v BSS transition management request.
l R: Number of times the dot11v BSS transition management request was rejected.
l TO: Number of times the dot11v BSS transition management request timed out.
The advanced command provides additional information on the Client Match summary. (host) #show ap arm client-match summary advanced
SM: Sticky Moves, BM: Bandsteer Moves, LM: Load Balance Moves, VM: VHTsteer Moves, T: Total,
S: Success, R: Reject, TO: Timeout FA: False Accept
A: Acceptable, L: Too Long, W: Wrong Radio, UF: Uncontrolled Radio(Full VBR), UI: Uncontrolled
Radio(Incomplete VBR), M: Multiple SSIDs
Client Match Summary
---------------------
MAC SM (T/S/A/L/W/UF/UI/M) BM (T/S/A/L/W/UF/UI/M) LM (T/S/A/L/W/UF/UI/M) VM
(T/S/A/L/W/UF/UI/M) Moves (T/S/A/L/W/UF/UI/M) Last Move (Time/Rsn/Dur))
Device Type
SAP miss/Stale/11v/Other/SSID check/Unst
--- ---------------------- ---------------------- ---------------------- -----------------
---- ------------------------- -------------------------
-----------
---------
-------------------------------
Total clients:0 Sticky Moves (T/S/A/L/W/UF/UI/M):0/0/0/0/0/0/0/0 Bandsteer Moves (T/S/A/L/W/UF/UI/M):0/0/0/0/0/0/0/0 VHTsteer Moves (T/S/A/L/W/UF/UI/M):0/0/0/0/0/0/0/0 Load Balance Moves (T/S/A/L/W/UF/UI/M):0/0/0/0/0/0/0/0
Related Commands
Use the following command to enable the client match feature: l rf arm-profile client-match The following commands display additional statistics for the client match feature: l show ap arm client-match probe-report l show ap arm client-match neighbors l show ap arm client-match restriction-table l show ap arm virtual-beacon-report l show ap arm client-match unsupported l show ap arm client-match history
983 | show ap arm client-match summary
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 6.3 ArubaOS 6.4.3.0
Description
Command Introduced.
Introduced the following output parameters: l VHT Steer Moves l Moves l 11v Moves
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm client-match summary | 984
show ap arm client-match unsupported
show ap arm client-match unsupported
Description
If the client match feature is enabled, the output of this command displays a list of clients that failed to be steered to a more optimal AP, and the reason the initial steering request was triggered,.
Syntax
No parameters.
Usage Guidelines
The controller also keeps track of the number of times the client match feature failed to steer a client to a different radio, and the reason that each steer attempt was triggered. If the client match feature attempts to steer a client to a new radio multiple consecutive times for the same reason but client steering fails each time, the controller notifies the AP to mark the client as unsteerable for that specific trigger.
Example
(host) #show ap arm client-match unsupported
Client Match Unsteerable Clients --------------------------------MAC Unsteerable Flags Last Steer Time Expiry Time steers/successful --- ----------------- --------------- -----------S: Sticky L: Load Balance V: VHT steer B: Bandsteer I: IOS T: Temporary
Total ---------------------
Total Unsteerable Clients:0
The output of this command includes the following parameters:
Parameter MAC Unsteerable Flags
Description
MAC address of the client that could not be steered to a different AP radio.
The client is marked unsteerable under specific client steer triggers. These triggers include:
l Sticky: A mobile roaming client was staying associated (sticking) to a suboptimal AP for too long.
l Band steer: A dual-band capable client was steered toward a 5GHz radio on a dual-band AP.
l Load Balance: Client match moved the client to a different AP, based upon the load on APs in the client's RF neighborhood, and the SNR levels the client detected. from each underutilized AP.
l IOS: An IOS device is temporarily prevented from steering to avoid blacklisting the ESS.
l Temporary: A client is temporarily prevented from steering after undergoing a successful band steer, then reverting back to a 2.4GHz radio.
985 | show ap arm client-match unsupported
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Last Steer Time
Expiry Time Total steers/successful
Description
Timestamp showing the date and time the client match feature failed to associate the client to a different AP radio.
The amount of time before a client steer attempt expires.
The total number of client steer attempts, and the number of successful client steer attempts.
Related Commands
Use the following commands to enable the client match feature: l rf arm-profile client-match The following commands display additional statistics for the client match feature: l show ap arm client-match probe-report l show ap arm client-match neighbors l show ap arm client-match restriction-table l show ap arm virtual-beacon-report l show ap arm client-match unsupported l show ap arm client-match summary l show ap arm client-match history
Command History
Version ArubaOS 6.3
Description Command Introduced.
ArubaOS 6.4.3.0
Introduced the following output parameters: l Unsteerable Flags l Expiry Time l Total steers/successful
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm client-match unsupported | 986
show ap arm history
show ap arm history {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>}
Description
For each interface on an AP, show the history of channel and power changes due to Adaptive Radio Management (ARM).
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description
Show ARM history for an AP with a specific name.
Show ARM history for a specific Basic Service Set Identifier (BSSID) on an AP. An AP's BSSID is usually the AP's MAC address.
Show ARM history for an AP with a specific IP address. Enter the IP address in dotted-decimal format.
Examples
Adaptive Radio Management (ARM) can automatically change channel and power levels based on a number of factors such as noise levels and radio interference. The output of the show ap arm history command shows you an AP's channel and power changes over time, and the reason why those changes took place.
host)# #(ethersphere-lms3) #show ap arm history ap-name AP-16
Interface :wifi0
ARM History
-----------
Reason Old channel New channel Old Power New Power Last change
------ ----------- ----------- --------- --------- -----------
P-
153-
153-
12
9
3d:14h:56m:48s
P+
153-
153-
9
12
3d:13h:44m:7s
P+
153-
153-
12
15
3d:13h:23m:5s
P+
153-
153-
15
18
3d:13h:16m:32s
P+
153-
153-
18
21
3d:11h:42m:42s
P-
153-
153-
21
15
3d:8h:16m:12s
Interface :wifi1
ARM History
-----------
Reason Old channel New channel Old Power New Power Last change
------ ----------- ----------- --------- --------- -----------
P-
11
11
15
12
3d:18h:22m:28s
P+
11
11
12
15
3d:18h:17m:27s
P-
11
11
15
12
3d:18h:9m:9s
P+
11
11
12
15
3d:17h:48m:41s
P+
11
11
15
18
3d:17h:44m:34s
P-
11
11
18
15
3d:17h:39m:11s
P-
11
11
15
12
3d:17h:32m:39s
P+
11
11
12
15
3d:17h:26m:15s
I: Interference, R: Radar detection, N: Noise exceeded, E: Error threshold exceeded, INV:
Invalid Channel, G: Rogue AP Containment, M: Empty Channel, P+: Increase Power, P-: Decrease
Power, OFF: Turn off Radio, ON: Turn on Radio
987 | show ap arm history
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The output of this command includes the following information:
Parameter Reason
Old Channel New Channel Old Power New Power Last Change
Description
This column displays one of the following code to indicate why the channel or power change was made. l I: Interference l R: Radar detected l N: Noise exceeded l E: Error threshold exceeded l INV: Invalid Channel l G: Rogue AP Containment l M: Empty Channel l P+: Increase Power l P-: Decrease Power l OFF: Turn off Radio l ON: Turn on Radio The Reason key appears at the bottom of the ARM History table.
Channel number used by the AP interface before the ARM change.
Channel number used by the AP interface after the ARM change.
Power level of the AP interface before the ARM change.
Power level of the AP interface after the ARM change.
Time elapsed since the change, in the format days:hours:minutes:seconds.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm history | 988
show ap arm neighbors
show ap arm neighbors {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>}
Description
Show the ARM settings for an AP's neighbors.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description
Show data for an AP with a specific name.
Show data for a specific Basic Service Set Identifier (BSSID). An AP's BSSID is usually the AP's MAC address.
Show data for an AP with a specific IP address. Enter the IP address in dotteddecimal format.
Examples
The output of this command shows ARM neighbor information for AP name ap70_1. (host)# show ap arm neighbors ap-name ap70_1
BSSID: BSSID of discovered radio ESSID: ESSID of discovered radio/Src BSSID through which the neighbor is discovered Channel: Channel of operation of discovered radio SNR: Signal to noise ratio of discovered radio tx-power: Tx Power of disovered radio (if known) PL: Path loss to discovered radio (using txpower and SNR) AP Flags: Active: Discovered using OTA updates
Passive: Discovered using passive scan Indirect: Two hop neighbors discovered using neighbors OTA update Last Update: Timestamp when last OTA update was received (total OTA updates)
ARM Neighbors ------------BSSID updates) ---------6c:f3:7f:b6:68:14 18:64:72:93:6a:f2 18:64:72:02:24:30 18:64:72:01:f8:f0 9c:1c:12:fe:96:e4 6c:f3:7f:4b:64:23
ESSID
-----
ssid-ap1 ssid-ap2 ssid-ap3 ssid-ap4 ssid-ap5 ssid-ap6
Channel SNR Tx-power PL (dB) AP Flags Last Update (Total
------- --- -------- ------- -------- ---------------------
153
49 22
132
48 24
153
47 18
36
60 22
11
33 18
6
51 20
69
Passive
68
Passive
63
Passive
0
Indirect 2015-03-12 16:38:26
123
Indirect 2015-03-13 08:37:18
125
Active 2015-03-12 14:05:48
The output of this command includes the following information:
989 | show ap arm neighbors
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter BSSID ESSID
Channel SNR Tx-power PL (dB)
Description BSSID of the discovered radio of the AP. ESSID of the discovered radio of the AP or source BSSID through which the neighbor is discovered. Channel of operation of the discovered radio of the AP. Signal to noise ratio of the discovered radio of the AP. Transmitter power of the discovered radio of the AP (if known). Path loss to the discovered radio (using tx-power and SNR)
AP Flags Last Update
l Active: Discovered using Over-The-Air (OTA) updates l Passive: Discovered using passive scan l Indirect: Two hop neighbors discovered using neighbors OTA update
Time stamp when last OTA update was received (total OTA updates)
Command History
Release ArubaOS 3.0 ArubaOS 6.4.3.0
Modification Command introduced. Introduced CLI help text before the output table.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm neighbors | 990
show ap arm rf-summary
show ap arm rf-summary {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>} [verbose]
Description
Show the state and statistics for all channels being monitored by an individual AP.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
verbose
Description
Show channel data for an AP with a specific name.
Show channel data for a specific Basic Service Set Identifier (BSSID) on an AP. An AP's BSSID is usually the AP's MAC address.
Show channel data for an AP with a specific IP address. Enter the IP address in dotted-decimal format.
(Optional) Include the channel quality history for all channels on the AP's radios in the output of this command.
Examples
The output of this command shows detailed information for the individual channels being monitored and statistics for each AP interface. Use this command verify an AP's RF health, or to determine why multiple APs in the same area are on the same channel.
(host) #show ap arm rf-summary ap-name W-AP125
Channel Summary
---------------
channel retry phy-err mac-err noise util(Qual)
------- ----- ------- ------- ----- ----------
36
0
0
0
92
0/0/0/0/95
40
0
0
0
89
8/1/2/1/95
44
0
0
0
89
7/0/2/2/95
48
0
0
0
89
10/3/2/0/96
52
0
0
0
90
9/2/2/2/95
56
0
0
0
90
6/0/2/3/96
60
0
0
0
89
8/1/2/0/95
64
0
0
0
90
8/1/2/1/95
149
0
0
0
92
7/3/0/0/94
153
0
0
0
93
6/6/0/0/95
157
0
0
0
92
10/3/2/0/95
161
0
0
9
92
4/1/0/6/95
11
0
0
10
91
58/51/1/0/94
Columns:util(Qual): ch-util/rx/tx/ext-ch-util/quality
HT Channel Summary
------------------
channel_pair Pairwise_intf_index
------------ -------------------
149-153
930
157-161
941
Interface Name
:wifi0
Current ARM Assignment :161-/21
Covered channels a/g
:1/0
cov-idx(Total) -------------0/0(0) 0/0(0) 0/0(0) 0/0(0) 0/0(0) 0/0(0) 0/0(0) 0/0(0) 0/0(0) 0/0(0) 0/0(0) 7/0(7) 7/0(7)
intf_idx(Total) --------------118/18//0/0(136) 139/47//0/0(186) 117/36//0/0(153) 175/109//0/0(284) 328/87//0/0(415) 81/128//0/0(209) 385/49//0/0(434) 65/0//0/0(65) 349/48//0/0(397) 428/105//0/0(533) 290/229//0/0(519) 308/114//0/0(422) 1064/284//0/0(1348)
991 | show ap arm rf-summary
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Free channels a/g ARM Edge State Last check channel/pwr Last change channel/pwr Next Check channel/pwr Assignment Mode Interface Name Current ARM Assignment Covered channels a/g Free channels a/g ARM Edge State Last check channel/pwr Last change channel/pwr Next Check channel/pwr Assignment Mode
:3/0 :disable :7m:13s/22s :32m:22s/10h:15m:40s :33s/4m:43s :Single Band :wifi1 :11/21 :0/1 :0/0 :disable :3m:25s/2m:1s :10h:15m:40s/10h:15m:40s :1m:4s/3m:59s :Single Band
The output of this command includes the following information:
Parameter channel retry phy-err mac-err noise util(Qual) cov-idx
intf_idx
Interface Name
Description
Number of a radio channel used by the AP.
Number of 802.11 retry frames sent because a client failed to send an ACK.
Number of PHY errors on the AP's current channel seen during the last second.
Number of MAC errors on the AP's current channel seen during the last second.
Current noise level, in -dBm.
The quality of the channel based on the channel utilization.
The AP uses this metric to measure RF coverage. The coverage index is calculated as x+y, where "x" is the AP's weighted calculation of the Signal-toNoise Ratio (SNR) on all valid APs on a specified 802.11 channel, and "y" is the weighted calculation of the Dell APs SNR the neighboring APs see on that channel.
The AP uses this metric to measure co-channel and adjacent channel interference. The Interference Index is calculated as a/b//c/d, where: l Metric value "a" is the channel interference the AP sees on its selected
channel. l Metric value "b" is the interference the AP sees on the adjacent channel. l Metric value "c" is the channel interference the AP's neighbors see on
the selected channel. l Metric value "d" is the interference the AP's neighbors see on the
adjacent channel. l To calculate the total Interference Index for a channel add "a+b+c+d".
Name of the fastethernet or gigabit Ethernet interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm rf-summary | 992
Parameter Current ARM Assignment
Description Current channels assigned by the AP's ARM profile.
Target Coverage Index
Ideal value of coverage index an AP tries to achieve on its channel.
Covered channels a/g
Number of channels that are currently being used by an AP's BSSIDs.
Free channels a/g
Number of channels that are available to an AP because that channel has a lower interference index.
ARM Edge State
If enabled, ARM-enabled APs on the network edge will not become Air Monitors.
Last check channel/pwr
Time elapsed since the AP checked its channel and power settings, in hour:minute:second format.
Last change channel/pwr Time elapsed since the AP changed its channel and power settings, in hour:minute:second format.
Command History
Release ArubaOS 3.0 ArubaOS 6.3
Modification Command introduced
A new column util(Qual) was added to the output to indicate the channel quality.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
993 | show ap arm rf-summary
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm scan-times
show ap arm scan-times {ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>}
Description
Shows channel scan times for an individual AP and information on the channel being scanned.
Syntax
Parameter
Description
ap-name <ap-name> Show channel scan data for an AP with a specific name.
bssid <bssid>
Show channel scan data for a specific Basic Service Set Identifier (BSSID) on an AP.
ip-addr <ip-addr> Show channel scan data for an AP with a specific IP address. Enter the IP address in dotted-decimal format.
Examples
The output of this command shows scan times for every channel on W-AP225. (host) #show ap arm scan-times ap-name W-AP225
Channel Scan Time
-----------------
channel assign-time(ms)
timer-tick
------- ---------------
----------
44
796070
183703
140
704550
183715
144
395780
183689
149
14550890
DVACLYFETS 183695
14
488400
183713
scans-attempted --------------7237 6405 3598 7399 4440
scans-rejected -------------0 0 0 0 0
scans-deferred -------------0 0 0 0 0
dos-scans --------0 0 0 0 0
flags ----DACLYS DALY DAUY
DA
Channel Flags: D: All-Reg-Domain Channel, C: Reg-Domain Channel, A: Activity Present L: Scan Secondary Above, U: Scan Secondary Below, Y: Scan 80MHz, Z: Rare Channel V: Valid, T: Valid 20MHZ Channel, F: Valid 40MHz Channel, P: Valid 40MHZ Channel Pair E: Valid 80MHz Channel (lower 20M), B: Belongs to valid 80MHz channel O: DOS Channel, K: DOS 40MHz Upper, H: DOS 40MHz Lower, N: Split Channel Scan R: Radar detected in last 30 min, X: DFS required, S: Transmit Allowed J: Unconventional Scan 40MHz Above, M: Unconventional Scan 40MHz Below
WIFI Channel Scanning State
---------------------------
Scan mode channel current-scan-channel last-dos-channel
milli-tick (jitter) scans (Tot:Rej:Eff(%):Last intvl(%))
--------- ------- -------------------- ----------------
-------------- ------------------------------------
Aggressive 153E
161E
0
219)
181716:0:100:100
timer-milli-tick ---------------180855370
next-scan--------------180855550 (-
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm scan-times | 994
Aggressive 11
3+
0
181658:0:100:100
180855370
180855960 (163)
Group Scan Time
-----------------
channels
assign-time(ms)
timer-tick
--------
---------------
----------
34
113960
183544
36,40,44,48
3184390
183711
38
114070
183575
42
114070
183591
scans-attempted --------------1036 28949 1037 1037
scans-rejected -------------0 0 0 0
scans-deferred -------------0 0 0 0
group-width ----------20MHz 80MHz 20MHz 20MHz
The output of this command includes the following parameters:
Parameter channel assign-time (ms) scans-attempted scans-rejected
scans-deferred
dos-scans flags
group_width timer-tick
Description Displays the channels in the group.
The cumulative time spent on the channel.
The number of times an AP attempted to scan a channel.
The number of times an AP attempted to scan a channel, but was unable to scan because the scan was halted by the power save, VoIP aware, or load aware ARM features.
The number of times an AP deferred to scan a channel due to an event such as a radar detection.
The number of times an AP visited the channel to contain a rogue device.
Displays additional information about the channel. The flags key is displayed at the bottom of the Channel Scan Time table.
The channel width of the group.
The timer-tick of the last scan.
995 | show ap arm scan-times
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 3.0 ArubaOS 6.4.3.0
Modification
Command introduced.
The following parameters were introduced under Group Scan Times: l channels l assign-time (ms) l scans-attempted l scans-rejected l scan-deferred l group-width l timer-tick
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm scan-times | 996
show ap arm split-scan-history
show ap arm split-scan-history {ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>}
Description
Show scanning information for a "split-scan", where ARM performs an additional scans on each channel within a 40 MHz channel pair or 80 MHz channel set.
Syntax
Parameter
Description
ap-name <ap-name> Show scan data for an AP with a specific name.
bssid <bssid>
Show scan data for a specific Basic Service Set Identifier (BSSID) on an AP. An AP's BSSID is usually the AP's MAC address.
ip-addr <ip-addr> Show scan data for an AP with a specific IP address. Enter the IP address in dotteddecimal format.
Usage Guidelines
Starting with ArubaOS 6.3.1, if ARM reports a high noise floor on a channel within a 40 MHz channel pair or 80 MHz channel set, ARM performs an additional 20 MHz scan on each channel within that channel pair or set, to determine the actual noise floor of each affected channel. This allows ARM to avoid assigning the overutilized channel, while still allowing channel assignments to the other unaffected channels in that channel pair or set.
Examples
The output of this command shows information about one split-scan performed on channel 161E.
(host)# show ap arm split-scan-history ap-name 1242-ac
Interface :wifi0
Split Scan History
------------------
Time of setup
Channel scan Number of Split scans
-------------
------------ ---------------------
2013-10-08 03:11:40 161E
4
Interface :wifi1
Noise Floor ----------69
The output of this command includes the following parameters:
Parameter Time of setup
Description Timestamp showing the date and time the scan was performed
Channel Scan
The channel pair or channel set scanned
Number of Split Scans The number of times ARM performed an additional split scan.
Noise Floor
Noise floor recorded on the primary channel within that channel pair or channel set.
997 | show ap arm split-scan-history
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Introduced in ArubaOS 6.3.1
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm split-scan-history | 998
show ap arm state
show ap arm state [ap-name <ap-name>|dot11a|dot11g|ip-addr <ip-addr>]
Description
Display Adaptive Radio Management (ARM) information for an individual AP's neighbors, or show all available data for any neighboring AP using an 802.11a or 802.11g radio type.
Syntax
Parameter ap-name <ap-name> dot11a dot11g ip-addr <ip-addr>
Description Show aggregate ARM Neighbor Information for a specific AP.
Show aggregate ARM Neighbor Information for all APs using an 802.11a radio.
Show aggregate ARM Neighbor Information for all APs using an 802.11g radio.
Show aggregate ARM Neighbor Information for a AP with a specific IP address by entering its IP address in dotted-decimal format.
Usage Guidelines
The output of the show ap arm state command shows 802.11a and 802.11g information for all APs. Include an AP name or IP address to show data for just a single AP, or use the dot11a or dot11g keywords to show data for all APs using that radio type.
Examples
The output of this command shows 802.11a information for all neighboring APs. (host)# show ap arm state
show ap arm state ap-name AP49
AP-1249:10.100.139.233:52:21:26-Edge:disable : Client Density:13
Neighbor Data
-------------
Name
IP Address SNR Assignment Neighbor Density
----
----------
--- ---------- ----------------
AP42
10.100.139.249 41 52/21
13/17/100/76
AP09
10.100.139.224 22 56/21
3/5/23/60
AP48
10.100.139.241 36 60/21
9/11/69/81
The output of this command includes the following information:
Column Name IP address
Description Name of an AP. IP address of an AP.
999 | show ap arm state
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column SNR
Assignment Neighbor Density
Description
Signal-to-noise (SNR) ratio. SNR is the power ratio between an information signal and the level of background noise.
The AP's current channel assignment.
The neighborhood density for the specified AP is listed with the values A/B/C/D, where: l A= Number of the AP's clients heard in the AP neighbor's client list l B= Number of clients in AP neighbor's client list l C= Density percentage, (AP clients heard in in the AP neighbor client list /
AP client density * 100). l D= Density Percentage (AP clients heard in the AP neighbor's client list /
neighbor client density * 100)
Command History
Version ArubaOS 3.0
Description Command introduced
ArubaOS 6.1
The neighbor density parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm state | 1000
show ap arm status
show ap arm status {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>}
Description
Issue this command under the supervision of Dell support to display detailed debugging Adaptive Radio Management (ARM) information and ARM status counters for an individual AP.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description
Show ARM status for an AP with a specific name.
Show ARM status for a specific Basic Service Set Identifier (BSSID) on an AP. An AP's BSSID is usually the AP's MAC address.
Show ARM status for an AP with a specific IP address. Enter the IP address in dotted-decimal format.
Usage Guidelines
The output of the show ap arm status command shows internal ARM status counters that can be used by Dell support for debugging purposes.
Command History
Version ArubaOS 6.3
Description Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1001 | show ap arm status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm virtual-beacon-report
show ap arm virtual-beacon-report ap-name <name> ip-addr <ipaddr> ip6-addr <ip6-addr> phy-type 80211a|80211b|80211g
Description
If the client match feature is enabled, the output of this command displays the virtual beacon report for an AP with a specific IP or MAC address.
Syntax
Parameter ap-name <name> ip-addr <ipaddr> ip6-addr <ipv6addr> phy-type
Description
Name of an AP for which you want to view a virtual beacon report.
IPv4 address of an AP for which you want to view a virtual beacon report.
IPv6 address of an AP for which you want to view a virtual beacon report.
Display virtual beacon report data for an AP radio with one of the following phy types: l 80211a l 80211b l 80211g
Usage Guidelines
If the client match feature is enabled, the controller sends APs a list of clients that should not be allowed to associate to that AP.
Example
(host) #show ap arm virtual-beacon-report ap-name 1263-ac
Interface:wifi0 Rx VBR Reports:683
Client MAC:24:77:03:cf:fa:5c Dual band:Yes Active Voice:No Steerable:Yes Dual network capable:No Current Association:6c:f3:7f:e7:5a:b0
Virtual Beacon Report
---------------------
AP
Channel
--
-------
9c:1c:12:fd:d2:10 60
9c:1c:12:fd:d2:00 1
Signal (dBm) ------------76 -66
EIRP ---12 12
Assoc -----
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm virtual-beacon-report | 1002
9c:1c:12:fe:13:50 52
-73
9c:1c:12:fe:0f:d0 52
-74
9c:1c:12:fd:f7:b0 44
-49
6c:f3:7f:e7:5a:b0 60
-73
9c:1c:12:fd:f2:30 60
-69
9c:1c:12:fd:f7:a0 1
-55
9c:1c:12:fd:f2:20 1
-65
9c:1c:12:fe:13:40 1
-68
21 24 20 12 Y 12 12 12 12
The output of this command includes the following parameters:
Parameter AP Channel Signal EIRP Assoc
Description MAC address of the AP from which the client can detect a signal Channel on which the signal was deteched Signal strength, in dBm, of the probe request received from Client Amount of power transmitted from the AP antennae A "Y" in this field indicates that the client is currently associated to that AP radio
Related Commands
Use the following command to enable the client match feature l rf arm-profile client-match The following commands display additional statistics for the client match feature l show ap arm client-match probe-report l show ap arm client-match neighbors l show ap arm client-match restriction-table l show ap arm virtual-beacon-report l show ap arm client-match unsupported l show ap arm client-match summary l show ap arm client-match history
1003 | show ap arm virtual-beacon-report
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 6.3 ArubaOS 6.4.3.0
Description
Command Introduced.
The following output parameters were introduced: l Active Voice l Steerable l Dual-Network Capable l VHT-Capable l EIRP
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap arm virtual-beacon-report | 1004
show ap association
show ap association [ap-name <ap-name>|ap-group <ap-group>|bssid <bssid>|channel <channel>|client-mac <client-mac>|essid <essid>|ip-addr <ip-addr> |ip6-addr <ip-addr>|phy {a|b|g}|voip-only]
Description
Show the association table for an AP group or for an individual AP.
Syntax
Parameter ap-group <ap-group>
Description
Show AP associations for a specific AP group. You can also include the channel, essid or voip-only keywords to further filter the output of this command.
ap-name <ap-name>
Show AP associations for a specific AP. You can also include the essid, phy or voip-only keywords to further filter the output of this command.
bssid <bssid>
Show the AP associations for an specific AP Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
channel <channel>
Show AP associations for an individual channel by specifying the channel for which you want to view information.
client-mac <client-mac>
Show the AP associations for a specific MAC address by entering the MAC address of a client for which you want to view association information.
essid <essid>
Show AP associations for an Extended Service Set Identifier (ESSID). An Extended Service Set Identifier (ESSID) is a alphanumeric name that uniquely identifies a wireless network. If the name includes spaces, you must enclose the ESSID in quotation marks.
ip-addr <ip-addr>
Show AP associations for a specific AP by entering an IP address in dotted-decimal format. You can also include the essid, phy or voiponly keywords to further filter the output of this command.
ip6-addr <ip-addr> phy
voip-only
Ahow AP association for a specific AP by entering an IPv6 address.
Include the phy [a|b|g] keywords to show associations for a specific 802.11 radio type, either 802.11a, 802.11b or 802.11g.
Show VoIP client information only.
Usage Guidelines
Use this command to check if user is connected to an AP. This command validates whether the client is associated and indicates the last AP to which it was connected. If the flags column shows an 'A', the client is
1005 | show ap association
Dell Networking W-Series ArubaOS 6.4.x | User Guide
currently associated with that AP. Alternately, if the client is not currently associated, the AP with the smallest value of association time is the last AP used by the client.
Example
Use the show ap association client-mac command to verify that a user has associated with an AP, or to determine last AP to which the client was connected. The output of this command in the example below shows the association table for the client with the MAC address 00:13:fd:5c:7c:59. If the flags column in the output of this command shows an 'A', the client associated last to that AP. Alternately, the AP with the smallest value of association time is the last AP to which the client had associated.
In the example below, the output of this command has been broken into two separate tables to better fit this page. In the actual output of the command, this information is shown in a single, wide table.
(host) #show ap association client-mac 00:13:fd:5c:7c:59
Flags: W: WMM client, A: Active, R: RRM client PHY Details: HT: High throughput; 20: 20MHz; 40: 40MHzss: spatial streams
Association Table
-----------------
Association Table
-----------------
-----------------
Name bssid
mac
---- -----
---
AL12 00:1a:1e:11:5f:11 00:21:5c:50:b1:ed
00:1a:1e:88:88:31 00:19:7d:d6:74:93 y
auth ---y y
assoc aid
----- ---
y
12
6 10
l-int essid
----- -----
10
ethersphere-wpa2AL5
ethersphere-wpa2
vlan-id tunnel-id phy
assoc. time num assoc Flags
------- --------- ---
----------- --------- -----
65
0x10c4
a-HT-40sgi-2ss 35m:41s
1
WA65
0x1072
a
24m:29s
1
WA
The output of this command includes the following information:
Column Name bssid mac auth
assoc
aid
Description Name of an AP
The AP Basic Service Set Identifier (BSSID)
MAC address of the AP
This column displays a y if the AP has been configured for 802.11 authorization frame types. Otherwise, it displays an n.
This column displays a y if the AP has been configured for 802.11 association frame types. Otherwise, it displays an n.
802.11 association ID. A client receives a unique 802.11 association ID when it associates to an AP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap association | 1006
Column 1-int
essid vlan-id tunnel-id assoc. time
num assoc flags
Description
Number of beacons in the 802.11 listen interval. There are ten beacons sent per second, so a ten-beacon listen interval indicates a listen interval time of 1 second.
Name that uniquely identifies the AP's Extended Service Set Identifier (ESSID).
Identification number of the AP's VLAN.
Identification number of the AP's tunnel.
Amount of time the client has associated with the AP, in the format hours:minutes:seconds.
Number of clients associated with the AP.
This column displays any flags for this AP. The list of flag abbreviations is included in the output of the show ap association command.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1007 | show ap association
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap association remote
show ap association remote [ap-name <ap-name>|ap-group <ap-group>|bssid <bssid>|channel <channel>|essid <essid>
Description
Display the association table for an individual AP or group of APs in bridge mode.
Syntax
Parameter ap-name <ap-name> ap-group <ap-group> bssid <bssid>
channel <channel> essid <essid>
Description
Show AP associations for a specific remote AP.
Show AP associations for a specific group of remote APs.
Show the AP associations for an specific AP Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show remote AP associations for a specific channel.
Show remote AP associations for an Extended Service Set Identifier (ESSID). An Extended Service Set Identifier (ESSID) is a alphanumeric name that uniquely identifies a wireless network. If the name includes spaces, you must enclose the ESSID in quotation marks.
Examples
The output of the command below shows the association table for clients in the AP group group1. show ap association remote ap-group group1
Flags: W: WMM client, A: Active, R: RRM client PHY Details: HT: High throughput; 20: 20MHz; 40: 40MHz ss: spatial streams
Association Table
-----------------
Name bssid
essid vlan-id tunnel-id phy assoc.time num assoc Flags
---- -----
- ------- --------- --- ---------- --------- -----
AP71 00:0b:23:c1:d6:11 00:12:6d:03:1c:f1
y
y
1
a
23s
Num Clients:1
The output of this command includes the following information:
Column Name
Description Name of an AP
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap association remote | 1008
Column bssid mac auth assoc aid 1-int
essid vlan-id tunnel-id phy
assoc. time num assoc flags
Description
The AP Basic Service Set Identifier (BSSID)
MAC address of the AP
This column displays a y if the AP has been configured for 802.11 authorization frame types. Otherwise, it displays an n.
This column displays a y if the AP has been configured for 802.11 association frame types. Otherwise, it displays an n.
802.11 association ID. A client receives a unique 802.11 association ID when it associates to an AP.
Number of beacons in the 802.11 listen interval. There are ten beacons sent per second, so a ten-beacon listen interval indicates a listen interval time of 1 second.
Name that uniquely identifies the AP's Extended Service Set Identifier (ESSID).
Identification number of the AP's VLAN.
Identification number of the AP's tunnel.
The RF band in which the AP should operate: g = 2.4 GHz a = 5 GHz
Amount of time the client has associated with the AP, in the format hours:minutes:seconds.
Number of clients associated with the AP.
This column displays any flags for this AP. The list of flag abbreviations is included in the output of the show ap association remote command.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1009 | show ap association remote
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap authorization-profile
show ap authorization-profile [<profile-name>]
Description
This command shows information for AP authorization profiles.
Syntax
Parameter <profile-name>
Description The name of an an existing AP authorization profile.
Usage Guidelines
The AP authorization profile specifies which configuration should be assigned to a remote AP that has been provisioned but not yet authenticated at the remote site. By default, these yet-unauthorized APs are put into the temporary AP group authorization-group and assigned the predefined profile NoAuthApGroup. This configuration allows the user to connect to an unauthorized remote AP via a wired port then enter a corporate username and password. Once a valid user has authorized the AP and the remote AP will be marked as authorized on the network. The remote AP will then download the configuration assigned to that AP by it's permanent AP group.
Issue this command without the <profile-name> option to display the entire AP authorization profile list, including profile status and the number of references to each profile. Include a profile name to display the authorization group defined for that profile.
Examples
The following example lists all AP authorization profiles. The References column lists the number of other profiles with references to that authorization profile, and the Profile Status column indicates whether the profile is predefined. User-defined AP authorization profiles will not have an entry in the Profile Status column.
(host) #show ap authorization-profile
AP Authorization profile List
-----------------------------
Name
References Profile Status
----
---------- --------------
Noauthprofile 1
default
2
Predefined (editable)
Total:2
To display the authentication group for an individual profile, include the <profile> parameter. The example below shows the profile details for the AP authorization profile Default.
(host) #show ap authorization-profile default
AP Authorization profile "default" (Predefined (editable))
----------------------------------------------------------
Parameter
Value
---------
-----
AP authorization group NoAuthApGroup
The output of the show ap authorization command includes the following parameters:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap authorization-profile | 1010
Parameter AP authorization group
Value
Name of a configuration profile to be assigned to the group unauthorized remote APs.
Related Commands
Command
Description
Mode
ap authorization-profile
This command defines a temporary configuration profile for remote APs that are not yet authorized on the network.
Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1011 | show ap authorization-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap blacklist-clients
show ap blacklist-clients
Description
Show a list of clients that have been denied access.
Usage Guidelines
Use the stm CLI command to add or remove users from a blacklist. Additionally, the dot1x authentication, VPN authentication and MAC authentication profiles allow you to automatically blacklist a client if machine authentication fails.
Examples
The output of this command shows that the controller has a single user-defined blacklisted client. (host)# show ap blacklist-clients
Blacklisted Clients
-------------------
STA
reason
---
------
00:1E:37:CB:D4:52 user-defined
block-time(sec) --------------45
remaining time(sec) ------------------3555
The output of this command includes the following information:
Column STA reason
Description
MAC address of the blacklisted client.
The reason that the user was blacklisted. l ARP-attack: Blacklisted for an ARP attack. l user-defined: Blacklisted due to blacklist criteria were defined by the
network administrator l mitm-attack: Blacklisted for a man in the middle (MITM) attack;
impersonating a valid enterprise AP. l gratuitous-ARP-attack: Blacklisted for a gratuitous ARP attack. l ping-flood: Blacklisted for a ping flood attack. l session-flood: Blacklisted for a session flood attack. l syn-flood: Blacklisted for a syn flood attack. l session-blacklist: User session was blacklisted l IP spoofing: Blacklisted for sending messages using the IP address of a
trusted client. l ESI-blacklist: An external virus detection or intrusion detection application
or appliance blacklisted the client. l CP-flood: Blacklisting for flooding with fake AP beacons. l UNKNOWN: Blacklist reason unknown.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap blacklist-clients | 1012
Column block-time (sec) remaining time(sec)
Description
Amount of time the client has been blocked, in seconds.
Amount of time remaining before the client will be allowed access to the network again.
Related Commands
Command
Description
stm add-blacklist-client
Manually add or remove clients from a
stm remove-blacklist-client <macaddr> blacklist.
Mode
Config mode
Command History
Release ArubaOS 3.0
Modification Command introduced.
ArubaOS 6.4.1.0
The following reason codes were added: l ARP-attack l gratuitous-ARP-attack
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1013 | show ap blacklist-clients
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap bss-table
show ap bss-table [ap-name <ap-name>|bssid <bssid>|counters|essid <essid>|ip-addr <ipaddr>|ip6-addr <ip-addr>|port <port>\<slot>|standby>]
Description
Show an AP's Basic Service Set (BSS).
Syntax
Parameter ap-name <ap-name> bssid <bssid> counters essid <essid>
ap-name ip-addr ip6-addr port ip-addr <ip-addr> ip6-addr <ip-addr> port <port>/<slot> standby
Description Show the BSS table for a specific AP.
Show the BSS table for an specific AP Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show the BSS table for a specific AP by providing the counter.
Show the BSS table for an Extended Service Set Identifier (ESSID). An Extended Service Set Identifier (ESSID) is a alphanumeric name that uniquely identifies a wireless network. If the name includes spaces, you must enclose the ESSID in quotation marks.
Filters by AP name.
Filters by IP address.
Filters by IPv6 address.
Filter on port in <slot>/<module>/<port> format.
Show the BSS table for a specific AP by entering an IP address in dotteddecimal format.
Show the BSS table for a specific AP by providing the IPv6 address.
Show the BSS table for a specific port and slot on an AP. The slot and port numbers should be separated by a forward slash (/).
Show the BSS table for a specific AP in standby mode.
Usage Guidelines
The output of the show ap bss-table command shows the Dell AP BSS table for all APs. To filter this information and view BSS table data for an individual AP or a specific port and slot number, include the apname, bssid, essid, ip-addr or port keywords.
Example
The output of this command shows the BSS table for the seven active APs using the controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap bss-table | 1014
(host) #show ap bss-table
fm (forward mode): T-Tunnel, S-Split, D-Decrypt Tunnel, B-Bridge (s-standard, p-persistent, b-
backup, a-always), n-anyspot
Aruba AP BSS Table
------------------
bss
ess
port ip
phy type ch/EIRP/max-EIRP cur-cl ap
name in-t(s) tot-t
mtu acl-state acl fm
---
---
---- --
--- ---- ---------------- ------ ---
---- ------- -----
--- --------- --- --
9c:1c:12:fd:ec:e0 qa_testing N/A 172.16.10.20 g-HT ap 6/19/19
0
204
0
27d:21h:54m:23s 1578 -
58 T
9c:1c:12:fd:ec:e1 qa_testing1 N/A 172.16.10.20 g-HT ap 6/19/19
0
204
0
27d:21h:54m:23s 1578 -
58 Tn
9c:1c:12:fd:ec:f0 qa_testing N/A 172.16.10.20 a-VHT ap 36/10/20
2
204
0
27d:21h:54m:23s 1578 -
58 T
9c:1c:12:fd:ec:f1 qa_testing1 N/A 172.16.10.20 a-VHT ap 36/10/20
0
204
0
27d:21h:54m:23s 1578 -
58 Tn
Channel followed by "*" indicates channel selected due to unsupported configured channel. "Spectrum" followed by "^" indicates Local Spectrum Override in effect.
Num APs:4 Num Associations:2
The output of this command includes the following information:
Column bss
ess
Description
The AP Basic Service Set Identifier (BSSID). This is usually the MAC address of the AP
The AP Extended Service Set Identifier (ESSID).
s/p
ip
IP address of an AP.
phy
An AP radio type. Possible values are:
l a--802.11a
l a-HT--802.11a high throughput
l g-- 802.11g
l g-HT--802.11g high throughput
type
Shows whether the AP is working as an access point (AP) or air monitor (AM).
ch/EIRP/max-EIRP
Radio channel used by the AP/current effective Isotropic Radiated Power (EIRP) /maximum EIRP.
cur-cl
Current number of clients on the AP.
ap name
Name of the AP.
1015 | show ap bss-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column in-t(s) tot-t mtu acl-state
acl fm
Description
Number of seconds that an AP has been inactive.
An AP's total active time, in seconds.
Maximum Transmission Unit (MTU) size, in bytes. This value describes the greatest amount of data that can be transferred in one physical frame.
An access control list (ACL) can enable or disable an AP during specific time ranges. l Disabled: An ACL with time restrictions is currently disabled (so the AP is
enabled). l Enabled: An ACL with time restrictions is currently enabled (so the AP is
disabled). l This data column will display a dash (-) if no ACLs are currently configured for
the AP.
The access control list (ACL) id is displayed based on the role set.
Listed below are the forwarding modes available: l T-Tunnel l S-Split l D-Decrypt Tunnel l B-Bridge (s-standard, p-persistent, b-backup, a-always) NOTE: If anyspot is enabled for a particular BSSID, then it is represented as n in the Forwarding Mode parameter.
Command History
Release ArubaOS 3.0 ArubaOS 6.2
ArubaOS 6.4.3.0
Modification
Command introduced.
Introduced support for the following parameters: l essid <ap-name> l essid <ip-addr> l essid <ip6-addr> l essid <port>
The n-anyspot forwarding-mode flag was introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap bss-table | 1016
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1017 | show ap bss-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap bw-report
show ap bw-report {ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>}
Description
Show the bandwidth reporting table for a specific AP.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description
Show bandwidth data for an AP with a specific name.
Show bandwidth data for a specific Basic Service Set Identifier (BSSID) on an AP. The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show bandwidth data for an AP with a specific IP address by entering an IP address in dotted-decimal format.
Examples
The output of the following command shows the Dell AP bandwidth table for an AP with the IP address 192.0.2.170. show ap bw-report ip-addr 192.0.2.170
Bandwidth report for AP "AL16" radio 0
--------------------------------------
Virtual AP
Allocated Share
----------
---------------
corp1344-guest
0%
corp1344-ethersphere-wpa2 0%
Average Throughput:0 kbps
Actual Share -----------0% 0%
Offered Load -----------0 kbps 0 kbps
Delivered Load -------------0 kbps 0 kbps
Bandwidth report for AP "AL16" radio 1
--------------------------------------
Virtual AP
Allocated Share
----------
---------------
corp1344-guest
0%
corp1344-ethersphere-voip 0%
corp1344-ethersphere-vocera 0%
Average Throughput:0 kbps
Actual Share -----------0% 0% 0%
Offered Load -----------0 kbps 0 kbps 0 kbps
Delivered Load -------------0 kbps 0 kbps 0 kbps
The output of this command includes the following information for all radios on the AP:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap bw-report | 1018
Column Virtual AP Allocated Share Actual Share Offered Load Delivered Load
Average Throughput
Description Name of a Virtual AP Maximum percentage of total bandwidth available to that Virtual AP. Actual percentage of total bandwidth used by a Virtual AP. Attempted throughput for the Virtual AP, in kbps. Actual throughput for the Virtual AP, in kbps. This value may be less than the offered load if the Virtual AP has used all its allocated bandwidth. Average throughput for the virtual AP, in kbps.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1019 | show ap bw-report
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap client status
show ap client status <client-mac>
Description
Show the current status of a specific client.
Syntax
Parameter <client-mac>
Description MAC address of a client
Examples
The output of the command shows the status of an individual client in the STA (station) table. (host) #show ap client status 00:13:fd:42:32:38
STA Table --------bssid ----00:1a:1e:a3:02:c9 State Hash Table ---------------bssid ----00:1a:1e:a3:02:c9
auth assoc aid l-int
---- ----- --- -----
y
y
7 10
state
reason
-----
------
auth-assoc 0
essid ----corp-wpa2
vlan-id ------65
tunnel-id --------0x10c0
The output of this command includes the following information:
Column bssid auth assoc aid
l-int
essid
Description
Basic Service Set ID (BSSID) of the client.
This column displays a y if the AP has been configured for 802.11 authorization frame types. Otherwise, it displays an n.
This column displays a y if the AP has been configured for 802.11 association frame types. Otherwise, it displays an n.
Number of beacons in the 802.11 listen interval. There are ten beacons sent per second, so a ten-beacon listen interval indicates a listen interval time of 1 second.
Number of beacons in the 802.11 listen interval. There are ten beacons sent per second, so a ten-beacon listen interval indicates a listen interval time of 1 second.
Extended Service Set ID (ESSID) of the client.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap client status | 1020
Column vlan-id tunnel-id state
Reason
Description
VLAN ID of the VLAN used by the client
Identification number for the tunnel
If the client has been both authorized and associated, this data column will display auth-assoc. If the client has only been authorized, this data column will display auth.
If the client failed to authenticate, this data column lists the reason code for 802.11 authentication failure
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1021 | show ap client status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap client trail-info
show ap client trail-info [<client-mac>]
Description
Use this command to show client activity for debugging purposes.
Syntax
Parameter <client-mac>
Description MAC address of the client.
Usage Guidelines
Use this command to view client activity, including reasons for client deauthentication, the history of how that client moved between different APs, and any alerts or errors encountered by that client. Include the optional <client-mac> parameter to show additional details for that specific client.
Client-trail information may be available for clients that are no longer active, as the controller saves a limited amount of client data in a buffer. The maximum number of clients for which trail-information is saved is determined by is determined by the controller platform. Each controller saves client trail information for twice the number of active clients supported by that controller platform.
Examples
The following example shows client-trail information for all clients associated with the controller. (host) #show ap client trail-info
Client Trail Info ----------------MAC ----------------00:11:22:33:44:55 00:12:32:43:54:65 00:31:42:53:64:75
BSSID ---------------00:0b:86:11:22:33 00:0b:86:11:22:34 00:0b:86:11:22:35
ESSID -----corp corp corp
AP-name -------ap1 ap2 ap3
VLAN ----10 10 10
Deauth-reason --------------AP-Down AP-Down AP-Down
Alert ------------Auth-failure Auth-failure Auth-failure
This example shows client-trail information for a specific user that includes information about AP alerts and mobility trails.
(host) #show ap client trail-info 00:11:22:33:44:55
MAC
BSSID
ESSID AP-name VLAN
----------------- ----------------- ----- ------- ----
00:11:22:33:44:55 00:0b:86:11:22:33 corp ap1
10
Deauth Reason
Reason
Timestamp
------------
---------------------------
AP-Down
Apr-12-2013 08:12:34
Alert
Reason
Timestamp
--------------
------------------
Auth-Failure
Apr-10-2013 03:45:11
Mobility Trail
AP-name
BSSID
ESSID
Timestamp
-------
----------------- -----
--------------------
Ap1
00:0b:86:11:11:11 corp
Apr-10-2013 03:45:11
AP2
00:0b:86:22:22:22 abc
Apr-10-2013 03:45:11
Deauth-reason ------------AP-down
Alert -----------Auth-failure
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap client trail-info | 1022
The output of these commands include the following information:
Column MAC BSSID ESSID AP-name VLAN Deauth-reason Alert Timestamp
Mobility-Trail
Description MAC address of the client BSSID of the client ESSID to which the client associated Name of the AP to which the client associated VLAN ID of the VLAN to which the client associated. Reason why the client was deauthorized. Reason why alerts were triggered by the client If you include the optional <client-mac> parameter, the output will include a timestamp that indicates the time each alert or deauthorization was triggered. If you include the optional <client-mac> parameter, the output will include the AP name, BSSID and ESSID of the APs to which the cient connected, as well as a timestamp showing when the connections were initiated.
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms W-6000M3 controllers
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
1023 | show ap client trail-info
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap config
show ap config {ap-group <ap-group>}|{ap-name <ap-name>}|{essid <essid>}
Description
Show a large list of configuration settings for an ap-group or an individual AP.
Syntax
Parameter
Description
ap-group <ap-group> Display configuration settings for an AP group.
ap-name <ap-name>
Display configuration settings for an AP with a specific name.
essid <essid>
Display configuration settings for an AP with a specific Extended Service Set Identifier (ESSID). An Extended Service Set Identifier (ESSID) is a alphanumeric name that uniquely identifies a wireless network. If the name includes spaces, you must enclose the ESSID in quotation marks.
Examples
The example output below shows just some of the configuration settings displayed in the output of this command.
show ap config ap-group apgroup14
---------------------------------------------------
Parameter
802.11g
---------
-------
LMS IP
N/A
"default"
Backup LMS IP
N/A
"default"
LMS Preemption
Disabled
"default"
LMS Hold-down Period
600 sec
"default"
Master controller IP address
N/A
"default"
RF Band
g
"default"
Double Encrypt
Disabled
"default"
Native VLAN ID
1
"default"
SAP MTU
N/A
"default"
Bootstrap threshold
8
"default"
Request Retry Interval
10 sec
"default"
Maximum Request Retries
10
"default"
Keepalive Interval
60 sec
"default"
Dump Server
N/A
"default"
802.11a ------N/A N/A Disabled 600 sec N/A g Disabled 1 N/A 8 10 sec 10 60 sec N/A
Source -----ap system-profile ap system-profile ap system-profile ap system-profile ap system-profile ap system-profile ap system-profile ap system-profile ap system-profile ap system-profile ap system-profile ap system-profile ap system-profile ap system-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap config | 1024
Telnet "default" FIPS enable "default" SNMP sysContact "default" RFprotect Server IP "default" RFprotect Backup Server IP "default" AeroScout RTLS Server "default" RTLS Server configuration "default" Remote-AP DHCP Server VLAN "default" Remote-AP DHCP Server Id "default" Remote-AP DHCP Default Router "default" Remote-AP DHCP Pool Start "default" Remote-AP DHCP Pool End "default" Remote-AP DHCP Pool Netmask "default" Remote-AP DHCP Lease Time "default" Heartbeat DSCP "default" Session ACL "default" Image URL "default" Maintenance Mode "default" ...
Disabled
Disabled
ap system-profile
Disabled
Disabled
ap system-profile
N/A
N/A
ap system-profile
N/A
N/A
ap system-profile
N/A
N/A
ap system-profile
N/A
N/A
ap system-profile
N/A
N/A
ap system-profile
N/A
N/A
ap system-profile
192.168.11.1 192.168.11.1 ap system-profile
192.168.11.1 192.168.11.1 ap system-profile
192.168.11.2 192.168.11.2 ap system-profile
192.168.11.254 192.168.11.254 ap system-profile
255.255.255.0 255.255.255.0 ap system-profile
0 days
0 days
ap system-profile
0
0
ap system-profile
N/A
N/A
ap system-profile
N/A
N/A
ap system-profile
Disabled
Disabled
ap system-profile
The output of this command includes the following parameters. Parameter LMS IP
Description
The IPv4 address of the local management switch (LMS)--the Dell controller which is responsible for terminating user traffic from the APs, and processing and forwarding the traffic to the wired network.
1025 | show ap config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter LMS IPv6
Backup LMS IP Backup LMS IP LMS Preemption LMS Hold-down Period Number of IPsec retries
LED operation mode Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
The IPv6 address of the local management switch (LMS)--the Dell controller which is responsible for terminating user traffic from the APs, and processing and forwarding the traffic to the wired network.
For multi-controller networks, this parameter displays the IPv4 address of a backup to the IP address specified with the lms-ip parameter.
For multi-controller networks, this parameter displays the IPv6 address of a backup to the IP address specified with the lms-ip parameter.
When this parameter is enabled, the local management switch automatically reverts to the primary LMS IP address when it becomes available.
Time, in seconds, that the primary LMS must be available before an AP returns to that LMS after failover.
Shows the number of times the AP will attempt to recreate an IPsec tunnel with
the master controller before the AP will reboot. The supported range is
0-1000 retries, and the default value is 360. A value of 0 disables the
reboot.
The operating mode for the LEDs (11n APs only)
l normal: Normal mode
l off: All LEDs off
show ap config | 1026
Parameter Master controller IP address RF Band Double Encrypt
Native VLAN ID SAP MTU Bootstrap threshold
1027 | show ap config
Description
For multi-controller networks, this parameter displays the IP address of the master controller.
For dual-band radios, this parameter displays the RF band in which the AP should operate:
l g = 2.4 GHz
l a = 5 GHz
This parameter applies only to remote APs. Double encryption is used for traffic to and from a wireless client that is connected to a tunneled SSID. When enabled, all traffic is re-encrypted in the IPsec tunnel. When disabled, the wireless frame is only encapsulated inside the IPsec tunnel.
Native VLAN for bridge mode virtual APs (frames on the native VLAN are not tagged with 802.1q tags).
Maximum Transmission Unit (MTU) size, in bytes. This value describes the greatest amount of data that can be transferred in one physical frame.
Number of consecutive missed heartbeats on a GRE tunnel (heartbeats are sent once per second on each tunnel) before an AP rebootstraps. On the controller, the GRE tunnel timeout is 1.5 x bootstrapthreshold; the tunnel is torn down after this number of seconds of inactivity on the tunnel.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Request Retry Interval
Maximum Request Retries
Keepalive Interval Dump Server Telnet SNMP sysContact AeroScout RTLS Server RTLS Server configuration Remote-AP DHCP Server VLAN
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
Interval, in seconds, between the first and second retries of APgenerated requests. If the configured interval is less than 30 seconds, the interval for subsequent retries is increased up to 30 seconds.
Maximum number of times to retry APgenerated requests, including keepalive messages. After the maximum number of retries, the AP either reboots or tries the IP
address specified by the backup LMS IP address (if configured).
Time, in seconds, between keepalive messages from the AP
(For debugging purposes.) Displays the server to receive the core dump generated if an AP process crashes.
Reports whether telnet access the AP is enabled or disabled.
SNMP system contact information.
Displays whether or not the AP will send RFID tag information to an AeroScout real-time asset location (RTLS) server.
Displays whether or not the AP will send RFID tag information to an RTLS server.
Shows the VLAN ID of the remote-AP DHCP server used when controller is unreachable.
show ap config | 1028
Parameter Remote-AP DHCP Server Id Remote-AP DHCP Default Router Remote-AP DHCP Pool Start Remote-AP DHCP Pool End Remote-AP DHCP Pool Netmask Remote-AP DHCP Lease Time Remote-AP uplink total bandwidth Remote-AP bw reservation
Heartbeat DSCP Session ACL Maintenance Mode
1029 | show ap config
Description
Shows the IP Address of the DHCP DNS Server.
Shows the IP Address of the DHCP Default Router.
Shows the IP Address used as start of DHCP Pool.
Shows the IP Address used as end of DHCP Pool.
Shows the netmask of DHCP Pool.
Shows the length of leases, in days (0 means infinite).
This is the total reserved uplink bandwidth (in Kilobits per second)
Session ACLs with uplink bandwidth reservation in kilobits per second. You can specify up to three session ACLs to reserve uplink bandwidth.
DSCP value of AP heartbeats (0-63).
Shows the access control list (ACL) applied on the uplink of a remote AP.
Shows if Maintenance mode is enabled or disabled. If enabled, APs stop flooding unnecessary traps and syslog messages to network management systems or network operations centers when deploying, maintaining, or upgrading the network. The controller still generates debug syslog messages if debug logging is enabled.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Remote-AP Local Network Access Radio enable Mode
High throughput enable (radio) Channel Beacon Period
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
Enable or disable local network access across VLANs in a Remote-AP.
Shows if the AP's radio is enabled or disabled.
Shows the operating modes for the AP.
l ap-mode: Device provides transparent, secure, high-speed data communications between wireless network devices and the wired LAN.
l am-mode: Device behaves as an air monitor to collect statistics, monitor traffic, detect intrusions, enforce security policies, balance traffic load, self-heal coverage gaps, etc.
l spectrum-mode: Device behaves as a spectrum monitor, sending spectrum analysis data to the controller. Spectrum monitors do not serve clients.
Shows if high-throughput (802.11n) features on the 2.4 GHz frequency band are enabled or disabled.
Shows the channel number for the AP's 802.11a/802.11n physical layer.
Shows the time, in milliseconds, between successive beacon transmissions. The beacon advertises the AP's presence, identity, and radio characteristics to wireless clients.
show ap config | 1030
Parameter Beacon Regulate Transmit EIRP Advertise 802.11d and 802.11h Capabilities TPC Power Spectrum Load Balancing
Spectrum Load Balancing mode
Description
Enabling this setting introduces randomness in the beacon generation so that multiple APs on the same channel do not send beacons at the same time, which causes collisions over the air.
Shows the current transmission power level.
This column reports whether or not the AP will advertise its 802.11d (Country Information) and 802.11h (TPC or Transmit Power Control) capabilities
The transmit power advertised in the TPC IE of beacons and probe responses. Range: 0-51 dBm
The Spectrum Load Balancing feature helps optimize network resources by balancing clients across channels, regardless of whether the AP or the controller is responding to the wireless clients' probe requests.
If enabled, the controller compares whether or not an AP has more clients than its neighboring APs on other channels. If an AP's client load is at or over a predetermined threshold as compared to its immediate neighbors, or if a neighboring Dell AP on another channel does not have any clients, load balancing will be enabled on that AP. This feature is disabled by default.
Spectrum Load Balancing Mode allows control over how to balance clients. Select one of the following options
1031 | show ap config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Spectrum load balancing update interval Advertised regulatory max EIRP Spectrum load balancing domain
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
l channel: Channelbased load-balancing balances clients across channels. This is the default load-balancing mode
l radio: Radio-based load-balancing balances clients across APs
This value determines how often spectrum load balancing calculations are made (in seconds). The default value is 30 seconds.
A cap for an radio's maximum equivalent isotropic radiated power (EIRP). Even if the regulatory approved maximum for a given channel is higher than this EIRP cap, the AP radio using this profile will advertise only this capped maximum EIRP in its radio beacons.
Define a spectrum load balancing domain to manually create RF neighborhoods.
This option creates RF neighborhood information for networks that have disabled Adaptive Radio Management (ARM) scanning and channel assignment.
l If spectrum load balancing is enabled in a 802.11a radio profile but the spectrum load balancing domain is not defined, ArubaOS uses the ARM feature to calculate RF neighborhoods.
l If spectrum load balancing is enabled in a 802.11a radio profile
show ap config | 1032
Parameter Rx sensitivity tuning based channel reuse
1033 | show ap config
Description
and a spectrum load balancing domain isalso defined, AP radios belonging to the same spectrum load balancing domain will be considered part of the same RF neighborhood for load balancing, and will not recognize RF neighborhoods defined by the ARM feature.
The channel reuse feature can operate in either of the following three modes; static, dynamic or disable. (This feature is disabled by default.)
l Static mode: This mode of operation is a coverage-based adaptation of the Clear Channel Assessment (CCA) thresholds. In the static mode of operation, the CCA is adjusted according to the configured transmission power level on the AP, so as the AP transmit power decreases as the CCA threshold increases, and vice versa.
l Dynamic mode: In this mode, the Clear Channel Assessment (CCA) thresholds are based on channel loads, and take into account the location of the associated clients. When you set the Channel Reuse This feature is automatically enabled when the wireless medium around the AP is busy greater than half the time. When this mode is enabled, the CCA threshold adjusts to accommodate transmissions between the AP its most distant associated client.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Rx sensitivity threshold Non 802.11a interference Immunity
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
l Disable mode: This mode does not support the tuning of the CCA Detect Threshold.
RX Sensitivity Tuning Based Channel Reuse Threshold, in -dBm.
If the Rx Sensitivity Tuning Based Channel reuse feature is set to static mode, this parameter manually sets the AP's Rx sensitivity threshold (in dBm). The AP will filter out and ignore weak signals that are below the channel threshold signal strength.
If the value is set to zero, the feature will automatically determine an appropriate threshold
The value for 802.11 Interference Immunity. This parameter sets the interference immunity on the 2.4 Ghz band.
The default setting for this parameter is level 2. When performance drops due to interference from non-802.11 interferers (such as DECT or Bluetooth devices), the level can be increased up to level 5 for improved performance. However, increasing the level makes the AP slightly "deaf" to its surroundings, causing the AP to lose a small amount of range.
The levels for this parameter are:
l Level-0: no ANI adaptation.
l Level-1: noise immunity only.
l Level-2: noise and spur immunity. This is the default setting
l Level-3: level 2 and
show ap config | 1034
Parameter
Enable CSA CSA Count Management Frame Throttle interval Management Frame Throttle Limit ARM/WIDS Override
Protection for 802.11b Clients
Description
weak OFDM immunity.
l Level-4: level 3 and FIR immunity.
l Level-5: disable PHY reporting.
Displays whether or not the AP has enabled channel switch announcements (CSAs) for 802.11h.
Number of channel switch announcements that must be sent before the AP will switch to a new channel.
Average interval that rate limiting management frames are sent from this radio, in seconds. If this column displays a zero (0) rate limiting is disabled for this AP.
Maximum number of management frames that can come from this radio in each throttle interval.
Shows if Adaptive Radio Management (ARM) and Wireless IDS functions are enabled or disabled. If a radio is configured to operate in Air Monitor mode, then these functions are always enabled, regardless of this option.
Displays whether or not protection for 802.11b clients is enabled or disabled.
1035 | show ap config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Maximum Distance
Spectrum Monitoring Assignment Allowed bands for 40MHz channels Client Aware Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
Maximum distance between a client and an AP or between a mesh point and a mesh portal, in meters. This value is used to derive ACK and CTS timeout times. A value of 0 specifies default settings for this parameter, where timeouts are only modified for outdoor mesh radios which use a distance of 16km.
The upper limit for this parameter varies, depending on the 20/40 MHz mode for a 2.4GHz frequency band radio:
l 20MHz mode: 54km
l 40MHz mode: 24km
Iff you configure a value above the supported maximum, the maximum supported value will be used instead. Values below 600m will use default settings.
When this parameter is enabled, it turns an AP in ap-mode into a hybrid AP. An AP in hybrid AP mode will continue to serve clients as an access point while it scans and analyzes spectrum analysis data for a single radio channel.
Displays whether or not ARM channel and power assignment has been enabled or disabled.
Forty MHz channels may be used on the specified radio bands (802.11a or 802.11g).
Shows if the client aware feature has been enabled or disabled for this AP. If enabled, AP will not change channels when there are active clients.
show ap config | 1036
Parameter Max Tx Power Min Tx Power Multi Band Scan Rogue AP Aware Scan Interval Active Scan
Scanning
1037 | show ap config
Description
Maximum transmission power for this AP, in dBm.
Minimum transmission power for this AP, in dBm.
Shows if the multi-band scan feature has been enabled or disabled on this AP. If enabled, singleradio APs will try to scan across bands for Rogue AP detection
Shows if the rogue AP awareness feature has been enabled or disabled on this AP. If enabled, the AP will try to contain offchannel Rogue APs
This column indicates, in seconds, how often the AP will leave its current channel to scan other channels in the band if scanning is enabled
Displays whether or not the active scan feature is enabled. NOTE: This option elicits more information from nearby APs, but also creates additional management traffic on the network. Active Scan is disabled by default, and should not be enabled except under the direct supervision of Dell Support.
Shows if scanning is enabled or disabled for this AP. If this option is disabled, the following other options will also be disabled:
l Multi Band Scan
l Rogue AP Aware
l Voip Aware Scan
l Power Save Scan
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Scan Time VoIP Aware Scan Power Save Aware Scan Ideal Coverage Index
Acceptable Coverage Index
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
The amount of time, in milliseconds, an AP will drift out of the current channel to scan another channel. The supported range for this setting is 02,147,483,647 seconds. Best practices are to configure a scan time between 50-200 msec.
Shows if VoIP aware scanning is enabled or disabled. If you use voice handsets in the WLAN, VoIP Aware Scan should be enabled in the ARM profile so the AP will not attempt to scan a different channel if one of its clients has an active VoIP call. This option requires that Scanning is also enabled.
Shows if the power save aware scan is enabled or disabled. If enabled, the AP will not scan a different channel if it has one or more clients and is in power save mode.
Default: enabled
The Dell coverage index metric is a weighted calculation based on the RF coverage for all DellAPs and neighboring APs on a specified channel. The Ideal Coverage Index specifies the ideal coverage that an AP should try to achieve on its channel. The denser the AP deployment, the lower this value should be.
For multi-band implementations, the Acceptable Coverage Index specifies the minimal coverage an AP it should achieve on its channel. The denser the AP deployment, the lower this value should be.
show ap config | 1038
Parameter Free Channel Index
Backoff Time Error Rate Threshold Error Rate Wait Time Noise Threshold Noise Wait Time 1039 | show ap config
Description
The current free channel index value. The Dell Interference index metric measures interference for a specified channel and its surrounding channels. This value is calculated and weighted for all APs on those channels (including 3rd-party APs).
An AP will only move to a new channel if the new channel has a lower interference index value than the current channel. Free Channel Index specifies the required difference between the two interference index values before the AP moves to the new channel. The lower this value, the more likely it is that the AP will move to the new channel.
After an AP changes channel or power settings, it waits for this backoff time interval before it asks for a new channel/power setting.
The minimum percentage of PHY errors and MAC errors in the channel that will trigger a channel change.
Minimum time in seconds the error rate on the AP has to exceed its defined error rate threshold before it triggers a channel change.
Maximum level of noise in a channel that triggers a channel change.
Minimum time in seconds the noise level has to exceed the Noise Threshold before it triggers a channel change on the AP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Minimum Scan Time Load aware Scan Threshold Mode Aware Arm
Scan mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
Minimum number of times a channel must be scanned before it is considered for assignment. Best practices are to configure a Minimum Scan Time between 1-20 scans.
The Load Aware Scan Threshold is the traffic throughput level an AP must reach before it stops scanning. Load aware ARM preserves network resources during periods of high traffic by temporarily halting ARM scanning if the load for the AP gets too high.
Shows if the mode-aware ARM feature has been enabled or disabled for this AP. If enabled, ARM will turn the AP into an Air Monitors (AMs) if it detects higher coverage levels than necessary. This helps avoid higher levels of interference on the WLAN. Although this setting is disabled by default, you may want to enable this feature if your APs are deployed in close proximity (e.g. less than 60 feet apart).
Identifies the scan mode for the AP.
l all-reg-domain: The AP scans channels within all regulatory domains. This is the default setting.
l reg-domain:Limit the AP scans to just the regulatory domain for that AP.
show ap config | 1040
Parameter 40 MHz intolerance
Honor 40 MHz intolerance
Legacy station workaround SSID enable ESSID Encryption DTIM Interval
Basic Rates
1041 | show ap config
Description
The specified setting allows ARM to determine if 40 MHz mode of operation is allowed on the 5 GHz or 2.4 GHz frequency band only, on both frequency bands, or on neither frequency band.
Shows if 40 MHz intolerance is enabled or disabled. If enabled, the radio will stop using the 40 MHz channels if the 40 MHz intolerance indication is received from another AP or station.
Shows if interoperability for misbehaving legacy stations is enabled or disabled.
Shows if the SSID is enabled or disabled
Name that uniquely identifies the Extended Service Set Identifier (SSID).
Encryption type used on this AP.
Shows the interval, in milliseconds, between the sending of Delivery Traffic Indication Messages (DTIMs) in the beacon. This is the maximum number of beacon cycles before unacknowledged network broadcasts are flushed.
Lists supported 802.11a rates, in Mbps, that are advertised in beacon frames and probe responses from this AP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Transmit Rates Station Ageout Time Max Transmit Attempts RTS Threshold
Short Preamble
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
Lists 802.11a rates at which the AP is allowed to send data. The actual transmit rate depends on what the client is able to handle, based on information sent at the time of association and on the current error/loss rate of the client.
Time, in seconds, that a client is allowed to remain idle before being aged out.
Maximum number of retries allowed for the AP to send a frame
Wireless clients transmitting frames larger than this threshold must issue Request to Send (RTS) and wait for the AP to respond with Clear to Send (CTS). This helps prevent mid-air collisions for wireless clients that are not within wireless peer range and cannot detect when other wireless clients are transmitting.
Shows if a short preamble for 802.11b/g radios is enabled or disabled for this AP. Network performance may be higher when short preamble is enabled. In mixed radio environments, some 802.11b wireless client stations may experience difficulty associating with the AP using short preamble. To use only long preamble, disable short preamble. Legacy client devices that use only long preamble generally can be updated to support short preamble.
show ap config | 1042
Parameter Max Associations Wireless Multimedia (WMM)
Wireless Multimedia U-APSD (WMM-UAPSD) Powersave WMM TSPEC Min Inactivity Interval DSCP mapping for WMM voice AC DSCP mapping for WMM video AC DSCP mapping for WMM best-effort AC DSCP mapping for WMM background AC 902il Compatibility Mode
Hide SSID
Description
Maximum number of wireless clients allowed to associate to the AP
Shows if Wireless Multimedia (WMM) is enabled or disabled for this AP. WMM provides prioritization of specific traffic relative to other traffic in the network
Shows if Wireless Multimedia (WMM) UAPSD powersave is enabled or disabled.
Displays the minimum inactivity time-out threshold of WMM traffic for this AP.
Displays the DSCP value used to map WMM voice traffic.
Displays the DSCP value used to map WMM video traffic.
Displays the DSCP value used to map WMM besteffort traffic
Displays the DSCP value used to map WMM background traffic.
Shows if 902 il compatibility mode is enabled or disabled. (This parameter only needs to be enabled for APs with associated clients using NTT DoCoMo 902iL phones.)
Shows if the feature to hide a SSID name in beacon frames is enabled or disabled.
1043 | show ap config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Deny_Broadcast Probes
Local Probe Response
Disable Probe Retry Battery Boost
Drop Broadcast and Multicast WEP Key 1 Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
When a client sends a broadcast probe request frame to search for all available SSIDs, this option controls whether or not the system responds for this SSID. When enabled, no response is sent and clients have to know the SSID in order to associate to the SSID. When disabled, a probe response frame is sent for this SSID.
Shows if local probe response is enabled or disabled on the AP. If this option is enabled, the AP is responsible for sending 802.11 probe responses to wireless clients' probe requests. If this option is disabled, then the controller sends the 802.11 probe responses
If disabled, the AP will not resend probes if it does not get a response.
Shows if the battery boost feature is enabled or disabled for the AP. If enabled, this feature converts multicast traffic to unicast before delivery to the client, thus allowing you to set a longer DTIM interval. The longer interval keeps associated wireless clients from activating their radios for multicast indication and delivery, leaving them in power-save mode longer and thus lengthening battery life
If this feature is enabled on an AP, it drops all downstream broadcast or multicast traffic to increase battery life.
Displays the static WEP key (1 of 4).
show ap config | 1044
Parameter WEP Key 2 WEP Key 3 WEP Key 4 WEP Transmit Key Index WPA Hexkey WPA Passphrase Maximum Transmit Failures BC/MC Rate Optimization
Rate Optimization for delivering EAPOL frames Strict Spectralink Voice Protocol (SVP)
Description
Displays the static WEP key (2 of 4).
Displays the static WEP key (3 of 4).
Displays the static WEP key (4 of 4).
Displays the key index that specifies which static WEP key is to be used.
Displays the WPA preshared key (PSK).
Displays the WPA passphrase with which the AP generates a preshared key (PSK).
Display the maximum number of transmission failures allowed before the client gives up.
Shows if the AP has enabled or disabled scanning of all active stations currently associated to that AP to select the lowest transmission rate for broadcast and multicast frames. This option only applies to broadcast and multicast data frames; 802.11 management frames are transmitted at the lowest configured rate.
Shows if the AP has enabled or disabled rate optimization for delivering EAPOL frames.
Shows if strict Spectralink Voice Protocol (SVP) is enabled or disabled.
1045 | show ap config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter 802.11g Beacon Rate
802.11a Beacon Rate
Advertise QBSS Load IE High throughput enable (SSID) 40 MHz channel usage MPDU Aggregation Max transmitted A-MPDU size Max received A-MPDU size Min MPDU start spacing
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
Sets the beacon rate for 802.11g for APs use a Distributed Antenna System (DAS). Using this parameter in normal operation may cause connectivity problems.
Sets the beacon rate for 802.11a for APs use a Distributed Antenna System (DAS). Using this parameter in normal operation may cause connectivity problems.
Shows if the AP has enabled or disabled the advertising of QBSS in the load IE.
Shows if the AP has enabled or disabled the use of its high-throughput SSID in 40 MHz mode.
Determines if this highthroughput SSID allows high-throughput (802.11n) stations to associate.
Shows if the AP has enabled or disabled MAC protocol data unit (MDPU) aggregation.
Shows the maximum size, in bytes, of an A-MPDU that can be sent on the AP's high-throughput SSID.
Shows the maximum size, in bytes, of an Aggregated-MAC Packet Data Unit (A-MPDU) that can be received on the AP's high-throughput SSID.
Displays the minimum time between the start of adjacent MDPUs within an aggregate MDPU, in microseconds.
show ap config | 1046
Parameter Supported MCS set
Description
Comma-separated list of Modulation Coding Scheme (MCS) values or ranges of values to be supported on this highthroughput SSID.
Short guard interval in 20 MHz mode
Shows if the AP has enabled or disabled use of short guard interval in 20 MHz mode of operation.
Short guard interval in 40 MHz mode
Shows if the AP has enabled or disabled use of short guard interval in 40 MHz mode of operation.
Maximum number of spatial streams usable for STBC transmission
Controls the maximum number of spatial streams usable for STBC transmission. 0 disables STBC transmission, 1 uses STBC for MCS 0-7. Higher MCS values are not supported. (Supported on the W-AP90, W-AP130 Series, W-AP175,W-AP68 and W-AP105 only. The configured value will be adjusted based on AP capabilities.)
Minimum number of spatial streams usable for STBC transmission
Controls the maximum number of spatial streams usable for STBC reception. 0 disables STBC reception, 1 uses STBC for MCS 0-7. Higher MCS values are not supported. (Supported on the W-AP90, W-AP130 Series, W-AP175, W-AP68 and W-AP105 only. The configured value will be adjusted based on AP capabilities.)
Legacy stations
Shows if the AP has enabled or disabled the legacy stations option, which controls whether or not legacy (non-HT) stations are allowed to associate with the AP's SSID. By default, legacy stations are allowed to associate.
NOTE: This setting has no
1047 | show ap config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Allow weak encryption
Virtual AP enable Allowed band VLAN Forward mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
effect on a BSS in which HT support is not available.
Shows if the AP has enabled or disabled the weak encryption option. The use of TKIP or WEP for unicast traffic forces the use of legacy transmissions rates. Disabling this mode prevents the association of stations using TKIP or WEP for unicast traffic. This mode is disabled by default.
Wireless LAN profiles configure WLANs in the form of virtual AP profiles. This parameter shows if the AP has enabled or disabled virtual APs.
Shows the band(s) on which to use the virtual AP: l a--802.11a band only
(5 GHz) l g--802.11b/g band
only (2.4 GHz) l all--both 802.11a and
802.11b/g bands (5 GHz and 2.4 GHz)
Shows the VLAN(s) into which users are placed in order to obtain an IP address.
Shows the current forward mode (tunnel, bridge, split-tunnel, or decrypttunnel) for the virtual AP.
show ap config | 1048
Parameter
Deny time range Mobile IP 1049 | show ap config
Description
This parameter controls whether 802.11 frames are tunneled to the controller using generic routing encapsulation (GRE), bridged into the local Ethernet LAN (for remote APs), or a combination thereof depending on the destination (corporate traffic goes to the controller, and Internet access remains local). When an AP is configured to use the decrypt-tunnel forwarding mode, that AP decrypts and decapsulates all 802.11 frames from a client and sends the 802.3 frames through the GRE tunnel to the controller, which then applies firewall policies to the user traffic. When the controller sends traffic to a client, the controller sends 802.3 traffic through the GRE tunnel to the AP, which then converts it to encrypted 802.11 and forwards to the client. Only 802.1X authentication is supported when configuring bridge or split tunnel mode.
Shows the time range for which the AP will deny access for a virtual AP.
Shows if IP mobility has been enabled or disabled for the virtual AP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter HA Discovery on-association
DoS Prevention Station Blacklisting Blacklist Time
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
If enabled, home agent discovery is triggered on client association instead of home agent discovery based on traffic from client. Mobility on association can speed up roaming and improve connectivity for clients that do not send many uplink packets to trigger mobility (VoIP clients).Best practices is to keep this parameter disabled,r as it increases IP mobility control traffic between controllers in the same mobility domain. Enable this parameter only when voice issues are observed in VoIP clients. NOTE: ha-disc-onassoc parameter works only when IP mobility is enabled and configured on the controller.
Shows the status of the Dos Prevention option. If enabled, virtual APs ignore deauthentication frames from clients. This prevents a successful deauth attack from being carried out against the AP. This does not affect thirdparty APs.
Shows if the virtual AP has enabled or disabled detection of denial of service (DoS) attacks, such as ping or SYN floods, that are not spoofed deauth attacks.
Shows the number of seconds that a client will be quarantined from the network after being blacklisted.
show ap config | 1050
Parameter Authentication Failure Blacklist Time Fast Roaming Strict Compliance
VLAN Mobility Remote-AP Operation
1051 | show ap config
Description
Shows the time, in seconds, a client is blocked if it fails repeated authentication. If the virtual AP shows a value of 0, a blacklisted client is blocked indefinitely.
Shows if the AP has enabled or disabled fast roaming.
If enabled, the virtual AP denies client association requests if the AP and client station have no common rates defined. Some legacy client stations which are not fully 802.11-compliant may not include their configured rates in their association requests. Such noncompliant stations may have difficulty associating with APs unless strict compliance is disabled.
Shows if a virtual AP has enabled or disabled VLAN (Layer-2) mobility
Shows when the virtual AP operates on a remote AP:
l always--Permanently enables the virtual AP (Bridge Mode only). This option can be used for non-802.1X bridge VAPs.
l backup--Enables the virtual AP if the remote AP cannot connect to the controller (Bridge Mode only). This option can be used for non802.1X bridge VAPs.
l persistent-- Permanently enables the virtual AP after the remote AP initially connects to the controller (Bridge Mode only). This option can be used for any (Open/PSK/802.1X)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Convert Broadcast ARP requests to unicast Band Steering
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
bridge VAPs.
l standard--Enables the virtual AP when the remote AP connects to the controller. This option can be used for any (bridge/splittunnel/tunnel/d-tunnel) VAPs.
If this option is enabled, all broadcast ARP requests are converted to unicast and sent directly to the client. You can check the status of this option using the show ap active and the show datapath tunnel command. If enabled, the output will display the letter a in the flags column.
Shows if band-steering has been enabled or disabled for a virtual AP.
ARM's band steering feature encourages dualband capable clients to stay on the 5GHz band on dual-band APs. This frees up resources on the 2.4GHz band for single band clients like VoIP phones.
Band steering reduces cochannel interference and increases available bandwidth for dual-band clients, because there are more channels on the 5GHz band than on the 2.4GHz band. Dual-band 802.11n-capable clients may see even greater bandwidth improvements, because the band steering feature will automatically select between 40MHz or 20MHz channels in 802.11n networks. This feature is disabled by default, and must be enabled in a Virtual AP profile.
show ap config | 1052
Parameter VoIP Call Admission Control VoIP Bandwidth based CAC VoIP Call Capacity VoIP Bandwidth Capacity (kbps) VoIP Call Handoff Reservation VoIP Send SIP 100 Trying
VoIP Disconnect Extra Call VOIP TSPEC Enforcement VOIP TSPEC Enforcement Period VoIP Drop SIP Invite and send status code (client)
Description
Shows if WiFi VoIP Call Admission Control features are enabled or disabled.
Shows the maximum bandwidth that can be handled by one radio, in kbps.
Show the number of simultaneous calls that can be handled by one radio.
Shows the maximum bandwidth that can be handled by one radio, in kbps.
Shows the percentage of call capacity reserved for mobile VoIP clients on call.
If enabled, the AP sends SIP 100 - trying messages to a call originator to indicate that the call is proceeding. This is useful when the SIP invite may be redirected through a number of servers before reaching the controller.
If enabled, the AP disconnects calls that exceed the high capacity threshold by sending a deauthentication frame.
Shows if validation of TSPEC requests for call admission controls is enabled or disabled.
Displays the maximum time for the station to start a call after the TSPEC request.
Displays the status code sent to the client when a SIP Invite is dropped.
1053 | show ap config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter VoIP Drop SIP Invite and send status code (server)
Description
l 480: Temporary Unavailable
l 486: Busy Here
l 503: Service Unavailable
l none: Don't send SIP status code
Displays the status code sent to the server when a SIP Invite is dropped.
l 480: Temporary Unavailable
l 486: Busy Here
l 503: Service Unavailable
l none: Don't send SIP status code
Related Commands
Command
ap system-profile rf dot11g-radio-profile rf arm-profile rf ht-radio-profile wlan ht-ssid-profile wlan virtual-ap wlan voip-cac-profile
Description
The output of the show ap config command displays the content of the profile settings for an individual AP or AP group. Use the commands displayed in the column to the left to configure these parameters.
Mode
Enable and Config modes
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap config | 1054
show ap coverage-holes (deprecated)
show ap coverage holes
Description
Show information for APs that have detected coverage holes in the wireless network.
Command History
Version ArubaOS 2.0
Description Command introduced
ArubaOS 6.1
Command deprecated
1055 | show ap coverage-holes (deprecated)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap database
show ap database {flags|group <group>|inactive|indoor|local|long|outdoor|{page <page>}| sensors [disconnected]|sort-by [ap-flags|ap-group|ap-ip| ap-mac|ap-name|ap-serial|ap-type|fqln|provisioned|status {up|down}|switch-ip]|sort-direction [ascending|descending]|start <start> |status {up|down]|switch <switch-ipaddr>|unprovisioned|usb}
Description
Show the list of access points in the controller's database.
Syntax
Parameter flags group <group> inactive
indoor local long
outdoor page <page>
disconnected sort-by
ap-flags ap-group
Description Show only APs with flags set [LUDINRCc12ME] .
Show data for a specified AP group.
Show only local APs with no active BSSIDs or wired AP interfaces.
Show only APs that have an installation mode set to "indoor."
Show only APs connected to this controller.
Display the following additional data columns: l Wired MAC Address, l Serial # l Slot/Port l FQLN l Service Tag
Show only APs that have an installation mode set to "outdoor."
Display a limited number of APs by entering the number of APs to be displayed in the output of this command.
Show only disconnected RFprotect sensors.
Sort the output of this command by a specific data column.
Sort by AP flags.
Sort by AP group name.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap database | 1056
Parameter ap-ip ap-mac
Description Sort by AP group name. Sort by AP wired MAC address .
ap-name
Sort by AP name .
ap-serial
Sort by AP serial number.
ap-type
Sort by AP model.
fqln
Sort by Fully Qualified Location Name (FQLN).
provisioned
Sort by provisioning statistics.
status up|down
If used with the sort-by keyword, status sorts the output of the command by status type (up or down.) Otherwise, use the status keyword to display APs with the specified status.
switch-ip
Sort by controller IP address.
uptime
Sort by AP uptime.
sort-direction
Choose sort direction of AP list:.
ascending
Sort AP list in ascending order by name.
descending
Sort AP list in descending order by name.
start <start>
Start showing the AP index at the specified index number.
status
Show only APS with a given status as active or inactive.
down
Show only APs that are inactive.
up
Show only APs that are active.
switch <switch-ip-addr> Show only APs registered with a specified controller by entering a controller IP address.
unprovisioned
Show only unprovisioned APs (using modifiers).
usb
Show USB related parameters.
Usage Guidelines
Many of the parameters in this command can be used together to filter a large database of information down to just the AP data you want to see. For example, you can issue the command show ap database group
1057 | show ap database
Dell Networking W-Series ArubaOS 6.4.x | User Guide
<group> local status up to view a list of local APs within a specific AP group that are reporting an up status. Include the sort-by and sort-direction keywords to specify how the data is sorted in the output of this command.
Examples
The output of the command show ap database shows the controller's database of information for APs in the group default. The output also includes a description of the flag types that may appear in the Flags column.
show ap database group default
AP Database
-----------
Name
Group AP Type IP Address
Status
Flags Switch IP
Standby IP
----
----- ------- ----------
------
----- ---------
----------
00:24:6c:cb:d7:48 default 92
172.20.72.233 Down
172.20.1.103 0.0.0.0
W-AP92-F2:EC
default 92
172.20.72.234 Up 2d:1h:59m:51s
172.20.1.103 0.0.0.0
W-AP92-F3:48
default 92
172.20.72.238 Up 2d:1h:59m:25s
172.20.1.103 0.0.0.0
W-AP105-00:01
default 105
172.20.72.232 Up 2d:1h:59m:47s
172.20.1.103 0.0.0.0
W-AP105-0D:E7
default 105
172.20.72.231 Up 2d:1h:59m:13s
172.20.1.103 0.0.0.0
W-AP120-35-A2
default 120
172.20.72.243 Down
172.20.1.103 0.0.0.0
W-AP124-29:3A
default 124
172.20.72.252 Up 2d:2h:0m:22s
172.20.1.103 0.0.0.0
W-AP124-5B:2A
default 124abg 172.20.72.245 Up 2d:2h:0m:43s
172.20.1.103 0.0.0.0
W-AP124-D7:D6
default 124
172.20.72.244 Up 2d:2h:0m:25s
172.20.1.103 0.0.0.0
W-AP124-E5:41
default 124
172.20.72.248 Up 2d:2h:0m:10s
172.20.1.103 0.0.0.0
W-AP124-F3:CE
default 124
172.20.72.242 Up 2d:2h:0m:5s
172.20.1.103 0.0.0.0
W-AP124-F3:DE
default 124
172.20.72.247 Up 2d:2h:0m:32s
172.20.1.103 0.0.0.0
W-AP124-F3:EA
default 124
172.20.72.246 Up 2d:2h:0m:40s
172.20.1.103 0.0.0.0
W-AP125-53:56
default 125
172.20.72.237 Up 2d:2h:0m:15s
172.20.1.103 0.0.0.0
W-AP135-7F:A0
default 135
172.20.72.240 Up 2d:2h:0m:35s
172.20.1.103 0.0.0.0
VW-092-96:18
default 92
172.20.72.253 Up 2d:2h:2m:4s
172.20.1.103 0.0.0.0
VW-092-F3:03
default 92
172.20.72.235 Up 2d:1h:59m:53s
172.20.1.103 0.0.0.0
VW-092-F3:70
default 92
172.20.72.236 Up 2d:1h:59m:52s
172.20.1.103 0.0.0.0
VW-134-11:3C
default 134
172.20.72.239 Up 2d:2h:0m:3s
172.20.1.103 0.0.0.0
Flags: U = Unprovisioned; N = Duplicate name; G = No such group; L = Unlicensed
I = Inactive; D = Dirty or no config; E = Regulatory Domain Mismatch
X = Maintenance Mode; P = PPPoE AP; B = Built-in AP; s = LACP striping
R = Remote AP; R- = Remote AP requires Auth; C = Cellular RAP;
c = CERT-based RAP; 1 = 802.1x authenticated AP; 2 = Using IKE version 2
u = Custom-Cert RAP; S = Standby-mode AP; J = USB cert at AP
M = Mesh node; Y = Mesh Recovery
Total APs:19
Related Commands
Command show ap database-summary
Description
Mode
To display a more general summary overview of the AP registered to a controller, use the command show ap databasesummary.
Enable and Config modes
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap database | 1058
Command History
Version ArubaOS 3.0 ArubaOS 6.2 ArubaOS 6.4.2.0
Modification
Command introduced
The usb parameter was introduced
The LACP Striping flag was introduced to indicate of the AP is configured with a LACP striping IP address. See ap-lacp-striping-ip on page 183 The output of show ap database long command displays the service tag of an AP.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1059 | show ap database
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap database-summary
show ap database-summary
Description
Show a general summary of access point information for this controller.
Usage Guidelines
Use this command to show the current number of active APs and Air Monitors. This command is also useful for determining how many unprovisioned APs or duplicate APs are on the network. For full details on each AP registered to a controller, use the command show ap database.
Examples
The output of this command shows that this controller can detect a total of five APs, four up, and one down.
AP Database Summary
-------------------
AP Mode
Total Up Total Down
Down RAP Upgrading* RAP Rebooting*
-------
-------- ----------
- -------------- --------------
Access Points
4
1
0
0
Air Monitors
0
0
0
0
Wired Access Points 0
0
0
0
Mesh Portals
0
0
0
0
Mesh Points
0
0
0
0
Spectrum Monitors 1
1
0
0
Total Upgrading* ---------------0 0 0 0 0 0
Total Rebooting* ---------------0 0 0 0 0 0
RAP Up -----0 0 0 0 0 0
RAP ------0 0 0 0 0 0
*Upgrading and Rebooting counts only reflect APs registered on this controller.
The output of this command includes the following information:
Column Total Up Total Down IPSEC Up IPSEC Down
Description Total number of APs with an up status. Total number of APs with a down status. Total number of APs with an active (up) IPsec tunnel. Total number of APs with an inactive (down) IPsec tunnel.
Command History
Introduced in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap database-summary | 1060
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1061 | show ap database-summary
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug association-failure (deprecated)
show ap debug association-failure [{ap-name <ap-name>}|{bssid <bssid>}|{client-mac <clientmac>}|{essid <essid>}|{ip-addr <ip-addr>}]
Description
Display association failure information that can be used to troubleshoot problems on an AP.
Command History
Platforms ArubaOS 3.0
Licensing Command introduced
ArubaOS 5.0
Command deprecated
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug association-failure (deprecated) | 1062
show ap debug bandwidth-management
show ap debug bandwidth-management [ap-name <ap-name>|ip-addr <ip-addr> |ip6-addr <ip6-addr>]
Description
This command shows bandwidth management information for clients.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr> ip6-addr <ip6-addr>
Description Name of the access point. IP address of the access point. IPv6 address of the access point
Examples
The output of this command shows interface and shaping and interface policy for this AP. (host) #show ap debug bandwidth-management ap-name amit-ap-105 Interface :wifi0 Shaping policy:Default-access (no stats) Interface :wifi1 Shaping policy:Default-access (no stats)
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1063 | show ap debug bandwidth-management
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug bss-config
show ap debug bss-config [ap-name <ap-name>|bssid <bssid>||essid <essid>|ip-addr <ipaddr>|ip6-addr <ip6-addr>|port <port>/<slot>]
Description
Show the configuration for each BSSID of an AP. This information can be used to troubleshoot problems on an AP.
Syntax
Parameter ap-name <ap-name> bssid <bssid> essid <essid>
ip-addr <ip-addr> ip6-addr <ip6-addr> port <port>/<slot>
Description
Filter the AP Config table by AP name.
Filter the AP Config table by BSSID. The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Filter the AP Config table by ESSID. An Extended Service Set Identifier (ESSID) is a alphanumeric name that uniquely identifies a wireless network. If the name includes spaces, you must enclose the ESSID in quotation marks.
Filter the AP Config table by IP address by entering an IP address in dotted-decimal format.
Filter the AP Config table by IP address by entering an IPv6 IP address in dotted-decimal format.
Filter the AP Config table by port and slot numbers. The slot and port numbers should be separated by a forward slash (/).
Examples
The output of this command shows the AP configuration table for a specific BSSID.
(host) #show ap debug bss-config
Dell AP Config Table
---------------------
bss
ess vlan ip
phy type fw-mode max-cl rates tx-rates preamble mtu
---
---- ---- --
--- ---- ------- ----- ----- -------- -------- ---
status wmm
------ ---
00:1a:1e:11:24:c2 cera2 66 10.6.1.203 g-HT ap tunnel 64
0x3 0xfff enable 0
enable enable
00:1a:1e:8d:5b:11 wpa2 65 10.6.1.198 a-HT ap tunnel 20
0x150 0xff0 -
0
enable enable
00:0b:86:9b:e5:60 guest 63 10.6.14.79 g ap tunnel 20
0x2 0x3fe enable 0
enable enable
00:1a:1e:97:e5:41 voip 66 10.6.1.199 g-HT ap tunnel 20
0xc 0x14c enable 0
enable enable
00:1a:1e:11:74:a1 voip 66 10.6.1.197 g-HT ap tunnel 20
0xc 0x14c enable 0
enable enable
00:1a:1e:11:5f:11 wpa2 65 10.6.1.200 a-HT ap tunnel 20
0x150 0xff0 -
0
enable enable
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug bss-config | 1064
The output of this command includes the following information:
Column bss ess vlan IP phy
type fw-mode
max-cl preamble
MTU status wmm
Description
Basic Service Set (BSS) identifier, which is usually the AP's MAC address.
Extended Service Set (ESS) identifier; a user-defined name for a wireless network.
The BSSID's VLAN number.
The AP's IP address.
One of the following 802.11 types la l a-HT (high-throughput) lg l g-HT (high-throughput)
This column shows if the BSSID is for an access point (ap) or an air monitor (am).
The configured forward mode for the AP's virtual AP profile. l bridge: Bridge locally l split-tunnel: Tunnel to controller or NAT locally l tunnel: Tunnel to controller
The maximum number of clients allowed for this BSSID.
Shows if short preambles are enabled for 802.11b/g radios. Network performance may be higher when short preamble is enabled. In mixed radio environments, some 802.11b wireless client stations may experience difficulty associating with the AP using a short preamble.
Maximum Transmission Unit (MTU) size, in bytes. This value describes the greatest amount of data that can be transferred in one physical frame.
Shows if this BSSID is enabled or disabled.
Shows if the BSSID has enabled or disabled WMM, also known as IEEE 802.11e Enhanced Distribution Coordination Function (EDCF) WMM provides prioritization of specific traffic relative to other traffic in the network.
Command History
Introduced in ArubaOS 3.0.
1065 | show ap debug bss-config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug bss-config | 1066
show ap debug bss-stats
show ap debug bss-stats [bssid <bssid>]
Description
Show debug and troubleshooting statistics from a specific BSSID of an AP.
Syntax
Parameter bssid <bssid>
Description
Show data for a specific Basic Service Set Identifier (BSSID) on an AP. An AP's BSSID is usually the AP's MAC address.
Examples
The example below shows part of the output of the command show ap debug bss-stats bssid <bssid>.
(host) #show ap debug bss-stats bssid 00:1a:1e:11:5f:11
BSSID Stats
-----------
BSSID Stats
-----------
Parameter
Value
---------
-----
-------------------
General
-------------------
Transmit
Tx Frames Rcvd
972118
Tx Bcast Frames Rcvd
4139
Tx Frames Dropped
375241
Tx Bcast Frames Dropped
0
Tx Frames Transmitted
596088
Tx Bytes Rcvd
633849487
Tx Bytes Transmitted
593931482
Tx Time Frames Rcvd
705492586
Tx Time Frames Dropped
397125178
Tx Time Frames Transmitted
308367408
Tx Success With Retry
91875
Tx Multiple Retries
467116
Tx Mgmt Frames
502661
Tx Beacons Transmitted
3528036
Tx Probe Responses
502612
Tx Data Transmitted Retried 91867
Tx Data Transmitted
467744
Tx Data Frames
469457
Tx Broadcast Data Frames In 4139
Tx Data Bytes Transmitted
580843154
Tx Data Bytes
582581297
Tx Time Data Transmitted
173621140
Tx Time BC/MC Data
0
Tx Time Data dropped
4070686
Tx Time Data
177691826
Tx Time Data (Ideal)
0
Tx Broadcast Data Frames Sent 4136
Tx Multicast Data Frames
4011
Tx DMO Multicast
0
Tx DMO Invalid
0
1067 | show ap debug bss-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
... The output of this command includes the following information:
Parameter Tx Frames Rcvd Tx Bcast Frames Rcvd Tx Frames Dropped
Description Number of transmitted frames that were received. Number of transmitted broadcast frames that were received. Number of transmitted frames that were dropped.
Tx Bcast Frames Dropped Number of transmitted broadcast frames that were dropped.
Tx Frames Transmitted
Number of frames successfully transmitted.
Tx Bytes Rcvd
Number of transmitted bytes received.
Tx Bytes Transmitted
Number of transmitted bytes.
Tx Time Frames Rcvd
Number of times transmitted frames were received.
Tx Time Frames Dropped Number of times transmitted frames were dropped.
Tx Time Frames Transmitted
Number of times frames were transmitted.
Tx Success With Retry
Number of frames that were successfully transmitted after being retried.
Tx Multiple retries Tx Mgmt Frames
Number of frames that were successfully transmitted after being retried multiple times.
Number of management frames transmitted.
Tx Beacons Transmitted Number of beacons transmitted.
Tx Probe Responses
Number of transmitted probe responses.
Tx Data Transmitted Retried
Tx Data Transmitted
Tx Data Frames
Number of retried data frames. Number of transmitted data frames. Number of transmitted data frames.
Tx Broadcast Data Frames In
Tx Data Bytes Transmitted
Tx Data Bytes
Tx Time BC/MC Data
Number of broadcast data frames received by the AP from wired interface to be transmitted in the air.
Total data bytes received by an AP from its wired interface to be transmitted over the air.
Total data bytes transmitted by the AP over the air.
Total time spent transmitting broadcast/multicast frames.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug bss-stats | 1068
Parameter Tx Time Data dropped Tx Time Data
Tx Broadcast Data Frames Sent
Description Total time spent transmitting dropped frames.
Total time spent sending frames received for transmission, including the frames that were dropped after retrying.
Broadcast data frames transmitted by the AP.
Tx Multicast Data Frames
Multicast data frames transmitted by the AP.
Tx DMO Multicast
NOTE: This counter applies to APs in decrypt-tunnel or split forwarding modes only. They may also increment for Instant APsin bridge forwarding mode if the Instant AP performs bridge-mode multicast conversion.
Tx DMO Invalid
NOTE: This counter applies to APs in decrypt-tunnel or split forwarding modes only. They may also increment for Instant APsin bridge forwarding mode if the Instant AP performs bridge-mode multicast conversion.
Tx DMO Converted
NOTE: This counter applies to APs in decrypt-tunnel or split forwarding modes only. They may also increment for Instant APsin bridge forwarding mode if the Instant AP performs bridge-mode multicast conversion.
Tx DMO Replicated
NOTE: This counter applies to APs in decrypt-tunnel or split forwarding modes only. They may also increment for Instant APsin bridge forwarding mode if the Instant AP performs bridge-mode multicast conversion.
Tx DMO Dropped
NOTE: This counter applies to APs in decrypt-tunnel or split forwarding modes only. They may also increment for Instant APsin bridge forwarding mode if the Instant AP performs bridge-mode multicast conversion.
Tx DMO No Client
Number of times no client was found for an association-ID indicated by the frame. (This value is typically normally 0.)
NOTE: This counter applies to APs in decrypt-tunnel or split forwarding modes only. They may also increment for Instant APs in bridge forwarding mode if the Instant AP performs bridge-mode multicast conversion.
Tx DMO No BSSID
Number of times the BSSID indicated by the frame was not found. (This value is typically normally 0.)
NOTE: This counter applies to APs in decrypt-tunnel or split forwarding modes only. They may also increment for Instant APsin bridge forwarding mode if the Instant AP performs bridge-mode multicast conversion.
Tx Unicast Data Frames Number of transmitted unicast data frames.
Tx RTS Success
Number of Ready To Send (RTS) frames successfully transmitted.
Tx RTS Failed
Number of Ready To Send (RTS) frames that were not successfully transmitted
Tx CTS Frames
Number of Clear-to-Send (CTS) frames transmitted.
Tx Dropped After Retry Number of frames dropped after an attempted retry.
Tx Dropped No Buffer
Number of frames dropped because the AP's buffer was full.
1069 | show ap debug bss-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Tx Missed ACKs Tx EAPOL Frames TX STBC Frames TX LDPC Frames Tx WMM
Tx Data <value> Mbps Tx Data Bytes <value> Mbps UAPSD OverflowDrop Tx Mgmt Bytes Tx Beacons Bytes Tx AMSDU pkt count Rx Last SNR Rx Last SNR CTL0
Rx Last SNR CTL1
Rx Last SNR CTL2
Rx Last ACK SNR Rx Last ACK SNR CTL0
Description
Number of retries triggered because an acknowledgement was not received.
Number of EAPOL frames transmitted
Number of transmitted frames with Space-time block coding (STBC) enabled.
Number of transmitted frames with Low Density Parity Check (LDPC) enabled.
Number of Wi-fi Multimedia (WMM) packets transmitted for the following access categories. If the AP has not transmitted packets in a category type, this data row will not appear in the output of the command. l Tx WMM [BE]: Best Effort l Tx WMM [BK]: Background l Tx WMM [VO]: VoIP l Tx WMM [VI]: Video
Number of frames transmitted at the specified rate, (Mbps).
Number of bytes of data transmitted at the specified rate, (Mbps).
Number of packets dropped due to Unscheduled Automatic Power Save Delivery (U-APSD) overflow.
Total management frame bytes transmitted.
Total number of Beacon frame bytes transmitted.
Total number of AMSDU bytes transmitted.
The last recorded signal-to-noise ratio.
The signal-to-noise ratio for the last received data packet on the primary (control) channel 0. This parameter is only displayed for APs operating in 40 Mhz mode.
The signal-to-noise ratio for the last received data packet on the secondary (control) channel 1. This parameter is only displayed for APs operating in 40 Mhz mode.
The signal-to-noise ratio for the last received data packet on the secondary (control) channel 2. This parameter is only displayed for APs operating in 40 Mhz mode.
Signal-to-noise ratio for the last received ACK packet.
Signal-to-noise ratio for the last received ACK packet on the primary (control) channel 0. This parameter is only displayed for APs operating in 40 Mhz mode.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug bss-stats | 1070
Parameter Rx Last ACK SNR CTL1
Description
Signal-to-noise ratio for the last received ACK packet on the primary (control) channel 1. This parameter is only displayed for APs operating in 40 Mhz mode.
Rx Last ACK SNR CTL2
Signal-to-noise ratio for the last received ACK packet on the primary (control) channel 2. This parameter is only displayed for APs operating in 40 Mhz mode.
Rx Frames Received
Number of frames received.
Rx retry frames Rx data frames retried Rx Data Frames
Number of retried frames received. Number of retried data frames received. Number of data frames received.
Rx Data Bytes
Number of data bytes received.
Rx Time Data
Total time spent on frames successfully received.
Rx Duplicate Frames
Number of duplicate frames received.
Rx Broadcast Data Frames
Number of broadcast frames received.
Rx Multicast Data Frames
Number of multicast frames received.
Rx Unicast Data Frames Number of unicast frames received.
Rx Null Data Frames
Number of null data frames received.
Rx Mgmt Frames
Number of management frames received.
Control Frames
Number of control frames received.
Frames To Me
Number of frames received that are addressed to the specified BSSID.
Bytes To Me
Number of bytes received that are addressed to the specified BSSID.
Time To Me Rx Probe Requests
Total time spent receiving frames sent to a specified BSSID. Number of probe requests received.
RX PS Poll Frames
Power-Save Poll (PS-Poll) frames received. When a client exits a powersaving mode, it transmits a PS-Poll frame to the AP to retrieve any frames buffered while it was in power-saving mode.
RX STBC Frames RX LDPC Frames
Number of received frames with STBC enabled. Number of received frames with LDPC enabled.
1071 | show ap debug bss-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Rx Data <value> Mbps
Rx Data Bytes <value> Mbps
Description Number of frames received at the specified rate, (Mbps). Number of bytes of data received at the specified rate, (Mbps).
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug bss-stats | 1072
show ap debug client-deauth-reason-counters
show ap debug client-deauth-reason-counters
Description
Shows the aggregate client deauth reason counters
Examples
The output of the command below shows client deauth reason counters.
(host) #show ap debug client-deauth-reason-counters
Deauth Reason Counters
----------------------
Name
Value
----
-----
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1073 | show ap debug client-deauth-reason-counters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug client-mgmt-counters
show ap debug client-mgmt-counters
Description
Show the numbers of each type of message from an AP's clients. This information can be used to troubleshoot problems on an AP.
Examples
The output of the command below shows client management counters.
(host)#show ap debug client-mgmt-counters
Counters
--------
Name
Value
----
-----
Validate Client
512
AP Stats Update Message
557750
3087
6
Tunnel VLAN Membership
4493
Update STA Tunnel Request
229
Update STA Tunnel Response 229
ARM Update
808921
ARM Propagate
590567
ARM Neighbor Assigned
55396
STM SAP Down
19
AP Message
192
STA On Call Message
12164
STA Message
19750
STA SIP authenticate Message 10919
STA Deauthenticate
707
Stat Update V3
441447
VoIP CAC State Announcement 37185
Remote AP State
371330
AP Message Response
164
assoc-req
4358
assoc-resp
4358
reassoc-req
950
reassoc-resp
950
disassoc
452
deauth
5117
sapcp
351131
The output of this command includes the following information:
Parameter Validate Client AP Stats Update Message 3087
Description Number of times a client was validated. Number of times an AP updated its statistics with the controller. (For internal use only)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug client-mgmt-counters | 1074
Parameter Tunnel VLAN Membership
Description (For internal use only)
Update STA Tunnel Request
(For internal use only)
Update STA Tunnel Response
(For internal use only)
ARM Update
Number of times an AP has changed its adaptive radio management (ARM) settings.
ARM Propagate
(For internal use only)
ARM Neighbor Assigned
(For internal use only)
STM SAP Down
(For internal use only)
AP Message
(For internal use only)
STA On Call Message
Number of counters indicating that a station has an active phone call
STA Message
(For internal use only)
STA SIP authenticate Message Number of messages indicating that a telephone has completed SIP registration and authentication.
STA Deauthenticate
Number of times a station sent a message to an AP to deauthenticate a client.
Stat Update V3
(For internal use only)
VoIP CAC State Announcement
Number of times a controller announces a call admission control (CAC) state change to the AP. Changes in CAC state could include the ability of call admission controls to accept more or fewer calls than previously configured.
Remote AP State
(For internal use only)
AP Message Response
(For internal use only)
assoc-req
Number of 802.11 association request management frames from the controller.
assoc-resp
Number of 802.11 association responses to the controller.
reassoc-req
Number of 802.11 reassociation requests to the controller.
reassoc-resp
Number of 802.11 reassociation responses from the controller.
1075 | show ap debug client-mgmt-counters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter disassoc deauth sapcp
Description Number of 802.11 disassociation messages to the controller. Number of 802.11 deauthorization messages from the controller. (For internal use only)
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug client-mgmt-counters | 1076
show ap debug client-stats
show ap debug client-stats <client-mac)
Description
Show detailed statistics about a client.
Example
The command below displays statistics for packets received from and transmitted to the specified client. (host) #show ap debug client-stats 00:19:7e:89:fa:e7
Station Stats ------------Parameter --------------------------------------Frames Rcvd For TX Tx Frames Dropped Frames Transmitted Success With Retry Tx Mgmt Frames Tx Probe Responses Tx Data Frames Tx CTS Frames Dropped After Retry Dropped No Buffer Missed ACKs Long Preamble Short Preamble Tx EAPOL Frames Tx 6 Mbps Tx 48 Mbps Tx 54 Mbps Tx WMM [VO] UAPSD OverflowDrop ---------------Last SNR Last SNR CTL0 Last SNR CTL1 Last SNR CTL2 Last ACK SNR Last ACK SNR CTL0 Last ACK SNR CTL1 Last ACK SNR CTL2 Last ACK SNR EXT0 Last ACK SNR EXT1 Frames Received Rx Data Frames Null Data Frames Rx Mgmt Frames PS Poll Frames Rx 6 Mbps Rx 12 Mbps Rx 18 Mbps Rx 24 Mbps Rx 36 Mbps Rx 48 Mbps
Value ----General Per-radio Statistics Transmit specific Statistics 22 0 22 1 2 0 20 0 0 0 1 22 0 13 15 5 2 15 0 Receive specific Statistics 31 28 25 22 32 30 28 21 5 4 2932 2930 2879 1 0 14 6 5 2 13 1162
1077 | show ap debug client-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Rx 54 Mbps Rx WMM [BE]
1730 39
The output of this command includes the following information:
Parameter Frames Rcvd For TX Tx Frames Dropped Frames Transmitted Success With Retry Tx Mgmt Frames Tx Probe Responses Tx Data Frames Tx CTS Frames Dropped After Retry Dropped No Buffer Missed ACKs Long Preamble Short Preamble Tx EAPOL Frames
Tx <n> Mbps
Tx WMM
Description Number of frames received for transmission.
Number of transmission frames that were dropped.
Number of frames successfully transmitted.
Number of frames that were transmitted after being retried.
Number of management frames transmitted.
Number of transmitted probe responses.
Number of transmitted data frames.
Number of clear-to-sent (CTS) frames transmitted.
Number of frames dropped after an attempted retry.
Number of frames dropped because the AP's buffer was full.
Number of missed acknowledgements (ACKs)
Number of frames sent with a long preamble.
Number of frames sent with a short preamble.
Number of Extensible Authentication Protocol over LAN (EAPOL) frames transmitted.
Number of frames transmitted at <n> Mbps, where <n> is a value between 6 and 300.
Number of Wifi Multimedia (WMM) packets transmitted for the following access categories. If the AP has not transmitted packets in a category type, this data row will not appear in the output of the command. Tx WMM [BE]: Best Effort Tx WMM [BK]: Background Tx WMM [VO]: VoIP Tx WMM [VI]: Video
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug client-stats | 1078
Parameter UAPSD OverflowDrop Last SNR Last SNR CTL0
Last SNR CTL1
Last SNR CTL2
Last ACK SNR Last ACK SNR CTL0 Last ACK SNR CTL1 Last ACK SNR CTL2 Last ACK SNR EXT0
Last ACK SNR EXT1
Frames Received Rx Data Frames Null Data Frames Rx Mgmt Frames PS Poll Frames Rx <n> Mbps
Description
Number of packets dropped due to Unscheduled Automatic Power Save Delivery (U-APSD) overflow.
The last recorded signal-to-noise ratio.
The signal-to-noise ratio for the last received data packet on the primary (control) channel 0. This parameter is only displayed for APs operating in 40 Mhz mode.
The signal-to-noise ratio for the last received data packet on the secondary (control) channel 1. This parameter is only displayed for APs operating in 40 Mhz mode.
The signal-to-noise ratio for the last received data packet on the secondary (control) channel 2. This parameter is only displayed for APs operating in 40 Mhz mode.
Signal-to-noise ratio for the last received ACK packet.
Signal-to-noise ratio for the last received ACK packet on the primary (control) channel 0. This parameter is only displayed for APs operating in 40 Mhz mode.
Signal-to-noise ratio for the last received ACK packet on the primary (control) channel 1. This parameter is only displayed for APs operating in 40 Mhz mode.
Signal-to-noise ratio for the last received ACK packet on the primary (control) channel 2. This parameter is only displayed for APs operating in 40 Mhz mode.
Signal-to-noise ratio for the last received ACK packet on the secondary (extension) channel 0. This parameter is only displayed for APs operating in 40 Mhz mode.
Signal-to-noise ratio for the last received ACK packet on the secondary (extension) channel 1. This parameter is only displayed for APs operating in 40 Mhz mode.
Number of frames received.
Number of data frames received.
Number of null data frames received.
Number of management frames received.
Number of power save poll frames received.
Number of frames received at <n> Mbps, where <n> is a value between 6 and 300.
1079 | show ap debug client-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Tx WMM
Description
Number of Wifi Multimedia (WMM) packets transmitted for the following access categories. If the AP has not transmitted packets in a category type, this data row will not appear in the output of the command. Tx WMM [BE]: Best Effort Tx WMM [BK]: Background Tx WMM [VO]: VoIP Tx WMM [VI]: Video
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug client-stats | 1080
show ap debug client-table
show ap debug client-table [ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>|ip6-addr <ip6addr>]
Description
Show clients associated to an AP.
Syntax
Parameter ap-name <ap-name> bssid <bssid> ip-addr <ip-addr> ip6-addr <ip-addr>
Description Filter the client table by AP name. Filter the client table by BSSID. This will print clients on top from given BSSID. Filter the client table by AP IP address. Filter the client table by AP IPv6 address.
Usage Guidelines
The Tx_Rate, Rx_Rate, Last_ACK_SNR, and Last_Rx_SNR columns shown in the output of this command display valuable troubleshooting information for clients trying to connect to a specific AP. Use this command to verify that the transmit (Tx_Rate) and receive (Rx_Rate) rates are not too low, and that the signal-to-noise (SNR) ratio is acceptable.
Examples
The example below the AP configuration table for a specific BSSID. In this example, the output is divided into multiple sections to better fit on the pages of this document. In the actual command-line interface, it appears in a single, long table.
(host) #show ap debug client-table ap-name apname1
Client Table
------------
MAC
ESSID
BSSID
Assoc_State HT_State AID
---
-----
-----
----------- -------- ---
00:10:18:a9:7c:48 essidname1
6c:f3:7f:e7:5c:90 Associated cAWvSseM 0x1
PS_State UAPSD
Tx_Pkts Rx_Pkts PS_Qlen Tx_Retries Tx_Rate Rx_Rate
-------- -----
------- ------- ------- ---------- ------- -------
Awake
(0,0,0,0,N/A,0) 799
1377
0
48
1300
1053
Last_ACK_SNR Last_Rx_SNR TX_Chains Tx_Timestamp
------------ ----------- --------- ------------
32
47
3[0x7] Sun Jul 21 11:05:50 2013
Rx_Timestamp
MFP Status (C,R) Idle time Client health (C/R)
------------
---------------- --------- -------------------
Sun Jul 21 11:05:50 2013 (0,0)
119
90/90
UAPSD:(VO,VI,BK,BE,Max SP,Q Len) HT Flags: A - LDPC Coding; W - 40MHz; S - Short GI 40; s - Short GI 20 D - Delayed BA; G - Greenfield; R - Dynamic SM PS
1081 | show ap debug client-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Q - Static SM PS; N - A-MPDU disabled; B - TX STBC b - RX STBC; M - Max A-MSDU; I - HT40 Intolerant VHT Flags: C - 160MHz; c - 80MHz; V - Short GI 160; v - Short GI 80 E - Beamformee; e - Beamformer HT_State shows client's original capabilities (not operational capabilities)
The output of this command includes the following information:
Parameter MAC ESSID BSSID Assoc_State HT_State
AID
Description
MAC address of a client.
Extended Service Set identifier (ESSID) used by the client. An ESSID is a user-defined name for a wireless network.
Basic Service Set identifier for the client.
The associated state column shows whether or not the client is currently authorized and/or associated with the AP.
Shows information about the client's high-throughput or very-high throughput transmission type. The description for each of the flags that can appear in this column follows the output of the command. l A - LDPC Coding l W - 40MHz l S - Short GI 40 l s - Short GI 20 l D - Delayed BA l G - Greenfield l R - Dynamic SM PS l Q - Static SM PS l N - A-MPDU disabled l B - TX STBC l b - RX STBC l M - Max A-MSDU l I - HT40 Intolerant l C - 160MHz l c - 80MHz l V - Short GI 16 l v - Short GI 80 l E - Beamformee l e - Beamformer
802.11 association ID. A client receives a unique 802.11 association ID when it associates to an AP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug client-table | 1082
Parameter PS_State UAPSD
Tx_Pkts Rx_Pkts PS_Qlen Tx_Retries Tx_rate Rx_rate Last_ACK_SNR Last_Rx_SNR TX_Chains
Description
Powersave state, showing if the AP is in the awake or power-save state.
This parameter shows the Unscheduled Automatic Power Save Delivery (UAPSD) queue statuses in the following comma-separated format: (<VO>,< VI>,< BK>, <BE>,< Max SP>,<Q Len>). l VO: If 1, UAPSD is enabled for the VoIP access category. If UAPSD is disabled for
this access category, this value is 0. l VI: If 1, UAPSD is enabled for the Video access category. If UAPSD is disabled for
this access category, this value is 0. l BK: If 1, UAPSD is enabled for the Background access category. If UAPSD is
disabled for this access category, this value is 0. l BE: If 1, UAPSD is enabled for the Best Effort access category. If UAPSD is disabled
for this access category, this value is 0. l Max SP: The maximum service period is the number of frame sent per trigger
packet. This value is value can be 0, 2, 4 or 8. l Q Len: The number of frames currently queued for the client, from 0 to 16 frames.
Number of packets transmitted from the AP to the client.
Number of packets the AP received from the client.
Number of packets in the power save queue length.
Number of packets that the AP had to resend to the client due to an initial transmission failure.
Rate at which last packet was sent to client (in Mbps)
Rate at which last packet was received from client (in Mbps)
Signal-to-Noise ratio of the last acknowledge packet sent by client.
Signal-to-Noise ratio of the last data packet received from the client.
The first digit in this value indicates the number of transmission chains on the radio currently in use, and the number in brackets shows which of the chains are active. The current status of each chain is indicated by a single-digit binary number; 1 if the chain is active, and 0 if it is inactive. In the example output above (2 [0x5]), two chain are active; chain one and chain three. l chain one: 1 (active) l chain two: 0 (inactive) l chain three: 1 (active In the example above, the chain would generate the value 101, which translates to the hexadecimal number 5. If all three chain were active, it would generate the value 111, (the hexadecimal number 7), and would appear in the CLI output as 3 [0x7].
1083 | show ap debug client-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Tx_timestamp
Description Date and time the last packet was sent to the client.
Rx_timestamp
Date and time the last packet was received from the client.
MFP status
Client is 802.11W capable/802.11W is enabled on Radio
Idle Time
Number of seconds elapsed since a packet was received from the client.
Client Health
This column shows the client health of the client and the AP radio, in the format <client_health>/<AP-health>. These values report the quality of link between the client and radio,
An AP's client health is the efficiency at which that AP transmits downstream traffic to a particular client. This value is determined by comparing the amount of time the AP spends transmitting data to a client to the amount of time that would be required under ideal conditions, that is, at the maximum Rx rate supported by client, with no data retries.
A client health metric of 100% means the actual airtime the AP spends transmitting data is equal to the ideal amount of time required to send data to the client. A client health metric of 50% means the AP is taking twice as long as is ideal, or is sending one extra transmission to that client for every packet. A metric of 25% means the AP is taking four times longer than the ideal transmission time, or sending 3 extra transmissions to that client for every packet.
Command History
Version ArubaOS 3.0
Description Command Introduced
ArubaOS 6.3.1
The Client Health metric was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug client-table | 1084
show ap debug client-trace
show ap client-trace {ap-name <ap-name>}|{ip-addr <ip>}|{ip6-addr <ip6>} mac <client-mac>
Description
Use this command to show counts of different types of management data frames traced from a client MAC address.
Syntax
Parameter ap-name <ap-name>
Description Name of the AP.
ip-addr <ip-addr>
IPv4 address of the AP.
ip6-addr <ip6-addr> IPv6 address of the AP.
mac <client-mac>
MAC address of the client..
Usage Guidelines
This command should only be used under the guidance of Dell technical support.
Related Commands
Command
Description
ap debug client-trace Use this command to trace management packets from a client MAC address. start
ap debug client-trace Use this command to stop tracing management packets from a client MAC address. stop
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms W-6000M3 controllers
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
1085 | show ap debug client-trace
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug counters
show ap debug counters {ap-name <ap-name>|bssid <bssid>|group <group>|ip-addr <ip-addr>|ip6addr <ip6-addr>}
Description
Show AP reboot/bootstrap counters, and crash information for an individual AP or AP group, or all APs referenced on the controller.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
group <group> ip-addr <ip-addr>
Description
Show debug counters for an AP with a specified name.
Show debug counters for a specific Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show debug counters for an AP group.
Show debug counters for an AP with a specified IP address by entering an IP address in dotted-decimal format.
ip6-addr <ip6-addr>
Show debug counters for an AP with a specified IPv6 address by entering an IP address in dotted-decimal format.
Example
The output of this command shows how many times each AP has rebooted (a hard boot) or bootstrapped (a soft boot), the number of configuration changes sent and acknowledged by that AP, and whether or not the AP rebooted due to a kernel crash.
In this example, the output has been divided into multiple sections to better fit on the pages of this document. In the actual command-line interface, it will appear in a single, long table.
(host) #show ap debug counters group corp1
AP Counters
-----------
Name Group IP Address Configs Sent Configs Acked
---- ----- ---------- ------------ -------------
AL1 corp1 10.6.1.209 1597
1597
AL10 corp1 10.6.1.198 165
165
AL12 corp1 10.6.1.200 195
195
AL15 corp1 10.6.1.197 1580
1580
AL16 corp1 10.6.1.199 73
73
AL19 corp1 10.6.1.212 8
8
AP Boots Sent -------------
0 0 0 0 0 0
AP Boots Acked -------------0 0 0 0 0
Bootstraps (Total)
------------------
1
(1)
2
(2)
1
(1)
1
(1)
1
(1)
Reboots -------
0 1 0 0 0
Crash -----
N Y N N N
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug counters | 1086
0
1
Total APs :6
(1)
0
N
The output of this command includes the following information:
Column Name Group IP Address Configs sent Configs Acked
AP Boots Sent AP Boots Acked Bootstraps
Total Bootstraps Reboots
Crash
Description Name of the AP.
Name of the AP's group.
IP address of the AP.
Number of times configuration changes have been sent to the AP.
Number of times that the AP has acknowledged receiving a configuration change.
Number of times reboot requests have been sent to the AP.
Number of times that the AP has acknowledged receiving a reboot request.
Number of times the AP bootstrapped since AP reboot. Bootstraps are also known as "soft" restarts.
Total number of times the AP bootstrapped since AP image upgrade.
Number of times power to the AP cycled off and then on again since image upgrade. Reboots also known as "hard" restarts. Indicates whether or not the AP was rebooted due to a kernel crash. Use show ap debug crash-info to view the crash signature.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1087 | show ap debug counters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug crash-info
show ap debug crash-info {ap-name <ap-name>|ip-addr <ip-addr> ip6-addr <ip6-addr>}
Description
Show crash log information (if it exists) for an individual AP. The stored information is cleared from the flash after the AP reboots.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr>
ip6-addr <ip6-addr>
Description
Show crash information for an AP with a specified name.
Show crash information for an AP with a specified IP address by entering an IP address in dotted-decimal format.
Show crash information for an AP with a specified IPv6 address by entering an IP address in dotted-decimal format.
Example
The output of this command shows a partial sample crash log information for an AP named MyAP
(host) #show ap debug crash-info ap-name MyAP
<4>ArubaOS Version x.x.x.x (build xxxx / label #xxxx) <4>Built by p4build@cartman on 2012-07-29 at 14:44:06 PST (gcc version x.x.x Cavium Networks Version: 1.4.0, build 58) <4>CVMSEG size: 2 cache lines (256 bytes) <4>Setting flash physical map for 16MB flash at 0x1ec00000 <4>Determined physical RAM map: <7>On node 0 totalpages: 16384 <7> DMA zone: 16384 pages, LIFO batch:3 <7> DMA32 zone: 0 pages, LIFO batch:0 <7> Normal zone: 0 pages, LIFO batch:0 <7> HighMem zone: 0 pages, LIFO batch:0 <4>Primary instruction cache 32kB, virtually tagged, 4 way, 64 sets, linesize 128 bytes. <4>Primary data cache 16kB, 64-way, 2 sets, linesize 128 bytes. <4>Using 500.000 MHz high precision timer. cycles_per_jiffy=1000000 <6>Memory: 56636k/65536k available (1925k kernel code, 8840k reserved, 575k data, 2716k init, 0k highmem) <4>Calibrating delay using timer specific routine.. 1000.32 BogoMIPS (lpj=1000322) <4> available. <4>Checking for the multiply/shift bug... no. <4>Checking for the daddi bug... no. <4>Checking for the daddiu bug... no. <5>detected lzma initramfs <5>initramfs: LZMA lc=3,lp=0,pb=2,dictSize=8388608,origSize=15217664 <5>LZMA initramfs
Command History
Introduced in ArubaOS 5.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug crash-info | 1088
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1089 | show ap debug crash-info
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug crypto
show ap debug crypto {ap-name <ap-name>|detail|history|ip-addr <ip-addr>}
Description
This command shows the debug crypto logs for an AP.
Syntax
Parameter ap-name <ap-name> detail
history
ip-addr <ip-addr>
Description
Shows crypto logs information for an AP with a specified name.
Specifies the crypto logs details for the following: ap-name: Specifies the name of AP. ip-addr: Specifies the IP Address of AP.
Specifies the crypto logs history information for the following: ap-name: Specifies the name of AP. ip-addr: Specifies the IP Address of AP.
Shows crypto logs information for an AP with a specified IP address by entering an IP address in dotted-decimal format.
Example
The output of this command shows a partial debug crypto information for an AP named MyAP
(host) (config) #show ap debug crypto ap-name MyAP
2014-01-07 14:48:43 ESP: spi[93477900] 10:15:64:104 << 10:15:66:151 2014-01-07 14:48:43 ESP: spi[ca0db300] 10:15:66:151 << 10:15:64:104 2014-01-07 15:19:34 SEND: a793342e9b6f8bec : 25baf55ae40e91c3 , np=46, EXHG: CREATE_CHILD_SA 2014-01-07 15:19:34 RECV: a793342e9b6f8bec : 25baf55ae40e91c3 , np=46, EXHG: CREATE_CHILD_SA 2014-01-07 15:19:39 SEND: a793342e9b6f8bec : 25baf55ae40e91c3 , np=46, EXHG: INFORMATIONAL 2014-01-07 15:19:39 RECV: a793342e9b6f8bec : 25baf55ae40e91c3 , np=46, EXHG: INFORMATIONAL 2014-01-07 18:00:49 RECV: 090cbf2a1ff1c433 : a496e13623118522 , np=46, EXHG: CREATE_CHILD_SA 2014-01-07 21:33:02 RECV: 090cbf2a1ff1c433 : a496e13623118522 , np=46, EXHG: INFORMATIONAL 2014-01-07 22:49:00 SEND: d6e361df5a012297 : f5ffdd8f2be2f073 , np=46, EXHG: CREATE_CHILD_SA 2014-01-07 22:49:00 RECV: d6e361df5a012297 : f5ffdd8f2be2f073 , np=46, EXHG: CREATE_CHILD_SA 2014-01-07 22:49:00 ESP: spi[d774af00] 10:15:64:104 << 10:15:66:151 2014-01-07 22:49:00 ESP: spi[49799700] 10:15:66:151 << 10:15:64:104 2014-01-08 00:25:05 SEND: d6e361df5a012297 : f5ffdd8f2be2f073 , np=46, EXHG: CREATE_CHILD_SA 2014-01-08 00:25:05 RECV: d6e361df5a012297 : f5ffdd8f2be2f073 , np=46, EXHG: CREATE_CHILD_SA 2014-01-08 00:25:05 ESP: spi[83c32c00] 10:15:64:104 << 10:15:66:151 2014-01-08 00:25:05 ESP: spi[072a9200] 10:15:66:151 << 10:15:64:104
Command History
Introduced in ArubaOS 6.3.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug crypto | 1090
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
1091 | show ap debug crypto
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug datapath
show ap debug datapath {ap-group <ap-group>|ap-name <ap-name>|bssid <bssid>|ip-addr <ipaddr>|ip6-addr <ip6-addr>}
Description
Show datapath tunnel parameters of an AP or AP group.
Syntax
Parameter ap-group <ap-group> ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr> ip6-addr <ip6-addr>
Description
Show data path information for a specific AP group.
Show data path information for an AP with a specific name.
Show data path information for a specific Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show data path information for an AP with a specific IP address by entering an IP address in dotted-decimal format.
Show data path information for an AP with a specific IPv6 address by entering an IP address in dotted-decimal format.
Example
The output of the following command shows datapath tunnel parameters for an AP with the IP address 192.0.2.32. (host) #show ap debug datapath ip-addr 192.0.2.32
Datapath Parameters Table
-------------------------
essid encr-alg
client-vlan-id
----- --------
--------------
guest Open
63
voip WPA2 8021X AES 66
corp WPA2 PSK AES 66
guest Open
63
wpa2 WPA2 8021X AES 65
tunnel-id --------0x10f6 0x1103 0x10f1 0x10f7 0x10be
gre-type -------0x8300 0x8310 0x8320 0x8200 0x8210
deny-bcast ---------disable disable disable disable enable
num-clients ----------0 7 0 1 15
The output of this command includes the following information:
Column ESSID
encr-alg
Description
The Extended Service Set Identifier is a unique name that identifies a wireless network
Encryption algorithm used by the network
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug datapath | 1092
Column client-vlan-id tunnel-id gre-type deny-bcast
num-clients
Description ID of the network VLAN Identification number of the AP's tunnel. GRE tunnel type. If enabled, the AP will respond to broadcast probe requests. If disabled, the AP will not respond to these requests. Number of clients currently using the network.
The output of the following command shows datapath tunnel parameters for an AP with the IPv6 address 11:12:11:11::2.
(host) #show ap debug datapath ip6-addr 11:12:11:11::2
Datapath Parameters Table
-------------------------
essid
encr-alg
client-vlan-id tunnel-id gre-type deny-bcast
clients
-----
--------
-------------- --------- -------- ----------
-----
i-platform-mobility WPA2 PSK AES 10
0x1000b 0x8300 disable
0
i-platform-mobility WPA2 PSK AES 10
0x1000a 0x8200 disable
1
num------
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1093 | show ap debug datapath
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug dot11r
show ap debug dot11r efficiency <client-mac> state [ap-name <ap-name> | ip-addr <ip-addr>]
Description
This command displays all the r1 keys that are stored in an AP and the hit/miss rate of r1 keys cached on an AP before a Fast BSS Transition roaming.
Syntax
Parameter
Description
efficiency <client-mac> Show the hit/miss rate of r1 keys cached on an AP before a Fast BSS Transition roaming for the specified client MAC address.
state
Show all the r1 keys that are stored in an AP based on the filter specified.
ap-name <ap-name>
Show debugging information for a specific AP.
ip-addr <ip-addr>
Show debugging information for an AP with a specific IP address by entering its IP address in dotted-decimal format.
Examples
Use this command to view all the r1 keys that are stored in an AP. You can filter the output based on the AP name or IP address. (host) #show ap debug dot11r state ap-name MAcage-105-GL
Stored R1 Keys
--------------
Station MAC
Mobility Domain ID Validity Duration R1 Key
-----------
------------------ ----------------- ------
00:50:43:21:01:b8 1
3568
(32): 94 ff 18 0a 5f 47 8b 3e 95 2b
93 31 bd 44 58 fe fe 6a ad aa 1d d7 29 94 fb 5b 7c 15 76 66 d2 1f
Use this command to view the hit/miss rate of r1 keys cached on an AP before a Fast BSS Transition roaming. This counter helps to verify if enough r1 keys are pushed to the neighboring APs.
(host) #show ap debug dot11r efficiency
Fast Roaming R1 Key Efficiency
------------------------------
Client MAC
Hit (%) Miss (%)
----------
------- --------
00:50:43:21:01:b8 0 (0%) 0 (0%)
Command History
Introduced in ArubaOS 6.3.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug dot11r | 1094
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
1095 | show ap debug dot11r
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug dot11r state
show ap debug dot11r state [ap-name <ap-name> | ip-addr <ip-addr>]
Description
This command displays all the r1 keys that are stored in an AP.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr>
Description
Show debugging information for a specific AP.
Show debugging information for an AP with a specific IP address by entering its IP address in dotted-decimal format.
Examples
Use this command to view all the r1 keys that are stored in an AP. You can filter the output based on the AP name or IP address. (host) #show ap debug dot11r state ap-name MAcage-105-GL
Stored R1 Keys
--------------
Station MAC
Mobility Domain ID Validity Duration R1 Key
-----------
------------------ ----------------- ------
00:50:43:21:01:b8 1
3568
(32): 94 ff 18 0a 5f 47 8b 3e 95 2b
93 31 bd 44 58 fe fe 6a ad aa 1d d7 29 94 fb 5b 7c 15 76 66 d2 1f
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug dot11r state | 1096
show ap debug driver-log
show ap debug driver-log {ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>|ip6-addr <ipaddr>}
Description
Show an AP's driver logs.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
ip6-addr <ip-addr>
Description Show log information for an AP with a specific name.
Show log information for a specific Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show log information for an AP with a specific IP address by entering an IP address in dotted-decimal format.
Show log information for an AP with a specific IPv6 address.
Usage Guidelines
Use this command to review configuration changes made since the AP was last reset.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1097 | show ap debug driver-log
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug gre-tun-stats
show ap debug gre-tun-stats {ap-name <ap-name>| bssid <bssid>|ip-addr <ip-addr>|ip6-addr <ip6addr>}
Description
Shows GRE tunnel packet statistics of an AP.
Syntax
Parameter ap-name <ap-name>
Description Shows GRE tunnel packets information for an AP.
bssid <bssid> ip-addr <ip-addr> ip6-addr <ip-addr>
Shows GRE tunnel packets information for a specific Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Shows GRE tunnel packets information for an AP with a specified IP address by entering an IP address in dotted-decimal format.
Shows GRE tunnel packets information for an AP with a specific IPv6 address.
Example
The output of this command shows GRE tunnel packets information for an AP named myAP.
(host) #show ap debug gre-tun-stats myAP
GRE HBT Tunnel Stats
--------------------
AP IP
Controller IP Sent Count HBT Tx Seqnum Idle (secs) Rcvd Count HBT Rx
Seqnum Idle (secs)
-----
------------- ---------- ------------- ----------- ---------- ------------
- -----------
10.15.121.240 10.15.121.240 0
12025
0
1506655
12025
0
GRE Tunnel Packet Stats
-----------------------
MAC BSSID Tun Input In IP Frags To WLAN Idle (secs) Rate pps From WLAN Tun Output Out
IP Frags Idle (secs) Rate pps
--- ----- --------- ----------- ------- ----------- -------- --------- ---------- ---
--------- ----------- --------
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug gre-tun-stats | 1098
show ap debug gsm-counters
show ap debug gsm-counters verbose
Description
Displays the GSM counters of an AP or AP group.
Syntax
Parameter verbose
Description Displays the event statistics in a tabular format.
Example
The output of the following command shows gsm counters of an AP:
(host) (config) #show ap debug gsm-counters verbose STM GSM Counters ---------------Name ---AP Publish Events AP Delete Events Radio Publish Events Radio Delete Events BSS Publish Events Responses to BSS Rcvd BSS Delete Events STA Publish Events STA Delete Events WIRED_AP Publish Events Responses to WIRED_AP Rcvd WIRED_AP Delete Events MAC-User Publish Notifications MAC-User Notify Events MAC-User Responses Sent BSS Response time histogram [1...128] seconds in powers of 2 STA Response time histogram [1...128] seconds in powers of 2 STA Delete Reason -----------------
Value ----15 3 9548 0 6 6 0 0 0 0 0 0 0 0 0 42000000 00000000 Count -----
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode
1099 | show ap debug gsm-counters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug ipc forwarding-statistics
show ap debug ipc forwarding-statistics {ap-name <ap-name>|ip-addr <ip-addr>|ip6-addr <ipaddr>}
Description
Show an AP's ipc forwarding statistics.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr>
ip6-addr <ip-addr>
Description Show log information for an AP with a specific name.
Show log information for an AP with a specific IP address by entering an IP address in dotted-decimal format.
Show log information for an AP with a specific IPv6 address.
Usage Guidelines
Use this command to review configuration changes made since the AP was last reset.
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug ipc forwarding-statistics | 1100
show ap debug lacp
show ap debug lacp {ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>|ip6-addre<ipv6-addr>}
Description
Displays the number of GRE packets sent and received on the two Ethernet ports.
Syntax
Parameter ap-name <ap-name>
Description Show LACP information for an AP with a specific name.
bssid <bssid>
Show LACP information for a specific Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
ip-addr <ip-addr>
Show LACP information for an AP with a specific IPv4 address.
ip6-addr <ipv6-addr> Show LACP information for an AP with a specific IPv6 address.
Usage Guidelines
Use this command to know if LACP is active on an AP from the number of GRE packets sent and received on the two Ethernet ports. If a GRE striping IP address is configured in the ap-lacp-striping-ap profile, the output of this command displays the GRE striping IP address.
Example
The following example displays that the wireless GRE packets are being sent and received on different wired ports of the AP for the 5GHz and 2.4GHz bands. It also shows that the interfaces eth0 and eth1 are part of the link aggregation group (LAG):
AP LACP GRE Striping IP: 10.65.30.50
AP LACP Status
--------------
Link Status LACP Rate Num Ports Actor Key Partner Key Partner MAC
----------- --------- --------- --------- ----------- -----------
Up
slow
2
17
2
00:0b:86:61:7a:58
Slave Interface Status
----------------------
Slave I/f Name Permanent MAC Addr Link Status Member of LAG Link Fail Count
-------------- ------------------ ----------- ------------- ---------------
eth0
6c:f3:7f:c6:72:82 Up
Yes
0
eth1
6c:f3:7f:c6:72:83 Up
Yes
1
GRE Radio Traffic Received on Enet Ports
----------------------------------------
Radio Num Enet 0 Rx Count Enet 1 Rx Count
--------- --------------- ---------------
0
5048
0
1
0
23
Traffic Sent on Enet Ports
--------------------------
Radio Num Enet 0 Tx Count Enet 1 Tx Count
--------- --------------- ---------------
0
65
3466
1
64
0
1101 | show ap debug lacp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
non-wifi 2
Command History
Version ArubaOS 6.3.1
50
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug lacp | 1102
show ap debug lldp
show ap debug lldp
Description
Show an AP's debug log.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description
Show log information for an AP with a specific name.
Show log information for a specific Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show log information for an AP with a specific IP address by entering an IP address in dotted-decimal format.
Usage Guidelines
An AP's log files show configuration changes since the AP was last reset.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1103 | show ap debug lldp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug log
show ap debug log {ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>|ip6-addr <ip6-addr>}
Description
Show an AP's debug log.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
ip6-addr <ip6-addr>
Description
Show log information for an AP with a specific name.
Show log information for a specific Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show log information for an AP with a specific IP address by entering an IP address in dotted-decimal format.
Show log information for an AP with a specific IPv6 address by entering an IPv6 address in dotted-decimal format.
Usage Guidelines
An AP's log files show configuration changes since the AP was last reset.
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.3
The ip6-addr parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug log | 1104
show ap debug config-msg-history
show ap debug config-msg-history [ap-name <ap-name>|ip-addr <ip-addr> |ip6-addr <ip6-addr>]
Description
This command shows recent configuration messages sent and received by an AP.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr> ip6-addr <ip6-addr>
Description Name of the access point. IP address of the access point. IPv6 address of the access point
Examples
The output of this command shows the configuration message history for the AP named "myAP-W-AP105." (host) #show ap debug config-msg-history ap-name myAP-W-AP105 Thu Feb 13 06:32:31 2014(1843 secs ago): RCVD REQ type=CONFIG len=206 peer=10.17.160.4 seq_ num=2623 resps_sent=1 04000000C9040000000E050A11A0040452E90ED00400000A3F04000000010400000018040000000002010201020004 0000000102FF02FF02FF02FF0400000005
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1105 | show ap debug config-msg-history
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug dot11r state
show ap debug dot11r state [ap-name <ap-name> | ip-addr <ip-addr>]
Description
This command displays all the r1 keys that are stored in an AP.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr>
Description
Show debugging information for a specific AP.
Show debugging information for an AP with a specific IP address by entering its IP address in dotted-decimal format.
Examples
Use this command to view all the r1 keys that are stored in an AP. You can filter the output based on the AP name or IP address. (host) #show ap debug dot11r state ap-name MAcage-105-GL
Stored R1 Keys
--------------
Station MAC
Mobility Domain ID Validity Duration R1 Key
-----------
------------------ ----------------- ------
00:50:43:21:01:b8 1
3568
(32): 94 ff 18 0a 5f 47 8b 3e 95 2b
93 31 bd 44 58 fe fe 6a ad aa 1d d7 29 94 fb 5b 7c 15 76 66 d2 1f
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug dot11r state | 1106
show ap debug mgmt-frames (deprecated)
Description
Show traced 802.11 management frames.
Command History
Version ArubaOS 3.0
Modification Command Introduced
ArubaOS 5.0
Command deprecated
1107 | show ap debug mgmt-frames (deprecated)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug port status
show ap debug port status {ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>|ip6-addr <ip6addr>}
Description
Shows the status of the AP's wired ports.
Syntax
Parameter ap-name <ap-name> bssid <bssid> ip-addr <ip-addr> ip6-addr <ip6-addr>
Description Name of the AP. BSSID of the AP. IP address of the AP. IPv6 address of the AP.
Examples
The output of the command displays the wired port status of an AP named LocalAP1. In this example, the output is divided into multiple sections to fit better on the pages of this document. In the actual command-line interface, it appears in a single long table.
(host) #show ap debug port status ap-name LocalAP1
AP "LocalAP1" Port Status
-----------------------
Port MAC
Type Forward Mode Admin
Oper Speed
Duplex 802.3az PoE
---- ---
---- ------------ -----
---- -----
------ ------- ---
0
00:1a:1e:10:05:1a GE N/A
enabled up 1 Gb/s full N/A
N/A
1
00:1a:1e:10:05:1b FE tunnel
enabled up 100 Mb/s full N/A
N/A
2
00:1a:1e:10:05:1c FE tunnel
enabled down N/A
N/A
N/A
N/A
3
00:1a:1e:10:05:1d FE N/A
disabled down N/A
N/A
N/A
N/A
STP --N/A Forwarding Disabled Off
TX-Packets ---------23697 12185 0 0
TX-Bytes -------3338307 6593226 0 0
RX-Packets ---------27449 18436 0 0
RX-Bytes -------8471871 1758272 0 0
Command History
Version ArubaOS 6.2 ArubaOS 6.3
Modification Command introduced. A new column STP displays the spanning tree state of the wired port. The ip6-addr parameter was introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug port status | 1108
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1109 | show ap debug port status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug radar-logs
show ap debug radar-logs ap-name <ap-name> ip-addr <ip-addr> ip6-addr <ip6-addr>
Description
Displays the latest four RADAR event logs from the AP. This command is useful for debugging false radar detection related issues.
This command is applicable for APs running the Broadcom chip-set.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr> ip6-addr <ip6-addr>
Description Displays RADAR logs for an AP with a specific name. Displays RADAR logs for an AP with a specific IP address. Displays RADAR logs for an AP with a specific IPv6 address.
Example
The output of this command displays RADAR logs from an W-AP225.
(host) #show ap debug radar-logs ap-name W-AP225
The latest 4 radar event logs Radar logs:
Pruned Intv: 3220-0 3220-1 3220-2 3220-3 3220-4 3220-5 3220-6 3220-7 3220-8 3220-9 3220-10
Pruned PW: 50-0 50-1 50-2 50-3 50-4 50-5 50-6 50-7 50-8 50-9
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug radar-logs | 1110
50-10
Nepochs=1 len=27 epoch_#=1; det_idx=0 pw_delta=0 min_pw=50 max_pw=50 Type 7 Radar Detection. Detected pulse index=0 fm_min=0 fm_max=0 nconsecq_pulses=5. Time from last detection = 19, = 0min 19sec, Time 244 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Radar logs:
Pruned Intv: 4140-0 4140-1 4140-2 4140-3 4140-4 4140-5 4140-6 4140-7 4140-8 4140-9 4140-10
Pruned PW: 19-0 18-1 18-2 19-3 19-4 18-5 19-6 18-7 18-8 18-9 18-10
Nepochs=1 len=30 epoch_#=1; det_idx=0 pw_delta=1 min_pw=18 max_pw=19 Type 7 Radar Detection. Detected pulse index=0 fm_min=0 fm_max=0 nconsecq_pulses=9. Time from last detection = 3, = 0min 3sec, Time 247 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Radar logs:
Pruned Intv: 4200-0 4200-1 4200-2 4200-3 4200-4 4200-5 4200-6 4200-7 4200-8 4200-9 4200-10
Pruned PW: 17-0 18-1 17-2 16-3 17-4 17-5 17-6 17-7
1111 | show ap debug radar-logs
Dell Networking W-Series ArubaOS 6.4.x | User Guide
17-8 17-9 17-10
Nepochs=1 len=30 epoch_#=1; det_idx=0 pw_delta=2 min_pw=16 max_pw=18 Type 7 Radar Detection. Detected pulse index=0 fm_min=0 fm_max=0 nconsecq_pulses=9. Time from last detection = 3, = 0min 3sec, Time 250 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Radar logs: Valid LP: KIntv=151077 Ksalintv=27820 PW=1557 FM=255 pulse#=0 pw2=0 pw_dif=0 pw_tol=8 fm2=0 fm_dif=0 fm_tol=0 nLP=1 nSKIP=0 skipped_salvate=0 pw_fm_matched=0 #non-single=0 skip_tot=0 csect_single=1 Valid LP: KIntv=23 Ksalintv=23 PW=1558 FM=255 pulse#=1 pw2=1557 pw_dif=1 pw_tol=8 fm2=255 fm_ dif=0 fm_tol=127 nLP=2 nSKIP=0 skipped_salvate=0 pw_fm_matched=1 #non-single=1 skip_tot=0 csect_single=0 Valid LP: KIntv=36 Ksalintv=36 PW=1557 FM=255 pulse#=2 pw2=1558 pw_dif=1 pw_tol=8 fm2=255 fm_ dif=0 fm_tol=127 nLP=3 nSKIP=0 skipped_salvate=0 pw_fm_matched=2 #non-single=2 skip_tot=0 csect_single=0 Skipped LP: nLP=3 nSKIP=1 KIntv=59 Ksalintv=59 PW=1557 FM=255 Type=4 pulse#=3 skip_tot=1 csect_single=0 Valid LP: KIntv=35680 Ksalintv=35740 PW=1904 FM=255 pulse#=0 pw2=0 pw_dif=0 pw_tol=8 fm2=0 fm_ dif=0 fm_tol=0 nLP=4 nSKIP=0 skipped_salvate=0 pw_fm_matched=2 #non-single=2 skip_tot=1 csect_single=1 Valid LP: KIntv=25 Ksalintv=25 PW=1904 FM=255 pulse#=1 pw2=1904 pw_dif=0 pw_tol=8 fm2=255 fm_ dif=0 fm_tol=127 nLP=5 nSKIP=0 skipped_salvate=0 pw_fm_matched=3 #non-single=3 skip_tot=1 csect_single=0 Valid LP: KIntv=28 Ksalintv=28 PW=1904 FM=255 pulse#=2 pw2=1904 pw_dif=0 pw_tol=8 fm2=255 fm_ dif=0 fm_tol=127 nLP=6 nSKIP=0 skipped_salvate=0 pw_fm_matched=4 #non-single=4 skip_tot=1 csect_single=0 FCC-5 Radar Detection. Time from last detection = 17, = 0min 17sec, Time 454 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Parameter Pruned Intv Pruned PW
Description Displays the filtered and pre-processed RADAR pulse interval. Displays the filtered and pre-processed RADAR pulse width.
Command History
Command ArubaOS 6.4.3.0
Description Command Introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug radar-logs | 1112
show ap debug radio-event-log status
show ap debug radio-event-log status {ap-name <ap-name>|ip-addr <ip-addr>|ip6-addr <ip6-addr>}
Description
Show information about the radio event information captured in packet log files.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr>
ip6-addr <ip6-addr>
Description
Show log information for an AP with a specific name.
Show log information for an AP with a specific IPv4 address by entering its IPv4 address in dotted-decimal format.
Show log information for an AP with a specific IPv6 address by entering its IPv6 address.
Example
Radio Event Logs
----------------
Radio Index Radio's Bssid
----------- -------------
0
00:24:6c:bd:65:b0
1
00:24:6c:bd:65:a0
Radio's Band -----------80211a 80211g
Event Type ---------N/A N/A
Log File Size ------------N/A N/A
Status -----start stop
The output of this command includes the following information:
Parameter radio Index Radio's BSSID Radio's Band Event Type
Log File Size Status
Description
Index number of the AP radio (0 or 1)
BSSID of the AP radio. This is typically the AP radio's MAC address.
Band used by the AP radio.
Type of events recorded. By default, all supported event types are recorded. l N/A: The default event type setting, which captures all supported types of
radio events. l ani Adaptive Noise Immunity control events l rcfind: Transmission (Tx) control event l rcupdate: Transmission (Tx) rate update event l rx: Received (Rx) status register event l text: Text record event l tx: Transmission (Tx) control and Tx status register event
Size of the log file. A value of N/A indicates that the packet log feature uses the default log file size of 3145728 bytes (3MB)
Shows if packet log capture was started or stopped on the AP radio.
1113 | show ap debug radio-event-log status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands
ap debug radio-event-log
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug radio-event-log status | 1114
show ap debug radio-info
show ap debug radio-info ap-name <ap-name> radio <radio> ip-addr <ip-addr> radio <radio> ip6-addr <ip6-addr> radio <radio>
Description
Displays the Wi-Fi radio debug logs from the AP driver.
This command is applicable for W-AP200 Series, W-AP210 Series, W-AP220 Series, and W-AP270 Series access points.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr> ip6-addr <ip6-addr>
Description Displays Wi-Fi radio debug logs for an AP with a specific name. Displays Wi-Fi radio debug logs for an AP with a specific IP address. Displays Wi-Fi radio debug logs for an AP with a specific IPv6 address.
Example
The output of this command displays the log information about Wi-Fi radio 0 for a W-AP225: (host) #show ap debug radio-info ap-name W-AP225 radio 0
Radio Info Script -----------------aruba_dbg_radio_info_0 Start time: Fri Mar 27 14:33:21 IST 2015 --------------------------------------------------------------wifi0-drop-list: _dma_rxreclaim(1633): 2520/2520 0/0 wlc_recvctl(44993): 3130421/3130421 0/0 wlc_dotxstatus(41101): 2502/2502 2502/2502 ...
Command History
Command ArubaOS 6.4.3.0
Description Command Introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1115 | show ap debug radio-info
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug radio-registers
show ap debug radio-registers {ap-name <name>|ip-addr <ip-addr>|ip6-addr <ip6-addr>} {radio 0|1}
Description
This command allows you to view radio register changes.
Syntax
Parameter ap-name ip-addr ip6-addr radio 0|1
Description Name of the AP for which you want to view register changes. IPv4 address of the AP for which you want to view register changes. IPv6 address of the AP for which you want to view register changes. Show information for the specified radio on the AP.
Usage Guidelines
This command displays radio register changes made under the supervision of Dell technical support.
Command History
Introduced in ArubaOS6.2.
Command Information
Platforms 802.11n-capable APs
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug radio-registers | 1116
show ap debug radio-stats
show ap debug radio-stats {ap-name <ap-name>|ip-addr <ip-addr>} radio {0|1} [advanced]
Description
Show aggregate radio debug statistics of an AP.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr>
ip6-addr <ip6-addr> radio {0|1} advanced
Description Show log information for an AP with a specific name. Show log information for an AP with a specific IP address by entering its IP address in dotted-decimal format. IPv6 address of the Access Point. Specify the ID number of the radio for which you want to view statistics. Include this parameter to display additional radio statistics.
Example
The output of this command displays general statistics for the radio, as well as statistics for transmitted and received frames.
(host) #show ap debug radio-stats ap-name AP12 radio 1
RADIO Stats
-----------
Parameter
Value
---------
-----
------------------- General Per-radio Statistics
Total Radio Resets 0
Resets Beacon Fail 0
TX Power Changes
5
Channel Changes
2
Radio Band Changes 0
Current Noise Floor 95
11g Protection
0
------------------- Transmit specific Statistics
Frames Rcvd For TX 2452151
Tx Frames Dropped 1736429
Frames Transmitted 4247212
...
If you include the advanced option at the end of the show ap debug radio-stats command, the output of this command will include all the following parameters, as well as additional information for the SNR, frame counts, channel busy times, and data bytes for transmitted and received packets. If you omit the advanced option, the output will include less information, and the data will be displayed in a different order. The following table describes the output of this command when the advanced option is included.
1117 | show ap debug radio-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Total Radio Resets Resets Beacon Fail BB check positives Resets BeacQ Stuck
Resets Fatal Intr Resets RX Overrun Resets RF Gain Resets MTU Change Resets TX Timeouts POE-Related Resets
External Reset PCI Fatal Intr Reset Chaimask Reset TX stat Reset TX Power Changes Channel Changes Radio Band Changes Current Noise Floor
Description
Total number of times the radio reset.
Number of times the radio reset due to beacon failure.
Number of times the radio checked for a base-band hang condition
An AP's radio typically sends a beacon every 100 milliseconds. If beacons are not sent at a regular interval or the radio experiences excessive noise, the beacon queue will reset. This parameter indicates the number of queue resets.
Number of time the radio was reset because the AP hardware was unresponsive.
The number of radio resets due to Receive FIFO overruns.
Number of radio resets due to gain changes.
Number of times the radio reset due to a change in the Maximum Transmission Unit (MTU) value.
Number of radio resets due to transmission timeouts (the radio doesn't transmit a signal within the required time frame.)
If the radio power profile drops, an AP may not be able to support three transmit chains, and may drop to two chains only. This parameter displays the number of resets due to this type of power change.
Number of times the AP has been reset because it was unplugged or its reset button was pressed.
Radio reset due to PCI fatal interrupt received from radio chip.
Radio reset when new chain mask is configured.
Radio reset caused by inconsistent state of hardware transmit queue.
Number of times the radio's transmission power changed.
Number of times the radio's channel changed.
Number of time the radio's band changed.
The residual background noise detected by an AP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug radio-stats | 1118
Parameter
Dummy NF pkts on home channel Dummy NF pkts on scan channel Avail TX Buffers 11g Protection Last TX Antenna Last RX Antenna Scan Requests Scan Rejects Scan Rejects (Misc 1) Load aware Scan Rejects
PS aware Scan Rejects
EAP Scan Rejects
Description
Noise seen by an AP is reported as -dBm. Therefore, a noise floor of -100 dBm is smaller (lower) than a noise floor of -50 dBm. For most environments, the noise floor should be no greater than -80 dBm. Anything larger may indicate an interference problem which is drowning out good signals (data) in background noise.
Number of noise floor readings on the home channel.
Number of noise floor readings on the scan channel.
An AP has a set number of buffers which it can use to buffer frames for non-responsive power save clients. The total number of buffer frames depends upon the AP model type.
This parameter shows whether 802.11g protection has been enabled or disabled.
This parameter indicates whether the last frame transmitted was sent on antenna 1 or antenna 0. This parameter can be useful for troubleshooting external antennas.
This parameter indicates whether the last frame received was via antenna 1 or antenna 0. This parameter can be useful for troubleshooting external antennas.
Total number of scan requests received by the AP.
Total number of scan rejected by the AP.
Number of scan rejects due to pending transmissions.
Load aware ARM preserves network resources during periods of high traffic by temporarily halting scanning if the load for the AP gets too high. The load aware Scan Rejects parameter shows the number of times the AP has rejected a scan because of the load aware scan feature.
If the ARM power-save aware scan feature is enabled, the AP will not scan a different channel if it has one or more clients and is in power save mode. The ps aware Scan Rejects parameter shows the number of times the AP has rejected a scan because of the power-save aware scan feature.
If you enable the EAP-aware scanning feature in the AP's ARM profile, the AP will not attempt to scan a different channel if the Extensible Authentication Protocol over LAN (EAPOL) exchange is in progress with a client. This parameter shows the number of times the AP has rejected a scan because of the EAP aware scanning feature.
1119 | show ap debug radio-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Voice aware Scan Rejects
Description
If you enable the VoIP Aware Scan feature in the AP's ARM profile, the AP will not attempt to scan a different channel if one of its clients has an active VoIP call. This Voice aware scan Rejects parameter shows the number of times the AP has rejected a scan because of the Voip aware scan feature.
Video aware Scan Rejects
If you enable the Video Aware Scan feature in the AP's ARM profile, the AP will not attempt to scan a different channel if one of its clients has an active video session. This Video aware scan Rejects parameter shows the number of times the AP has rejected a scan because of the Video aware scan feature.
UAPSD Scan Rejects
Number of times the scan was rejected due to UAPSD-related transmissions.
Post radar related scan Rejects Number of times the scan was rejected due to recent radar detection.
CABQ traffic Scan Rejects
Number of times the scan was rejected due to pending multicast transmissions.
Radio Reset Scan Rejects
Number of times the scan was rejected due to a recent radio reset.
Queue Drain Scan Rejects
This legacy statistic has been deprecated, and will not increment.
Scan Success
Number of successful scans. To view scan details, use the command show ap arm scan-times.
Scan Deferred
Number of times the scan was deferred due to pending beacon transmissions on the home channel.
EIRP
The value of this parameter is the transmission power level (in dBm) + the antenna gain value.
MAX EIRP
The max EIRP depends on AP capability and the regulatory domain constraint for the channel of operation. For example, in the US, Channels 36-48 have max EIRP of 23dBm
Dummy<number>
For internal use only.
UAPSD Flush STA Wake
Number of times a client wakes from power-save mode and flushes the UAPSD queue.
UAPSD SP Set
The number of unique UAPSD Scheduled Period is started in response to UAPSD trigger frames.
UASPD Dup Trig
The number of times duplicate UAPSD trigger frames are received (i.e., retried UAPSD triggers that were received by the AP more than once).
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug radio-stats | 1120
Parameter UAPSD Recv frame for TX UAPSD Ageout Drain UAPSD TX proc comp UAPSD SP In prog
UAPSD QOS NULL TX
UAPSD TX HW Queued UAPSD SP Reset Tx Time perct @ beacon intvl Tx Frames Rcvd Tx Bcast Frames Rcvd Tx Frames Dropped Tx Bcast Frames Dropped Tx Frames Transmitted Tx Bytes Rcvd Tx Bytes Transmitted Tx Time Frames Rcvd Tx Time Frames Dropped Tx Time Frames Transmitted Tx PS Unicast
Description The number of frames received for transmission over the air interface using UAPSD
The number of time UAPSD queue is drained (i.e. frames are dropped) due to ageout.
The number of UAPSD frames that were successfully transmitted
The number of times a trigger frame was received while a Scheduled Period (SP) was already in progress based on an earlier trigger frame.
The number of times the AP had to respond with a QoS Null Data frame in response to a UAPSD trigger because AP did not have Data frame queued for that client
The number of frames (Data and Null Data) that were transferred to the radio HW for transmission, in response to UAPSD triggers.
The number of times the UAPSD Scheduled Period (SP) in progress is reset or canceled.
Percentage of time spent transmitting Wi-Fi frames since the last beacon.
Number of transmitted frames that were received.
Number of transmitted broadcast frames that were received.
Number of transmitted frames that were dropped.
Number of transmitted broadcast frames that were dropped.
Number of frames successfully transmitted.
Number of transmitted bytes received.
Number of transmitted bytes
Number of times transmitted frames were received.
Number of times transmitted frames were dropped.
Number of times frames were transmitted.
Number of power save unicast frames
1121 | show ap debug radio-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Tx DTIM Broadcast Tx Success With Retry
Tx Multiple retries
Tx Mgmt Frames Tx Mgmt Frames (PPS) Tx Beacons Transmitted Tx Beacons Transmitted (PPS) Tx Probe Responses Tx Probe Responses (PPS) Tx Data Transmitted Retried Tx Data Transmitted Tx Data Frames Tx Broadcast Data Frames In
Tx Data Bytes Transmitted
Tx Data Bytes Tx Time Data Transmitted
Tx Time BC/MC Data Tx Time Data dropped Tx Time Data
Tx Broadcast Data Frames Sent
Description Number of broadcast frames with DTIM values.
Number of frames that were successfully transmitted after being retried.
Number of frames that were successfully transmitted after being retried multiple times.
Number of management frames transmitted.
Rate of retransmitted frames, in packets per second.
Number of beacons transmitted.
Rate of transmitted beacons, in packets per second.
Number of transmitted probe responses.
Rate of transmitted probe responses, in packets per second.
Number of retried data frames.
Number of transmitted data frames.
Number of transmitted data frames.
Number of broadcast data frames received by the AP from wired interface to be transmitted in the air.
Total data bytes received by an AP from its wired interface to be transmitted over the air.
Total data bytes transmitted by the AP over the air.
Total time on spent successfully transmitting frames (including the retried frames).
Total time spent transmitting broadcast/multicast frames.
Total time spent transmitting dropped frames.
Total time spent sending frames received for transmission, including the frames that were dropped after retrying.
Broadcast data frames transmitted by the AP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug radio-stats | 1122
Parameter Tx Broadcast Data Frames Sent (PPS) Tx Multicast Data Frames Tx Multicast Data Frames(PPS)
Tx DMO Multicast
Description
Rate of broadcast data frames transmitted by the AP, in packets per second.
Multicast data frames transmitted by the AP.
Rate of multicast data frames transmitted by the AP, in packets per second.
The number of multicast frames transmitted as multicast without converting to unicast.
Tx DMO Invalid
The number of multicast frames which should have been converted but were not as due to invalid format. (This value is typically normally 0.)
Tx DMO Converted
Tx DMO Replicated
Tx DMO Dropped Tx DMO No Client Tx DMO No BSSID Tx Unicast Data Frames Tx RTS Success Tx RTS Failed Tx CTS Frames Tx CTS Frames (PPS)
The number of multicast frames received as multicast which were then converted to unicast one or more times. This counter increments once per multicast frame.
The number of frames transmitted as unicast frames. For each multicast frame the counter is incremented by the number of replications for that frame. (The number of replications is the number of clients associated to the BSSID, VLANor group receiving these frames).
The number of frames dropped as conversion was not consistent with state on the AP. (This value is typically normally 0.)
Number of times no client was found for an association-ID indicated by the frame. (This value is typically normally 0.)
Number of times the BSSID indicated by the frame was not found. (This value is typically normally 0.)
Number of transmitted unicast data frames
Number of Ready To Send (RTS) frames successfully transmitted.
Number of Ready To Send (RTS) frames that were not successfully transmitted
Number of Clear-to-Send (CTS) frames transmitted.
Rate of CTS frames sent, in packets per second. (This parameter does not include CTS frames send in response to RTS).
1123 | show ap debug radio-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Tx Powersave Queue Timeouts
Tx Dropped After Retry Tx Dropped No Buffer Tx Missed ACKs
Tx Failed Beacons
Tx Multi-Beacon Fail Tx Long Preamble Tx Short Preamble Tx Beacon Interrupts TX Interrupts Tx FIFO Underrun Tx Allocated Desc Tx Freed Desc Tx EAPOL Frames TX STBC Frames
TX LDPC Frames
Tx AGGR Good Tx AGGR Unaggr
Tx data <number> Mbps Tx <number> Mbps [Long]
Description Number of transmit frames discarded from the power save queue because the frames aged out
Number of frames dropped after an attempted retry.
Number of frames dropped because the AP's buffer was full.
Number of retries triggered because an acknowledgment was not received.
Number of times a radio failed to transmit a beacon at the scheduled interval (100ms).
Number of times multiple consecutive beacons failed to transmit.
Number of frames sent with a long preamble.
Number of frames sent with a short preamble.
Number of broadcast beacons that were interrupted.
Number of transmission interrupts.
The number of transmitted FIFO overruns.
Number of allocated transmit descriptors.
Number of freed transmit descriptors.
Number of EAPOL frames transmitted
Number of transmitted frames with Space-time block coding (STBC) enabled.
Number of transmitted frames with Low Density Parity Check (LDPC) enabled.
Number of aggregated frames successfully transmitted.
Number of non-aggregate frames transmitted due to unavailability of additional frames for aggregation at the time of transmission.
Number of frames transmitted at the specified rate (in Mbps).
Number of frames with a long preamble transmitted at the specified rate.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug radio-stats | 1124
Parameter Tx <number> Mbps [Short] Tx HT <number> Mbps Tx WMM [category]
Tx WMM [category] dropped
Tx UAPSD OverflowDrop TX Timeouts Lost Carrier Events Tx HT40 Hang Detected Tx HT40 Hang Stuck Tx HT40 Hang Possible Tx HT40 Dfs IMM WAR Tx HT40 Dfs HT20 WAR Tx MAC/BB Hang Stuck
Description
Number of frames with a short preamble transmitted at the specified rate.
Number of high-throughput frames transmitted at the specified rate.
Number of Wi-Fi Multimedia (WMM) packets transmitted for the following access categories. If the AP has not transmitted packets in a category type, this data row will not appear in the output of the command. Tx WMM [BE]: Best Effort Tx WMM [BK]: Background Tx WMM [VO]: VoIP Tx WMM [VI]: Video
Number of dropped Wi-Fi Multimedia (WMM) packets in the following access categories . If the AP has not transmitted packets in a category type, this data row will not appear in the output of the command. Tx WMM [BE]: Best Effort Tx WMM [BK]: Background Tx WMM [VO]: VoIP Tx WMM [VI]: Video
Number of packets dropped due to Unscheduled Automatic Power Save Delivery (U-APSD) overflow.
Number of transmission timeouts
Number of carrier sense timeouts.
Parameter deprecated.
Parameter deprecated.
Parameter deprecated.
Number of times the HT 40 RX Clear Hang immunity workaround was employed.
Number of times the HT 20 RX Clear Hang immunity workaround was employed.
Number of times a workaround was employed for potential beacons stuck due to MAC or base-band stuck conditions.
1125 | show ap debug radio-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Tx Mgmt Bytes Tx Beacons Bytes Tx Data Frames Dropped Tx AMSDU pkt count Rx Last SNR Rx Last SNR CTL0
Rx Last SNR CTL1
Rx Last SNR CTL2
Rx Last SNR EXT0
Rx Last SNR EXT1
Rx Last SNR EXT2
Rx Last ACK SNR EXT0
Rx Last ACK SNR EXT1
Rx Last ACK SNR EXT2
Rx Frames Received Rx Good Frames
Description
Total management frame bytes transmitted.
Total number of Beacon frame bytes transmitted.
Number of transmitted data frames that were dropped.
Total number of AMSDU bytes transmitted.
The last recorded signal-to-noise ratio.
The signal-to-noise ratio for the last received data packet on the primary (control) channel 0. This parameter is only displayed for APs operating in 40 Mhz mode.
The signal-to-noise ratio for the last received data packet on the secondary (control) channel 1. This parameter is only displayed for APs operating in 40 Mhz mode.
The signal-to-noise ratio for the last received data packet on the secondary (control) channel 2. This parameter is only displayed for APs operating in 40 Mhz mode.
Signal-to-noise ratio for the last received ACK packet on the secondary (extension) channel 0. This parameter is only displayed for APs operating in 40 Mhz mode.
Signal-to-noise ratio for the last received ACK packet on the secondary (extension) channel 1. This parameter is only displayed for APs operating in 40 Mhz mode.
Signal-to-noise ratio for the last received ACK packet on the secondary (extension) channel 2. This parameter is only displayed for APs operating in 40 Mhz mode.
Signal-to-noise ratio for the last received ACK packet on the secondary (extension) channel 0. This parameter is only displayed for APs operating in 40 Mhz mode.
Signal-to-noise ratio for the last received ACK packet on the secondary (extension) channel 1. This parameter is only displayed for APs operating in 40 Mhz mode.
Signal-to-noise ratio for the last received ACK packet on the secondary (extension) channel 2. This parameter is only displayed for APs operating in 40 Mhz mode.
Number of frames received.
Number of frames received with no errors.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug radio-stats | 1126
Parameter Rx Bad Frames Rx Total Data Frames Recvd Rx Total Mgmt Frames Recvd Rx Total Control Frames Recvd Rx Total Bytes Recvd Rx Total Data Bytes Recvd Rx Total RTS Frames Recvd Zx Total CTS Frames Recvd Rx Total ACK Frames Rx Total Beacons Received Rx Total Probe Requests Rx Total Probe Responses Rx retry frames Channel busy 1s
Channel busy 4s
Channel busy 64s
Ch Busy perct @ beacon intvl
Rx Time perct @ beacon intvl
Rx Discarded Events
Rx ARM Scan Frames
Description Number of bad or error frames received.
Total number of data frames received.
Total number of management frames received.
Total number of control frames received.
Total number of bytes received.
Total number of data bytes received.
Total number of Ready-To-Send (RTS) frames received.
Number of Clear-to-Send (CTS) frames received.
Number of acknowledgment frames received.
Number of beacons received.
Number of probe requests received.
Number of probe responses received.
Number of retried frames received.
The percentage of time the radio channel was busy in the last 1 second.
The percentage of time the radio channel was busy in the last 4 seconds.
The percentage of time the radio channel was busy in the last 64 seconds.
Percentage of time the channel was busy over the last 30 beacon intervals.
Percentage of time the AP was receiving data over the last 30 beacon intervals.
Number of non-802.11 events that were detected and discarded during normal operation.
Number of scan frames sent for the adaptive radio management (ARM) feature.
1127 | show ap debug radio-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Rx Data Frames Rx Data Frames (PPS) Rx Data Bytes Rx Time Data Rx Duplicate Frames Rx Broadcast Data Frames Rx Multicast Data Frames Rx Unicast Data Frames Rx Null Data Frames Rx Mgmt Frames Rx Mgmt Frames (PPS)
Rx Control Frames Rx Control Frames (PPS)
Rx Frames To Me
Rx Bytes To Me
Rx Time To Me Rx Broadcast Frames Rx Probe Requests Rx Probe Requests (PPS)
Rx RTS Frames
Description Number of data frames received.
Rate at which data frames were received, in packets per second.
Number of data bytes received.
Total time spent on frames successfully received.
Number of duplicate frames received.
Number of broadcast frames received.
Number of multicast frames received.
Number of unicast frames received.
Number of null data frames received.
Number of management frames received.
Rate at which management frames were received, in packets per second.
Number of control frames received.
Rate at which control frames were received, in packets per second.
Number of frames received that are addressed to the specified BSSID.
Number of bytes received that are addressed to the specified BSSID.
Total time spent receiving frames sent to a specified BSSID.
Number of broadcast frames received.
Number of Probe requests received.
Rate at which probe requests were received, in packets per second.
Ready To Send (RTS) frames received. These frames are sent when a computer has data to transmit.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug radio-stats | 1128
Parameter Rx RTS Frames (PPS) Rx CTS Frames Rx CTS Frames (PPS) RX PS Poll Frames
RX CRC Errors
RX PLCP Errors Rx Frames Dropped Rx PHY Events Rx RADAR Events
RX Interrupts RX Overrun Rx undecryptable RX STBC Frames RX LDPC Frames Rx data <number> Mbps Rx <number> Mbps
Description
Rate at which RTS frames were received, in packets per second.
Clear To Send (CTS) frames received. This type of frame are used to verify that a client is ready to receive information.
Rate at which CTS frames were received, in packets per second.
Power-Save Poll (PS-Poll) frames received. When a client exits a power-saving mode, it transmits a PS-Poll frame to the AP to retrieve any frames buffered while it was in power-saving mode.
Cyclic Redundancy Check (CRC) is a data sequence that is sent with a frame to help verify if all the data received correctly. Possible CRC error causes include: l Hardware malfunction l Loose or unconnected cables l RF interference, such as overlapping access point coverage on
a channel or interfering 2.4-GHz signals from devices like microwave ovens l and wireless handset phones
Physical Layer Convergence Protocol (PLCP) errors.
Number of received frames that were dropped.
The number of Physical Layer Events, that are not 802.11 packets, detected by radio as part of its normal receive operation.
Number of times an AP detects a radar signature. Dell APs are DFS-compliant detects a radar signature, it will change its channel.
The number of receive interrupts received by the CPU from the radio.
The number of Receive FIFO overruns.
Number of non-decryptable frames received.
Number of received frames with STBC enabled.
Number of received frames with LDPC enabled.
Data packets received at the specified rate (in Mbps).
Packets received at the specified rate (in Mbps).
1129 | show ap debug radio-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Rx data <number> Mbps Rx HT <number> Mbps Rx WMM [BE]
RX bad length Rx Null Src MAC Rx Managment Frames Dropped Rx Data Frames Dropped SNR from CTL0 Throttle drops Stop all but Mgmt
Description
Packets received at the specified rate (in Mbps).
Number of high-throughput packets received at the specified rate.
Number of Wifi Multimedia (WMM) packets received for the following access categories. If the AP has not transmitted packets in a category type, this data row will not appear in the output of the command. Rx WMM [BE]: Best Effort Rx WMM [BK]: Background Rx WMM [VO]: VoIP Rx WMM [VI]: Video
Number of frames received with incorrect length.
Number of received frames with source MAC address as NULL.
Number of received management frames that were dropped.
Number of received data frames that were dropped.
Signal-to-noise ratio (SNR) on chain 0.
Number of received frames dropped by AP due to throttling when AP is under high load.
Number of data frames dropped because radar was detected on a channel. An AP is allowed to send management frames only and must drop all other frames when radar is detected on a channel.
Command History
Command ArubaOS 3.0 ArubaOS 6.3
Description
Command Introduced
The output of this command was enhanced to include the following information types, when their collection is enabled using the command ap debug advanced-stats. l Advanced statistics for transmitted and received frames. l Information about packets per second statistics for different
frame types. l Advanced radio driver statistics for the specified radio. The ip6-addr parameter was introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug radio-stats | 1130
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1131 | show ap debug radio-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug received-config
show ap debug received-config ap-name <ap-name> [essid <essid>] bssid <bssid> [essid <essid>] ip-addr <ip-addr> [essid <essid>] ip6-addr <ip6-addr> [essid <essid>]
Description
Show the configuration the AP downloaded from the controller.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
ip6-addr <ip6-addr>
Description
Show log information for an AP with a specific name.
Show log information for a specific Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show log information for an AP with a specific IP address by entering an IP address in dotted-decimal format.
Show log information for an AP with a specific IPv6 address by entering an IPv6 address in dotted-decimal format.
Example
The output of this command displays configuration information for each interface. The example below shows only part of the output for this command. Additional parameters not displayed are described in the table below.
(host) #show ap debug received-config ap-name AP12
Downloaded Config for WIFI 0 ---------------------------Item ---BSSID LMS IP Master IP Mode QBSS Probe Response Native VLAN ID SAP MTU Heartbeat DSCP High throughput enable (radio) Channel Beacon Period Transmit Power Advertise TPC Capability Enable CSA CSA Count Management Frame Throttle interval Management Frame Throttle Limit
Value -----
10.6.2.250 10.100.103.2 AP Mode Allow Access 1 1500 bytes 0 Enabled 40100 msec 15 dBm Disabled Disabled 4 1 sec 20
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug received-config | 1132
Active Scan VoIP Aware Scan Power Save Aware Scan Load aware Scan Threshold 40 MHz intolerance Honor 40 MHz intolerance Legacy station workaround Country Code ESSID ...
Disabled Enabled Enabled 1250000 Bps Disabled Enabled Disabled US guest
The output of this command includes the following information:
Parameter BSSID LMS IP Master IP Mode
QBSS Probe Response Native VLAN ID SAP MTU Heartbeat DSCP High throughput enable (radio) Channel Beacon Period Transmit Power
Description
The BSSID of the AP.
The LMS IP is the IP address of the local controller used by the AP for client data processing.
For environments with multiple controllers, the master controller is the central configuration and management point for all local controllers.
Shows the operating modes for the AP. ap-mode: Device provides transparent, secure, high-speed data communications between wireless network devices and the wired LAN. am-mode: Device behaves as an air monitor to collect statistics, monitor traffic, detect intrusions, enforce security policies, balance traffic load, self-heal coverage gaps, etc.
Quality-of-service BSS (QBSS).
The ID number of the Native VLAN.
The Maximum Transmission Unit (MTU) for the GRE tunnel.
DSCP value for the heartbeat traffic between the AP and the controller.
Shows if high-throughput (802.11n) features on tare enabled or disabled on the radio.
Shows the channel number for the AP's 802.11a/802.11n physical layer.
Shows the time, in milliseconds, between successive beacon transmissions. The beacon advertises the AP's presence, identity, and radio characteristics to wireless clients.
Shows the current transmission power level.
1133 | show ap debug received-config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Advertise TPC Capability
Description
If enabled, the AP will advertise its Transmit Power Control (TPC) capability.
Enable CSA
Displays whether or not the AP has enabled channel switch announcements (CSAs) for 802.11h.
CSA Count
Number of channel switch announcements that must be sent before the AP will switch to a new channel.
Management Frame Throttle interval
Average interval that rate limiting management frames are sent from this radio, in seconds. If this column displays a zero (0), rate limiting is disabled for this AP.
Management Frame Throttle Limit
Maximum number of management frames that can come from this radio in each throttle interval.
Active Scan
Displays whether or not the active scan feature is enabled.
This option elicits more information from nearby APs, but also creates additional management traffic on the network. Active Scan is disabled by default, and should not be enabled except under the direct supervision of Dell Support.
VoIP Aware Scan
Shows if VoIP aware scanning is enabled or disabled. If you use voice handsets in the WLAN, VoIP Aware Scan should be enabled in the ARM profile so the AP will not attempt to scan a different channel if one of its clients has an active VoIP call. This option requires that Scanning is also enabled.
Power Save Aware Scan
Shows if the power save aware scan is enabled or disabled. If enabled, the AP will not scan a different channel if it has one or more clients and is in power save mode.
Load aware Scan Threshold
The Load Aware Scan Threshold is the traffic throughput level an AP must reach before it stops scanning. Load aware ARM preserves network resources during periods of high traffic by temporarily halting ARM scanning if the load for the AP gets too high.
40 MHz intolerance
The specified setting allows ARM to determine if 40 MHz mode of operation is allowed on the 5 GHz or 2.4 GHz frequency band only, on both frequency bands, or on neither frequency band.
Honor 40 MHz intolerance
Shows if 40 MHz intolerance is enabled or disabled. If enabled, the radio will stop using the 40 MHz channels if the 40 MHz intolerance indication is received from another AP or station.
Legacy station workaround
Shows if interoperability for misbehaving legacy stations is enabled or disabled.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug received-config | 1134
Parameter Country Code
Description
Display the country code for the AP. The country code specifies allowed channels for that country.
ESSID
An Extended Service Set Identifier (ESSID), for the AP.
Encryption
Encryption type used on this AP.
WPA2 Pre-Auth
802.11x settings are enabled or disabled.
DTIM Interval
Number of beacons that should elapse before an AP sends beacon broadcasts for power save clients.
802.11a Basic Rates
Minimum data rate required for a client to associate with the AP. For an 802.11a radio, this value can be 6, 12 and 24 802.11 data rates. 802.11b/g radios will report a value of 1 and 2 802.11 data rates.
802.11a Transmit Rates
802.11 data rate at which the AP will transmit data to its clients. This value can be 6-54 for 802.11a radios, and 1-54 for 802.11b/g radios.
Station Ageout Time
Number of seconds a station may be idle before it is deauthorized from an AP.
Max Transmit Attempts
maximum number of times the AP will attempt to retransmit data.
RTS Threshold
The minimum packet size at which the AP will issue a request-to-send (RTS) before sending the packet.
Max Associations
The maximum number of clients allowed to associated with the AP
Wireless Multimedia (WMM)
Shows if Wireless Multimedia (WMM) is enabled or disabled for this AP. WMM provides prioritization of specific traffic relative to other traffic in the network.
WMM TSPEC Min Inactivity Interval
Displays the minimum inactivity time-out threshold of WMM traffic for this AP.
DSCP mapping for WMM voice AC
Displays the DSCP value used to map WMM voice traffic.
DSCP mapping for WMM video AC
Displays the DSCP value used to map WMM video traffic.
DSCP mapping for WMM best-effort AC Displays the DSCP value used to map WMM best-effort traffic
1135 | show ap debug received-config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter DSCP mapping for WMM background AC
Description
Displays the DSCP value used to map WMM background traffic.
Hide SSID
Shows if the feature to hide a SSID name in beacon frames is enabled or disabled.
Deny_Broadcast Probes
When a client sends a broadcast probe request frame to search for all available SSIDs, this option controls whether or not the system responds for this SSID. When enabled, no response is sent and clients have to know the SSID in order to associate to the SSID. When disabled, a probe response frame is sent for this SSID.
Local Probe Response
Shows if local probe response is enabled or disabled on the AP. If this option is enabled, the AP is responsible for sending 802.11 probe responses to wireless clients' probe requests. If this option is disabled, then the controller sends the 802.11 probe responses
Disable Probe Retry
Shows if the AP has enabled or disabled MAC-level retries for probe response frames. By default this parameter is enabled, which mean that MAC level retries for probe response frames is disabled.
Maximum Transmit Failures
Display the maximum number of transmission failures allowed before the client gives up.
BC/MC Rate Optimization
Shows if the AP has enabled or disabled scanning of all active stations currently associated to that AP to select the lowest transmission rate for broadcast and multicast frames. This option only applies to broadcast and multicast data frames; 802.11 management frames are transmitted at the lowest configured rate.
High throughput enable (SSID)
Shows if the AP has enabled or disabled the use of its highthroughput SSID in 40 MHz mode.
40 MHz channel usage
Determines if this high-throughput SSID allows highthroughput (802.11n) stations to associate.
MPDU Aggregation
Shows if the AP has enabled or disabled MAC protocol data unit (MDPU) aggregation.
Max transmitted A-MPDU size
Shows the maximum size, in bytes, of an A-MPDU that can be sent on the AP's high-throughput SSID.
Max received A-MPDU size
Shows the maximum size, in bytes, of an Aggregated-MAC Packet Data Unit (A-MPDU) that can be received on the AP's high-throughput SSID.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug received-config | 1136
Parameter Min MPDU start spacing
Description
Displays the minimum time between the start of adjacent MDPUs within an aggregate MDPU, in microseconds.
Supported MCS set
Comma-separated list of Modulation Coding Scheme (MCS) values or ranges of values to be supported on this highthroughput SSID.
Short guard interval in 40 MHz mode Shows if the AP has enabled or disabled use of short guard interval in 40 MHz mode of operation.
VLAN Forward mode
Band Steering
VLAN ID used by the SSID.
Shows the current forward mode (bridge, split-tunnel, or tunnel) for the virtual AP.
This parameter controls whether 802.11 frames are tunneled to the controller using generic routing encapsulation (GRE), bridged into the local Ethernet LAN (for remote APs), or a combination thereof depending on the destination (corporate traffic goes to the controller, and Internet access remains local).
Only 802.1X authentication is supported when configuring bridge or split tunnel mode.
Shows if band-steering has been enabled or disabled for a virtual AP.
ARM's band steering feature encourages dual-band capable clients to stay on the 5GHz band on dual-band APs. This frees up resources on the 2.4GHz band for single band clients like VoIP phones.
Band steering reduces co-channel interference and increases available bandwidth for dual-band clients, because there are more channels on the 5GHz band than on the 2.4GHz band. Dual-band 802.11n-capable clients may see even greater bandwidth improvements, because the band steering feature will automatically select between 40MHz or 20MHz channels in 802.11n networks. This feature is disabled by default, and must be enabled in a Virtual AP profile.
Command History
Command ArubaOS 3.0 ArubaOS 6.3
Description Command Introduced The ip6-addr and essid parameters were introduced.
1137 | show ap debug received-config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug received-config | 1138
show ap remote debug association-failure
show ap remote debug association-failure [{ap-name <ap-name>}|{bssid <bssid>}{essid <essid>}]
Description
Display association failure information that can be used to troubleshoot problems on an AP.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
essid <essid>
Description
Filter the Association Failure Table by AP name.
Filter the Association Failure Table by Basic Service Set Identifier (BSSID). The BSSID is usually the AP's MAC address.
Filter the Association Failure Table by Extended Service Set Identifier (ESSID) of an AP.
Usage Guidelines
Use this command to determine whether the client is associated, and identify the last AP to which it was connected.
Example
The output of the command show ap remote debug association-failure displays the Association Failure Table show below. If the Idle time column in the output of this command is a low value, reason column will describe why association failed.
(host)#show ap remote debug association-failure ap-name AP-65-port3
Association Failure Table
-------------------------
MAC Address
AP Name BSSID
ESSID State Radio
-----------
------- -----
----- ----- -----
00:16:6f:09:54:3e AL29
00:1a:1e:11:6f:00 guest
802.11g
Going Down
00:16:6f:09:54:3e AL33
00:1a:1e:11:6e:60 guest auth 802.11g
Unspecified Failure
00:16:6f:09:54:3e AL40
00:1a:1e:8d:5b:20 guest
802.11g
Ageout
Num Association Failures:3
Idle Time Reason --------- -----20h:39m:33s Denied; AP
20h:39m:33s
20h:39m:33s Denied;
The output of this command includes the following parameters:
Column MAC address AP Name
Description MAC address of the client that failed to associate with an AP. Name of an AP to which the client attempted to associate.
1139 | show ap remote debug association-failure
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column BSSID ESSID State
Radio Idle Time
Reason
Description Basic Service Set Identifier of an AP.
Extended Service Set Identifier of an AP.
This data column shows if the client is currently authorized or both authorized and associated with an AP.
The AP radio type.
Amount of time that the client has been idle, in the format hours:minutes:seconds.
A brief description of the reason why the client failed to associate.
Command History
Introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap remote debug association-failure | 1140
show ap debug shaping-table
show ap debug shaping-table {ap-name <ap-name>|ip-addr <ip-addr>}
Description
Show shaping information for clients associated to an AP.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr>
Description
Show shaping table information for a specific AP.
Show shaping table information for a specific AP IP address by entering its IP address in dotted-decimal format.
Example
The following command shows the shaping table of an AP named ap22. (host) #show ap debug shaping-table ap-name ap22
VAP station000
pktin pktout pktdrop pktqd
0
0
0
0
cmn[C:O:H] 0-0-0 0-0
drop Numcl TotCl BWmgmt
0-0-0 0
0
d1
d2
d3
d4
d5
d6
d7
d8
d9
0
0
0
0
0
0
0
0
0
idx
tokens last-t in
out
drop q
tx-t rx-t al-t rate
idx
d1
d2
d3
d4
d5
d6
d7
d8
d9
0
0
0
0
0
0
0
0
0
0
VAP station001
pktin pktout pktdrop pktqd
0
8144 0
0
cmn[C:O:H] 0-0-0 0-0
drop Numcl TotCl BWmgmt
0-2-0 2
0
d1
d2
d3
d4
d5
d6
d7
d8
d9
0
0
0
0
0
0
0
0
0
idx
tokens last-t in
1
0
0
0
3
0
0
0
out
drop q
2966 0
0
31
0
0
tx-t 716 8
rx-t 0 0
al-t 0 0
rate 0 0
idx
d1
d2
d3
d4
d5
d6
d7
d8
d9
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
3
0
0
0
0
0
0
0
0
0
The output of this command includes the following information:
1141 | show ap debug shaping-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column pktin pktout pktdrop pktqd cmn [C:O:H] drop Numcl TotCl Bwmgmt
d<n> idx tokens last-t
in out drop q tx-t rx-t al-t rate
Description Number of packets received by the AP. Number of packets sent by the AP. Number of packets dropped by the AP. Number of packets queued. (For internal use only.) Number of CCK (802.11b) and OFDM (802.11a/g) packets dropped. Number of CCK (802.11b) and OFDM (802.11a/g) packets dropped. Total number of clients associated with the AP This data column displays a 1 if the bandwidth management feature has been enabled. Otherwise, it displays a 0. (For internal use only.) Association ID. This value represents the credits the station has to transmit tokens. Number of tokens that were allocated to the station last time token allocation algorithm ran. Number of packets received. Number of packets sent. Number of dropped packets. Number of queued packets Total time spent transmitting data. Total time spent receiving data. Total time allocated for transmitting data to this station. (For internal use only.)
Command History
Introduced in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug shaping-table | 1142
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1143 | show ap debug shaping-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug spanning-tree
show ap debug spanning-tree {ap-group <ap-group>|ap-name <ap-name>|bssid <bssid>|ip-addr <ipaddr>}
Description
Show an AP's spanning tree statistics.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
ip6-addr <ip6-addr>
Description
Show log information for an AP with a specific name.
Show log information for a specific Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show log information for an AP with a specific IP address by entering an IP address in dotted-decimal format.
Show log information for an AP with a specific IPv6 address by entering an IPv6 address in dotted-decimal format.
Example
The following command shows the ..................................... (host) #show ap debug spanning-tree
Command History
This command was introduced in ArubaOS 3.0
Release ArubaOS 6.3
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug spanning-tree | 1144
show ap debug switching
show ap debug switching {ap-name <ap-name>|ip-addr <ip-addr>|ip6-addr <ip6-addr>}
Description
Show an AP's switching statistics.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr> ip6-addr <ip6-addr>
Description Name of the Access Point. IP address of the Access Point. IPv6 address of the Access Point.
Example
The following command shows the ..................................... (host) #show ap debug switching
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.3
The ip6 parameters was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1145 | show ap debug switching
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug system-status
show ap debug system-status ap-name <ap-name> bssid <bssid> ip-addr <ip-addr> ip6-addr <ip6-addr>
Description
Show detailed system status information for an AP.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr> ip6-addr <ip6-addr>
Description
Show system status data for an AP with a specific name.
Show system status data for a specific Basic Service Set Identifier (BSSID) on an AP. The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show system status data for an AP with a specific IP address by entering an IP address in dotted-decimal format.
Show system status data for an AP with a specific IPv6 address by entering an IPv6 address in dotted-decimal format.
Usage Guidelines
Issue this command under the guidance of Dell technical support to troubleshoot network issues. The output of this command displays the following types of information (if it exists) for the selected AP:
l Bootstrap information
l Descriptor Usage l Interface counters l MTU discovery l ARP cache l Route table l Interface Information l System Status Script
l Per-radio statistics
l Encryption statistics l AP uptime l memory usage l Kernel slab statistics l Interrupts l Crash Information
l Ethernet duplex/speed settings
l Tunnel heartbeat stats l Boot version l LMS information l Power status l CPU type l CPU usage statistics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug system-status | 1146
The following parameters are included in the output of this command, and can help troubleshoot problems on an AP or wireless network.
Parameter
The Failed column in the Descriptor Usage section
Description This parameter can tell you if the AP is dropping packets.
Interface Information table
This parameter can tell you if the Ethernet network is working properly. This table should not show an excessive number of errors.
AP Uptime table
Low values in this table can indicate problems with the wired network, or with the AP itself.
Tunnel Heartbeat table
This table can indicate the health of the underlying wired network.
Rebootstrap Information table /Reboot Information table
A large number of reboots can mean that the AP has hardware problems.
Command History
Release ArubaOS 3.0 ArubaOS 5.0 ArubaOS 6.3
ArubaOS 6.4.2.0
Modification
Command introduced
Crash information parameter was introduced.
The output of this command was enhanced to include the following information type for each ethernet interface: l broadcast and multicast TX/RX counts l fragmentation and reassembly counts l packets per second statistics for different frame types The ip6-addr parameter was introduced.
Changed the format of the System Status Script output to the following: function-name(line-num): new-total-drops/total-drops new-prioritydrops/total-priority-drops Example: wlc_dotxstatus(40576): 5034/3231117 4272/1907873 This change helps to determine if priority (voice or video) frames are dropped from the AP Wi-Fi driver drop-list. NOTE: The System Status Script is displayed for W-AP200 Series and WAP220 Series access points only.
1147 | show ap debug system-status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug system-status | 1148
show ap debug trace-addr
show ap debug trace-addr
Description
Show MAC addresses in the trace buffer.
Usage Guidelines
Use this command to troubleshoot wireless clients that are being traced for 802.11 communication
Examples
The output of the command shows the Trace List table. If no wireless clients are being traced, this table will be empty. (host) #show ap debug trace-addr
Trace List ---------MAC Address ----------00:1a:1e:c5:ca:b4 00:1a:1e:c5:d6:46 00:1a:1e:c5:d7:40 00:1a:1e:c5:d7:64 00:1a:1e:c5:d9:56 00:1a:1e:c5:d9:b0
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1149 | show ap debug trace-addr
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug usb
show ap debug usb ap-name <ap-name> ip-addr <ip-addr> ip6-addr <ip6-addr>
Description
This command displays the USB information provisioned on the RAP.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr>
ip6-addr <ip6-addr>
Description
Show system status data for an AP with a specific name.
Show system status data for an AP with a specific IP address by entering an IP address in dotted-decimal format.
Show system status data for an AP with a specific IPv6 address by entering an IPv6 address in dotted-decimal format.
Usage Guidelines
Use this command to view the USB information provisioned on the RAP.
Examples
The output of the command shows the USB information provisioned on the RAP.
(host) #show ap debug usb ap-name RAP2
USB Information
---------------
Parameter
Value
---------
-----
Manufacturer
Pantech,
Product
PANTECH
Serial Number
Driver
ptuml_cdc_ether
Vendor ID
106c
Product ID
3718
USB Modem State
Active
USB Uplink RSSI(in dBm)
-73
Supported Network Services CDMA GSM LTE
Firmware Version
L0290VWB522F.242
ESN Number
990000472325325
Current Network Service
4G-LTE
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap debug usb | 1150
Command History
Release ArubaOS 6.2 ArubaOS 6.3
Modification Command introduced The ip6-addr parameter was introduced.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
1151 | show ap debug usb
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap details
show ap details [advanced]{ap-name <ap-name>||ip-addr <ip-addr>|ip6-addr <ip6-addr>|wired-mac <wired-mac>}
Description
Show detailed provisioning parameters, hardware, and operating information for a specific AP.
Syntax
Parameter advanced
Description
Include the following additional data in the output of this command: l switch message counts l AP group information l Virtual AP operating information
ap-name <ap-name>
Show data for a specific AP by entering the name of the AP for which you want to display information.
wired-mac <wired-mac> Show mac address of an AP.
ip-addr <ip-addr>
Show data for an AP with the specified IP address.
ip6-addr <ip6-addr>
Show data for an AP with the specified IPv6 address.
Examples
The example below shows part of the output for the command show ap details ap-name <ap-name>.
(host) # show ap details ap-name AP32
AP "AL39" Basic Information
---------------------------
Item
Value
----
-----
AP IP Address 10.6.1.206
LMS IP Address 10.6.2.253
Group
corp1344
Location Name N/A
Status
Up
Up time
4d:12h:47m:32s
AP "AL39" Hardware Information
------------------------------
Item
Value
----
-----
AP Type
125
Serial #
AD0054972
Wired MAC Address 00:1a:1e:c9:17:38
Radio 0 BSSID
00:1a:1e:11:73:90
Radio 1 BSSID
00:1a:1e:11:73:80
Enet 1 MAC Address 00:1a:1e:c9:17:39
Service Tag
N/A
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap details | 1152
AP "AL39" Operating Information
-------------------------------
Item
Value
----
-----
AP State
Running
Entry created
2008-10-23 20:04:53
Last activity
2008-10-28 08:07:48
Reboots
0
Bootstraps
1
Bootstrap Threshold 7Slot/Port
2/24
The output of this command includes the following information:
Column AP IP Address LMS IP Address
Group Location Name Status Up time
Installation
AP Type Serial # Wired MAC address Radio 0 BSSID
Radio 1 BSSID
Enet 1 MAC address Service Tag AP State
Description IP address of the AP
The IP address of the local management switch (LMS)--the Dell controller which is responsible for terminating user traffic from the APs, and processing and forwarding the traffic to the wired network.
Name of the AP's AP group.
Location of the AP.
Current status of the AP, either Up or Down.
Number of hours, minutes and seconds since the last controller reboot or bootstrap, in the format hours:minutes:seconds.
AP Installation mode. The AP can be default (the factory set AP installation type, indoor or outdoor.
AP model
Serial number for the AP
MAC address of the wired interface.
Basic Service Set Identifier (BSSID) of the AP's radio 0. This is usually the radio's MAC address.
Basic Service Set Identifier (BSSID) of the AP's radio 1. This is usually the radio's MAC address.
MAC address of the AP's Ethernet port.
Service tag of the AP. Displays the AP's current operational state.
1153 | show ap details
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column Entry created Last activity Reboots Bootstraps Bootstrap threshold
Slot/Port
High throughput Mode
Band Channel Secondary Channel
EIRP
Description
Timestamp showing the time the AP registered with the controller.
Timestamp showing the last time the AP communicated with the controller. An AP typically sends keepalive messages every minute.
Number of times power to the AP cycled off and then on again. Reboots also known as "hard" restarts.
Number of times the AP restarted. Bootstraps are also known as "soft" restarts.
Number of consecutive missed heartbeats on a GRE tunnel (heartbeats are sent once per second on each tunnel) before an AP rebootstraps. On the controller, the GRE tunnel timeout is 1.5 x bootstrap-threshold; the tunnel is torn down after this number of seconds of inactivity on the tunnel.
The controller port used by the AP, in the format <slot>/<port>. The <port> parameter refers to the network interfaces that are embedded in the front panel of the W-3000 Series controller. Port numbers start at 0, from the left-most position.
Shows if high-throughput (802.11n) features are enabled or disabled.
Shows the operating modes for the AP. l AP: Device provides transparent, secure, high-speed data
communications between wireless network devices and the wired LAN. l AM: Device behaves as an air monitor to collect statistics, monitor traffic, detect intrusions, enforce security policies, balance traffic load, self-heal coverage gaps, etc.
The RF band in which the AP should operate: l 802.11g = 2.4 GHz l 802.11a = 5 GHz
Channel number for the AP 802.11a/802.11n physical layer. The available channels depend on the regulatory domain (country).
The secondary channel number for the AP. The secondary channel is a 20 MHz channel used in conjunction with the primary channel to create a 40 MHz channel for high-throughput clients. High-throughput capable APs use only the primary channel to communicate with 20 MHz clients. The secondary channel is used for transmissions with 40 MHz capable high-throughput clients.
Current effective Isotropic Radiated Power (EIRP).
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap details | 1154
Column AP Name AP Group Location name SNMP sysLocation Master Gateway Netmask IP Addr Dns IP Domain Name Server Name Server IP Antenna gain for 802.11a Antenna gain for 802.11g Antenna for 802.11a
Antenna for 802.11g
IKE PSK PPPOE User Name
Description Name of the AP.
AP group to which the AP belongs.
Fully-qualified location name (FQLN) for the AP.
User-defined description of the location of the AP, as defined with the command provision-ap syslocation.
Name or IP address for the master controller.
IP address of the default gateway for the AP.
Netmask for the AP's IP address.
IP address for the AP.
IP address of the DNS server.
Domain name used by the AP.
DNS name of the controller from which the AP boots.
IP address of the controller from which the AP boots
Antenna gain for 802.11a (5GHz) antenna.
Antenna gain for 802.11g (2.4GHz) antenna.
Antenna use for 5 GHz (802.11a) frequency band. l 1: AP uses antenna 1 l 2: AP uses antenna 2 l both: AP uses both antennas
Antenna use for 2.4 GHz (802.11g) frequency band. l 1: AP uses antenna 1 l 2: AP uses antenna 2 l both: AP uses both antennas
The IKE pre-shared key.
Point-to-Point Protocol over Ethernet (PPPoE) user name for the AP.
1155 | show ap details
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column PPPOE Password PPPOE Service Name USB User Name USB Password USB Device Type USB Device Identifier USB Dial String USB Initialization String USB TTY device path Mesh Role
Installation
Latitude Longitude Altitude
Antenna bearing for 802.11a
Antenna bearing for 802.11g
Description
PPPoE password for the AP.
PPPoE service name for the AP.
The PPP username provided by the cellular service provider.
A PPP password, if provided by the cellular service provider.
The USB driver type.
The USB device identifier.
The dial string for the USB modem.
The initialization string for the USB modem.
The TTY device path for the USB modem.
If the mesh role is "none," the AP is operating as a thin AP. An AP operating as a mesh node can have one of two roles: mesh portal or mesh point.
The type of installation (indoor or outdoor). The default parameter indicates that the ArubaOS automatically selects an installation mode based upon the AP's model type.
Latitude coordinates of the AP, in the format Degrees Minutes Seconds (DMS).
Longitude coordinates of the AP, in the format Degrees Minutes Seconds (DMS).
Altitude, in meters, of the AP. This parameter is supported on outdoor APs only.
Horizontal coverage distance of the 802.11a (5GHz) antenna from true north, from 0-360 degrees. NOTE: This parameter is supported on outdoor APs only. The horizontal coverage pattern does not consider the elevation or vertical antenna pattern.
Horizontal coverage distance of the 802.11g (2.4GHz) antenna from true north, from 0-360 degrees. NOTE: This parameter is supported on outdoor APs only. The horizontal coverage pattern does not consider the elevation or vertical antenna pattern.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap details | 1156
Column
Description
Antenna tilt angle for 802.11a
The angle of the 802.11a (5GHz) antenna. This parameter can range from between -90 degrees and 0 degrees for downtilt, and between +90 degrees and 0 degrees for uptilt.
Antenna tilt angle for 802.11g
The angle of the 802.11g (2.4GHz) antenna. This parameter can range from between -90 degrees and 0 degrees for downtilt, and between +90 degrees and 0 degrees for uptilt.
Mesh SAE
Shows if the AP has enabled or disabled Secure Attribute Exchange (SAE) on a mesh network. This setting is disabled by default.
Command History
Release ArubaOS 3.0 ArubaOS 3.2 ArubaOS 3.4
ArubaOS 5.0 ArubaOS 6.1 ArubaOS 6.3 ArubaOS 6.4.2.0
Modification
Command introduced
Introduced support for mesh parameters, additional antenna parameters, and AP location parameters.
Introduced support for the following parameters: l installation l mesh-sae l set-ikepsk-by-addr l usb-dev l usb-dial l usb-init l usb-passwd l usb-tty l usb-type l usb-user
The mesh-sae parameter no longer displays the sae-default setting if the parameter is disabled. Only the sae-disable option indicates that this parameter is currently in its default disabled state.
The parameter ip6-addr was added to show data for an IPv6 AP.
The parameter bassid was deprecated.
The output of this command displays the service tag of an AP.
1157 | show ap details
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap details | 1158
show ap enet-link-profile
show ap enet-link-profile [<profile>]
Description
Show a list of all Ethernet Link profiles.
Usage Guidelines
Include a profile name to display details for the specified Ethernet Link Profile, or omit the <profile> parameter to display a list of all Ethernet Link profiles.
Example
This command shows the speed of the Ethernet interface and the current duplex mode for the Ethernet Link profile "default": (host) #show ap enet-link-profile default
AP Ethernet Link profile "default"
----------------------------------
Parameter Value
--------- -----
Speed
auto
Duplex
auto
The output of this command includes the following parameters:
Parameter Speed
Description
The speed of the Ethernet interface. This value can be either 10 Mbps, 100 Mbps, 1000Mbps (1 Gbps), or auto (auto-negotiated).
Duplex
The duplex mode of the AP's Ethernet interface. This value can be either full, half, or auto (auto-negotiated).
Related Commands
Command ap enet-link-profile
Description
Mode
This command configures an AP Ethernet link profile.
Config mode
Command History
Introduced in ArubaOS 3.0.
1159 | show ap enet-link-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap enet-link-profile | 1160
show ap essid
show ap essid
Description
Show a Extended Service Set Identifier (ESSID) summary for the controller, including the numbers of APs and clients associated with each ESSID.
Examples
The output of the command in the example below shows statistics for four configured ESSIDs.
(host) #show ap essid
ESSID Summary
-------------
ESSID
APs Clients
-----
--- -------
vocera 21 0
66
voip 23 52
66,64
guest
49 6
wpa2 26 88
65,64
Num ESSID:4
VLAN(s) Encryption
------- ----------
WPA2 PSK AES
WPA2 8021X AES
63
Open
WPA2 8021X AES
The output of this command includes the following information:
Column ESSID
APs VLAN(s) Encryption
Description
An Extended Service Set Identifier (ESSID) is the identifying name of an 802.11 wireless network.
Number of APs associated with the ESSID.
VLAN IDs of the VLANs for the ESSID.
The layer-2 authentication and encryption used on this ESSID to protect access and ensure the privacy of the data transmitted to and from the network.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1161 | show ap essid
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap ht-rates
show ap ht-rates bssid <bssid>
Description
Show high-throughput rate information for a basic service set (BSS).
Syntax
Parameter bssid <bssid>
Description
Show data for a specific Basic Service Set Identifier (BSSID) on an AP. An AP's BSSID is usually the AP's MAC address.
Examples
The output of this command shows high-throughput rates for each supported MCS value. These values are applicable to high-throughput (802.11n-capable) APs only. (host) #show ap ht-rates bssid 00:1a:1e:1e:5a:10
AP "AL12" Radio 0 BSSID 00:1a:1e:1e:5a:10 High-throughput Rates (Mbps)
----------------------------------------------------------------------
MCS Streams 20 MHz 40 MHz 40 MHz SGI
--- ------- ------ ------ ----------
01
6.5 13.5 15.0
11
13.0 27.0 30.0
21
19.5 40.5 45.0
31
26.0 54.0 60.0
41
39.0 81.0 90.0
51
52.0 108.0 120.0
61
58.5 121.5 135.0
71
65.0 135.0 150.0
82
13.0 27.0 30.0
92
26.0 54.0 60.0
10 2
39.0 81.0 90.0
11 2
52.0 108.0 120.0
12 2
78.0 162.0 180.0
13 2
104.0 216.0 240.0
14 2
117.0 243.0 270.0
15 2
130.0 270.0 300.0
The output of this command includes the following information:
Column MCS Streams 20 MHz
Description A Modulation Coding Scheme (MCS) values supported on this high-throughput SSID. Number of spatial streams used by the MCS index value. 802.11n data rates for the MCS for 20 Mhz transmissions.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap ht-rates | 1162
Column 40 MHz 40 MHz SGI
Description 802.11n data rates for the MCS for 40 Mhz transmissions. 802.11n data rates for the MCS for 40 Mhz transmissions using a short guard interval.
Related Commands
Command show ap vht-rates
Description Show very-high-throughput rate information for a basic service set (BSS).
Command History
Introduced in ArubaOS 3.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1163 | show ap ht-rates
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap image-preload-status (deprecated)
show ap image-preload-status page <page> start <start>
Description
This command displayed the list of APs that will preload a new version of software from a controller with the AP preload feature activated. Starting with ArubaOS 6.4, command was replaced by the command show ap image-preload status.
Command History
Release ArubaOS 6.3 ArubaOS 6.4
Modification Command introduced Command deprecated
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap image-preload-status (deprecated) | 1164
show ap image-preload status
show ap image-preload status all list summary
Description
Display the list of APs that will preload a new version of software from a controller with the AP preload feature activated.
Syntax
Parameter all list summary
Description Display the complete status of AP image preload operation. Displays the list of APs and their image preload statuses. Summarizes the status of AP image preload operation.
Usage Guidelines
Issue this command to display a list of APs in the AP image preload list, and monitor the download status of each AP.
Example
The example below shows the current status of APs downloading a new image using the AP image preload feature. (host) #show ap image-preload status all
AP Image Preload Parameters
---------------------------
Item
Value
----
-----
Status
Active
Mode
All APs
Partition
0
Build
40740
Max Simultaneous Downloads 512
Start Time
2013-11-05 15:38:50
AP Image Preload AP Status Summary
----------------------------------
AP Image Preload State Count
---------------------- -----
Preloaded
1
TOTAL
1
AP Image Preload AP Status
--------------------------
AP Name
AP Group AP IP
AP Type Preload State Start Time
End
Time
Failure Count Failure Reason
1165 | show ap image-preload status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
-------
-------- -----
------- -------------
---
------------- --------------
6c:f3:7f:c3:a6:56 SecureJack 10.3.90.14 135
Preloaded
11-05 15:39:58 0
----------
-----
2013-11-05 15:38:50 2013-
(host) #show ap image-preload status list
AP Image Preload AP Status
--------------------------
AP Name
AP Group AP IP
AP Type
Time
Failure Count Failure Reason
-------
-------- -----
-------
--
------------- --------------
6c:f3:7f:c3:a6:56 SecureJack 10.3.90.14 135
11-05 15:39:58 0
Preload State ------------Preloaded
Start Time ---------2013-11-05 15:38:50
End -----2013-
(host) #show ap image-preload status summary
AP Image Preload Parameters
---------------------------
Item
Value
----
-----
Status
Active
Mode
All APs
Partition
0
Build
40740
Max Simultaneous Downloads 512
Start Time
2013-11-05 15:38:50
AP Image Preload AP Status Summary
----------------------------------
AP Image Preload State Count
---------------------- -----
Preloaded
1
TOTAL
1
The output of this command includes the following information:
Column AP Image Preload Parameters
Description
Shows if this feature has been enabled (has an active status) or is disabled (has an inactive status).
AP Image Preload AP Status Summary
These two columns list the different possible preload states for APs eligible to preload a new software image, and the total number of APs in each state.
l Preloaded: Number of APs that have finished preloaded a new software image.
l Preloading: Number of APs that are currently downloading the new image.
l Waiting: Number of APs that are waiting to start preloading the new image from the controller.
AP Image Preload AP Status
This section displays the following details for each preload attempt.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap image-preload status | 1166
Column AP Name AP Group AP IP AP Type Preload State
Start Time End Time Failure Count Failure Reason
Description
Name of an AP eligible to preload a new software image.
AP group of an AP eligible to preload a new software image.
IP address of the AP.
AP model type.
Current state of the AP's preload attempt l Preloaded: The AP is finished preloading a new software
image. l Preloading: The AP is currently downloading the new
image. l Waiting: The AP is waiting to start preloading the new
image from the controller.
Time the AP starting preloading an image.
Time the AP completed the image preload.
Number of times that the AP failed to preload the new image.
In the event of an image preload failure, this column will display the reason that the image download failed.
Related Commands
show ap image version
Command History
Release ArubaOS 6.4
Modification
This command is introduced to replace show ap image-preload-status command, which is deprecated in 6.4.
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1167 | show ap image-preload status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap image version
show ap image version [ap-name <ap-name>|ip-addr <ip-addr>]
Description
Display an AP's image version information.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr>
Description
View image version information for an AP with a specific name.
View image version information for an AP with a specific IP address. Enter the address of the AP in dotted-decimal format.
Usage Guidelines
By default, this command displays image version information for all APs associated with the controller. To view image version information for a single AP, specify an AP using the ap-name or ip-addr parameters
Example
The output in the example below shows the current running image version as well as the image version stored in the controller's flash memory.
(host) #show ap image version ip-addr 192.0.2.45
Access Points Image Version
---------------------------
AP
Running Image Version String
--
----------------------------
192.0.2.45
6.4.0.0 Wed Nov 27 10:46:42 PDT 2013
Flash Image Version String
Matches
----------------------------
-------
6.4.0.0 Wed Nov 27 10:46:42 PDT 2013 Yes
Num Matches ---------3
Num Mismatches Bad Checksums -------------- ------------0
Image Load Status ---------------Done
The output of this command includes the following information:
Column AP
Running Image Version String
Flash Image Version String
Description
Name or IP address of an AP
String identifying the number of the image version currently running on the AP, as well as the date on which that version was created.
String identifying the number of the image version in the AP's flash memory, as well as the date on which that version was created.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap image version | 1168
Column Matches
Num Matches
Num Mismatches
Bad Checksums Image Load Status
Description
If yes, the running image version matches the image version currently in the AP's flash memory. If no, the two image versions do not match.
Number of times the running image version matched the flash image version after a reboot.
Number of times the running image version did not match the flash image version after a reboot. If the images do not match, the AP will upgrade to the flash image.
Number of bad checksum calculations due to an invalid or corrupted image file.
Current status of the AP following an upgrade. Done: This status indicates that the controller reset after the upgrade was performed, or the upgrade was performed after the AP first registered with the controller. Completed: The AP was updated after it was registered to the controller, and after the controller's last reset. If AP shows a status of completed, it will also display the time it took it update that AP. In progress: The AP is currently updating its image.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1169 | show ap image version
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap-lacp-striping-ip
show ap-lacp-striping-ip
Description
Define an LLDP MED network policy profile that defines DSCP values and L2 priority levels for a voice or video application.
Syntax
No parameters
Usage Guidelines
Example
@@@.
(host) (config) #show ap-lacp-striping-ip
AP LACP LMS map information
---------------------------
Parameter
Value
---------
-----
AP LACP Striping IP Enabled
GRE Striping IP
2.2.2.2 LMS 3.3.3.3
GRE Striping IP
4.4.4.4 LMS 5.5.5.5
GRE Striping IP
10.65.30.50 LMS 10.65.30.60
Command History
This command was introduced in ArubaOS 6.4.2.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap-lacp-striping-ip | 1170
show ap license-usage
show ap license-usage
Description
Show AP license usage information.
Examples
The output of the command below shows that controller has 13 associated campus APs using licenses, with 3 unused campus AP licenses remaining. (host) #show ap license-usage
AP Licenses ----------Type ---AP Licenses RF Protect Licenses PEF Licenses Overall AP License Limit
Number -----64 64 64 64
AP Usage -------Type ---CAPs RAPs Remote-node APs Tunneled nodes Total APs
Count ----13 2 0 0 0
Remaining AP Capacity --------------------Type Number ---- -----CAPs 3 RAPs 62
The output of this command includes the following information:
Parameter AP Licenses RF Protect Licenses PEF Licenses
Overall AP Licenses CAPs
Description Number of AP licenses currently available on the controller. Number of RF Protect licenses currently available on the controller. Number of Policy Enforcement Firewall (PEF) licenses currently available on the controller. Total number of APs supported by licenses on the controller. Number of campus APs currently using a license on the controller.
1171 | show ap license-usage
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter RAPs Remote-Node APs Tunneled Nodes CAPs RAPs
Description Number of remote APs currently using a license on the controller. Number of APs currently using a license on the branch controller. Number of tunneled nodes currently using a license on the controller. Number of unused campus APs licenses remaining on the controller. Number of unused remote APs licenses remaining on the controller.
Command History
Release ArubaOS 3.0 ArubaOS 3.3
Modification
Command Introduced.
The following parameters were introduced: l Total 802.11n-120abg Licenses l 802.11n-120abg Licenses Used l Total 802.11n-121abg Licenses l 802.11n-121abg Licenses Used l Total 802.11n-124abg Licenses l 802.11n-124abg Licenses Used l Total 802.11n-125abg Licenses l 802.11n-125abg Licenses Used
ArubaOS 6.2
The output of this command was reorganized to reflect updated the newest license scheme.
Command Information
Platforms All platforms
Licensing
Base operating system. The output of this command varies, according to the licenses currently installed on the controller.
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap license-usage | 1172
show ap lldp
show ap lldp [<profile>]
Description
Display a list of LLDP-MED Network Policy profiles, or display the current configuration settings of an individual profile.
Syntax
Parameter <profile>
Description Specify a LLDP profile name to view configuration settings for that profile.
Examples
The following example lists all LLDP profile profiles. The References column lists the number of other profiles with references to that LLDP-MED Network policy profile profile, and the ProfileStatus column indicates whether the profile is predefined.
The output of the command below shows that the controller has two LLDP profiles.
(host) #show ap lldp med-network-policy-profile
AP LLDP Profile List
---------------------------------------
Name
References Profile Status
----
---------- --------------
default 0
video 2
Total:2
The following command displays configuration details for the LLDP profile named default.
(host) #show ap lldp med-network-policy-profile video
AP LLDP Profile "new"
---------------------
Parameter
Value
---------
-----
PDU transmission
Enabled
Reception of LLDP PDUs
Enabled
Transmit interval (seconds)
30
Transmit hold multiplier
4
Optional TLVs
port-description system-description system-name capabilities
management-address
802.1 TLVs
port-vlan vlan-name
802.3 TLVs
mac link-aggregation mfs power
LLDP-MED TLVs
LLDP-MED network policy profile N/A
The output of this command includes the following information:
1173 | show ap lldp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter PDU transmission
Description Shows if LLDP PDU transmission is enabled on the AP.
Reception of LLDP PDUs
Shows if LLDP PDU reception is enabled on the AP.
Transmit interval (seconds)
The interval between LLDP TLV transmission seconds. The supported range is 1-3600 seconds and the default value is 30 seconds.
Transmit hold multiplier
This value is multiplied by the transmit interval to determine the number of seconds to cache learned LLDP information before that information is cleared.
If the transmit-hold value is at the default value of 4, and the transmit interval is at its default value of 30 seconds, then learned LLDP information will be cached for 4 x 30 seconds, or 120 seconds.
Optional TLVs
The AP sends the listed optional TLVs in LLDP PDUs.
802.1 TLVs
The AP sends the listed 802.1 TLVs in LLDP PDUs. By default, the AP will send all 802.1 TLVs.
802.3 TLVs
The AP sends the listed 802.3 TLVs in LLDP PDUs. By default, the AP will send all 802.3 TLVs.
LLDP-MED TLVs
Lists the LLDP-MED TLVs the AP will send in LLDP PDUs. By default, the AP will not send any LLDP-MED TLVs
LLDP-MED network policy profile Specifies the LLDP MED Network Policy profile to be associated with this LLDP profile.
Command History
Command introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap lldp | 1174
show ap lldp counters
show ap lldp counters ap-name <ap-name> ip-addr <ip-addr> ip6-addr (ipv6-addr>
Description
Show LLDP counters for a specific AP, or all APs sending or receiving LLDP Protocol Data Units (PDUs).
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr>
ip6-addr <ip-addr>
Description Show counter statistics for an AP with a specific name.
View counter statistics for an AP with a specific IP address. Enter the IP address of the AP in dotted-decimal format.
View counter statistics for an AP with a specific IPv6 address.
Examples
The output of the command below shows LLDP counter information for two interfaces.
(host) #show ap lldp counters
AP LLDP Counters (Updated every 60 seconds)
-------------------------------------------
AP
Interface Received Unknown TLVs
--
--------- -------- ------------
00:1a:1e:ce:fb:bf bond0
0
0
00:24:6c:c0:00:86 bond0
0
0
Malformed --------0 0
Overflow -------0 0
Transmitted ----------68159 68153
The output of this command includes the following information:
Parameter AP
Description Name of the AP sending or receiving LLDP PDUs.
Interface
Name of the AP interface sending or re ce vi ng LLDP PDUs.
Received
Number of packets received on the specified interface.
Unknown TLVs
Number of LLDP Protocol Data Units (PDUs) with an unknown type-lengthvalue (TLV).
Number of Malformed packets Number of malformed packets received on that interface
Overflow
Number of times that an LLDP neighbor could not be added to the neighbor table (there is a limit of 8 per port)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap lldp counters | 1176
Parameter
Description
Transmitted
Number of packets transmitted from that interface
Command History
Command introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode Enable or Config mode on master or local controllers
1177 | show ap lldp counters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap lldp med-network-policy-profile
show ap lldp med-network-policy-profile [<profile>]
Description
Display a list of LLDP-MED Network Policy profiles, or display the current configuration settings of an individual profile.
Syntax
Parameter <profile>
Description
Specify a LLDP-MED Network Policy profile name to view configuration settings for that profile.
Usage Guidelines
The LLDP-MED Network policy profile allows you to configure an extension to LLDP that supports interoperability between VoIP devices and other networking clients. LLDP-MED network policy discovery lets end-points and network devices advertise their VLAN IDs (e.g. voice VLAN), priority levels, and DSCP values.allows you to define a set of provisioning parameters to an AP group.
Issue this command without the <profile-name> option to display the entire LLDP-MED Network policy profile list, including profile status and the number of references to each profile. Include a profile name to display the configuration settings for that profile.
Examples
The following example lists all LLDP-MED Network policy profile profiles. The References column lists the number of other profiles with references to that LLDP-MED Network policy profile, and the ProfileStatus column indicates whether the profile is predefined.
The output of the command below shows that the controller has three LLDP-MED network profiles.
(host) #show ap lldp med-network-policy-profile
AP LLDP-MED Network Policy Profile List
---------------------------------------
Name
References Profile Status
----
---------- --------------
default 0
video 2
voice 1
Total:2
The following command displays configuration details for the LLDP-MED Network Policy profile
named video.
(host) #show ap lldp med-network-policy-profile video
AP LLDP-MED Network Policy Profile "default" -------------------------------------------Parameter --------LLDP-MED application type LLDP-MED application VLAN LLDP-MED application VLAN tagging LLDP-MED application Layer-2 priority LLDP-MED application Differentiated Services Code Point
Value ----streaming-video 16 Tagged 0 0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap lldp med-network-policy-profile | 1178
The output of this command includes the following information:
Parameter LLDP-MED application type
Description
Type of application that this profile manages. This profile supports the following options:
l guest-voice : The AP services a separate voice network for guest users and visitors.
l guest-voice-signaling : The AP is part of a network that requires a different policy for guest voice signaling than for guest voice media. Do not use this application type if both the same network policies apply to both guest voice and guest voice signaling traffic.
l softphone-voice : The AP supports voice services using softphone software applications on devices such as PCs or laptops.
l streaming-video : T The AP supports broadcast or multicast video or other streaming video services that require specific network policy treatment. This application type is not recommended for video applications that rely on TCP with buffering.
l video-conferencing : T The AP supports video conferencing equipment that provides realtime, interactive video/audio services.
l video-signaling : T The AP is part of a network that requires a different policy for video signaling than for the video media. Do not use this application type if both the same network policies apply to both video and video signaling traffic.
l voice : T he AP services IP telephones and other appliances that support interactive voice services. This is the default application type.
l voice-signaling : T The AP is part of a network that requires a different policy for voice signaling than for the voice media. Do not use this
1179 | show ap lldp med-network-policy-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
application type if both the same network policies apply to both voice and voice signaling traffic.
LLDP-MED application VLAN
Indicates the VLAN ID (0-4094) or VLAN name of the VLAN used by the application.
LLDP-MED application VLAN tagging LLDP-MED application Layer-2 priority
Indicates if the policy applies to a to a VLAN that is tagged with a VLAN ID or untagged. The default value is untagged.
NOTE: When an LLDP-MED network policy is defined for use with an untagged VLAN, then the L2 priority field is ignored and only the DSCP value is used.
Displays a configured 802.1p priority level for the specified application type, where 0 is the lowest priority level and 7 is the highest priority.
LLDP-MED application Differentiated Services Code Point
Displays a configured Differentiated Services Code Point (DSCP) priority value for the specified application type, where 0 is the lowest priority level and 63 is the highest priority.
Command History
Command introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap lldp med-network-policy-profile | 1180
show ap lldp neighbors
show ap lldp neighbors ap-name <ap-name> ip-addr <ip-addr> ip6-addr (ipv6-addr>
Description
Show LLDP neighbors for a specific AP, or all APs sending or receiving LLDP Protocol Data Units (PDUs).
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr>
ip6-addr <ip-addr>
Description Show LLDP neighbor statistics for an AP with a specific name.
View LLDP neighbor statistics for an AP with a specific IP address. Enter the IP address of the AP in dotted-decimal format.
View LLDP neighbor statistics for an AP with a specific IPv6 address.
Usage Guidelines
The LLDP protocol allows switches, routers, and wireless LAN access points to advertise information about themselves such as identity, capabilities, and neighbors to other nodes on the network. Use this command to display information about the AP's LLDP peers.
By default, this command displays LLDP neighbors for the entire list of LLDP interfaces. Include a the name of IP address of an AP to display neighbor information only for that one device.
Examples
The output of the command below shows the LLDP neighbor list for an AP named ap12.
(host) show ap lldp neighbors ap-name ap12
AP LLDP Neighbors (Updated every 60 seconds)
--------------------------------------------
AP Interface Neighbor Chassis Name/ID Port Name/ID Mgmt. Address Capabilities
-- --------- -------- --------------- ------------ ------------- ------------
uc bond0
0
d8:c7:c8:c4:4f:4e bond0
10.3.44.193
Capability codes: (R)Router, (B)Bridge, (A)Access Point, (P)Phone, (O)Other
The output of this command includes the following information:
Parameter AP Interface Neighbor
Description Name of the LLDP neighbor Interface on the AP sending or receiving LLDP PDUs. LLDP neighbor number
1181 | show ap lldp neighbors
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Chassis Name/ID Port Name/ID Mgmt. Address Capabilities
Description
The name of the LLDP neighbor AP
Port name or ID if the interface sending LLDP PDUs.
Management address of the LLDP neighbor
This data column can list any of the following data codes to indicate LLDP neighbor capabilities. l R: Router l B: Bridge l A: Access Point l P: Phone l O: Other
Command History
Command introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap lldp neighbors | 1182
show ap load-balancing
show ap load balancing
Description
Show the load-balancing information for each AP with load balancing enabled.
Examples
The output of the command in the example below shows details for a single AP enabled with the loadbalancing feature.
(host) #show ap load-balancing
Load Balance Enabled Access Point Table
---------------------------------------
bss
cur-cl util(kbps)
---
------ ----------
00:0b:86:cc:8e:4e
Wireless_1
mp22 2/24 10.3.148.12 a-HT
413
The output of this command includes the following information:
Column BSS ESS s/p
ip phy
chan cur-cl util (kbps)
Description
The Basic Service Set (BSS) Identifier for the AP. This is usually the APs MAC address.
The Extended Service Set (ESS) Identifier is the user-defined name of an 802.11 wireless network.
The controller slot and port used by the AP, in the format <slot>/<port>. The <port> parameter refers to the network interfaces that are embedded in the front panel of the W-3000 Series controller. Port numbers start at 0, from the leftmost position.
IP address of the AP
One of the following 802.11 types la l a-HT (high-throughput) lg l g-HT (high-throughput)
Channel number for the AP 802.11a/802.11n physical layer. The available channels depend on the AP's regulatory domain (country).
Current number of clients on the AP.
Current bandwidth utilization, in kbps.
1183 | show ap load-balancing
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap load-balancing | 1184
show ap mesh active
show ap mesh active [<mesh-cluster>|{page <page>}|{start <start>}]
Description
Show active mesh cluster APs currently registered on this controller.
Syntax
Parameter <mesh-cluster> page <page>
start <start>
Description
Name of a mesh cluster profile.
Limit the output of this command to a specific number of entries by entering the number of entries you want to display.
Start displaying the index of mesh APs at a chosen index number by entering the index number of the AP at which command output should start.
Examples
The output of this command displays a list of all active mesh points and mesh portals.
(host) #show ap mesh active
Mesh Cluster Name: meshprofile1
------------------------------
Name Group IP Address BSSID
Mesh Role
---- ----- ---------- -----
--------
mp1 mp1
10.3.148.245 00:1a:1e:85:c0:30
Point
mp2 mp2
10.3.148.250 00:1a:1e:88:11:f0
mp3 mp3
10.3.148.253 00:1a:1e:88:01:f0
mpp mpp125 10.3.148.252 00:1a:1e:88:05:50
Portal
Band/Ch/EIRP/MaxEIRP MTU
-------------------- ---
802.11a/157/19/36
802.11a/157/19/36
Bridge/Bridge Point
802.11a/157/19/36
802.11a/157/19/36
1578
Enet 0/1 -------Off/Off
Bridge/Bridge Point -/Bridge
Parent #Children AP Type Uptime
------ --------- ------- ------
mp3
0
125
13d:2h:25m:19s
mpp
1
125
14d:21h:23m:49s
mp2
1
125
14d:21h:14m:55s
-
1
125
14d:19h:5m:3s
The output of this command includes the following information:
Column Name Group
Description Name of an AP. AP group which includes the specified AP.
1185 | show ap mesh active
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column IP Address
Description IP address of the AP.
BSSID
Basic Service Set Identifier (BSSID) for the AP. This is usually the AP's MAC address.
Band/Ch/EIRP/MaxEIRP The RF band in which the AP should operate (a or g)/ Radio channel used by the AP/Current effective Isotropic Radiated Power (EIRP) /maximum EIRP
MTU
Maximum Transmission Unit (MTU) size, in bytes. This value describes the
greatest amount of data that can be transferred in one physical frame.
Enet 0/1
Shows the current mode of each wired interface.
l Bridge: 802.11 frames are bridged into the local Ethernet LAN.
l Tunnel: 802.11 frames are tunneled to the controller using generic routing encapsulation (GRE).
l Split-tunnel: 802.11 frames are either bridged into the local Ethernet LAN or tunneled to the controller, depending upon their destination.
l Off: Interface is not available for serving clients.
If an AP has only one wired interface, the output of this command will display a dash (-) for the unavailable port.
Mesh Role
An AP operating as a mesh node can have one of two roles: mesh portal or mesh point.
Parent
If the AP is operating as a mesh point, this parameter displays the name of its parent mesh portal. Mesh portals will display a dash (-).
#Children
If the AP is operating as a mesh portal, this parameter shows the number of mesh point children associated with that mesh portal.
AP type
The AP model type.
Uptime
Number of hours, minutes and seconds since the last controller reboot or bootstrap, in the format hours:minutes:seconds.
Command History
Introduced in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh active | 1186
Command Information
Platforms All platforms
Licensing
Command Mode
This show command is available in the base operating system. Commands to configure the secure enterprise mesh solution for outdoor APs require the Outdoor Mesh license.
Enable or Config mode on master controllers
1187 | show ap mesh active
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh-cluster-profile
show ap mesh-cluster-profile [<profile>]
Description
Show configuration settings for a mesh cluster profile.
Syntax
Parameter <profile>
Description Name of a mesh cluster profile
Usage Guidelines
The command show ap mesh-cluster-profile displays a list of all mesh cluster profiles configured on the controller, including the number of references to each profile and each profile's status. Include the optional <profile> parameter to show detailed settings for an individual mesh cluster profile.
Examples
The example below shows the configuration settings for the mesh cluster profile "meshcluster2". (host) #show ap mesh-cluster-profile meshcluster2
Mesh Cluster profile "meshcluster2"
------------------------------
Parameter
Value
---------
-----
Cluster Name company-mesh
RF Band
a
Encryption
opensystem
WPA Hexkey
N/A
WPA Passphrase N/A
The output of this command includes the following information:
Parameter Cluster Name RF band
Encryption
Description
Name of the mesh cluster using this profile
The RF band in which the AP should operate: l g = 2.4 GHz l a = 5 GHz
Data encryption setting for the mesh cluster profile. l opensystem--No authentication and encryption. l wpa2-psk-aes--WPA2 with AES encryption using a preshared key.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh-cluster-profile | 1188
Parameter WPA Hexkey
WPA Passphrase
Description
The WPA pre-shared key (only for mesh cluster profiles using WPA2 with AES encryption).
The WPA password that generates the preshared key (only for mesh cluster profiles using WPA2 with AES encryption).
Command History
Introduced in ArubaOS 3.2.
Command Information
Platforms All platforms
Licensing
Command Mode
This show command is available in the base operating system. Commands to configure the mesh feature require the Mesh license.
Enable or Config mode on master controllers
1189 | show ap mesh-cluster-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh debug counters
show ap mesh debug counters {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>}
Description
Show counters statistics for a mesh node.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description
Show counter statistics for an AP with a specific name.
Show counter statistics for a specific Basic Service Set Identifier (BSSID) on an AP. An AP's BSSID is usually the AP's MAC address.
View counter statistics for an AP with a specific IP address. Enter the IP address of the AP in dotted-decimal format.
Example
The example below shows the Mesh Packet Counters table for an AP named meshpoint1. The Probe Resp, Assoc Req, and Assoc Resp data columns show both the total number of counters and, in parenthesis, the number of requests or responses with high-throughput information elements (HE IEs).
(host) #show ap mesh debug counters ap-name meshpoint1
Mesh Packet Counters
--------------------
Interface Echo Sent Echo Recv Probe Req Probe Resp Assoc Req Assoc Resp Assoc Fail ---
--------- --------- --------- --------- ---------- --------- ---------- ----------
Link up/down Resel. Switch Other
------------ ------ ------ ------
Parent
68865
68755
24
8(8 HT)
3(1 HT) 3(1 HT)
1
1
-
-
0
Child
68913
67373
6
8
2
1
2
0
2618886
Received Packet Statistics: Total 2890717, Mgmt 2618946 (dropped non-mesh 0), Data 271771 (dropped unassociated 1)HT: pns=8 ans=1 pnr=0 ars=0 arr=1 anr=0
Recovery Profile Usage Counters
-------------------------------
Item
Value
----
-----
Enter recovery mode
0
Exit recovery mode
0
Total connections to switch 0
Mesh loop-prevention Sequence No.:1256947 Mesh timer ticks:68930
The output of this command includes the following information:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh debug counters | 1190
Column Interface
Echo Sent Echo Recv Probe Req Probe Resp
Description
Indicates whether the mesh interface connects to a Parent AP or a Child AP. Each row of data in the Mesh Packet Counters table shows counter values for an individual interface.
Number of echo packets sent.
Number of echo packets received.
Number of probe request packets sent from the interface specified in the Mesh-IF parameter.
Number of probe response packets sent to the interface specified in the Interface parameter.
Assoc Req Assoc Resp Assoc Fail Link up/down Resel. Switch Other Mgmt
Number of association request packets from the interface specified in the Interface parameter.
Number of association response packets from the interface specified in the Interface parameter. This number includes valid responses and fail responses.
Number of fail responses received from the interface specified in the Interface parameter.
Number of times the link up or link down state has changed.
Number of times a mesh point attempted to reselect a different mesh portal.
Number of times a mesh point successfully switched to a different mesh portal.
Management frames of any type other than association and probe frames, either received on child interface, or sent on parent interface.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing
Command Mode
This show command is available in the base operating system. Commands to configure the mesh feature require the Mesh license.
Enable or Config mode on master controllers.
1191 | show ap mesh debug counters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh debug current-cluster
show ap mesh debug current-cluster {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>}
Description
Display information for the mesh cluster currently used by a mesh point or mesh portal.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description
Show mesh cluster data for an AP with a specific name.
Show mesh cluster data for a specific Basic Service Set Identifier (BSSID) on an AP. An AP's BSSID is usually the AP's MAC address.
Show mesh cluster data for an AP with a specific IP address. Enter the IP address in dotted-decimal format.
Examples
The output of the command below shows mesh cluster profile configuration parameters for the mesh cluster currently used by an AP named "mp2." (host) #show ap mesh debug current-cluster ap-name mp2
AP "mp2" Current Cluster Profile: default
-----------------------------------------
Item
Value
----
-----
Cluster Name smettu-mesh
RF Band
a
Encryption
opensystem
WPA Hexkey
N/A
WPA Passphrase ********
The output of this command includes the following information:
Column Cluster Name RF band
Encryption
Description
Name of the mesh cluster using this profile
The RF band in which the mesh point or mesh portal operates: l g = 2.4 GHz l a = 5 GHz
Data encryption setting for the mesh cluster profile. l opensystem--No authentication and encryption. l wpa2-psk-aes--WPA2 with AES encryption using a preshared key.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh debug current-cluster | 1192
Column WPA Hexkey
WPA Passphrase
Description
The WPA pre-shared key (only for mesh cluster profiles using WPA2 with AES encryption).
The WPA password that generates the preshared key (only for mesh cluster profiles using WPA2 with AES encryption).
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing
This show command is available in the base operating system. Commands to configure the mesh feature require the Mesh license.
Command Mode
Enable or Config mode on master controllers
1193 | show ap mesh debug current-cluster
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh debug forwarding-table
show ap mesh forwarding-table {ap-name <ap-name>}|{ip-addr <ip-addr>}
Description
Show the forwarding table for a remote mesh point or remote mesh portal.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr>
Description
Show data for a remote mesh node with a specific name.
Show data for a remote mesh node with a specific IP address by entering its IP address in dotted-decimal format.
Usage Guidelines
This is an internal technical support command. Dell technical support may request that you issue this command to help analyze and troubleshoot problems with your mesh network.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing
This show command is available in the base operating system. Commands to configure the mesh feature require the Mesh license.
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh debug forwarding-table | 1194
show ap mesh debug hostapd-log
show ap mesh debug hostapd-log {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>}
Description
Show the debug log messages for the hostapd process.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description
Show data for an AP with a specific name.
Show data for a specific Basic Service Set Identifier (BSSID) on an AP. The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show data for an AP with a specific IP address by entering an IP address in dotted-decimal format.
Usage Guidelines
This is an internal technical support command. Dell technical support may request that you issue this command to help analyze and troubleshoot problems with the hostapd process or your mesh network.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing
Command Mode
This show command is available in the base operating system. Commands to configure the mesh feature require the Mesh license.
Enable or Config mode on master controllers
1195 | show ap mesh debug hostapd-log
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh debug meshd-log
show ap mesh debug meshd-log {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>} [<page>]
Description
Show the debug log messages for the meshd process.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
<page>
Description
Show data for an AP with a specific name.
Show data for a specific Basic Service Set Identifier (BSSID) on an AP. The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show data for an AP with a specific IP address by entering an IP address in dotted-decimal format.
Display page number 0, 1 or 2, where page 0 has the newest information and page 2 has the oldest. If this parameter is omitted, this command will display all meshd log information, oldest first.
Usage Guidelines
This is an internal technical support command. Dell technical support may request that you issue this command to help analyze and troubleshoot problems with the meshd process or your mesh network.
Command History
Release ArubaOS 3.0
Modification Command introduced.
ArubaOS 3.4
The page parameter was introduced.
Command Information
Platforms All platforms
Licensing
This show command is available in the base operating system. Commands to configure the mesh feature require the Mesh license.
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh debug meshd-log | 1196
show ap mesh debug provisioned-clusters
show ap mesh debug provisioned-clusters {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ipaddr>}
Description
Show cluster profiles provisioned on a mesh portal or mesh point.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description
Show data for a mesh node with a specific name.
Show data for a mesh node with a specific Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show data for a mesh node with a specific IP address by entering an IP address in dotted-decimal format.
Example
The output of the command below shows statistics for the AP's mesh cluster profile and recovery cluster profile.
(host) #show ap mesh debug provisioned-clusters ap-name portal2
AP Portal Cluster Profile: mesh-cluster-profile
-------------------------------------------------
-------------------------
Parameter
Value
---------
-----
Cluster Name sw-ad-GB32
RF Band
a
Encryption
opensystem
WPA Hexkey
N/A
WPA Passphrase ********
AP "Portal" Cluster Profile: Recovery Cluster Profile
-----------------------------------------------------
Item
Value
----
-----
Cluster Name Recovery-ZF-xAPl5z-g15VN
RF Band
a
Encryption
pa2-psk-aes
WPA Hexkey
********
WPA Passphrase N/A
The output of this command displays the following information for the AP's mesh cluster profile and recovery cluster profiles:
1197 | show ap mesh debug provisioned-clusters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column Cluster Name RF band
Encryption
WPA Hexkey WPA Passphrase
Description
Name of the mesh cluster using this profile
The RF band in which the AP should operate: l g = 2.4 GHz l a = 5 GHz
Data encryption setting for the mesh cluster profile. l opensystem--No authentication and encryption. l wpa2-psk-aes--WPA2 with AES encryption using a preshared key.
The WPA pre-shared key (only for mesh cluster profiles using WPA2 with AES encryption).
The WPA password that generates the preshared key (only for mesh cluster profiles using WPA2 with AES encryption).
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing
Command Mode
This show command is available in the base operating system. Commands to configure the mesh feature require the Mesh license.
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh debug provisioned-clusters | 1198
show ap mesh-ht-ssid-profile
show ap mesh-ht-ssid-profile [<profile>]
Description
Show configuration settings for a mesh high-throughput Service Set Identifier (SSID) profile.
Syntax
Parameter <profile>
Description Name of a mesh high-throughput SSID profile.
Usage Guidelines
High-throughput APs support additional settings not available in legacy APs. A mesh high-throughput SSID profile can enable or disable high-throughput (802.11n) features and 40 Mhz channel usage, and define values for aggregated MAC protocol data units (MDPUs) and Modulation and Coding Scheme (MCS) ranges.
The command show ap mesh-ht-ssid-profile displays a list of all mesh high-throughput SSID profiles configured on the controller, including the number of references to each profile and each profile's status. Include the optional <profile> parameter to show detailed settings for an individual mesh high-throughput SSID profile.
Examples
The example below shows the configuration settings for the mesh high-throughput radio profile "default". (host) #show ap mesh-ht-ssid-profile default
Mesh High-throughput SSID profile "default" ------------------------------------------Parameter --------40 MHz channel usage BA AMSDU Enable Temporal Diversity Enable High throughput enable (SSID) Legacy stations Low-density Parity Check Maximum number of spatial streams usable for STBC reception Maximum number of spatial streams usable for STBC transmission MPDU Aggregation Max received A-MPDU size Max transmitted A-MPDU size Min MPDU start spacing Short guard interval in 20 MHz mode Short guard interval in 40 MHz mode Supported MCS set
Value ----Enabled Enabled Disabled Enabled Allowed Enabled 1 1 Enabled 65535 bytes 65535 bytes 8 usec Enabled Enabled 0-23
The output of this command includes the following information:
1199 | show ap mesh-ht-ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column 40 MHz channel usage BA AMSDU Enable Temporal Diversity Enable
High throughput enable (SSID)
Legacy stations Low-density Parity Check Maximum number of spatial streams
usable for STBC reception
Maximum number of spatial streams usable for STBC transmission
MPDU Aggregation
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
This parameter shows if the profile enables or disables the use of 40 MHz channels.
Shows of the AP has enabled or disabled the ability to receive AMSDU in BA negotiation.
Shows if temporal diversity has been enabled or disabled. When this feature is enabled and the client is not responding to 802.11 packets, the AP will launch two hardware retries; if the hardware retries are not successful then it attempts software retries.
Shows if 802.11n high-throughput features are enabled or disabled for this profile. By default, high-throughput features are enabled.
Allow or disallow associations from legacy (non-HT) stations. By default, this parameter is enabled (legacy stations are allowed).
If enabled, the AP will advertise Low-density Parity Check (LDPC) support. LDPC improves data transmission over radio channels with high levels of background noise.
Shows the maximum number of spatial streams usable for STBC reception. 0 disables STBC reception, 1 uses STBC for MCS 0-7. Higher MCS values are not supported. (Supported on the W-AP90 series, W-AP130 Series, W-AP68, W-AP175 and WAP105 only. The configured value will be adjusted based on AP capabilities.) NOTE: If transmit beamforming is enabled, STBC will be disabled for beamformed frames.
Shows the maximum number of spatial streams usable for STBC transmission. 0 disables STBC transmission, 1 uses STBC for MCS 0-7. Higher MCS values are not supported. (Supported on W-AP90 series, WAP175, W-AP130 Series and W-AP105 only. The configured value will be adjusted based on AP capabilities.) NOTE: If transmit beamforming is enabled, STBC will be disabled for beamformed frames.
Shows if the profile enables or disables MAC protocol data unit (MPDU) aggregation.
show ap mesh-ht-ssid-profile | 1200
Column Max received A-MPDU size
Max transmitted A-MPDU size
Description
Configured maximum size of a received aggregate MPDU, in bytes.
Configured maximum size of a transmitted aggregate MPDU, in bytes.
Min MPDU start spacing Supported MCS set
Short guard interval in 20 MHz mode Short guard interval in 20 MHz mode Explicit Transmit Beamforming Transmit Beamforming Compressed Steering
Configured minimum time between the start of adjacent MPDUs within an aggregate MPDU, in microseconds.
Displays a list of Modulation Coding Scheme (MCS) values or ranges of values to be supported on this SSID. The MCS you choose determines the channel width (20MHz vs. 40MHz) and the number of spatial streams used by the mesh node.
Shows if the profile enables or disables use of short (400ns) guard interval in 20 MHz mode.
Shows if the profile enables or disables use of short (400ns) guard interval in 40 MHz mode.
Shows if Explicit Transmit Beamforming is enabled or disabled for W-AP130 Series APs. NOTE: If this parameter is disabled, the other transmit beamforming configuration settings have no effect.
When enabled, the AP can use explicit compressed feedback from clients to obtain a steering matrix. (For W-AP130 Series APs only.)
Transmit Beamforming non Compressed Steering
When enabled, the AP can use explicit noncompressed feedback from clients to obtain a steering matrix. (For W-AP130 Series only)
Transmit Beamforming delayed feedback support
Shows if the AP has enabled or disabled delayed feedback/report support in Transmit Beamforming. (For W-AP130 Series only)
Transmit Beamforming immediate feedback support
Shows if the AP has enabled or disabled immediate feedback/report support in Transmit Beamforming. (For W-AP130 Series only)
1201 | show ap mesh-ht-ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column Transmit Beamforming Sounding Interval
Description
Time interval in seconds between updates of Transmit Beamforming channel estimation. (For W-AP130 Series only)
Command History
Version ArubaOS 3.4 ArubaOS 6.1
ArubaOS 6.2
Description
Command introduced
The allow weak encryption parameter was deprecated. The following parameters were introduced: l Short guard interval in 20 MHz mode l Low-density Parity Check l Maximum number of spatial streams usable for STBC reception l Maximum number of spatial streams usable for STBC transmission
The following parameters were introduced. l Transmit Beamforming Compressed Steering l Transmit Beamforming non Compressed Steering l Transmit Beamforming delayed feedback support l Transmit Beamforming immediate feedback support l Transmit Beamforming Sounding Interval
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh-ht-ssid-profile | 1202
show ap mesh neighbors
show ap mesh neighbors {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>} [names]
Description
Show all mesh neighbors for an AP.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
names
Description
Show mesh neighbors for an AP with a specific name.
Show mesh neighbors for a specific Basic Service Set Identifier (BSSID) on an AP. The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show mesh neighbors for an AP with a specific IP address by entering its IP address in dotted-decimal format.
If you include this optional parameter, the Portal column in the output of this command will translate the BSSIDs of mesh parent and child APs to AP names (where available).
Example
In the example below, the output has been split into two tables to better fit on the page. In the actual command-line interface, the output appears in a single, wide table. The Flags column the output of this command indicates the high-throughput (HT) properties of the mesh node. In the example below, the string "HT-40MHzsgi-2ss" indicates that the node uses a 40MHz channel with a short guard interval (sgi) and sends 2 spatial streams (ss).
(host) #show ap mesh neighbors ap-name portal
Neighbor list
-------------
MAC
Portal
Channel Age Hops Cost Relation
Flags RSSI
Rate Tx/Rx
---
------
------- --- ---- ---- --------
----- ---- --
--------
00:0b:86:e8:09:d1 00:1a:1e:88:01:f0 157
01
11.00 C 3h:15m:42s -
65
54/54
00:1a:1e:88:02:91 00:1a:1e:88:01:f0 157
01
4.00 C 3h:35m:30s HL
59
300/300
00:0b:86:9b:27:78 Yes
157
00
12.00 N 3h:22m:46s -
26 -
00:0b:86:e8:09:d0 00:1a:1e:88:01:f0 157
01
11.00 N 3h:15m:36s -
65 -
00:1a:1e:88:02:90 00:1a:1e:88:01:f0 157+
01
2.00 N 3h:35m:6s HL
59 -
A-Req ----1 1 0 0
A-Resp -----1 1 0 0
A-Fail -----0 0 0 0
HT-Details ---------Unsupported HT-40MHzsgi-2ss Unsupported Unsupported
Cluster ID ---------sw-ad-GB32 sw-ad-GB322 mc1 sw-ad-GB32
1203 | show ap mesh neighbors
Dell Networking W-Series ArubaOS 6.4.x | User Guide
0
0
0
HT-40MHzsgi-2ss sw-ad-GB32
Total count: 5, Children: 2 Relation: P = Parent; C = Child; N = Neighbor; B = Blacklisted-neighbor Flags: R = Recovery-mode; S = Sub-threshold link; D = Reselection backoff; F = Auth-failure; H = High Throughput; L = Legacy allowed
The output of this command includes the following information:
Column MAC Portal Channel Age Hops
Cost
Relation
Flags RSSI Rate Tx/Rx
Description
MAC address of the mesh node.
By default, this column displays the BSSID of the mesh point. If you include the optional names parameter, this column will display AP names, if available. The AP names will include [p] (parent), or [c] (child) suffixes to indicate the role of the mesh BSSID.
Number of a radio channel used by the AP.
Number of seconds elapsed since the AP heard from the neighbor.
Indicates the number of hops it takes traffic from the mesh node to get to the mesh portal. The mesh portal advertises a hop count of 0, while all other mesh nodes advertise a cumulative count based on the parent mesh node
A relative measure of the quality of the path from the AP to the controller. A lower number indicates a better quality path, where a higher number indicates a less favorable path (e.g, a path which may be longer or more congested than a path with a lower value.) For a mesh point, the path cost is the sum of the (parent path cost) + (the parent node cost) + (the link cost).
Shows the relationship between the specified AP and the AP on the neighbor list and the amount of time that relationship has existed. l P = Parent l C = Child l N = Neighbor l B = Blacklisted-neighbor
This parameter shows additional information about the mesh neighbor. The key describing each flag appears at the bottom of the neighbor list.
The Receive Signal Strength Indicator (RSSI) value displayed in the output of this command represents signal strength as a signal to noise ratio. For example, a value of 30 would indicate that the power of the received signal is 30 dBm above the signal noise threshold.
The rate, in Mbps, that a neighbor transmits data to or receives data from the mesh-node specified by the command.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh neighbors | 1204
Column A-Req A-Resp A-Fail Cluster
Description Number of association requests from clients Number of association responses from the mesh node Number of association failures Name of the Mesh cluster that includes the specified AP or BSSID.
Command History
Version ArubaOS 3.0
Modification Command introduced
ArubaOS 3.4.1
The names parameter was introduced. The output of this command was also modified to include the Rate Tx/Rx column.
Command Information
Platforms All platforms
Licensing
Command Mode
This show command is available in the base operating system. Commands to configure the mesh feature require the Mesh license.
Enable or Config mode on master controllers
1205 | show ap mesh neighbors
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh-radio-profile
show ap mesh-radio-profile [<profile>]
Description
Show configuration settings for a mesh radio profile.
Syntax
Parameter <profile>
Description Name of a mesh radio profile.
Usage Guidelines
The radio profile determines the radio frequency/channel used only by mesh nodes to establish mesh links. Mesh nodes operating in different cluster profiles can share the same radio profile. Conversely, mesh portals using the same cluster profile can be assigned different mesh radio profiles to achieve frequency separation.
The command show ap mesh-radio-profile displays a list of all mesh radio profiles configured on the controller, including the number of references to each profile and each profile's status. Include the optional <profile> parameter to show detailed settings for an individual mesh radio profile.
Example
The example below shows the configuration settings for the mesh cluster profile "default".
(host) #show ap mesh-radio-profile default Mesh Radio profile "default" ---------------------------Parameter --------802.11a Transmit Rates 802.11g Transmit Rates Allowed VLANs on mesh link BC/MC Rate Optimization Heartbeat threshold Link Threshold Maximum Children Maximum Hop Count Mesh Private Vlan Mesh High-throughput SSID Profile Mesh Survivability Metric algorithm Rate Optimization for delivering EAPOL frames and mesh echoes Reselection mode Retry Limit RTS Threshold
Value ----6 9 12 18 24 36 48 54 1 2 5 6 9 11 12 18 24 36 48 54 1-4094 Enabled 10 12 64 8 0 default Disabled distributed-tree-rssi Disabled startup-subthreshold 8 2333 bytes
The output of this command includes the following information:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh-radio-profile | 1206
Parameter 802.11a Transmit Rates
Description
Indicates the transmit rates for the 802.11a radio. The AP attempts to use the highest transmission rate to establish a mesh link. If a rate is unavailable, the AP goes through the list and uses the next highest rate.
802.11g Transmit Rates
Indicates the transmit rates for the 802.11g radio. The AP attempts to use the highest transmission rate to establish a mesh link. If a rate is unavailable, the AP goes through the list and uses the next highest rate.
Allowed VLANs on mesh link
Specify a list of VLAN IDs that can be used by a mesh link on APs associated with this mesh radio profile
BC/MC Rate Optimization
If enabled, the mesh node will use the slowest associated mesh-point rate for broadcast/multicast data (rather than minimum).
Heartbeat Threshold
Indicates the maximum number of heartbeat messages that can be lost between neighboring mesh nodes before the mesh node is considered inactive and is dropped as a mesh neighbor.
Link Threshold
Indicates the threshold for the lowest acceptable Receive Signal Strength Indicator (RSSI) value. Links that drop below this threshold will have an increased link cost. Default: 12.
Maximum Children
The maximum number of children a mesh portal can accept.
Maximum Hop Count
The maximum number of hops allowed between a mesh point and a mesh portal.
Mesh Private Vlan
This parameter is experimental and reserved for future use.
Mesh High-throughput SSID Profile
The High-throughput SSID Profile associated with this mesh radio profile.
Mesh Survivability
This parameter shows if mesh points and portals can become active even if the controller cannot be reached by bridging LAN traffic. This is a beta feature that is disabled by default; it should not be enabled unless you are instructed to do so by Dell technical support.
Metric algorithm
Algorithm used by a mesh node to select its parent.
Rate Optimization for delivering EAPOL frames and mesh echoes
If this option is enabled, mesh APs will use a more conservative rate for more reliable delivery of EAPOL frames.
Reselection Mode
Specifies the one of the following methods used to find a better mesh link.
l startup-sub-threshold: When bringing up the mesh network, mesh nodes have 3 minutes to find a better uplink. After that time, each mesh node evaluates alternative links only if the existing uplink falls below the configured threshold level (the link becomes
1207 | show ap mesh-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Retry Limit RTS Threshold
Description
a sub-threshold link). The reselection process is canceled if the average RSSI rises on the existing uplink rises above the configured link threshold.
l reselect-any-time: Connected mesh nodes evaluate alternative mesh links every 30 seconds. If a mesh node finds a better uplink, the mesh node connects to the new parent to create an improved path to the mesh portal.
l reselect-never: Connected mesh nodes do not evaluate other mesh links to create an improved path to the mesh portal.
l subthreshold-only: Connected mesh nodes evaluate alternative links only if the existing uplink becomes a sub-threshold link.
Maximum number of times a mesh node can re-send a packet.
The packet size sent by mesh nodes. Mesh nodes transmitting frames larger than this threshold must issue request to send (RTS) and wait for other mesh nodes to respond with clear to send (CTS) to begin transmission. This helps prevent mid-air collisions.
Command History
Release ArubaOS 3.2 ArubaOS 3.4
ArubaOS 6.2
Modification
Command Introduced.
The 802.11g Portal channel and 802.11a Portal channel parameters were deprecated, and the Mesh High-throughput SSID Profile parameter was introduced.
The Rate Optimization for delivering EAPOL frames and mesh echoes parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh-radio-profile | 1208
show ap mesh tech-support
show ap mesh tech-support ap-name <ap-name> <filename>
Description
Display all information for an AP, and save that information in a file on the controller
Syntax
Parameter <ap-name> <filename>
Description
Name of an AP for which you want to create a report
Filename for the report created by this command. The file can only be saved in the flash directory. If desired, you can use FTP or TFTP to copy the file to another destination.
Usage Guidelines
This command displays the output of the multiple mesh and debug CLI commands, then saves that data into a report file on the controller's flash drive, where it can be analyzed for debugging purposes. The information in this report includes the output of the following commands: l show ap mesh neighbors l show ap mesh debug current-cluster l show ap mesh debug provisioned-clusters l show ap mesh debug counters l show ap mesh debug forwarding-table l show ap mesh debug meshd-log l show ap mesh debug hostapd-log
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing
This show command is available in the base operating system. Commands to configure the mesh feature require the Mesh license.
Command Mode Config mode on master controllers
1209 | show ap mesh tech-support
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh topology
show ap mesh topology [long] [page <page>] [start <start>]
Description
Show the mesh topology tree.
Syntax
Parameter long page <page>
start <start>
Description
Include the names of a mesh portal's children in the output of this command
Limit the output of this command to a specific number of entries by entering the number of entries you want to display.
Start displaying the mesh topology tree at a chosen index number by entering the index number of the AP at which command output should start.
Example
An (N) in the Mesh Role column indicates the node is 11N capable. An (N) beside the parent name in the Parent column indicates that the mesh node's the parent is also 11N capable. (host) #show ap mesh topology
Mesh Cluster Name: sw-ad-GB32 ----------------------------Name Mesh Role Parent Path Cost ---- --------- ------ --------Update Uplink Age #Children ---------- ---------- ---------
Node Cost ---------
Link Cost ---------
Hop Count ---------
RSSI ----
Rate Tx/Rx ----------
Last
ad-ap Point (N) mp3
2
0
0
1
61 300/270
6m:12s
3h:8m:7s 0
msc-1 Point
mp3
2
00
1
64 54/54
6m:36s
2h:48m:12s 0
Total APs :2 (R): Recovery AP. (N): 11N Enabled. For Portals 'Uplink Age' equals uptime.
The output of this command includes the following information:
Column Name Mesh Role
Description
Name of the mesh node.
An AP operating as a mesh node can have one of two roles: mesh portal or mesh point.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh topology | 1210
Column Parent Path Cost
Node Cost Link Cost Hop Count RSSI
Rate Tx/Rx Last Update Uplink Age #Children
Description
If the AP is operating as a mesh point, this parameter displays the name of its parent mesh portal.
A relative measure of the quality of the path from the AP to the controller. A lower number indicates a better quality path, where a higher number indicates a less favorable path (e.g, a path which may be longer or more congested than a path with a lower value.) For a mesh point, the path cost is the sum of the (parent path cost) + (the parent node cost) + (the link cost).
A relative measure of the quality of the node, where a lower number of is more favorable than a higher number. This cost is related to the number of children on the specified node.
A relative measure of the quality of the link. For example, a more congested link will have a higher link cost than a similar, less-congested link.
Number of hops to the mesh portal.
The Receive Signal Strength Indicator (RSSI) value displayed in the output of this command represents signal strength as a signal to noise ratio. For example, a value of 30 would indicate that the power of the received signal is 30 dBm above the signal noise threshold.
The rate, in Mbps, that a mesh point transmits and receives at on its uplink. Note that the rate information is only as current as indicated in the Last Update column.
Time elapsed since the mesh node last updated its statistics.
Time elapsed since the mesh node became active in the mesh topology.
Number of children associated with a parent mesh point.
Command History
Version ArubaOS 3.0
Modification Command introduced
ArubaOS 3.4.1
The output of this command was also modified to include the Rate Tx/Rx column.
1211 | show ap mesh topology
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing
Command Mode
This show command is available in the base operating system. Commands to configure the mesh feature require the Mesh license.
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap mesh topology | 1212
show ap monitor
show ap monitor active-laser-beams|ap-list|channel|client-list|containment-info|idsstate|mesh-list|pot-ap-list|pot-client-list|routers|wired-mac {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>} {ap-bssid <ap-bssid>}|{enet-mac <enet-mac>}
Description
Show information for Dell Air Monitors.
Syntax
Parameter active-laser-beams
ap-list arp-cache channel client-list containment-info
Description
Show active laser beam generators. The output of this command shows a list of all APs that are actively performing policy enforcement containment such as rogue containment. This command can tell us which AP is sending out deauthorization frames, although it does not specify which AP is being contained.
Show list of APs being monitored.
Show ARP Cache of learned IP to MAC binding
Show state and stats of a specific channel.
Show list of client being monitored.
Show containment events and counters triggered by the wired containment and wireless containment features configured in the ids general-profile. The output of this command shows device and target data for wired containment activity, a well as data for the following counters. Wireless Containment Counters: l Last Deauth Timer Tick l Deauth frames to AP l Deauth frames to Client l Last Tarpit Timer Tick l Tarpit Frames: Probe Response l Tarpit Frames: Association Response l Tarpit Frames: Authentication l Tarpit Frames: Data from AP l Tarpit Frames: Data from Client l Last Enhanced Adhoc Containment Timer Tick l Enhanced Adhoc Containment: Frames To Data Sender l Enhanced Adhoc Containment: Frames To Data Receiver l Enhanced Adhoc Containment: Response to Request
1213 | show ap monitor
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
ids-state ap-name bssid ip-addr
mesh-list pot-ap-list
pot-client-list
Description
l Enhanced Adhoc Containment: Replay Response Wired Containment Counters: l Last Wired Containment Timer Tick l Last Tagged Wired Containment Timer Tick l Spoof frames sent l Spoof frames sent on tagged VLAN
Show IDS State.
Name of Access Point
BSSID of Access Point
IP Address of Access Point
Show list of Mesh APs being monitored.
Display the Potential AP table. The Potential AP table shows the following data: l bssid: the AP's Basic Service Set Identifier. l channel: The AP's current radio channel l phy type: The radio's PHY type. Possible values are 802.11a, 802.11a-HT-
40, 802.11b/g, 802.11b/g-HT-20. l num-beacons: Number of beacons seen during a 10-second scan l tot-beacons: Total number of beacons seen since the last reset. l num-frames: Total number of frames seen since the last rest. l mt: Monitor time; the number of timer ticks elapsed since the controller
first recognized the AP. l at: Active time, in timer ticks. l ibss: Shows if ad-hoc BSS is enabled or disabled. It will be enabled if the
bssid has detected an ad-hoc BSS (an ibss bit in an 802.11 frame). l rssi: The Receive Signal Strength Indicator (RSSI) value displayed in the
output of this command represents signal strength as a signal to noise ratio. For example, a value of 30 would indicate that the power of the received signal is 30 dBm above the signal noise threshold.
Display the Potential client table. The Potential Client table shows the following values: l last-bssid: the Last BSSID to which the client associated. l from-bssid, l to-bssid l mt:Monitor time; the number of timer ticks elapsed since the controller first
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap monitor | 1214
Parameter
Description
recognized the client. l it: Client Idle time, expressed as a number of timer ticks.
routers
Show Router MAC Addresses learned. The output of this command includes the router's MAC address, IP address and uptime.
wired-mac
Show Wired MAC Addresses learned.
ap-name <ap-name>
Show data for an AP with a specific name.
bssid <bssid>
Show data for a specific Basic Service Set Identifier (BSSID) on an AP. The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
ip-addr <ip-addr>
Show data for an AP with a specific IP address by entering its IP address in dotted-decimal format.
ap-bssid <ap-bssid> Include the optional ap-bssid <ap-bssid> parameters to show how the AP is monitoring information for another AP with a specific BSSID.
enet-mac <enet-mac>
Include the optional enet-mac <enet-mac> parameters to show how the AP is monitoring information for an interface with a specific Ethernet MAC address.
Examples
The output of the command displays the Monitored AP table, which lists all the APs monitored by a specified AP or BSSID. (host) #show ap monitor ap-list ap-name al12
Monitored AP Table
------------------
bssid
essid
-----
-----
d8:c7:c8:3d:41:20 test-apprf
6c:f3:7f:8e:6a:b1 esx12_1x
18:64:72:93:6a:63 test_cp
d8:c7:c8:3d:46:72 135-hierarchy-psk
6c:f3:7f:43:d4:2a sw-inst
chan ---1 1 1 36 40
ap-type ------suspected-rogue(20%) interfering interfering suspected-rogue(20%) interfering
phy-type -------80211b/g-HT-20 80211b/g-HT-20 80211b/g-HT-20 80211a-HT-40 80211a-HT-40
dos --disable disable disable disable disable
dt/mt ----22053/21183 22053/21183 22053/16068 21976/2165 21404/2668
ut/it ----1/0 1/0 1/0 34/0 0/0
encr ---wpa2-psk-aes wpa2-8021x-aes wpa2-psk-aes wpa2-psk-aes wpa2-psk-aes
nstas ----0 0 0 0 0
avg-rssi -------50 17 60 52 50
curr-rssi --------47 17 61 54 50
wmacs ----0 0 0 1 0
ibss ---no no no no no
Start:0 Length:5 Total:5
The output of this command includes the following information:
1215 | show ap monitor
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter bssid essid chan ap-type phy-type
dos dt/mt
ut/it
encr ntsas avg-rssi
curr-rssi wmacs ibss
Description
Basic Service Set Identifier for (bssid) an AP. This is usually the AP's MAC address.
Extended service set identifier that names a wireless network.
Radio channel used by the BSSID.
Shows classification of the AP.
Radio phy type. Possible types include: l 802.11a l 802.11a-HT-40 l 802.11b/g l 802.11b/g-HT-20
Shows if the feature to contain DoS attacks has been enabled or disabled.
dt--Detected time: the number of timer ticks since the AP was last detected. mt--Monitor time; the number of elapsed timer ticks since the AP first recognized the monitored AP.
ut--Unseen time: the number elapsed timer ticks the monitored AP was not seen when scanning a channel of the device. it--AP idle time, the number of timer ticks since the AP last saw any frames from the monitored AP.
Shows the encryption type of the BSSID. If there are multiple encryption types, this command shows the lowest encryption type.
Shows the number of stations connected to the AP (as seen by the monitoring AP).
Shows the average RSSI (Received Signal Strength) for the device. NOTE: RSSI is an indication of the power level being received by the antenna. Therefore, the higher the RSSI number, the stronger the signal.
Shows the current RSSI for the device.
Shows the number of unique wireless MAC addresses seen on the Wi-Fi network from the AP's BSSID.
Shows all the monitored APs (BSSIDs).
Command History
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap monitor | 1216
Version ArubaOS 3.0. ArubaOS 3.4.
ArubaOS 6.1
Modification
Command introduced
The ap-bssid and enet-mac parameters were added to the show ap monitor wired-mac command.
Added the following parameter to ids-state: ap-name bssid ip-addr
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1217 | show ap monitor
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap monitor association
show ap monitor association {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>} <ap-bssid>
Description
Show the association table for an Air Monitor (AM).
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
<ap-bssid>
Description Show data for an AM with a specific name.
Show data for an AM with a specific Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AM's MAC address.
Show data for an AM with a specific IP address by entering its IP address in dotted-decimal format.
BSSID of an AP.
Examples
The output of the command lists the MAC addresses associated with the Air Monitor BSSID.
(host) #show ap monitor association ap-name ap9 00:1a:1e:11:74:a1
Association Table
-----------------
mac
rsta-type auth phy-type
---
--------- ---- --------
00:1d:d9:01:c4:50 valid
yes 80211a
00:17:f2:4d:01:e2 valid
yes 80211a
00:1f:3b:8c:28:89 valid
yes 80211a
00:1d:d9:05:05:d0 valid
yes 80211a
00:14:a4:25:72:6d valid
yes 80211a
00:19:7d:d6:74:8d valid
yes 80211a
The output of this command includes the following information:
Column mac rsta-type
auth
Description MAC address associated with the Air Monitor BSSID
Rogue station type: l interfering: Interfering station. l valid: Station is not a rogue station. l DoS: Station may have attempted a DoS attack.
Displays a yes if the client has been authenticated.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap monitor association | 1218
Column phy-type
Description
The RF band in which the AP should operate: 802.11g = 2.4 GHz 802.11a = 5 GHz
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1219 | show ap monitor association
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap monitor debug
show ap monitor debug counters|status {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>} show ap monitor debug profile-config {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>} ap-radio|ap-system|arm|event-thresholds|ids-dos|ids-general|ids-impersonation|ids-signaturematching|ids-unauthorized-device|interference|regulatory-domain|rf-behavior
Description
Show information for an Air Monitor's current status, message counters, or profile settings.
Syntax
Parameter counters status ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr> profile-config
ap-radio ap-system arm event-thresholds ids-dos ids-general
Description
Show Air Monitor (AM) message counters.
Show the status of an Air Monitor.
Show data for an AM with a specific name.
Show data for an AM with a specific Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show data for an AM with a specific IP address by entering its IP address in dotted-decimal format.
Show an Air Monitor profile configuration.
Show the Air Monitor radio configuration parameters, as defined in the AM's 802.11a, 802.11b, or high-throughput radio profiles.
Show an Air Monitor's system configuration settings, as defined in it's AP System profile.
Show an Air Monitor's Adaptive Radio Management (ARM) settings, as defined in its current ARM profile
Show an Air Monitor Event Thresholds settings, as defined in its current RF Event Thresholds profile
Show an Air Monitor IDS DoS settings, as defined in its current IDS DoS profile.
Show an Air Monitor IDS General Configuration settings, as defined in its IDS General profile.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap monitor debug | 1220
Parameter ids-impersonation ids-signature-matching ids-unauthorized-device interference regulatory-domain rf-behavior
Description
Show an Air Monitor IDS Impersonation Configuration settings, as defined in its IDS Impersonation profile.
Show an Air Monitor IDS Signature Matching configuration settings, as defined in its IDS Signature Matching profile
Show an Air Monitor IDS Unauthorized Device configuration settings, as defined in its IDS Unauthorized Device profile.
Show an Air Monitor's interference configuration settings, as defined in its current RF Optimization profile.
Show an Air Monitor's Regulatory Domain configuration settings, as defined in its Regulatory Domain profile.
Show an Air Monitor RF Behavior Configuration
Examples
The output of the following command includes the WLAN Interface, Data Structures, WLAN InterfaceSwitch Status and RTLS Configuration tables for the specified AP.
(host) #show ap monitor debug status ap-name ap12
WLAN Interface
--------------
bssid
scan monitor probe-type phy-type
-----
---- ------- ---------- --------
00:1a:1e:11:5f:10 enable enable sap
80211a-HT-40
00:1a:1e:11:5f:00 enable enable sap
80211b/g-HT-20
task ---tuned tuned
channel ------153 6
pkts ---496970814 391278179
Wired Interface
---------------
mac
ip
---
--
macs gw-macs tagged-pkts vlan
---- ------- ----------- ----
00:1a:1e:c9:15:f0 192.0.2.32.200
23
1
03
Global Counters
---------------
key
value
---
-----
Packets Read
888248993
Bytes Read
2819670134
Num Interrupts
681037971
Num Buffer Overflows 591393
Max PPS
16239
Cur PPS
1130
Max PPI
20
Cur PPI
2
Uptime
3323085
AP Name
AL12
LMS IP
Master IP
AP Type
125
Country Code
2
gw-ip -----
gw-mac ------
status pkts ------ ----
192.0.2.32.254 00:0b:86:08:e1:00 enable 101960
1221 | show ap monitor debug
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Data Structures
----------------
ap sta pap psta ch msg-hash ap-l
-- --- --- ---- -- -------- ----
20 40 17 55 24 21
20
Other Parameters ----------------key --WMS on Master Stats Update Interval Poll Interval Num Switches Collect Stats
value ----disabled 60 174000 1 enabled
WLAN Interface Switch Status
-----------------------------
Bssid
Type Status
ack
-----
---- ------
--
00:1a:1e:11:5f:10 local up
3322965
00:1a:1e:11:5f:00 local up
3322965
Last-reg -------3321891 3321891
N-reg ----3821 3821
Last-update ----------3322965 3322917
Next-update ----------197 187
N-updates --------10368 10378
Last------
RTLS Configuration and State
-----------------------------
Type
Server IP Port Freq Active Rpt-Tags Tag-Mcast-Addr
Tags-Sent Rpt-Sta
Incl-Unassoc-Sta Sta-Sent Cmpd-Msgs-Sent
----
--------- ---- ---- ------ -------- --------------
--------- ------- ---
------------- -------- --------------
MMS
N/A
N/A N/A
disable 01:0c:cc:00:00:00 N/A
disable N/A
N/A
N/A
Aeroscout N/A
N/A 30
*
disable 00:00:00:00:00:00 N/A
enable
disable
2610
265
RTLS
N/A
N/A 20
*
disable 01:18:8e:00:00:00 N/A
enable
enable
The output of this command includes the following information:
Column bssid
scan monitor probe-type
Description
The Basic Service Set Identifier (BSSID) for the AP. This is usually the AP's MAC address.
Indicates whether or not if active scanning is enabled on this AP.
Indicates whether the AP radio is currently enabled or disabled.
This parameter displays one of the following options to show the AP is configured. l sap: Default AP setting. l am: AP is configured as an Air Monitor. l m-portal: AP is configured as a Mesh portal.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap monitor debug | 1222
Column
Description
l m-point: AP is configured as a Mesh point.
task
This parameter displays one of the following options to show the radio's current task: l scan: AP is scanning other channels. l tuned: AP is tuned on one channel. l locate: AP has been asked to locate a specific AP or client. l pcap: The AP is enabled with the Packet Capture feature.
channel
The radio channel currently used by an AP's WLAN interface.
pkts
Number of packets seen on the interface.
mac
MAC address for the AP's wired interface.
ip
The AP's IP address.
gw-ip
IP address for the AP's gateway.
gw-mac
MAC address for the AP's gateway.
status
Shows if the interface is currently enabled or disabled.
pkts
Number of packets seen on the AP's wired interface.
macs
Number of MAC addresses in the Wired MAC table for that interface.
gw-macs
Number of MAC addresses in the Wired MAC table for that interface.
tagged-pkts
Number VLAN-tagged packets sent to that interface.
vlan
The VLAN ID for the packets sent to that interface.
Packets read
Number of packets read by the AP since it was last reset.
Bytes read
Number of bytes read by the AP since it was last reset.
Num Intercepts
Number of interrupts from the AP's driver.
Num Buffer Overflows Number of times excessive traffic has filled the AP's buffers.
Max PPS
Maximum throughput rate seen on the interface, in packets per second.
Cur PPS
Current throughput rate seen on the interface, in packets per second.
1223 | show ap monitor debug
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column Max PPI
Description Maximum interrupt rate seen on the interface, in interrupts per second.
Cur PPI
Current interrupt rate seen on the interface, in interrupts per second.
Uptime
Number of seconds since the AP was last reset.
LMS IP
IP address of the AP's local controller.
Master IP
IP address of the AP's master controller.
AP type
AP model type.
Country Code
The AP's country code. Valid radio channels for your wireless network are based on your country code. If you change the AP's country code, the valid channels will be reset to the defaults for the new country.
ap
Number of other APs monitored by this AP.
sta
Number of clients and APs seen by this AP.
pap
Number of potential APs; APs which have transmitted a beacon, but have not
yet been registered.
psta
Number of potential stations; AP has seen a MAC address from the station but hasn't yet received traffic from it.
ch
Number of channel entries in the channel table.
msg-hash
Number of different message types seen on the interface.
ap-l
(For internal use only)
WMS on Master
Indicates if the AP communicates to the wms process on a master or local controller.
enabled: Communicates with a master controller.
disabled: Communicates with a local controller only.
Stats Update Interval If the AP is collecting statistics, this value is the interval in seconds in which the AP sends statistics to the WMS process on a controller.
Poll Interval
Interval, in milliseconds, that the AP sends RSSI updates to the WMS process on a controller.
Num Switches
Number of controllers to which this AP has access. If the value is 1, the AP has access to a master or a local controller. If the value is 2, the AP has access to a master and a local controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap monitor debug | 1224
Column Collect Stats
Bssid Type Status
Last-reg N-reg Last-update Next-update N-updates Last-ack
Type Server IP Port Frequency Active Rpt-Tags Tag-Mcast-Addr Tags-Sent Rpt-Sta Incl-Unassoc-Sta
Sta-Sent Cmpd-Msgs-Sent
1225 | show ap monitor debug
Description If enabled, the AP will collect statistics to send the WMS process on its controller. BSSID of the radio. Indicates whether the controller type is master or local. If up, the AP can reach the controller. If down, the AP cannot reach the controller. The time the AP last registered with the WMS process. Number of times the AP has registered with the WMS process. The last timer tick time the AP updated the WMS process. Interval between the last update and the next scheduled update. Number of updates sent to the WMS process. Number of timer ticks since the AP received an acknowledgement from the WMS process. Type of RTLS server used by the AP, such as MMS or Aeroscout. IP address of the RTLS server. Port used by the RTLS server. Rate, in seconds, at which RTLS messages are sent to the server. Indicates if the server is active on the AP. Displays whether tag reporting is enabled or not. Displays MAC OUI of the tags that are forwarded to the server. Displays the cumulative count of the tag reports sent to server. Displays whether station reporting is enabled or not. Displays whether unassociated stations are included in station reporting or not. Displays cumulative count of station reports sent to server. Displays cumulative count of compound messages containing station reports sent to server.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 3.0. ArubaOS 3.4.
Dell Networking W-Series ArubaOS 6.4.x
Modification
Command introduced.
The tagged-pkts and vlan parameters were added to the Wired Interface table in the output of the show ap monitor debug status command.
The Rpt-Tags, Tag-Mcast-Addr, Tags-Sent, Rpt-Sta, Incl-Unassoc-Sta, StaSent, and Cmpd-Msgs-Sent were added to the RTLS configuration and state table.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap monitor debug | 1226
show ap monitor stats
show ap monitor stats advanced {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>} clientmac <client-mac>
show ap monitor stats {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>} mac <mac>
Description
Show packet, signal and channel statistics for an AP or a client.
Syntax
Parameter advanced
Description Show advanced statistics for an AP or client.
ap-name <ap-name>
Show statistics for an AP with a specific name.
bssid <bssid>
Show data for a specific Basic Service Set Identifier (BSSID) on an AP. The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
ip-addr <ip-addr>
Show data for an AP with a specific IP address by entering its IP address in dotted-decimal format.
mac <mac>
Show data for a specific MAC address by entering the MAC address of a client or AP.
client-mac <client-mac>
Show data for a specific client MAC address by entering the MAC address of a client.
Example
The output of the following command shows monitoring statistics for the AP al12, and a client with the MAC address 00:03:2a:02:6a:d7. (host) #show ap monitor stats ap-name al12 mac 00:03:2a:02:6a:d7
Aggregate Stats
---------------
retry low-speed non-unicast recv-error frag bwidth
----- --------- ----------- ---------- ---- ------
0
0
0
0
0
0
RSSI
----
avg-signal low-signal high-signal count duration (sec)
---------- ---------- ----------- ----- --------------
51
51
51
4
50
Monitored Time:6626
Last Packet Time:585500
Uptime:585502
DoS Frames ---------tx old-tx rx old-rx -- ------ -- ------
1227 | show ap monitor stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
00
00
Interference Baseline
---------------------
FRR FRER
--- ----
17 4
Handoff Assist
--------------
rssi-index cur-signal old-cur-signal
---------- ---------- --------------
0
51
0
High Throughput Parameters
--------------------------
ht-type primary-channel sec-channel gf-supported
------- --------------- ----------- ------------
none
0
0
0
40mhz-intolerance ----------------0
The output of this command includes the following information:
Column retry Low-speed non-unicast recev-error frag bwth avg-signal Low-signal high-signal count Duration tx
old-tx
rx
Description Percent of 802.11 retry frames sent because a client failed to send an ACK. Percent of frames sent at a data rate of 18 Mbps or slower. Percent of non-unicast frames Percent of error frames of all frames seen in the last second. Rate of fragmented packets, in frames per second Current bandwidth, in bps. Average signal-to-noise ratio over the interval since the AP's last reset. Lowest signal-to-noise ratio over the interval since the AP's last reset. Highest signal-to-noise ratio over the interval since the AP's last reset. Number of packets seen on the AP over the interval since the AP's last reset. Time over which the AP has measured RSSI values. The total number of deauthorization frames sent to this MAC address for containment in the interval from the AP's last reset until the current timer tick. The total number of deauthorization frames sent to this MAC address for containment until the previous timer tick. The total number of deauthorization frames spoofing the MAC address in the interval from the AP's last reset until the current timer tick.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap monitor stats | 1228
Column old-rx FRR FRER rssi-index
cur-signal old-cur-signal
ht-type
primary-channel sec-channel gf-supported 40mhz-intolerance
Description
The total number of deauthorization frames sent to this MAC address for containment until the previous timer tick.
Frame retry rate, in frames per second.
Frame error retry rate, in frames per second.
This value indicates the number of consecutive timer ticks over which the value of the Receive Signal Strength Indicator (RSSI) of the client has reduced by more than 3 units. NOTE: This value is updated only if 'handoff-assist' is enabled in the AP's RF Optimization profile.
The Receive Signal Strength Indicator (RSSI) of the most recent frame received from the specified MAC address.
The most recent Receive Signal Strength Indicator (RSSI) of the MAC which is 3 lower or 5 higher than the current RSSI. NOTE: This value is updated only if 'handoff-assist' is enabled in the AP's RF Optimization profile
This parameter indicates support for the following HT types: no: No support for high-throughput. HT-20: Support for 20 Mhz high-throughput only. HT-40: Support for 40 Mhz high-throughput.
Primary radio channel.
Secondary radio channel
If 1, this AP supports greenfield mode. If 0, greenfield is not supported.
Indicates whether the specified MAC address is 40 Mhz intolerant.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1229 | show ap monitor stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap packet capture
show ap pcap status {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>}
Description
Show the status of outstanding packet capture (pcap) sessions.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description
Show data for an AP with a specific name.
Show data for a specific Basic Service Set Identifier (BSSID) on an AP. The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show data for an AP with a specific IP address by entering its IP address in dotted-decimal format.
Usage Guidelines
The Packet Capture (pcap) feature copies control path packets from the Dell Control Processor, providing visibility for packets to or from the controller. This provides a useful troubleshooting tool for diagnosing communication problems with elements such as a Radius server. You can retrieve these packets by issuing the command tar logs, and then viewing the file filter.pcap on the controller's flash drive.
Example
The example below shows the Packet Capture Sessions table for an AP named AP16.
(host) #show ap pcap status ap-name AP16
Packet Capture Sessions
-----------------------
pcap-id filter type intf
channel max-pkt-size num-pkts status
target
------- ------ ---- ----
------- ------------ -------- ------
----
1
raw 00:1a:1e:82:ab:b0 161
in-progress
10.3.9.225/5555
The output of this command includes the following information:
url --- --
Column pcap-id filter type
Description ID number of the packet capture session.
Packet Capture filter specification.
A raw packet capture type indicates that the controller is streaming raw packets to an external viewer.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap packet capture | 1230
Column intf channel max-pkt-size num-pkts status url target
Description BSSID of the interface for the PCAP session. Channel used by AP to capture packets. Maximum size of all captured packets. Number of packets captured during the session. Shows the current status of the packet-capture session. Packet capture data can be downloaded to this URL IP address of the client station running Wildpacket's AiroPeek monitoring application
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1231 | show ap packet capture
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap papi-err
show ap papi-err {ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>|ip6-addr <ip6-addr>}
Description
Show PAPI error messages.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
ip6-addr <ip6-addr>
Description
Show data for an AP with a specific name.
Show data for a specific Basic Service Set Identifier (BSSID) on an AP. The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show data for an AP with a specific IP address by entering its IP address in dotted-decimal format.
Show data for an AP with a specific IPv6 address by entering its IPv6 address in dotted-decimal format.
Examples
The output of the command displays the status.
(host) #show ap papi-err STM SAP PAPI Send Error ----------------------Name bssid ip Tunnel Add ---- ----- -- ----------
Tunnel Remove -------------
Arp Req -------
Vlan Req --------
Sta Req -------
Mcast Req ---------
Command History
Version ArubaOS 3.0.
Modification Command introduced
ArubaOS 6.3
The ip6 parameter was added.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap papi-err | 1232
show ap port status
ap-name <ap-name> bssid <bssid> ip-addr <ip-addr> ip6-addr <ip6-addr> wired-mac <wired-mac>
Description
Shows the status of the AP's wired ports. The status is updated every 60 seconds.
Syntax
Parameter
Description
ap-name <ap-name>
Name of the AP.
bssid <bssid>
BSSID of the AP.
ip-addr <ip-addr>
IP address of the AP.
ip6-addr <ip6-addr> IPv6 address of the AP.
wired-mac <wired-mac> MAC address of the AP.
Examples
The output of the command displays the wired port status of an AP named LocalAP1. In this example, the output is divided into multiple sections to fit better on the pages of this document. In the actual command-line interface, it appears in a single long table.
(host) #show ap port status ap-name LocalAP1
AP "LocalAP1" Port Status (updated every 60 seconds)
--------------------------------------------------
Port MAC
Type Forward Mode Admin
Oper Speed
Duplex 802.3az PoE
---- ---
---- ------------ -----
---- -----
------ ------- ---
0
00:1a:1e:10:05:1a GE N/A
enabled up 1 Gb/s full N/A
N/A
1
00:1a:1e:10:05:1b FE tunnel
enabled up 100 Mb/s full N/A
N/A
2
00:1a:1e:10:05:1c FE tunnel
enabled down N/A
N/A
N/A
N/A
3
00:1a:1e:10:05:1d FE N/A
disabled down N/A
N/A
N/A
N/A
STP --N/A Forwarding Disabled Off
TX-Packets ---------23697 12185 0 0
TX-Bytes -------3338307 6593226 0 0
RX-Packets ---------27449 18436 0 0
RX-Bytes -------8471871 1758272 0 0
Command History
Version ArubaOS 6.2 ArubaOS 6.3
Modification Command introduced. A new column STP displays the spanning tree state of the wired port.
1233 | show ap port status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap port status | 1234
show ap profile-usage
show ap profile-usage {ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>}
Description
Show a complete list of all profiles referenced by an individual AP or an AP BSSID.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description
Show data for an AP with a specific name.
Show data for a specific Basic Service Set Identifier (BSSID) on an AP. The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show data for an AP with a specific IP address by entering its IP address in dotted-decimal format.
Usage Guidelines
Use this command to monitor the configuration profiles in use by an AP or a specific BSSID. The output of this command shows the name of each profile type that is associated with the AP or BSSID, as well as the source that associates the profile with the AP.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1235 | show ap profile-usage
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap provisioning
show ap provisioning {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>}
Description
Show provisioning parameters currently used by an AP.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description Show data for an AP with a specific name.
Show data for a specific Basic Service Set Identifier (BSSID) on an AP. An AP's BSSID is usually the AP's MAC address.
Show data for an AP with a specific IP address.
Example
The output of this command shows that the AP named AP8 has mostly default parameters. These
appear with the value N/A.
(host) #show ap provisioning ap-name AP8
AP "mp2" Provisioning Parameters
--------------------------------
Item
Value
----
-----
(host) (config) #show ap provisioning ap-name 00:24:6c:c7:d5:c8
AP "00:24:6c:c7:d5:c8" Provisioning Parameters ---------------------------------------------Item ---AP Name AP Group Location name SNMP sysLocation Master Gateway IPv6 Gateway Netmask IP Addr IPv6 Addr IPv6 Prefix DNS IP DNS IPv6 Domain Name Server Name Server IP Antenna gain for 802.11a Antenna gain for 802.11g Antenna for 802.11a Antenna for 802.11g Single chain mode for Radio 0 Single chain mode for Radio 1
Value ----00:24:6c:c7:d5:c8 default N/A N/A 10.4.62.9 N/A N/A N/A N/A N/A 64 N/A N/A N/A aruba-master 10.4.62.9 N/A N/A both both 0 0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap provisioning | 1236
IKE PSK
N/A
PAP User Name
N/A
PAP Password
N/A
PPPOE User Name
N/A
PPPOE Password
N/A
PPPOE Service Name
N/A
PPPOE CHAP Secret
N/A
USB User Name
N/A
USB Password
N/A
USB Device Type
any
The output of this command includes the following information:
Column AP Name AP Group Location name SNMP sysLocation
Master Gateway Netmask IP Addr IPv6 IPv6 Prefix Dns IP DNS IPv6 Domain Name Server Name Server IP Antenna gain for 802.11a Antenna gain for 802.11g
Description Name of the AP. AP group to which the AP belongs. Fully-qualified location name (FQLN) for the AP. User-defined description of the location of the AP, as defined with the command provision-ap syslocation. Name or IP address for the master controller. IP address of the default gateway for the AP. Netmask for the AP's IP address. IP address for the AP. The static IP6 address of the AP.6 The prefix of static IPv6 address of the AP. IP address of the DNS server. The prefix of static IPv6 address of the AP. Domain name used by the AP. DNS name of the controller from which the AP boots. IP address of the controller from which the AP boots Antenna gain for 802.11a (5GHz) antenna. Antenna gain for 802.11g (2.4GHz) antenna.
1237 | show ap provisioning
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column Antenna for 802.11a
Description
Antenna use for 5 GHz (802.11a) frequency band. l 1: AP uses antenna 1 l 2: AP uses antenna 2 l both: AP uses both antennas
Antenna for 802.11g
Antenna use for 2.4 GHz (802.11g) frequency band. l 1: AP uses antenna 1 l 2: AP uses antenna 2 l both: AP uses both antennas
Single chain mode for Radio 0
If this parameter is set to 1 for an 802.11n-capable radio, the radio will operate in single-chain mode, and will transmit and receive data using only legacy rates and single-stream HT rates up to MCS 7. This parameter is set to 0 (disabled) by default.
Single chain mode for Radio 1
If this parameter is set to 1 for an 802.11n-capable radio, the radio will operate in single-chain mode, and will transmit and receive data using only legacy rates and single-stream HT rates up to MCS 7. This parameter is set to 0 (disabled) by default.
IKE PSK
IKE PSK The IKE pre-shared key.
PAP password
Password Authentication Protocol (PAP) password for the AP.
PAP User Name
PAP username for the AP.
PPPOE User Name
Point-to-Point Protocol over Ethernet (PPPoE) user name for the AP.
PPPOE Password
PPPoE password for the AP.
PPPOE Service Name
PPPoE service name for the AP.
PPPOE CHAP secret
PPPoE CHAP secret key for the AP.
USB User Name
The PPP username provided by the cellular service provider
USB Password
A PPP password, if provided by the cellular service provider
USB Type
The USB driver type.
USB Device Identifier
The USB device identifier.
USB Dial String
The dial string for the USB modem. This parameter only needs to be specified if the default string is not correct.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap provisioning | 1238
Column USB Initialization String USB TTY device data path USB TTY device control path Uplink VLAN
Link Priority Ethernet Link Priority Cellular
Mesh Role Installation Latitude Longitude Altitude Antenna bearing for 802.11a
Antenna bearing for 802.11g
Description
The initialization string for the USB modem. This parameter only needs to be specified if the default string is not correct.
The TTY device path for the USB modem. This parameter only needs to be specified if the default path is not correct.
The TTY device control path for the USB modem. This parameter only needs to be specified if the default path is not correct.
If you configured an uplink VLAN on an AP connected to a port in trunk mode, the AP sends and receives frames tagged with this VLAN on its Ethernet uplink. By default, an AP has an uplink vlan of 0, which disables this feature.
Set the priority of the wired uplink, from 0-255. Each uplink type has an associated priority; wired ports having the highest priority by default.
The priority of the cellular uplink, from 0-255. By default, the cellular uplink is a lower priority than the wired uplink; making the wired link the primary link and the cellular link the secondary or backup link.
If the mesh role is "none," the AP is operating as a thin AP. An AP operating as a mesh node can have one of two roles: mesh portal or mesh point.
Indicates the type of installation (indoor or outdoor). The default parameter indicates that the installation mode is determined by the AP model type.
Latitude coordinates of the AP, in the format Degrees Minutes Seconds (DMS).
Longitude coordinates of the AP, in the format Degrees Minutes Seconds (DMS).
Altitude, in meters, of the AP. This parameter is supported on outdoor APs only.
Horizontal coverage distance of the 802.11a (5GHz) antenna from true north, from 0-360 degrees. NOTE: This parameter is supported on outdoor APs only. The horizontal coverage pattern does not consider the elevation or vertical antenna pattern.
Horizontal coverage distance of the 802.11g (2.4GHz) antenna from true north, from 0-360 degrees.
1239 | show ap provisioning
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column
Description
NOTE: This parameter is supported on outdoor APs only. The horizontal coverage pattern does not consider the elevation or vertical antenna pattern.
Antenna tilt angle for 802.11a
The angle of the 802.11a (5GHz) antenna. This parameter can range from between -90 degrees and 0 degrees for downtilt, and between +90 degrees and 0 degrees for uptilt.
Antenna tilt angle for 802.11g
The angle of the 802.11g (2.4GHz) antenna. This parameter can range from between -90 degrees and 0 degrees for downtilt, and between +90 degrees and 0 degrees for uptilt.
Mesh SAE
Shows if the AP has enabled or disabled Secure Attribute Exchange (SAE) on a mesh network.
Related Commands
Command provision-ap
ap provisioning-profile
Description
Change provisioning parameters for an individual AP. This command does not save the provisioning parameters settings in a reusable profile.
This command defines a provisioning profile for an AP or group of APs.
Command History
Release ArubaOS 3.0 ArubaOS 3.2
ArubaOS 3.4
Modification
Command introduced
Introduced support for mesh parameters, additional antenna parameters, and AP location parameters.
Introduced support for the following parameters: l Installation l Mesh SAE l USB User Name l USB Password l USB Device Type l USB Device Identifier l USB Dial String l USB Initialization String l USB TTY device path
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap provisioning | 1240
Release ArubaOS 5.0
Modification
The mesh-sae parameter no longer displays the sae-default setting if the parameter is disabled. Only the sae-disable option indicates that this parameter is currently in its default disabled state.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on the controller where the AP is terminating.
1241 | show ap provisioning
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap provisioning-profile
ap provisioning-profile [<profile-name>]
Description
This command shows information for AP provisioning profiles.
Syntax
Parameter <profile-name>
Description The name of an an existing AP provisioning profile.
Usage Guidelines
The AP provisioning profile allows you to define a set of provisioning parameters to an AP group. These settings can be saved or assigned to an AP group via the command ap-group <group> provisioning-profile <profile>.
Issue this command without the <profile-name> option to display the entire AP provisioning profile list, including profile status and the number of references to each profile. Include a profile name to display the authorization group defined for that profile.
Examples
The following example lists all AP provisioning profiles. The References column lists the number of other profiles with references to that provisioning profile, and the Profile Status column indicates whether the profile is predefined. User-defined AP provisioning profiles will not have an entry in the Profile Status column.
(host) #show ap provisioning-profile
Provisioning profile List
-------------------------
Name
References Profile Status
----
---------- --------------
default 12
outdoor 3
To display the configuration settings for an individual profile, include the <profile> parameter. The example below shows the profile details for the AP provisioning profile Default.
(host) #show ap provisioning-profile default
Provisioning profile "default" -----------------------------Parameter --------Remote-AP Master IP/FQDN PPPOE User Name PPPOE Password PPPOE Service Name USB User Name USB Password USB Device Type USB Device Identifier USB Dial String
Value ----No N/A N/A N/A N/A N/A N/A none N/A N/A
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap provisioning-profile | 1242
USB Initialization String USB TTY device data path USB TTY device control path USB modeswitch parameters Link Priority Ethernet Link Priority Cellular Cellular modem network preference Username of AP so that AP can authenticate to 802.1x using PEAP Password of AP so that AP can authenticate to 802.1x using PEAP Uplink VLAN USB power mode AP POE Power optimization
N/A N/A N/A N/A 0 0 auto N/A N/A 0 auto disabled
Description
This command defines a provisioning profile for an AP or group of APs.
Syntax
Parameter Remote-AP
Master IP/FQDN PPPOE User Name PPPOE Password PPPOE Service Name USB User Name USB Password USB Device Type USB Device Identifier USB Dial String
USB Initialization String
USB TTY device data path
USB TTY device control path
Description Indicates that the profile is associated with a remote AP using certificates.
The FQDN or IP address for the master controller.
PPPoE username for the AP.
Point-to-Point Protocol over Ethernet (PPPoE) password for the AP.
PPPoE service name for the AP.
The PPP username provided by the cellular service provider
A PPP password, if provided by the cellular service provider
The USB driver type.
The USB device identifier.
The dial string for the USB modem. This parameter only needs to be specified if the default string is not correct.
The initialization string for the USB modem. This parameter only needs to be specified if the default string is not correct.
The TTY device path for the USB modem. This parameter only needs to be specified if the default path is not correct.
The TTY device control path for the USB modem. This parameter only needs to be specified if the default path is not correct.
1243 | show ap provisioning-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter USB modeswitch parameters
Description
All the parameters that is required to be passed to the USB mode switch utility.
Link Priority Ethernet
Set the priority of the wired uplink, from 0-255. Each uplink type has an associated priority; wired ports having the highest priority by default.
Link Priority Cellular
The priority of the cellular uplink, from 0-255. By default, the cellular uplink is a lower priority than the wired uplink; making the wired link the primary link and the cellular link the secondary or backup link.
Cellular modem network preference
Multi-mode cellular modem network preference type.
Username of AP so that AP can authenticate to 802.1x using PEAP
If your AP uses PEAP authentication, this field displays the AP username.
Password of AP so that AP can authenticate to 802.1x using PEAP
If your AP uses PEAP authentication, this field displays the AP password.
Uplink VLAN
If you configured an uplink VLAN on an AP connected to a port in trunk mode, the AP sends and receives frames tagged with this VLAN on its Ethernet uplink.
By default, an AP has an uplink vlan of 0, which disables this feature.
USB power mode
The USB power mode to control the power to the USB port.
AP POE Power optimization
Displays the AP POE power optimization status.
Usage Guidelines
The AP provisioning profile allows you to define a set of provisioning parameters to an AP group. These settings can be saved or assigned to an AP group via the command ap-group <group> provisioning-profile <profile>.
Related Commands
Command provision-ap
Description
Change provisioning parameters for an individual AP. This command does not save the provisioning parameters settings in a reusable profile.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap provisioning-profile | 1244
Command History
Release ArubaOS 3.0 ArubaOS 6.0 ArubaOS 6.3.1.10 ArubaOS 6.3.1.11
Modification Command introduced
The uplink-vlan parameter was introduced.
The AP power mode parameter was introduced.
The AP power mode parameter was renamed to AP POE Power optimization.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
1245 | show ap provisioning-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap radio-database
show ap radio-database [band a|g] [group <group>] [mode access-point|airmonitor|disabled|ht|ht-40mhz|legacy|sap-monitor] [sort-by ap-group|ap-ip|ap-name|aptype|switch-ip] [sort-direction ascending|descending] [start <start>] [switch <switch-ipaddr>]
Description
Show radio information for Access Points visible to this controller.
Syntax
Parameter band
a g group <group> mode access-point air-monitor disabled ht ht-40mhz legacy sap-monitor sort-by ap-group ap-ip ap-name ap-type
Description Show only APs with a radio operating in the specified band. Show only APs with a radio operating in the 802.11a band (5 GHz). Show only APs with a radio operating in the 802.11g band (2.4 GHz). Show only APs associated with the specified AP group. Show only APs with a radio operating in the specified mode. Show only APs operating as access points. Show only APs operating as air monitors. Show only disabled APs. Show only high-throughput APs. Show only 40 Mhz high-throughput APs. Show only legacy (not high-throughput) APs. Show only APs operating as SAP monitors. Sort the output of this command by a specific data column. Sort the output of this command by AP group name. Sort the output of this command by AP IP address. Sort the output of this command by AP name. Sort the output of this command by AP model type.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap radio-database | 1246
Parameter switch-ip
Description Sort the output of this command by controller ip address.
sort-direction
Select a sort direction for the output of this command.
ascending
Sort the output in ascending order.
descending
Sort the output in descending order.
start
Start displaying the output of this command at a chosen index number by entering the index number of the AP at which command output should start.
switch <switch-ip-addr> Display information for APs associated with a specific controller by entering the IP address of that controller.
Example
The output of the command shows that the AP is aware of five other access points, three of which are active.
(host) #show ap radio-database
AP Radio Database
-----------------
Name
Group AP Type IP Address
Mode/Chan/EIRP/Cli 11a Mode/Chan/EIRP/Cli
----
----- ------- ----------
------------ ----------------------
mp3
default 125
10.3.129.96
/10/0/0
AP(HT)/100/4/0
sw-ad-ap124-11 default 124
10.3.129.99
/10/0/0
AP(HT)/100+/2/0
sw-ad-ap125-13 default 125
10.3.129.98
/10/2.5/0
AP(HT)/100/4/0
sw-ad-ap65-19 default 65
10.3.129.95
Status -----Up 14h:45m:0s Up 14h:43m:18s Up 14h:49m:36s Down
Flags ----M M M
Switch IP --------10.3.129.232 10.3.129.232 10.3.129.232 10.3.129.232
11g ---------AP(HT) AP(HT) AP(HT)
Flags: U = Unprovisioned; N = Duplicate name; G = No such group; L = Unlicensed R = Remote AP; I = Inactive; X = Maintenance Mode; P = PPPoE AP; B = Built-in AP S = RFprotect Sensor; d = Disconnected Sensor; H = Using 802.11n license
M = Mesh node; Y = Mesh Recovery
The output of this command includes the following information:
Column Name Group AP Type IP address
Description Name of the AP. AP group to which the AP is associated. AP model type. IP address of the AP.
1247 | show ap radio-database
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column Status Flags
Switch IP 11g Mode/Chan/EIRP/Cli
11a Mode/Chan/EIRP/Cli
Description
Current AP status. If the AP is currently up, this data column also shows the amount of time for which the AP has been active.
This column displays a letter that corresponds to some type of additional information for the AP. The key to the list of possible flags appears at the bottom of the output of this command.
IP address of the AP's controller.
802.1g radio type and mode/802.11g radio channel used by the AP/current Effective Isotropic Radiated Power (EIRP)/Number of Clients associated with the radio
802.1a radio type and mode/802.11a radio channel used by the AP/current Effective Isotropic Radiated Power (EIRP)/Number of Clients associated with the radio.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap radio-database | 1248
show ap radio-summary
show ap radio-summary ap-group <ap-group> ap-name <ap-name> dot11a dot11g ip-addr <ip-addr> ip6-addr <ip6-addr>
Description
Show AP radios registered to this controller.
Syntax
Parameter ap-group ap-name <ap-name> dot11a dot11g ip-addr <ip-addr> ip6-addr <ip-addr>
Description Allows you to filter radio information by AP group. Allows you to filter radio information by AP name. Allows you to filter 802.11a radio information. Allows you to filter 802.11g radio information. Allows you to filter radio information by IP address. Allows you to filter radio information by IPv6 address.
Example
The output of the command in the example below displays statistics for the AP's radio, as well as statistics for transmitted and received frames.
In the actual command-line interface, it will appear in a single, long table.
(host) #show ap radio-summary
APs Radios information
----------------------
Name
Group
----
-----
172.17.153-7
172.17.153
172.17.150-5
172.17.150
172.17.153-13 172.17.153
172.17.151-42 172.17.151
172.17.151-34 172.17.151
172.17.155-26 172.17.155
AP Type ------104 104 104 104 104 104
IP Address ---------55.55.57.44 55.55.57.42 55.55.57.35 55.55.57.34 55.55.57.33 55.55.57.22
Band ---2.4 2.4 2.4 2.4 2.4 2.4
Mode ---AP:1 AP:6 AP:6 AP:11 AP:11 AP:1
EIRP/MaxEIRP NF/U/I
TD
------------ ------
--
28/29.5
-96/ 67/ 5 0/0/0/0/0/0
29.5/29.5
-96/ 27/ 3 0/0/0/0/0/0
29.5/29.5
-96/ 31/ 3 0/0/0/0/0/0
25/29.5
-96/ 28/ 6 0/0/0/0/0/0
25/29.5
-96/ 32/ 7 0/0/0/0/0/0
28/29.5
-96/ 70/ 4 0/0/0/0/0/0
TM -33/33/33/32/32/32 12/11/12/12/12/11 13/13/14/14/12/14 10/10/10/9/11/10 10/11/11/10/11/11 27
TC -0/0/0/0/0/0 0/0/0/0/0/0 0/0/0/0/0/0 0/0/0/0/0/0 0/0/0/0/0/0
NF: Noise Floor(dBm); U: Utilization(%); I: Interference(%)
1249 | show ap radio-summary
Dell Networking W-Series ArubaOS 6.4.x | User Guide
TD: Time used by data frames (%); TM: time used by mgnt frames(%); time used by ctrl frames (%) Total Radios:6
The output of this command includes the following information:
Parameter Name Group AP Type IP Address Band Mode
EIRP/Max EIRP NF/U/I TD TM TC
Description Name of the AP.
Group to which AP radio is assigned.
AP model.
Radio IP address.
Band on which radio is operating on (2.4 or 5 GHz).
Mode on which radio is operating; AP: AP Mode; AM: Air Monitor Mode, Spectrum: Spectrum Monitor Mode. Optionally, you can also specify the channel number. Current EIRP output and maximum EIRP allowed for this radio (dBm). Noise Floor (dBm)/Utilization (%)/Interference (%). Time used by data frames (%). Time used by mgmt frames(%). Time used by ctrl frames (%).
Command History
Release ArubaOS 6.2 ArubaOS 6.3
Modification Command was introduced The ap-group parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap radio-summary | 1250
show ap regulatory
show ap regulatory
Description
Shows the currently active Regulatory Cert.
Syntax
None.
Usage Guidelines
Issue this command to view the currently active Regulatory Cert
Examples
The example below shows the version of Regulatory Cert currently active on the controller. (host) #show ap regulatory Regulatory Version :1.0_43859
Command History
Introduced in ArubaOS 6.4.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1251 | show ap regulatory
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap regulatory-domain-profile
show ap regulatory-domain-profile [<profile-name>]
Description
Show the list of regulatory domain profiles, or the settings in an individual regulatory domain profile
Syntax
Parameter <profile-name>
Description Show data for a specific regulatory domain profile
Usage Guidelines
Issue this command without the <profile>parameter to display the entire regulatory domain profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has three regulatory domain profiles. The References column lists the number of other profiles with references to the regulatory domain profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column
(host) # show ap regulatory-domain-profile
Regulatory Domain profile List
------------------------------
Name
References
----
----------
corp-channel-profile
8
default
10
channel-test
1.
Profile Status --------------
This example displays the configuration settings for the profile corp-channel-profile. The output of this command shows the profile's country code and the valid channel and channel pairs for that profile.
host) #show ap regulatory-domain-profile corp-channel-profile
Regulatory Domain profile "corp-channel-profile"
------------------------------------------------
Parameter
Value
---------
-----
Country Code
US
Valid 802.11g channel
1
Valid 802.11g channel
6
Valid 802.11a channel
36
Valid 802.11a channel
40
Valid 802.11a channel
44
Valid 802.11a channel
48
Valid 802.11a channel
149
Valid 802.11a channel
153
Valid 802.11g 40MHz channel pair N/A
Valid 802.11a 40MHz channel pair 36-40
Valid 802.11a 40MHz channel pair 44-48
Valid 802.11a 40MHz channel pair 149-153
Valid 802.11a 80MHz channel group 36-48
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap regulatory-domain-profile | 1252
Valid 802.11a 80MHz channel group 52-64 Valid 802.11a 80MHz channel group 100-112 Valid 802.11a 80MHz channel group 116-128 Valid 802.11a 80MHz channel group 132-144 Valid 802.11a 80MHz channel group 149-161
The output of this command includes the following information:
Column Country Code
Description
Code that represents the country in which the APs will operate. The country code determines the 802.11 wireless transmission spectrum.
Valid 802.11g channel
Selected 802.11b/g channel available for use by an AP using the specified regulatory domain profile. These channels are limited to those valid for the profile's country code.
Valid 802.11a channel
Selected 802.11a channel available for use by an AP using the specified regulatory domain profile. These channels are limited to those valid for the country code.
Valid 802.11g 40MHz channel pair
Selected 802.11b/g 40 MHz channel pair available for use by an AP using the specified domain profile. These channels are limited to those valid for the profile's country code.
Valid 802.11a 40MHz channel pair
Valid 802.11a 80MHz channel group
Selected 802.11a 40 MHz channel pair available for use by an AP using the specified domain profile. These channels are limited to those valid for the profile's country code.
Selected 802.11a 80 MHz channel group available for use by an AP using the specified domain profile. These channels are limited to those valid for the profile's country code.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1253 | show ap regulatory-domain-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap remote counters
show ap remote counters {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>}
Description
Show the numbers of message counters for Remote APs
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description Show data for an AP with a specific name.
Show data for a specific Basic Service Set Identifier (BSSID) on an AP. You must specify an AP's BSSID, which is usually the AP's MAC address
Show data for an AP with a specific IP address.
Examples
Use this command to determine the number of message counters recorded for each counter type seen by the remote AP. The output of the command in the example below shows counters for Remote AP State and VoIP CAC State Announcements.
(host) #show ap remote counters ap-name al22
Counters -------Name ---Remote AP State VoIP CAC State Announcement
Value ----62851 13605
The output of this command includes the following information:
Column Name Value
Description Name of the counter type. Number of counters recorded since the AP was last reset.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap remote counters | 1254
show ap remote debug association
show ap remote debug association [ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>]
Description
Show the association table of the AP to identify the clients associated to each AP.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description
Show client associations for a specific AP name.
Show client associations for an specific AP Basic Service Set Identifier (BSSID). The BSSID is usually the AP's MAC address.
Show client associations for an AP with a specific IP address. Enter the IP address in dotted-decimal format.
Usage Guidelines
Use this command to verify if a remote user is connected to an AP, and to validate the AP to which is connected.
Example
The output of this command displays information about the remote clients associated with an AP with the IP address 192.0.2.32. (host) #show ap remote debug association ip-addr 192.0.2.32
Flags: W: WMM client, A: Active, R: RRM client
PHY Details: HT: High throughput; 20: 20MHz; 40: 40MHz <n>ss: <n> spatial streams
Association Table
-----------------
Name bssid
mac
auth assoc aid l-int essid
---- -----
---
---- ----- --- ----- -----
AP71 00:0a:23:c1:d4:11 00:16:6d:08:1s:f1 y
y
1 10
t-lab
vlan-id tunnel-id phy assoc. time num assoc Flags
------- --------- --- ----------- --------- -----
111
0x108e
a 23s
1
A
Num Clients:1 The output of this command includes the following information:
Column Name
Description Name of an AP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap remote debug association | 1256
Column bssid mac auth assoc aid 1-int
essid vlan-id tunnel-id phy
assoc. time num assoc flags
Description
The AP Basic Service Set Identifier (BSSID).
MAC address of the client.
This column displays a y if the AP has been configured for 802.11 authorization frame types. Otherwise, it displays an n.
This column displays a y if the AP has been configured for 802.11 association frame types. Otherwise, it displays an n.
802.11 association ID. A client receives a unique 802.11 association ID when it associates to an AP.
Number of beacons in the 802.11 listen interval. There are ten beacons sent per second, so a ten-beacon listen interval indicates a listen interval time of 1 second.
Name that uniquely identifies the AP's Extended Service Set Identifier (ESSID).
Identification number of the AP's VLAN.
Identification number of the AP's tunnel.
The RF band in which the AP operates: a = 5 GHz b, g = 2.4 GHz
Amount of time the client has associated with the AP, in the format hours:minutes:seconds.
Number of clients associated with the AP.
This column displays any flags for this AP. The list of flag abbreviations is included in the output of the show ap association command.
Command History
Introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1257 | show ap remote debug association
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap remote debug association
show ap remote debug association [ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>
Description
Show the association table for an AP.
Syntax
Parameter ap-name <ap-name>
bssid <bssid>
ip-addr <ip-addr>
Description
Show AP associations for a specific AP. You can also include the essid, phy or voip-only keywords to further filter the output of this command.
Show the AP associations for an specific AP Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show AP associations for a specific AP by entering an IP address in dotted-decimal format. You can also include the essid, phy or voiponly keywords to further filter the output of this command.
Usage Guidelines
Use this command to check if user is connected to an AP. This command validates whether the client is associated and indicates the last AP to which it was connected. If the flags column shows an 'A', the client is currently associated with that AP. Alternately, if the client is not currently associated, the AP with the smallest value of association time is the last AP used by the client.
Example
Use the show ap association bssid command to verify that a user has associated with an AP, or to determine last AP to which the client was connected. The output of this command in the example below shows the association table for the client with the MAC address 00:13:fd:5c:7c:59. If the flags column in the output of this command shows an 'A', the client associated last to that AP. Alternately, the AP with the smallest value of association time is the last AP to which the client had associated.
In the example below, the output of this command has been broken into two separate tables to better fit this page. In the actual output of the command, this information is shown in a single, wide table.
host) #show ap association bssid 00:13:fd:5c:7c:59
Flags: W: WMM client, A: Active, R: RRM client PHY Details: HT: High throughput; 20: 20MHz; 40: 40MHz
ss: spatial streams
Association Table
-----------------
Name bssid
mac
auth assoc aid l-int
---- -----
---
---- ----- --- -----
AL12 00:1a:1e:11:5f:11 00:21:5c:50:b1:ed y
y
12 10
00:1a:1e:88:88:31 00:19:7d:d6:74:93 y y 6 10 ethersphere-wpa2
essid ----ethersphere-wpa2AL5
vlan-id tunnel-id phy
assoc. time num assoc Flags
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap remote debug association | 1258
------- --------- ---
----------- --------- -----
65
0x10c4
a-HT-40sgi-2ss 35m:41s
1
WA65
0x1072
a
24m:29s
1
WA
The output of this command includes the following information:
Column Name bssid mac auth assoc aid 1-int
essid vlan-id tunnel-id assoc. time num assoc flags
Description Name of an AP
The AP Basic Service Set Identifier (BSSID)
MAC address of the AP
This column displays a y if the AP has been configured for 802.11 authorization frame types. Otherwise, it displays an n.
This column displays a y if the AP has been configured for 802.11 association frame types. Otherwise, it displays an n.
802.11 association ID. A client receives a unique 802.11 association ID when it associates to an AP.
Number of beacons in the 802.11 listen interval. There are ten beacons sent per second, so a ten-beacon listen interval indicates a listen interval time of 1 second.
Name that uniquely identifies the AP's Extended Service Set Identifier (ESSID).
Identification number of the AP's VLAN.
Identification number of the AP's tunnel.
Amount of time the client has associated with the AP, in the format hours:minutes:seconds.
Number of clients associated with the AP.
This column displays any flags for this AP. The list of flag abbreviations is included in the output of the show ap association command.
Command History
Introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers.
1259 | show ap remote debug association
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap remote debug bss-config
show ap remote debug bss-config [ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>Description Show the configuration for each BSSID of an AP. This information can be used to troubleshoot problems on an AP.
Syntax
Parameter ap-name <ap-name> ip-addr <ip-addr>
Description
Filter the AP Config Table by AP name.
Filter the AP Config Table by IP address by entering an IP address in dotteddecimal format.
Examples
The output of this command shows the AP configuration table for a specific BSSID.
host) #show ap remote debug bss-config ap-name ap93-3
Dell AP Config Table
---------------------
bss
ess vlan ip
phy type fw-mode max-cl rates tx-rates preamble mtu
--wmm
------ --00:1a:1e:11:24:c2 enable enable
--- ---cera2 66
-10.6.1.203
--- ---- ------- ------ ----- -------- -------- --- status
g-HT ap tunnel 64
0x3 0xfff
enable 0
00:1a:1e:8d:5b:11 wpa2 65 10.6.1.198 a-HT ap tunnel 20
0x150 0xff0
-
0
enable enable
00:0b:86:9b:e5:60 guest 63 enable enable
10.6.14.79 g
ap tunnel 20
0x2 0x3fe
enable 0
00:1a:1e:97:e5:41 voip 66 enable enable
10.6.1.199 g-HT ap
tunnel 20
0xc 0x14c
enable 0
00:1a:1e:11:74:a1 voip 66 enable enable
10.6.1.197 g-HT ap
tunnel 20
0xc 0x14c
enable 0
00:1a:1e:11:5f:11 wpa2 65 10.6.1.200 a-HT ap tunnel 20
0x150 0xff0
-
0
enable enable
The output of this command includes the following information:
Column bss ess
vlan IP phy
Description Basic Service Set (BSS) identifier, which is usually the AP's MAC address. Extended Service Set (ESS) identifier; a user-defined name for a wireless network. The BSSID's VLAN number. The AP's IP address. One of the following 802.11 types
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap remote debug bss-config | 1260
Column
type fw-mode
max-cl preamble MTU status wmm
Description
la l a-HT (high-throughput) lg l g-HT (high-throughput)
This column shows if the BSSID is for an access point (ap) or an air monitor (am).
The configured forward mode for the AP's virtual AP profile. l bridge: Bridge locally l split-tunnel: Tunnel to controller or NAT locally l tunnel: Tunnel to controller
The maximum number of clients allowed for this BSSID.
Shows if short preambles are enabled for 802.11b/g radios. Network performance may be higher when short preamble is enabled. In mixed radio environments, some 802.11b wireless client stations may experience difficulty associating with the AP using a short preamble.
Maximum Transmission Unit (MTU) size, in bytes. This value describes the greatest amount of data that can be transferred in one physical frame.
Shows if this BSSID is enabled or disabled.
Shows if the BSSID has enabled or disabled WMM, also known as IEEE 802.11e Enhanced Distribution Coordination Function (EDCF) WMM provides prioritization of specific traffic relative to other traffic in the network.
Command History
Introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1261 | show ap remote debug bss-config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap remote debug client-mgmt-counters
show ap remote debug client-mgmt-counters
Description
Show the numbers of each type of message from an AP's clients. This information can be used to troubleshoot problems on an AP.
Examples
The output of this command shows client management counters for the specified AP
host)#show ap remote debug client-mgmt-counters ap-name ap120-3
Counters
--------
Name
Value
----
-----
Validate Client
512
AP Stats Update Message
557750
3087
6
Tunnel VLAN Membership
4493
Update STA Tunnel Request
229
Update STA Tunnel Response 229
ARM Update
808921
ARM Propagate
590567
ARM Neighbor Assigned
55396
STM SAP Down
19
AP Message
192
STA On Call Message
12164
STA Message
19750
STA SIP authenticate Message 10919
STA Deauthenticate
707
Stat Update V3
441447
VoIP CAC State Announcement 37185
Remote AP State
371330
AP Message Response
164
assoc-req
4358
assoc-resp
4358
reassoc-req
950
reassoc-resp
950
disassoc
452
deauth
5117
sapcp
351131
The output of this command includes the following information:
Parameter Validate Client AP Stats Update Message 3087
Description Number of times a client was validated. Number of times an AP updated its statistics with the controller. (For internal use only)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap remote debug client-mgmt-counters | 1262
Parameter Tunnel VLAN Membership
Description (For internal use only)
Update STA Tunnel Request
(For internal use only)
Update STA Tunnel Response
(For internal use only)
ARM Update
Number of times an AP has changed its adaptive radio management (ARM) settings.
ARM Propagate
(For internal use only)
ARM Neighbor Assigned
(For internal use only)
STM SAP Down
(For internal use only)
AP Message
(For internal use only)
STA On Call Message
Number of counters indicating that a station has an active phone call
STA Message
(For internal use only)
STA SIP authenticate Message Number of messages indicating that a telephone has completed SIP registration and authentication.
STA Deauthenticate
Number of times a station sent a message to an AP to deauthenticate a client.
Stat Update V3
(For internal use only)
VoIP CAC State Announcement
Number of times a controller announces a call admission control (CAC) state change to the AP. Changes in CAC state could include the ability of call admission controls to accept more or fewer calls than previously configured.
Remote AP State
(For internal use only)
AP Message Response
(For internal use only)
assoc-req
Number of 802.11 association request management frames from the controller.
assoc-resp
Number of 802.11 association responses to the controller.
reassoc-req
Number of 802.11 reassociation requests to the controller.
reassoc-resp
Number of 802.11 reassociation responses from the controller.
1263 | show ap remote debug client-mgmt-counters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter disassoc deauth sapcp
Description Number of 802.11 disassociation messages to the controller. Number of 802.11 deauthorization messages from the controller. (For internal use only)
Command History
Introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap remote debug client-mgmt-counters | 1264
show ap remote debug flash-config
show ap remote debug flash-config {ap-name <ap-name>|bssid <bssid>|ip-addr <ip-addr>|ip6-addr <ip6-addr>} acls|vap <vap>|vaps
Description
Show the remote AP configuration stored in flash memory.
Syntax
Parameter ap-name <ap-name>
Description Show debugging data for an AP with a specific name.
bssid <bssid>
Show data for a specific Basic Service Set Identifier (BSSID) on an AP. The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
ip-addr <ip-addr>
Show data for an AP with a specific IP address by entering its IP address in dotted-decimal format.
ip6-addr <ip6-addr>
Show data for an AP with a specific IP6 address by entering its IP6 address in dotted-decimal format.
acls
Display ACLs of offline Virtual APs (VAPs).
vap <vap>
Display the configuration of a specific offline VAP by entering the name of an VAP.
vaps
Display the current number of offline VAPs.
Example
The output of this command can be used to debug problems with a remote AP. The command below shows statistics for an AP with the IP address 192.0.2.64.
(host) #show ap remote debug flash-config ip-addr 192.0.2.64 acls
Offline ACLs
------------
Item
Value
----
-----
Native VLAN
1
DHCP VLAN
N/A
DHCP ADDR
192.168.11.1
DHCP POOL NETMASK
255.255.255.0
DHCP POOL START
192.168.11.2
DHCP POOL END
192.168.11.254
DHCP DNS SERVER
0.0.0.0
DHCP ROUTER
192.168.11.1
DHCP DNS DOMAIN
mycompany
DHCP LEASE
0
Session ACL
N/A
Session ACL Name
N/A
Session ACL Count
N/A
Session Aces
N/A
1265 | show ap remote debug flash-config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ACL 1 ACL 1 Name ACL 1 Count Aces 1 ...
1 logon 21 16 1 4294
The output of this command includes the following information:
Column Native VLAN DHCP VLAN
DHCP ADDR DHCP POOL NETMASK DHCP POOL START
DHCP POOL END
DHCP DNS SERVER DHCP ROUTER DHCP DNS DOMAIN DHCP LEASE
Session ACL Session ACL name Session ACL count Session Aces ACL 1
ACL1 Name ACL1 Count ACL1 Aces
Description VLAN ID of the native VLAN.
VLAN ID of Remote AP DHCP server used when the controller is unreachable.
IP Address used as DHCP Server Identifier.
Netmask of the DHCP server pool.
IP Address used as the start of a range of addresses for a DHCP pool.
IP Address used as the end of a range of addresses for a DHCP pool.
IP Address for the DHCP DNS server.
IP Address for the DHCP default router.
Domain name for the DHCP DNS server.
Length of DHCP DNS leases in days. If this parameter displays a zero (0) the DHCP lease is has no defined end.
Name of the ACL applied to the user session.
Name of the ACL applied to the user session.
Number of rules in the applied to the user session.
A list of the individual rules in the session ACL.
This parameter shows the position of an individual ACL.
Name of the ACL in the first position.
Number of rules in the specified ACL.
A list of the individual rules in the specified ACL.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap remote debug flash-config | 1266
Command History
Release ArubaOS 3.0
Modification Command was introduced
ArubaOS 6.3
The ip6-addr parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or Config mode on master controllers
1267 | show ap remote debug flash-config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap remote debug mgmt-frames
show ap remote debug mgmt-frames {ap-name <ap-name>}|{bssid <bssid>|{ip-addr <ip-addr>} [client-mac <client-mac>] [count <count>]
Description
Show traced 802.11 management frames for a remote AP.
Syntax
Parameter ap-name <ap-name> bssid <bssid> ip-addr client-mac count <count>
Description
Show debugging information for a specific AP.
Show debugging information for a specific Basic Service Set Identifier (BSSID). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address
Show debugging information for an AP with a specific IP address by entering its IP address in dotted-decimal format.
Show the AP associations for a specific MAC address by entering the MAC address of the client.
Limit the amount of information displayed by specifying number of frames to appear in the output of this command.
Examples
Use this command to debug 802,1 authentication on a remote AP. The example below shows that a client successfully associated with the remote AP, then was later deauthenticated. (host) #show ap remote debug mgmt-frames ap-name AP32
Traced 802.11 Management Frames
-------------------------------
Timestamp
stype
SA
DA
BSS
signal Misc
---------
-----
--
--
---
------ ----
Oct 30 11:20:19 deauth
00:23:6c:2f:9a:85 00:1a:1e:11:56:40
STA has left and is deauthenticated
Oct 30 11:04:39 assoc-resp
00:1a:1e:11:56:40
00:23:6c:2f:9a:85 00:1a:1e:11:56:40 15
Success
Oct 30 11:04:39 assoc-req 00:23:6c:2f:9a:85 00:1a:1e:11:56:40 00:1a:1e:11:56:40 0
-
The output of this command includes the following information:
Column Timestamp
Description The time the management frame was sent
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap remote debug mgmt-frames | 1268
Column stype
SA DA BSS signal Misc
Description
One of the following 802.11 frame types: auth: Authorization frame deauth: Deauthorization frame assoc-resp: Association response assoc-req: Association request
Source MAC address.
Destination MAC address.
Basic Service Set Identifier (BSSID) of the AP
Signal strength as a signal to noise ratio. For example, a value of 30 would indicate that the power of the received signal is 30 dBm above the signal noise threshold.
Additional information describing the client's action. In the case of deauthentication, a reason associated with the event will be displayed in this column.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1269 | show ap remote debug mgmt-frames
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap snmp
show ap snmp wlsxSwitchStationMgmtTable wlsxSwitchStationStatsTable wlsxWlanAPBssidTable wlsxWlanAPTable wlsxWlanRadioTable
Description
This command displays the AP-related SNMP tables.
Syntax
Parameter
Description
wlsxSwitchStationMgmtTable Display user tree.
wlsxSwitchStationStatsTable Display user statistics tree.
wlsxWlanAPBssidTable
Display BSSID SNMP tree.
wlsxWlanAPTable
Display SNMP tree
wlsxWlanRadioTable
Display radio table SNMP tree.
Example
Access the controller's command-line interface and use the following command to display BSSID SNMP tree: (host) #show ap snmp wlsxWlanAPBssidTable
SNMP - AP BSSID Table
---------------------
AP MAC
Radio
------
-----
00:24:6c:c3:d6:82 1
00:24:6c:c3:d6:82 2
BSSID ----00:24:6c:bd:68:30 00:24:6c:bd:68:20
Phy Type -------1 2
Status -----1 1
Channel ------149 11
Num BSSIDs:2
Command History
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or configuration mode.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap snmp | 1270
1271 | show ap snmp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum ap-list
show ap spectrum ap-list {ap-name <ap-name>}|{ip-addr <ip-addr>} ap-bssid <bssid> channel <channel> essid <essid> limit <number> or page <number> freq-band 2.4ghz|5ghz sort <sort> start <index>
Description
This command shows spectrum data seen by an access point that has been converted to a spectrum monitor.
Syntax
Parameter ap-name <ap-name>
Description
Name of the spectrum monitor for which you want to view spectrum information.
ip-addr <ip-addr>
IP address of the spectrum monitor for which you want to view spectrum information.
channel <channel>
View spectrum information for a specific radio channel.
essid <essid>
View spectrum information for a specific ESSID.
limit <number>
Limit the displayed output to the specified number of entries
or
Use this parameter to display information that meets either of two criteria,
such as a specified ESSID or channel.
page <number>
Enter a number from 10-100 (inclusive) to specify the number of entries that should appear in each page of the output for this command. For example, if the output of this command has 100 entries and you select a page value of 20, the output will appear in 5 pages each with 20 entries. If you selected a page value of 10, the output would appear in 10 pages with 10 entries.
freq-band 2.4ghz|5ghz View information for a specific radio type, either 2.4 GHz or 5 Ghz.
sort <sort>
Sort the output by the specified data column
start <index>
Start displaying the output at specific spectrum index value.
Usage Guidelines
The Spectrum Analysis feature provides visibility into RF coverage, allowing you to troubleshoot RF interference and identify 802.11 devices on the network. Issue this command to display and sort APs seen by a specific
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum ap-list | 1272
spectrum monitor.
Examples
The output of this example shows spectrum data seen by spectrum monitor ap123. The output in the example below has been divided into two tables to better fit this document. In the ArubaOS CLI, the output appears as a single, long table.
(host)# show ap spectrum ap-list ap-name ap123
Spectrum AP Table ----------------bssid ----00:0b:86:cd:22:d0 00:0b:86:cb:cf:30 00:0b:86:f6:f6:a0 00:0b:86:f6:f6:a1 00:0b:86:f6:f6:a2
essid ----ECSD Wireless ECSD Wireless osuwireless osuvoice osuguest
spectrum-id ----------2 3 3 4 5
chan ---161 157 1 1 1
phy-type -------80211a 80211a 80211b/g 80211b/g 80211b/g
signal(dBm) --------------62 68 48 47 45
avg-rssi(dB) curr-rssi(dB) ibss
--------
---------
----
29
31
no
24
25
no
37
38
no
38
38
no
37
40
no
add-time -------2010-05-16 17:41:36 2010-05-16 17:41:36 2010-05-16 17:41:36 2010-05-16 17:41:36 2010-05-16 17:41:36
last-seen ----------2010-05-18 13:39:38 2010-05-18 14:19:03 2010-05-18 15:06:02 2010-05-18 15:04:23 2010-05-18 15:07:32
The output of this command includes the following information:
Column bssid
Description Basic Service Set Identifier for an AP. This is usually the AP's MAC address.
essid
Extended service set identifier that names a wireless network.
spectrum-id
Identifier assigned to the device by the spectrum monitor
chan
Radio channel used by the BSSID
freq-band
Radio phy type. Possible types include: l 2.4 GHz l 5 GHz
signal (dBm)
Strength of the signal received by the device, in dBm.
avg-rssi
The average signal-to-noise ratio seen by the AP.
curr-rssi
Most recent signal-to-noise ratio seen by the AP.
ibss
Shows if ad-hoc BSS is enabled or disabled. It will be enabled if the bssid
has detected an ad-hoc BSS (an ibss bit in an 802.11 frame).
1273 | show ap spectrum ap-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column add-time last-seen
Description Time when the AP was first detected by the spectrum monitor. Time when the AP was last seen by the spectrum monitor.
Related Commands
Command ap spectrum local-override
Description
Mode
Convert an AP or AM into a spectrum monitor by adding it to the spectrum localoverride list.
Config mode on master or local controllers
rf dot11a-radio-profilemodespectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
rf dot11g-radio-profilemodespectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum ap-list | 1274
show ap spectrum channel-metrics
show ap spectrum channel-metrics {ap-name <ap-name>}|{ip-addr <ip-addr>} freq-band 2.4ghz|5ghz
Description
This command shows channel quality, availability and utilization metrics as seen by a spectrum monitor.
Syntax
Parameter ap-name <ap-name>
Description
Name of the spectrum monitor for which you want to view spectrum information.
ip-addr <ip-addr>
IP address of the spectrum monitor.
freq-band 2.4ghz|5ghz View information for a specific radio type, either 2.4 GHz or 5 GHz.
Usage Guideline
This chart displays channel utilization data, showing the percentage of each channel that is currently being used by Wi-Fi devices, and the percentage of each channel being used by non-Wi-Fi devices and 802.11 adjacent channel interference (ACI).
ACI refers to the interference on a channel created by a transmitter operating in an adjacent channel. A transmitter on a nonadjacent or partially overlapping channel may also cause interference, depending on the transmit power of the interfering transmitter and/or the distance between the devices. In general, ACI may be caused by a Wi-Fi transmitter or a non-Wi-Fi interferer. However, whenever the term ACI appears in Spectrum Analysis graphs, it refers to the ACI caused by Wi-Fi transmitters. The channel utilization option in the Channel Metrics Chart shows the percentage of the channel utilization due to both ACI and non-Wi-Fi interfering devices. Unlike the ACI shown in the show ap spectrum interference-power output, the ACI shown in this graph indicates the percentage of channel time that is occupied by ACI or unavailable for Wi-Fi communication due to ACI.
The Channel Metrics table can also show channel availability, the percentage of each channel that is available for use, or display the current relative quality of selected channels in the 2.4 GHz or 5 GHz radio bands. In the spectrum analysis feature, channel quality is a relative measure that indicates the ability of the channel to support reliable Wi-Fi communication. Channel quality, which is represented as a percentage in this chart, is a weighted metric derived from key parameters that can affect the communication quality of a wireless channel, including noise, non-Wi-Fi (interferer) utilization and duty-cycles, and certain types of retries. Note that channel quality is not directly related to Wi-Fi channel utilization, as a higher quality channel may or may not be highly utilized.
A hybrid AP on a 20 MHz channel will see 40 MHz Wi-Fi data as non-Wi-Fi data.
Examples
The output of this example shows part of the channel metrics table for channels seen by the spectrum monitor ap123.
1275 | show ap spectrum channel-metrics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
(host)# show ap spectrum channel-metrics ap-name ap123 freq-band 2.4GHz
Channel Metrics Table
---------------------
Channel Quality(%) Availability(%)
------- ---------- ---------------
1
97
57
2
80
58
3
63
58
4
71
57
5
88
54
6
98
51
7
88
54
8
69
56
9
60
57
10
30
29
11
0
0
12
25
50
13
50
99
14
99
99
1+/5- 63
54
2+/6- 63
51
3+/7- 63
51
4+/8- 69
51
5+/9- 60
51
6+/10- 30
29
7+/11- 0
0
Utilization(%) -------------43 42 42 43 46 49 46 44 43 71 100 50 1 1 46 49 49 49 49 71 100
WiFi Util(%) -----------40 22 5 16 36 47 35 14 3 1 0 0 0 0 36 47 47 47 47 1 0
Interference Util(%) -------------------3 20 37 27 10 2 11 30 40 70 100 50 1 1 10 2 2 2 2 70 100
The output of this command includes the following information:
Column channel
Description An 802.11a or 82.11g radio channel.
Quality(%)
Current relative quality of selected channels in the 802.11a or 802.11g radio bands, as determined by the percentage of packet retries, the current noise floor, and the duty cycle for non-Wi-Fi devices on that channel.
Availability(%)
The percentage of the channel currently available for use.
Utilization(%)
The percentage of the channel being used.
WiFi Util(%)
The percentage of the channel currently being used by wifi devices.
Interference Util (%)
The percentage of the channel currently being used by non-Wi-Fi interference + wifi ACI (Adjacent Channel Interference)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum channel-metrics | 1276
Related Commands
Command ap spectrum local-override
Description
Convert an AP or AM into a spectrum monitor by adding it to the spectrum local-override list.
Mode
Config mode on master or local controllers
rf dot11a-radio-profilemodespectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
rf dot11g-radio-profilemodespectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
rf dot11a-radio-profilemodespectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
rf dot11g-radio-profilemodespectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1277 | show ap spectrum channel-metrics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum channel-summary
show ap spectrum channel-summary {ap-name <ap-name>}|{ip-addr <ip-addr>} freq-band 2.4ghz|5ghz
Description
This command displays a summary of the 802.11a or 802.11g channels seen by a spectrum monitor.
Syntax
Parameter ap-name <ap-name>
Description
Name of the spectrum monitor for which you want to view spectrum information.
ip-addr <ip-addr>
IP address of the spectrum monitor for which you want to view spectrum information.
freq-band 2.4ghz|5ghz View information for a specific radio type, either 2.4 GHz or 5 GHz.
Usage Guidelines
This table can display data aggregate data for each channel seen by the spectrum monitor radio, including the maximum AP power, interference and the signal-to-noise-and-interference Ratio (SNIR). SNIR is the ratio of signal strength to the combined levels of interference and noise on that channel. This value is calculated by determining the maximum noise-floor and interference-signal levels, and then calculating how strong the desired signal is above this maximum.
A hybrid AP on a 20 MHz channel will see 40 MHz Wi-Fi data as non-Wi-Fi data.
Examples
The output of the example below shows information for 802.11a radio channels seen by the spectrum monitor ap999. (host)# show ap spectrum channel-summary ap-name ap999 freq-band 5ghz
Channel Summary Table
---------------------
Channel KnownAPs UnknownAPs
------- -------- ----------
149
69
0
153
20
0
157
56
0
161
54
0
165
32
0
149+
69
0
157+
20
0
Util(%) ------5 100 6 4 3 100 6
MaxAPSignal(dBm) ----------------39 -42 -53 -43 -27 -39 -43
MaxInterference(dBm) --------------------69 -60 -59 -71 -70 -60 -59
SNIR(dB) ------30 18 6 28 43 21 16
The output of this command includes the following information:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum channel-summary | 1278
Column Channel
Known APs
UnKnown APs
Channel Util (%)
Max AP Signal (dBm)
Max Interference (dBm)
SNIR (db)
Description An 802.11a or 802.11g radio channel. Number of valid APs identified on the radio channel. Number of invalid or rogue APs identified on the radio channel. Percentage of the channel currently in use. Signal strength of the AP that has the maximum signal strength on a channel.
Signal strength of the non-Wi-Fi device that has the highest signal strength.
The ratio of signal strength to the combined levels of interference and noise on that channel. This value is calculated by determining the maximum noise-floor and interference-signal levels, and then calculating how strong the desired signal is above this maximum.
Related Commands
Command ap spectrum local-override
Description
Mode
Convert an AP or AM into a spectrum monitor by adding it to the spectrum localoverride list.
Config mode on master or local controllers
rf dot11a-radio-profilemodespectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
rf dot11g-radio-profilemodespectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
Command History
Introduced in ArubaOS 6.0.
1279 | show ap spectrum channel-summary
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum channel-summary | 1280
show ap spectrum client-list
show ap spectrum client-list {ap-name <ap-name>}|{ip-addr <ip-addr>} |{ip6-addr <ip6-addr>}
ap-bssid <bssid> channel <channel> essid <essid> mac <mac-addr> or page <page> freq-band 2.4ghz|5ghz
Description
This command shows details for clients seen by a specified spectrum monitor.
Syntax
Parameter ap-name <ap-name>
ip-addr <ip-addr>
Description
Name of the spectrum monitor for which you want to view spectrum information.
IP address of the spectrum monitor for which you want to view spectrum information.
ip6-addr <ip6-addr> ap-bssid <bssid> channel <channel> essid <essid> mac <mac-addr> or page <number>
freq-band 2.4ghz|5ghz
IPv6 address of the spectrum monitor for which you want to view spectrum information.
View information for a client with a specific BSSID.
view information for clients on a specific radio channel.
View information for clients using a specific ESSID.
View information for a client with a specific MAC address.
Use this parameter to display information that meets either or two criteria, such as a specified ESSID or channel.
Enter a number from 10-100 (inclusive) to specify the number of entries that should appear in each page of the output for this command. For example, if the output of this command has 100 entries and you select a page value of 20, the output will appear in 5 pages each with 20 entries. If you selected a page value of 10, the output would appear in 10 pages with 10 entries.
View information for a specific radio type, either 2.4 GHz or 5 GHz.
Usage Guidelines
Use this command to view channel and signal information for wireless clients seen by the spectrum monitor.
1281 | show ap spectrum client-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Examples
The example shows that the spectrum monitor ap999 sees eight different clients on channel 149. The output in the example below has been divided into two tables to better fit this document. In the ArubaOS CLI, the output appears as a single, long table.
(host)# show ap spectrum client-list ap-name ap999 channel 149
Spectrum Client Table
---------------------
mac
bssid
---
-----
00:14:a4:d1:34:63 00:24:6c:80:48:79
00:19:7d:3a:96:d9 00:24:6c:80:7b:c9
00:16:cf:af:3e:e1 00:24:6c:80:48:79
00:1c:26:5b:a7:ac 00:24:6c:81:8b:19
00:21:6b:c6:b2:12 00:24:6c:80:48:79
00:21:6a:9c:0e:36 00:24:6c:81:8b:19
00:21:6a:51:e4:30 00:1a:1e:87:c1:91
00:24:d6:65:a9:e6 00:24:6c:80:48:7a
essid ----ethersphere-wpa2 ethersphere-wpa2 ethersphere-wpa2 ethersphere-wpa2 ethersphere-wpa2 ethersphere-wpa2 ethersphere-wpa2 ethersphere-voip
spectrum-id ----------14 198 80 125 118 121 164 222
channel ------149 149 149 149 149 149 149 149
phy-type -------80211a 80211a 80211a 80211a 80211a-HT-40 80211a 80211a-HT-40 80211a-HT-40
signal(dBm) ---------------71 -66 -74 -79 -66 -72 -63 -69
add-time
last-seen
--------
-----------
2010-05-17 09:53:47 2010-05-17 12:36:54
2010-05-17 12:01:01 2010-05-17 12:36:42
2010-05-17 09:54:59 2010-05-17 12:35:55
2010-05-17 10:23:29 2010-05-17 12:37:28
2010-05-17 10:17:05 2010-05-17 12:31:58
2010-05-17 10:20:05 2010-05-17 12:37:30
2010-05-17 11:07:21 2010-05-17 12:29:01
2010-05-17 12:37:25 2010-05-17 12:37:25
start:0 Length:8 Total:8
The output of this command includes the following information:
Column mac bssid
essid spectrum-id chan phy-type
Description MAC address of the client.
Basic Service Set Identifier for a client. This is usually the device's MAC address.
Extended service set identifier that names a wireless network.
Identifier assigned to the client by the spectrum monitor.
Radio channel used by the BSSID
Radio phy type. Possible types include: l 802.11a l 802.11a-HT-40
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum client-list | 1282
Column
signal(dBm) add-time last-seen
Description l 802.11b/g l 802.11b/g-HT-20 Client signal strength, in dBm. Time when the client was first detected by the spectrum monitor. Time when the spectrum monitor last detected that the client was active.
Related Commands
Command ap spectrum local-override
Description
Mode
Convert an AP or AM into a spectrum monitor by adding it to the spectrum localoverride list.
Config mode on master or local controllers
rf dot11a-radio-profilemodespectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
rf dot11g-radio-profilemodespectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1283 | show ap spectrum client-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum debug
show ap spectrum debug {channel-info|channel-quality|classify|classify-fft|devicedetails|device-info|devices-seen} {ap-name <ap-name>}|{ip-addr <ip-addr>} freq-band {2.4ghz|5ghz}
Description
This command saves spectrum analysis channel information to a file on the spectrum monitor.
Syntax
Parameter channel-info channel-quality classify classify-fft device-details device-info devices-seen ap-name <ap-name>
ip-addr <ip-addr>
freq-band 2.4ghz|5ghz
Description Save channel information for later analysis. Save channel quality information for later analysis Save information on classification for later analysis. Save information on classification and FFT data for later analysis. Save device details for later analysis. Save device information for later analysis. Save information on devices seen by the spectrum monitor. Name of the spectrum monitor for which you want to view spectrum information. IP address of the spectrum monitor for which you want to view spectrum information. Save information for a specific radio type, either 2.4 GHz or 5 GHz.
Usage Guidelines
Use this command under the supervision of your Dell technical support representative to troubleshoot spectrum analysis issues or errors. If a dump-server is defined in the AP's AP system profile, the file created by this command will be sent from the AP to the dump-server using TFTP.
Related Commands
Command ap spectrum local-override
Description
Mode
Convert an AP or AM into a spectrum monitor by adding it to the spectrum localoverride list.
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum debug | 1284
Command
Description
rf dot11a-radio-profilemodespectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
rf dot11g-radio-profilemodespectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Mode
Config mode on master or local controllers
Config mode on master or local controllers
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1285 | show ap spectrum debug
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum debug fft
show ap spectrum debug fft {ap-name <ap-name>}|{ip-addr <ip-addr>} freq-band {2.4ghz|5ghz} avg duty-cycle fft-to-controller max normalized raw raw-normalized
Description
Save FFT (Fast Fourier Transform) power data to a file on the spectrum monitor.
Syntax
Parameter ap-name <ap-name>
Description
Name of the spectrum monitor for which you want to view spectrum information.
ip-addr <ip-addr>
IP address of the spectrum monitor.
freq-band 2.4ghz|5ghz Save information for a specific radio type, either 2.4 GHz or 5 GHz.
avg
Save FFT average information.
duty-cycle
Save FFT duty-cycle data.
fft-to-controller
Save the FFT max, average and duty-cycle data.
max
Save the maximum FFT power measured for all samples taken over the last
second.
normalized
Save normalized FFT information.
raw
Save the raw FFT information received from driver.
raw-normalized
Save FFT information received from driver and its normalized FFT.
Usage Guidelines
Use this command under the guidance of your Dell technical support representative to troubleshoot FFT power issues seen on W-AP104, W-AP105, W-AP175, W-AP130 Series, W-AP220 Series or W-AP90 series APs.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum debug fft | 1286
Related Commands
Command ap spectrum local-override
Description
Mode
Convert an AP or AM into a spectrum monitor by adding it to the spectrum localoverride list.
Config mode on master or local controllers
rf dot11a-radio-profilemodespectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
rf dot11g-radio-profilemodespectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing
Base operating system
Command Mode
Enable or Config mode on master or local controllers
1287 | show ap spectrum debug fft
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum debug monitors
show ap spectrum debug monitors
Description
Show a detailed description of all spectrum monitors on the controller.
Syntax
No parameters
Examples
The output of this command shows a list of available spectrum monitor or hybrid AP devices, a list of spectrum devices currently subscribed to a spectrum client, message counters for subscribed spectrum devices and the subscription history.
(host)# show ap spectrum debug monitors
List of Available Sensors
-----------------------------------
AP name Phy Band
------- --- ----
ap999 G 2GHz
ap999 A 5GHz
Total: 2
List of Subscriptions
---------------------
AP name Band
Client IP
Subscribe Time
HTTPD pid Last Data Sent Send
Failed
------- ----
---------
--------------
--------- -------------- -------
----
ap123 2GHz
10.100.100.67 2010-05-18 03:49:44 PM 1711
1s
0
ap123 5GHz
10.100.100.67 2010-05-18 03:49:51 PM 1711
1s
0
Num Subscriptions: 2
Current Time: 2010-05-18 03:49:54 PM
Message Counters
----------------
AP name Band
FFT Data FFT Duty Cycle Device Info Device Details Devices Seen
Channel Info
------- ----
-------- -------------- ----------- -------------- ------------ ----
--------
ap123 2GHz
4
4
1
194
1
1
ap123 5GHz
0
0
0
0
0
0
Subscription History
--------------------
Message
AP/Radio/Band
Client IP
HTTPD Timestamp
Result
pid
-------
-------------
---------
------ ---------
------
Subscribe
"ap123"/1/2GHz
10.240.16.165 1701 2010-05-17 01:29:16 PM Success
Re-subscribe
"ap123"/0/5GHz
10.240.16.165 1700 2010-05-17 01:29:16 PM Success
Unsubscribe-All "ap123"/-/-
10.240.16.165 1701 2010-05-17 02:44:18 PM Client
Not found
Subscribe
"ap123"/1/2GHz
10.100.100.67 1716 2010-05-18 03:44:28 PM Success
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum debug monitors | 1288
Usage Guidelines
Use this command under the guidance of a Dell technical support representative to troubleshoot spectrum analysis errors.
Related Commands
Command ap spectrum local-override
Description
Mode
Convert an AP or AM into a spectrum monitor by adding it to the spectrum localoverride list.
Config mode on master or local controllers
rf dot11a-radio-profilemodespectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
rf dot11g-radio-profilemodespectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1289 | show ap spectrum debug monitors
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum debug status
show ap spectrum debug status {ap-name <ap-name>}|{ip-addr <ip-addr>} freq-band 2.4ghz|5ghz
Description
This command shows detailed status and statistics for a spectrum monitor or hybrid AP.
Syntax
Parameter ap-name <ap-name>
Description Name of the spectrum device for which you want to view status information.
ip-addr <ip-addr>
IP address of the spectrum device for which you want to view status information.
freq-band 2.4ghz|5ghz View information for a specific radio type, either 2.4 GHz or 5 GHz.
Usage Guidelines
Use this command under the guidance of a Dell technical support representative to troubleshoot spectrum analysis errors.
Related Commands
Command ap spectrum local-override
Description
Mode
Convert an AP or AM into a spectrum monitor by adding it to the spectrum localoverride list.
Config mode on master or local controllers
rf dot11a-radio-profilemodespectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
rf dot11g-radio-profilemodespectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
Command History
Introduced in ArubaOS 6.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum debug status | 1290
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1291 | show ap spectrum debug status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum device-duty-cycle
show ap spectrum device-duty-cycle {ap-name <ap-name>}|{ip-addr <ip-addr>} freq-band 2.4ghz|5ghz
Description
Shows the current duty cycle for devices on all channels being monitored by the spectrum monitor or hybrid AP radio.
Syntax
Parameter ap-name <ap-name>
Description
Name of the spectrum device for which you want to view spectrum information.
ip-addr <ip-addr>
IP address of the spectrum device for which you want to view spectrum information.
freq-band 2.4ghz|5ghz View information for a specific radio type, either 2.4 GHz or 5 GHz.
Usage Guidelines
The FFT Duty Cycle table in the output of this command shows the duty cycle for each radio channel. The duty cycle is the percentage of time each device type operates or transmits on that channel. For additional details about non-Wi-Fi device types shown in this table, see Non-Wi-Fi Interferers on page 1295.
This chart is not available for W-AP68 access points. A hybrid AP on a 20 MHz channel will see 40 MHz Wi-Fi data as non-Wi-Fi data.
Examples
The output of this command shows that video devices sent a signal on channels 153 and 157 during 99% of the last sample interval.
Device Duty Cycle Table (in %)
------------------------------
Device Type
149 153 157 161 165 149+ 157+
-----------
--- --- --- --- --- ---- ----
Generic Interferer 0 0 0 0 0 0
0
WIFI
5 0 5 12 8 0
12
Microwave
000000
0
Bluetooth
000000
0
Generic Fixed Freq 0 0 0 0 0 0
0
Cordless Phone FF 0 0 0 0 0 0
0
Video
0 99 99 0 0 0
0
Audio
000000
0
Generic Freq Hopper 0 0 0 0 0 0
0
Cordless Network FH 0 0 0 0 0 0
0
Xbox
000000
0
Microwave Inverter 0 0 0 0 0 0
0
Cordless Base FH
555550
0
Total:7
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum device-duty-cycle | 1292
Related Commands
Command ap spectrum local-override
Description
Mode
Convert an AP or AM into a spectrum monitor by adding it to the spectrum localoverride list.
Config mode on master or local controllers
rf dot11a-radio-profilemodespectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
rf dot11g-radio-profilemodespectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1293 | show ap spectrum device-duty-cycle
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum device-history
show ap spectrum device-history {ap-name <ap-name>}|{ip-addr <ip-addr>} freq-band 2.4ghz|5ghz [type audio-ff|bluetooth|cordless-base-fh|cordless-network-fh|cordless-phone-ff|genericff|generic-fh|generic-interferer|microwave|microwave-inverter|video|xbox]
Description
This command shows the history of the last 256 non-Wi-Fi devices.
Syntax
Parameter ap-name <ap-name>
Description
Name of the spectrum monitor or hybrid AP for which you want to view spectrum information.
ip-addr <ip-addr>
IP address of the spectrum monitor or hybrid AP for which you want to view spectrum information.
freq-band 2.4ghz|5ghz View information for a specific radio type, either 2.4 GHz or 5 GHz.
type
Show information for one type of device only by specifying a non-Wi-Fi device.
audio-ff
View information for audio devices seen by the spectrum device.
bluetooth cordless-base-fh
View information for bluetooth devices seen by the spectrum device. NOTE: This option is available only for 2.4 GHz spectrum devices.
View information for frequency-hopping cordless phone bases seen by the spectrum device.
cordless-phone-ff
View information for frequency-hopping cordless phones seen by the spectrum device.
cordless-network-fh View information for frequency-hopping cordless network devices seen by the spectrum device.
generic-ff
View information for generic fixed-frequency devices seen by the spectrum device.
generic-fh
View information for generic frequency-hopping devices seen by the spectrum device.
generic-interferer Show only generic interfering devices.
microwave
View information for microwave-emitting devices seen by the spectrum device.
NOTE: This option is available only for 2.4 GHz spectrum devices.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum device-history | 1294
Parameter microwave-inverter
video
Description
View information for inverter microwave devices seen by the spectrum device. NOTE: This option is available only for 2.4 GHz spectrum devices.
View information for video devices seen by the spectrum device.
xbox
View information for Xbox devices seen by the spectrum device. NOTE: This option is available only for 2.4 GHz spectrum devices.
Usage Guidelines
Use this command to view channel, signal and duty-cycle information and add/delete times for the last 256 devices seen by a spectrum monitor or hybrid AP.
Non-Wi-Fi Interferers
The following table describes each type of of non-Wi-Fi interferer detected by a spectrum monitor or hybrid AP. Note also that a hybrid AP on a 20 MHz channel will see 40 MHz Wi-Fi data as non-Wi-Fi data.
Non-Wi-Fi Interferer Type
Bluetooth
Description
Any device that uses the Bluetooth protocol to communicate in the 2.4 GHz band is classified as a Bluetooth device. Bluetooth uses a frequency hopping protocol.
Fixed Frequency (Audio)
Some audio devices such as wireless speakers and microphones also use fixed frequency to continuously transmit audio. These devices are classified as Fixed Frequency (Audio).
Fixed Frequency (Cordless Phones)
Some cordless phones use a fixed frequency to transmit data (much like the fixed frequency video devices). These devices are classified as Fixed Frequency (Cordless Phones).
Fixed Frequency (Video)
Video transmitters that continuously transmit video on a single frequency are classified as Fixed Frequency (Video). These devices typically have close to a 100% duty cycle. These types of devices may be used for video surveillance, TV or other video distribution, and similar applications.
Fixed Frequency (Other)
All other fixed frequency devices that do not fall into one of the above categories are classified as Fixed Frequency (Other). Note that the RF signatures of the fixed frequency audio, video and cordless phone devices are very similar and that some of these devices may be occasionally classified as Fixed Frequency (Other).
Frequency Hopper (Cordless Base)
Frequency hopping cordless phone base units transmit periodic beacon-like frames at all times. When the handsets are not transmitting (i.e., no active phone calls), the cordless base is classified as Frequency Hopper (Cordless Base).
1295 | show ap spectrum device-history
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Non-Wi-Fi Interferer Type
Frequency Hopper (Cordless Network)
Description
When there is an active phone call and one or more handsets are part of the phone conversation, the device is classified as Frequency Hopper (Cordless Network). Cordless phones may operate in 2.4 GHz or 5 GHz bands. Some phones use both 2.4 GHz and 5 GHz bands (for example, 5 GHz for Base-to-handset and 2.4 GHz for Handset-to-base). These phones may be classified as unique Frequency Hopper devices on both bands.
Frequency Hopper (Xbox)
The Microsoft Xbox device uses a frequency hopping protocol in the 2.4 GHz band. These devices are classified as Frequency Hopper (Xbox).
Frequency Hopper (Other)
When the classifier detects a frequency hopper that does not fall into one of the above categories, it is classified as Frequency Hopper (Other). Some examples include IEEE 802.11 FHSS devices, game consoles and cordless/hands-free devices that do not use one of the known cordless phone protocols.
Microwave
Common residential microwave ovens with a single magnetron are classified as a Microwave. These types of microwave ovens may be used in cafeterias, break rooms, dormitories and similar environments. Some industrial, healthcare or manufacturing environments may also have other equipment that behave like a microwave and may also be classified as a Microwave device.
Microwave (Inverter)
Some newer-model microwave ovens have the inverter technology to control the power output and these microwave ovens may have a duty cycle close to 100%. These microwave ovens are classified as Microwave (Inverter). Dual-magnetron industrial microwave ovens with higher duty cycle may also be classified as Microwave (Inverter). As in the Microwave category described above, there may be other equipment that behave like inverter microwaves in some industrial, healthcare or manufacturing environments. Those devices may also be classified as Microwave (Inverter).
Generic Interferer
Any non-frequency hopping device that does not fall into one of the other categories described in this table is classified as a Generic Interferer. For example a Microwave-like device that does not operate in the known operating frequencies used by the Microwave ovens may be classified as a Generic Interferer. Similarly wide-band interfering devices may be classified as Generic Interferers.
Example
The output of this example shows details for fixed-frequency video devices seen by a spectrum monitor or hybrid AP radio. host)# show ap spectrum device-history ap-name ap123 freq-band 5ghz type video
Non-Wifi Device History Table
-----------------------------
Type ID Cfreq(Khz) Bandwidth(KHz) Channels-affected
---- -- -----
---------
-----------------
Add-time
Delete-time
--------
-----------
Video 1 5745312 6000
149
2010-05-16 20:07:08 -
Video 2 5745312 6000
149
2010-05-16 20:07:39 2010-05-17 16:50:24
Video 3 5745312 6000
149
2010-05-16 20:20:25 2010-05-16 20:20:36
Signal-strength ---------------
76 75 74
Duty-cycle ----------
99 99 99
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum device-history | 1296
Video 4 5745312 2010-05-16 20:32:44 Video 5 5742031 2010-05-16 20:33:43 Video 6 5745312 2010-05-16 20:34:08
6000
149
2010-05-16 20:33:07
6000
149
2010-05-16 20:33:53
6000
149
2010-05-16 20:34:20
76
99
79
99
75
99
The output of this command includes the following information:
Column Type
ID
Description
Device type. This parameter can be any of the following: l audio FF (fixed frequency) l bluetooth l cordless base FH (frequency hopper) l cordless phone FF (fixed frequency l cordless network FH (frequency hopper) l generic FF (fixed frequency l generic FH (frequency hopper) l generic interferer l microwave l microwave inverter l video l xbox NOTE: For additional details about non-Wi-Fi device types shown in this table, see Non-Wi-Fi Interferers on page 1295
ID number assigned to the device by the spectrum monitor or hybrid AP radio. Spectrum monitors and hybrid APs assign a unique spectrum ID per device type.
Cfreq
Center frequency of the signal sent from the device.
Bandwidth
Channel bandwidth used by the device, in Kilohertz.
Channels-affected Radio channels affected by the wireless device, in Kilohertz.
Signal-strength
Strength of the signal sent from the device, in dBm.
Duty-cycle
Device duty cycle. This value represents the percent of time the device broadcasts on the specified channel or frequency.
Add-time
Time at which the device was first detected.
Delete-time
Time at which the device was aged out.
1297 | show ap spectrum device-history
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands
Command ap spectrum local-override
Description
Mode
Convert an AP or AM into a spectrum monitor by adding it to the spectrum localoverride list.
Config mode on master or local controllers
rf dot11a-radio-profilemodespectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
rf dot11g-radio-profilemodespectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms
Licensing
All platforms Base operating system
Command Mode Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum device-history | 1298
show ap spectrum device-list
show ap spectrum device-list {ap-name <ap-name>}|{ip-addr <ip-addr>} freq-band 2.4ghz|5ghz [type audio-ff|bluetooth|cordless-base-fh|cordless-network-fh|cordless-phone-ff|genericff|generic-fh|generic-interferer|microwave|microwave-inverter|video|xbox]
Description
Show a device summary table and channel information for non-Wi-Fi devices currently seen by a spectrum monitor or hybrid AP radio.
Syntax
Parameter ap-name <ap-name>
Description
Name of the spectrum monitor or hybrid AP for which you want to view spectrum information.
ip-addr <ip-addr>
IP address of the spectrum monitor or hybrid AP for which you want to view spectrum information.
freq-band 2.4ghz|5ghz View information for a specific radio type, either 2.4 GHz or 5 GHz.
type
Show data for a specific device type only.
audio-ff
Show only audio fixed frequency devices.
bluetooth cordless-base-fh
Show only bluetooth devices. NOTE: This option is available only for 2.4 GHz spectrum devices.
View information for frequency-hopping cordless phone bases seen by the spectrum device.
cordless-phone-ff
View information for frequency-hopping cordless phones seen by the spectrum device.
cordless-network-fh View information for frequency-hopping cordless network devices seen by the spectrum device.
generic-ff
View information for generic fixed-frequency devices seen by the spectrum device.
generic-fh
View information for generic frequency-hopping devices seen by the spectrum device.
generic-interferer Show only generic interfering devices.
microwave
Show only microwave devices. NOTE: This option is available only for 2.4 GHz spectrum devices.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum device-list | 1300
Parameter microwave-inverter
video
Description
Show only microwave inverter devices. NOTE: This option is available only for 2.4 GHz spectrum devices.
Show only video fixed frequency devices.
xbox
Show only xbox frequency hopper devices. NOTE: This option is available only for 2.4 GHz spectrum devices.
Usage Guidelines
Issue this command to view detailed information about currently active non-Wi-Fi devices on the network. Use the optional type parameter to display data for one specific device type only. For additional details about nonWi-Fi device types shown in this table, see Non-Wi-Fi Interferers on page 1295.
A hybrid AP on a 20 MHz channel will see 40 MHz Wi-Fi data as non-Wi-Fi data.
Examples
The output of this example shows that the spectrum monitor ap123 is able to see data for a single non-Wi-Fi device on its 802.11a radio. Note that the output below is divided into two sections to better fit on the page of this document. In the ArubaOS CLI, this information is displayed in a single long table.
(host) #show ap spectrum device-list ap-name ap123 freq-band 5ghz
Non-Wifi Device List Table
--------------------------
Type
ID Cfreq Bandwidth Channels-affected Signal-strength
----
-- ----- --------- ----------------- ---------------
Cordless Phone FH 3 5826093 80000
149 157 161 165 49
Duty-cycle Add-time
Update-time
---------- --------
-----------
5
2010-05-17 10:04:53 2010-05-17 10:04:55
Total:1
Current Time:2010-05-17 10:04:56
The output of this command includes the following information:
Column Type
Description
Device type. This parameter can be any of the following: l audio FF (fixed frequency) l bluetooth l cordless base FH (frequency hopper) l cordless phone FF (fixed frequency l cordless network FH (frequency hopper) l generic FF (fixed frequency l generic FH (frequency hopper) l generic interferer
1301 | show ap spectrum device-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column
ID Cfreq Bandwidth Channels-affected Signal-strength Duty-cycle Add-time Update-time
Description
l microwave l microwave inverter l video l xbox NOTE: For additional details about non-Wi-Fi device types shown in this table, see Non-Wi-Fi Interferers on page 1295
ID number assigned to the device by the spectrum monitor or hybrid AP radio. Spectrum monitors and hybrid APs assign a unique spectrum ID per device type.
Center frequency of the signal sent from the device.
Channel bandwidth used by the device.
Radio channels affected by the wireless device.
Strength of the signal sent from the device, in dBm.
Device duty cycle. This value represents the percent of time the device broadcasts a signal.
Time at which the device was first detected.
Time at which the device's status was updated.
Related Commands
Command ap spectrum local-override
Description
Mode
Convert an AP or AM into a spectrum monitor by adding it to the spectrum localoverride list.
Config mode on master or local controllers
rf dot11a-radio-profilemodespectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
rf dot11g-radio-profilemodespectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum device-list | 1302
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1303 | show ap spectrum device-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum device-log
show ap spectrum device-log {ap-name <ap-name>}|{ip-addr <ip-addr>} freq-band 2.4ghz|5ghz [type audio-ff|bluetooth|cordless-phone-ff|cordless-phone-fh| generic-ff|generic-fh|generic-interferer|microwave|microwave-inverter|video|xbox]
Description
This command shows a time log of add and delete events for non-Wi-Fi devices.
Syntax
Parameter ap-name <ap-name>
Description
Name of the spectrum monitor for hybrid AP or which you want to view spectrum information.
ip-addr <ip-addr>
IP address of the spectrum monitor or hybrid AP for which you want to view spectrum information.
freq-band 2.4ghz|5ghz View information for a specific radio type, either 2.4 GHz or 5 GHz.
type
Show data for a specific device type only.
audio-ff
Show only audio fixed frequency devices.
bluetooth cordless-base-fh
Show only bluetooth devices. NOTE: This option is available only for 2.4 GHz spectrum device radios.
View information for frequency-hopping cordless phone bases seen by the spectrum device.
cordless-phone-ff
View information for frequency-hopping cordless phones seen by the spectrum device.
cordless-network-fh View information for frequency-hopping cordless network devices seen by the spectrum device.
generic-ff
View information for generic fixed-frequency devices seen by the spectrum device.
generic-fh
View information for generic frequency-hopping devices seen by the spectrum device.
generic-interferer Show only generic interfering devices.
microwave
Show only microwave devices. NOTE: This option is available only for 2.4 GHz spectrum device radios.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum device-log | 1304
Parameter microwave-inverter
video
Description
Show only microwave inverter devices. NOTE: This option is available only for 2.4 GHz spectrum device radios.
Show only video fixed frequency devices.
xbox
Show only xbox frequency hopper devices. NOTE: This option is available only for 2.4 GHz spectrum device radios.
Usage Guidelines
Use this table to show a time log of when non-Wi-Fi devices were added to and deleted from the Wi-fi Device log table. For additional details about non-Wi-Fi device types shown in this table, see Non-Wi-Fi Interferers on page 1295.
A hybrid AP on a 20 MHz channel will see 40 MHz Wi-Fi data as non-Wi-Fi data.
Examples
The output of this example shows that the spectrum monitor ap123 logged data for four frequency-hopping cordless base devices seen by its 802.11g radio. Note that the output below is divided into two sections to better fit on the page of this document. In the ArubaOS CLI, this information is displayed in a single long table.
(host) #show ap spectrum device-log ap-name ap123 freq-band 5ghz cordless-base-fh
Non-Wifi Device Log Table
-------------------------
Device Type
ID Added/Deleted
-----------
-- -------------
Cordless Base FH 1 Added
Cordless Base FH 1 Deleted
Cordless Base FH 2 Added
Cordless Base FH 2 Deleted
Cordless Base FH 3 Added
Cordless Base FH 3 Deleted
Cordless Base FH 4 Added
Signal Strength --------------78 78 78 78 80 80 80
Duty Cycle ---------5 5 5 5 5 5 5
Center Freq ----------5773281 5747343 5757656 5760469 5802813 5802813 5770781
Start Freq ---------5733281 5707343 5717656 5720469 5762813 5762813 5730781
End Freq -------5813281 5787343 5797656 5800469 5842813 5842813 5810781
Channels Affected ----------------153 149 153 157 161 165 153 153 157 161 165 161 161 153
Bandwidth --------80000 80000 80000 80000 80000 80000 80000
Total:7 Current Time:2012-09-25 12:04:54
The output of this command includes the following information:
1305 | show ap spectrum device-log
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column Device Type ID
Added/Deleted
Signal Strength Duty Cycle
Center Freq Start Freq End Freq Channels affected Bandwidth
Description Type of non-Wi-Fi device detected by the spectrum monitor or hybrid AP
The spectrum ID number assigned to that device. Spectrum monitors and hybrid APs assign a unique spectrum ID per device type.
The non-Wi-Fi Device Log table can show signal data for a device when that device was added or removed from the log table.
Strength of the signal sent by the device.
Device duty cycle. This value represents the percent of time a signal is broadcast on a specific channel or frequency.
Center frequency of the signal sent by the device.
Lowest signal frequency sent by the device.
Highest signal frequency sent by the device.
Radio channels affected by the device signal.
Amount of signal bandwidth used by the device, in kilohertz.
Related Commands
Command ap spectrum local-override
Description
Mode
Convert an AP or AM into a spectrum monitor by adding it to the spectrum localoverride list.
Config mode on master or local controllers
rf dot11a-radio-profilemodespectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
rf dot11g-radio-profilemodespectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
Command History
Introduced in ArubaOS 6.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum device-log | 1306
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1307 | show ap spectrum device-log
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum device-summary
show ap spectrum device-summary {ap-name <ap-name>}|{ip-addr <ip-addr>} freq-band 2.4ghz|5ghz
Description
This command shows the numbers of wi-fi and non-Wi-Fi device types on each channel monitored by a spectrum monitor or hybrid AP
Syntax
Parameter ap-name <ap-name>
Description
Name of the spectrum monitor or hybrid AP for which you want to view spectrum information.
ip-addr <ip-addr>
IP address of the spectrum monitor or hybrid APfor which you want to view spectrum information.
freq-band 2.4ghz|5ghz View information for a specific radio type, either 2.4 GHz or 5 GHz.
Usage Guidelines
Use this command to show the types of devices that the spectrum device can detect on each channel it monitors. For additional details about non-Wi-Fi device types shown in this table, see Non-Wi-Fi Interferers on page 1295.
Examples
The output of this example shows that the spectrum monitor ap123 is able to detect 61wi-fi devices on channel 149g. (host) #show ap spectrum device-summary ap-name ap123 freq-band 5ghz
Device Summary Table
--------------------
Device
149 153 157 161 165
-------
--- --- --- --- ---
Unknown
00000
WIFI
61 6 14 29 9
Microwave
00000
Bluetooth
00000
Generic Fixed Freq 0 0 0 0 0
Cordless Phone FF 0 0 0 0 0
Video
00000
Audio
00000
Generic Freq Hopper 0 0 0 0 0
Cordless Phone FH 0 0 0 0 0
Xbox
00000
Microwave Inverter 0 0 0 0 0
Total:12
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum device-summary | 1308
Related Commands
Command ap spectrum local-override
Description
Mode
Convert an AP or AM into a spectrum monitor by adding it to the spectrum localoverride list.
Config mode on master or local controllers
rf dot11a-radio-profilemodespectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
rf dot11g-radio-profilemodespectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1309 | show ap spectrum device-summary
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum interference-power
show ap spectrum interference-power {ap-name <ap-name>}|{ip-addr <ip-addr>} freq-band 2.4ghz|5ghz [<chan-width>]
Description
This command shows the interference power detected by a 802.11a or 80211g radio on a spectrum monitor or hybrid AP.
Syntax
Parameter ap-name <ap-name>
ip-addr <ip-addr>
freq-band 2.4ghz|5ghz <chan-width>
Description
Name of the spectrum monitor or hybrid AP for which you want to view spectrum information.
IP address of the spectrum monitor or hybrid AP for which you want to view spectrum information.
View information for a specific radio type, either 2.4 GHz or 5 GHz.
Specify 20MHz or 40MHz to select the channel width for which you want to view information. If you do not specify a channel width, the output of this command will display the default 20MHz setting.
Usage Guidelines
This table displays information about AP power levels, channel noise and adjacent channel interference seen on each channel by a spectrum monitor or hybrid AP radio.
The output of this command displays the noise floor of each selected channel in dBm. The noise floor of a channel depends on the noise figure of the RF components used in the radio, temperature, presence of certain types of interferers or noise, and the width of the channel. For example, in a clean environment, the noise floor of a 20 MHz channel will be around -95 dBm and that of a 40 MHz channel will be around -92 dBm. Certain types of fixed frequency continuous transmitters such as video bridges, fixed frequency phones, and wireless cameras typically elevate the noise floor as seen by the Wi-Fi radio. Other interferers such as the frequency hopping phones, Bluetooth and Xbox devices may not affect the noise floor of the radio. A Wi-Fi radio can only reliably decode Wi-Fi signals that are a certain dB above the noise floor and therefore estimating and understanding the actual noise floor of the radio is critical to understanding the reliability of the RF environment.
The ACI column displayed in the Interference Power Chart displays adjacent-channel interference (ACI) power levels based on the signal strength(s) of the Wi-Fi APs on adjacent channels. A higher ACI value in Interference Power Chart does not necessarily mean higher interference since the AP that is contributing to the maximum ACI may or may not be very actively transmitting data to other clients at all times. The ACI power levels are derived from the signal strength of the beacons.
Examples
The output of this example shows interference power levels for each channel seen by the spectrum monitor ap123.
(host)# show ap spectrum interference-power ap-name ap123 freq-band 5ghz
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum interference-power | 1310
Interference Power Table
------------------------
Channel Noise Floor(dBm)
Max Interference(dBm)
------- ----------------
---------------------
149
-91
-71
153
-63
-58
157
-92
-60
161
-94
-70
165
-93
-69
149+
-60
-58
157+
-89
-60
Max AP Signal(dBm) ------------------40 -42 -48 -39 -26 -40 -39
Max AP SSID ----------ethersphere-wpa2 guest alpha 00:24:6C:C0:15:EB sw-jfb-attack ethersphere-wpa2 00:24:6C:C0:15:EB
Max AP BSSID -----------00:24:6c:80:7b:c9 00:1a:1e:87:c1:90 00:1a:1e:50:01:30 00:24:6c:81:57:c8 00:1a:1e:9b:1d:c8 00:24:6c:80:7b:c9 00:24:6c:81:57:c8
ACI(dBm) --------77 -63 -74 -61 -74 -0 -0
The output of this command includes the following information:
Column Channel
Description An 802.11a or 802.11g radio channel.
Noise Floor (dBm)
Current noise floor recorded on the channel.
Max AP Signal (dBm)
Power level of the AP on the channel with the highest signal power.
Max AP SSID
SSID of the AP on the channel with the highest signal power.
Max AP BSSID
BSSID of the AP on the channel with the highest signal power.
ACI (dBm)
Adjacent channel interference level detected by the spectrum device.
Max Interference Power (dBm)
Signal strength of the non-Wi-Fi device that has the highest signal strength.
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1311 | show ap spectrum interference-power
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum-load-balancing
show ap spectrum-load-balancing [group <group>]
Description
Show spectrum load balancing information for an AP with this feature enabled.
Syntax
Parameter group <group>
Description
Filter this information to show only data for the specified spectrum load balancing domain.
Examples
The output of the command below shows the APs currently using the spectrum load-balancing domain default-1. (host) #show ap spectrum-load-balancing group default-1
Spectrum Load Balancing Group
-----------------------------
Name
IP Address
Domain
----
----------
------
ap121-1 192.168.151.253 default-1
ap124-1 192.168.151.254 default-1
ap125-1 192.168.151.251 default-1
Assignment ---------149/21 48/15 44/15
Clients ------3 3 2
The output of this command includes the following information:
Column Name IP address Domain Assignment Clients
Description Name of an AP AP IP address Name of the spectrum load balancing domain assigned to the AP Current channel and power assignment for the AP. Number of clients currently using the AP.
Command History
Introduced in ArubaOS 3.3.2.14.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum-load-balancing | 1312
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1313 | show ap spectrum-load-balancing
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum local-override
show ap spectrum local-override
Description
This command shows a list of AP radios currently converted to spectrum monitors via the spectrum localoverride list
Syntax
No parameters
Examples
The output of this example shows that three APs each have two radios defined as spectrum monitors.
(host) #show ap spectrum local-override
Spectrum Local Override Profile
-------------------------------
Parameter
Value
---------
-----
Override Entry AP ap125 band 2ghz
Override Entry AP ap125 band 5ghz
Override Entry AP ap105 band 2ghz
Override Entry AP ap105 band 5ghz
Override Entry AP apcorp1 band 2ghz
Override Entry AP APcorp1 band 5ghz
The Value column in the output of this command includes the following information:
Parameter Override Entry
Description Indicates that an AP radio has been added to the local override list
Value
Radio that has been added to the override list, and the band used by that radio.
Related Commands
Command ap spectrum local-override
Description
Mode
Convert an AP or AM into a spectrum monitor by adding it to the spectrum local-override list.
Config mode on master or local controllers
rf dot11a-radio-profilemode spectrum-mode
Set a 802.11a radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum local-override | 1314
Command
Description
rf dot11g-radio-profilemode spectrum-mode
Set a 802.11g radio so the device operates as an spectrum monitor, and can send spectrum analysis data to a desktop or laptop client.
Mode
Config mode on master or local controllers
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1315 | show ap spectrum local-override
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum monitors
show ap spectrum monitors
Description
This command shows a list of APs terminating on the controller that are currently configured as spectrum monitors or hybrid APs
Syntax
No parameters
Examples
The output of this example shows that the 802.11a radio on a spectrum monitor named ap123 is sending spectrum analysis data to a client with the IP address 10.240.16.177. (host)#show ap spectrum monitors
List of Sensors
---------------
AP name
Group AP Type Phy Band
Subscribe Time
-------
----- ------- --- ----
--------------
00:24:6c:c0:0c:89 default 105
G 2GHz
10.240.16.177 2011-01-21 07:09:32 AM
00:24:6c:c0:0c:89 default 105
A 5GHz
2011-01-21 07:17:57 AM
00:24:6c:c7:d6:1c default 93
A 5GHz
2011-01-21
07:18:22 AM
Channel Mode
------- ----
-----
1
Access Point
44+
Access Point
10.240.16.177
-
Spectrum Monitor 10.240.16.177
The output of this command includes the following information:
Column AP name
Description Name of an AP configured as a spectrum monitor or hybrid AP
Group
Name of the spectrum device's AP group
Ap Type
the AP model number
Phy
The radio's PHY type. Possible values are A for 802.11a and G for 802.11b/g,
Band
Spectrum band that the spectrum monitor or hybrid AP radio s currently monitoring.
Mode
This column shows whether the device is an access point configured as a hybrid AP, or a spectrum monitor.
Client IP
IP address of the client to which the spectrum monitor or hybrid AP is sending data.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum monitors | 1316
Column Subscribe time
Description
Time at which the spectrum monitor or hybrid AP was connected to the client.
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1317 | show ap spectrum monitors
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum technical-support
show ap spectrum technical-support ap-name <ap-name> <filename>
Description
Save spectrum data for later analysis by technical support.
Syntax
Parameter <ap-name> <filename>
Description
Save technical support information for a specific spectrum monitor.
Name of the file to which this data should be saved. This file does not have to already exist on the controller, the show ap spectrum technical-support command will create this file.
Usage Guidelines
Use this command under the supervision of your Dell technical support representative to troubleshoot spectrum analysis issues or errors.
Command History
Introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap spectrum technical-support | 1318
show ap standby
show ap active [ap-name <ap-name>|{arm-edge dot11a|dot11g|voip-only}|dot11a|dot11g|essid <essid>|ip-addr <ip-addr>|ip6-addr <ip6-addr>|{type access-point|air-monitor|(sensor dot11a|dot11g|voip-only)}|voip-only
Description
Show all APs in standby mode currently registered to a controller.
Syntax
Parameter ap-name <ap-name> bssid <bssid> ip-addr <ip-addr>
ip6-addr <ip6-addr>
Description View data for an AP with a specified name.
View data for a specific BSSID.
View data for an AP with a specified IP address by entering an IP address in dotted-decimal format.
View data for an AP with a specified IPv6 address.
Usage Guidelines
This command displays details for all APs connected to a controller in standby mode.
Example
host)# show ap active
Active AP Table
---------------
Name
Group IP Address 11g Clients 11g Ch/EIRP/MaxEIRP
Ch/EIRP/MaxEIRP AP Type Flags Uptime Outer IP
----
----- ---------- ----------- -------------------
--- ------- ----- ------ --------
AP1X
default 10.3.15.107 0
AP:HT:1/15/21.5
125
1E2 5m:48s N/A
11a Clients -----------
0
11a ----------------
AP:HT:44/15/21
Flags: 1 = 802.1x authenticated AP; 2 = Using IKE version 2; A = Enet1 in active/standby mode; B = Battery Boost On; C = Cellular; D = Disconn. Extra Calls On; E = Wired AP enabled; F = AP failed 802.1x authenticati H = Hotspot Enabled; K = 802.11K Enabled; L = Client Balancing Enabled; M = Mesh; N = 802.11b protection disabled; P = PPPOE; R = Remote AP; S = AP connected as standby; X = Maintenance Mode; a = Reduce ARP packets in the air; d = Drop Mcast/Bcast On; u = Custom-Cert RAP; r = 802.11r Enabled
The output of this command includes the following information:
Column Name
Description Name of an AP
1319 | show ap standby
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column Group
Description The AP is associated with this AP group.
IP address
IP address of the AP, in dotted decimal format.
11g Clients
Number of 802.11g clients using the AP.
11g Ch/EIRP/MaxEIRP
802.11g radio channel used by the AP/current effective Isotropic Radiated Power (EIRP) /maximum EIRP.
11a Clients
Number of 802.11a clients using the AP.
11a Ch/EIRP/MaxEIRP 802.11a radio channel used by the AP/current EIRP/maximum EIRP.
AP Type
AP model type.
Flags
This column displays any flags for this AP. The list of flag abbreviations is also included in the output of the show ap active command.
l 1 = 802.1x authenticated AP l 2 = Using IKE version 2; l A = Enet1 in active/standby mode l B = Battery Boost On l C = Cellular; l D = Disconn. Extra Calls On l E = Wired AP enabled l F = AP failed 802.1x authenticatition l H = Hotspot Enabled l K = 802.11K Enabled l L = Client Balancing Enabled l M = Mesh l N = 802.11b protection disabled l P = PPPOE l R = Remote AP l S = AP connected as standby l X = Maintenance Mode l a = Reduce ARP packets in the air l d = Drop Mcast/Bcast On l u = Custom-Cert RAP l r = 802.11r Enabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap standby | 1320
Column Uptime
Outer IP
Description
Number of hours, minutes and seconds since the last controller reboot or bootstrap, in the format hours:minutes:seconds.
The outer IP address of a remote AP (RAP) is used to establish an IPsec VPN tunnel to the terminating master controller. The RAP acquires an outer IP address from the locally connected network, usually via DHCP. (A RAP is typically behind a NAT device whose public IPis seen as the outer ip for the RAP).
Command History
Release ArubaOS 6.3
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1321 | show ap standby
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap system-profile
show ap system-profile <profile>
Description
Show an AP's system profile settings.
Syntax
Parameter <profile>
Description Name of a system profile.
Examples
The output of the command below shows the current configuration settings for the default system profile. (host) #show ap system-profile default
AP system profile "default" --------------------------Parameter --------RF Band RF Band for AM mode scanning Native VLAN ID Tunnel Heartbeat Interval Session ACL Corporate DNS Domain SNMP sysContact LED operating mode (11n/11ac APs only) LED override Driver log level SAP MTU RAP MTU LMS IP Backup LMS IP LMS IPv6 Backup LMS IPv6 LMS Preemption LMS Hold-down Period LMS ping interval Remote-AP DHCP Server VLAN Remote-AP DHCP Server Id Remote-AP DHCP Default Router Remote-AP DHCP DNS Server Remote-AP DHCP Pool Start Remote-AP DHCP Pool End Remote-AP DHCP Pool Netmask Remote-AP DHCP Lease Time Remote-AP uplink total bandwidth Remote-AP bw reservation 1 Remote-AP bw reservation 2 Remote-AP bw reservation 3 Remote-AP Local Network Access Bootstrap threshold Double Encrypt
Value ----g all 1 10 ap-uplink-acl N/A N/A normal Disabled emergencies N/A 1200 bytes N/A N/A N/A N/A Disabled 600 sec 20 N/A 192.168.11.1 192.168.11.1 N/A 192.168.11.2 192.168.11.254 255.255.255.0 0 days 0 kbps N/A N/A N/A Disabled 8 Disabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap system-profile | 1322
Dump Server Heartbeat DSCP Maintenance Mode Maximum Request Retries Request Retry Interval Number of IPSEC retries AeroScout RTLS Server RTLS Server configuration RTLS Server Compatibility Mode Telnet Spanning Tree AP multicast aggregation AP ARP attack protection AP multicast aggregation allowed VLANs Console enable Shell Password Password for Backup AP USB Power override RF Band for Backup Operation for Backup BLE Endpoint URL BLE Auth Token
N/A 0 Disabled 10 10 sec 85 N/A N/A Enabled Disabled Disabled Disabled Disabled none Enabled N/A ******** Disabled all off N/A N/A
The output of this command includes the following information:
Column RF Band
RF Band for AM mode scanning
Native VLAN ID Tunnel Heartbeat Interval
Session ACL Corporate DNS Domain SNMP sysContact
Description
For dual-band radios, this parameter displays the RF band in which the AP should operate: l g = 2.4 GHz l a = 5 GHz
Scanning band for multiple RF radios. l g = 2.4 GHz l a = 5 GHz l all = Radio scans both bands. This is the default
setting.
Native VLAN for bridge mode virtual APs (frames on the native VLAN are not tagged with 802.1q tags).
Interval between heartbeat messages between a remote or campus AP and its associated controller. An increase in the heartbeat interval increases the time it will take for an AP to detect the loss in connectivity to the controller, but can reduce internet bandwidth consumed by a remote AP.
This parameter shows the access control list (ACL) applied on the uplink of a remote AP.
DNS name used by the corporate network.
SNMP system contact information.
1323 | show ap system-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column SAP MTU LMS IP
Backup LMS IP LMS IPv6
Backup LMS IPv6 LMS Preemption LMS Hold-down Period
Remote-AP DHCP Server VLAN Remote-AP DHCP Server ID Remote-AP DNS Server Remote-AP DHCP Default Router Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
Maximum Transmission Unit (MTU) size, in bytes. This value describes the greatest amount of data that can be transferred in one physical frame.
The IP address of the local management switch (LMS) --the Dell controller which is responsible for terminating user traffic from the APs, and processing and forwarding the traffic to the wired network. NOTE: If the LMS-IP is blank, the access point will remain on the controller that it finds using methods like DNS or DHCP. If an IP address is configured for the LMS IP parameter, the AP will be immediately redirected to the controller at that address.
For multi-controller networks, this parameter displays the IP address of a backup to the IP address specified with the lms-ip parameter.
In multi-controller ipv6 networks, this parameter specifies the IPv6 address of the local management switch (LMS)--the Dell controller--which is responsible for terminating user traffic from the APs, and processing and forwarding the traffic to the wired network. This can be the IP address of the local or master controller.
In multi-controller ipv6 networks, this parameter specifies the IPv6 address of a backup to the IPv6 address specified with the LMS IPv6 setting.
When this parameter is enabled, the local management switch automatically reverts to the primary LMS IP address when it becomes available.
Time, in seconds, that the primary LMS must be available before an AP returns to that LMS after failover.rap-dhcp-server-vlan VLAN ID of the remote AP DHCP server used if the controller is unavailable. This VLAN enables the DHCP server on the AP (also known as the remote AP DHCP server VLAN). If you enter the native VLAN ID, the DHCP server is unavailable.
VLAN ID of the remote AP DHCP server used if the controller is unavailable. This VLAN enables the DHCP server on the AP (also known as the remote AP DHCP server VLAN).
IP address used as the DHCP server identifier.
IP address of the DNS server.
IP address for the default DHCP router.
show ap system-profile | 1324
Column Remote-AP DHCP Pool Start Remote-AP DHCP PoolEn d Remote-AP DHCP PoolNe tmask Remote-AP uplink total bandwidth Remote-AP bw reservation 1 Remote-AP bw reservation 2 Remote-AP bw reservation 3
Remote-AP Local Network Access
Bootstrap threshold
Double Encrypt
Dump Server Heartbeat DSCP Maintenance Mode
1325 | show ap system-profile
Description
This parameter defines the starting IP address in the DHCP pool for remote APs.
This parameter defines the last IP address in the DHCP pool for remote APs.
Configures a DHCP pool for remote APs. This is the netmask used for the DHCP pool.
This is the total reserved uplink bandwidth (in Kilobits per second).
Session ACLs with uplink bandwidth reservation in kilobits per second. You can specify up to three session ACLs to reserve uplink bandwidth. The sum of the three uplink bandwidths should not exceed the rap-bw-total value.
Shows if Remote-AP Local Network Access is enabled or disabled. By enabling this option, the clients that are connected to a RAP can communicate.
Note: By default, the Remote-AP Local Network Access will be disabled.
Number of consecutive missed heartbeats on a GRE tunnel (heartbeats are sent once per second on each tunnel) before an AP rebootstraps. On the controller, the GRE tunnel timeout is 1.5 x bootstrap-threshold; the tunnel is torn down after this number of seconds of inactivity on the tunnel.
This parameter applies only to remote APs. Double encryption is used for traffic to and from a wireless client that is connected to a tunneled SSID. When enabled, all traffic is re-encrypted in the IPsec tunnel. When disabled, the wireless frame is only encapsulated inside the IPsec tunnel.
(For debugging purposes.) Displays the server to receive the core dump generated if an AP process crashes.
DSCP value of AP heartbeats (0-63).
Shows if Maintenance mode is enabled or disabled. If enabled, APs stop flooding unnecessary traps and syslog messages to network management systems or network operations centers when deploying, maintaining, or upgrading the network. The controller still generates debug syslog messages if debug logging is enabled.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column Maximum Request Retries
Request Retry Interval Number of IPSEC retries AeroScout RTLS Server RTLS Server configuration
Telnet RF Band for Backup Operation for Backup
BLE Endpoint URL BLE Auth Token
Description
Maximum number of times to retry AP-generated requests, including keepalive messages. After the maximum number of retries, the AP either tries the IP address specified by the bkup-lms-ip (if configured) or reboots.
Interval, in seconds, between the first and second retries of AP-generated requests. If the configured interval is less than 30 seconds, the interval for subsequent retries is increased up to 30 seconds.
The number of times the AP will attempt to recreate an IPsec tunnel with the master controller before the AP will reboot. A value of 0 disables the reboot.
IP address of an AeroScout real-time asset location (RTLS) server.
This parameter contains the following information, separated by colons.
l The IP address of the RTLS server to which the AP sends RFID tag information.
l Number of the RTLS server port to which the AP sends RFID tag information
l Shared secret key for the server
l Frequency at which packets are sent to the server, in seconds
Reports whether telnet access the AP is enabled or disabled.
If the system profile is enabled AP console access using a backup ESSID, this parameter
This parameter allows AP console access using a backup ESSID, allowing users to access an AP console after the AP has disconnected from the controller. When the AP advertises a backup ESSID in either static or dynamic mode, a user is able to access and debug the AP remotely through a virtual AP. This feature is disabled by default.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap system-profile | 1326
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.2
Support for additional RTLS servers and remote AP enhancements was introduced.
ArubaOS 3.3.2
l Maintenance-mode parameter was introduced. l Multiple remote AP DHCP server enhancements were introduced. l Support for RFprotect server and backup server configuration was
introduced. l The mms-rtls-server parameter was deprecated in ArubaOS 3.3.2.
ArubaOS 5.0
The master IP, RFProtect server IP and RFProtect Backup Server IP parameters were deprecated.
ArubaOS 6.0
Added support for the option to set the RF scanning band (am-scan-rf-band). The keepalive interval parameter was deprecated.
ArubaOS 6.2.1.3
The root-ap parameter was deprecated. This parameter identified the root AP in a hierarchy of Remote APs.
ArubaOS 6.3
The output of this command includes the Tunnel Heartbeat Interval parameter.
ArubaOS 6.4.3.0
The following new parameters were introduced: l AP ARP attack protection l AP multicast aggregation l AP multicast aggregation allowed VLANs l AP USB Power overridee l Shell Password l RF Band for Backup l Operation for Backup l Password for Backup l BLE Auth Token l BLE Endpoint URL
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1327 | show ap system-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap tech-support
show ap tech-support ap-name <name> [<filename>]
Description
Display all information for an AP, or save that information to a file on the controller. This information can be used by Dell technical support to diagnose a problem with an AP.
Syntax
Parameter <name> <filename>
Description
Name of the AP for which you want to view tech support data.
Save the output of this command into a file on the controller with the specified filename.
Usage Guidelines
This is an internal technical support command. Dell technical support may request that you issue this command to help analyze and troubleshoot problems with an AP or your wireless network.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap tech-support | 1328
show ap vht-rates
show ap vht-rates bssid <bssid>
Description
Show very-high-throughput (VHT) rates for an AP that supports 802.11ac.
Syntax
Parameter bssid <bssid>
Description
Show VHT rates for a specific Basic Service Set Identifier (BSSID) on an 802.11ac-capable AP. The Basic Service Set Identifier (BSSID) is usually the AP's radio's MAC address.
Examples
The output of the command below shows very-high-throughput rates for 20Mhz, 40 Mhz and 80 Mhz data streams with and without a short guard interval (SGI).
(host) # show ap vht-rates bssid 6c:f3:7f:e6:52:f1
AP "Corp-ac" Radio 0 BSSID 6c:f3:7f:e7:51:f0 Very-high-throughput Rates (Mbps)
------------------------------------------------------------------------------
MCS Streams 20 MHz 20 MHz SGI 40 MHz 40 MHz SGI 80 MHz 80 MHz SGI
--- ------- ------ ---------- ------ ---------- ------ ----------
01
6.5
7.2
13.5 15.0
29.3
32.5
11
13.0 14.4
27.0 30.0
58.5
65.0
21
19.5 21.7
40.5 45.0
87.8
97.5
31
26.0 28.9
54.0 60.0
117.0 130.0
41
39.0 43.3
81.0 90.0
175.5 195.0
51
52.0 57.8
108.0 120.0
234.0 260.0
61
58.5 65.0
121.5 135.0
263.3 292.5
71
65.0 72.2
135.0 150.0
292.5 325.0
81
78.0 86.7
162.0 180.0
351.0 390.0
91
--
--
180.0 200.0
390.0 433.3
02
13.0 14.4
27.0 30.0
58.5
65.0
12
26.0 28.9
54.0 60.0
117.0 130.0
22
39.0 43.3
81.0 90.0
175.5 195.0
32
52.0 57.8
108.0 120.0
234.0 260.0
42
78.0 86.7
162.0 180.0
351.0 390.0
52
104.0 115.6
216.0 240.0
468.0 520.0
62
117.0 130.0
243.0 270.0
526.5 585.0
72
130.0 144.4
270.0 300.0
585.0 650.0
82
156.0 173.3
324.0 360.0
702.0 780.0
92
--
--
360.0 400.0
780.0 866.7
03
19.5 21.7
40.5 45.0
87.8
97.5
13
39.0 43.3
81.0 90.0
175.5 195.0
23
58.5 65.0
121.5 135.0
263.3 292.5
33
78.0 86.7
162.0 180.0
351.0 390.0
43
117.0 130.0
243.0 270.0
526.5 585.0
53
156.0 173.3
324.0 360.0
702.0 780.0
63
175.5 195.0
364.5 405.0
--
--
73
195.0 216.7
405.0 450.0
877.5 975.0
83
234.0 260.0
486.0 540.0
1053.0 1170.0
93
260.0 288.9
540.0 600.0
1170.0 1300.0
-- : not valid.
Range for 20 MHz: 6.5 - 288.9 Mbps
1329 | show ap vht-rates
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Range for 40 MHz: 13.5 - 600.0 Mbps Range for 80 MHz: 29.3 - 1300.0 Mbps
The output of this command includes the following information:
Column MCS Streams 20 MHz 20 MHz SGI 40 MHz 40 MHz SGI 80 MHz 80 MHz SGI
Description A Modulation Coding Scheme (MCS) values supported on this high-throughput SSID. Number of spatial streams used by the MCS index value. 802.11n data rates for the MCS for 20 Mhz transmissions. 802.11n data rates for the MCS for 20 Mhz transmissions using a short guard interval. 802.11n data rates for the MCS for 40 Mhz transmissions. 802.11n data rates for the MCS for 40 Mhz transmissions using a short guard interval. 802.11n data rates for the MCS for 80 Mhz transmissions. 802.11n data rates for the MCS for 80 Mhz transmissions using a short guard interval.
Related Commands
Command show ap ht-rates
Description Show high-throughput rate information for a basic service set (BSS).
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms
This command will only show rate information for 802.11ac-capable APs
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap vht-rates | 1330
show ap virtual-beacon-report
show ap virtual-beacon-report all ap-name <name> client-mac <macaddr> ip-addr <ipaddr> ip6-addr <ipv6addr>
Description
If the client match feature is enabled, the output of this command displays the virtual beacon report for an AP or a client with a specific IP or MAC address.
Syntax
Parameter all
Description Virtual beacon report for all clients on the controller.
ap-name <name>
Name of the AP for which you want to view a virtual beacon report.
client-mac <macaddr> MAC address of a client for which you want to view a virtual beacon report.
ip-addr <ipaddr>
IPv4 address of an AP for which you want to view a virtual beacon report.
ip6-addr <ipv6addr>
IPv6 address of an AP for which you want to view a virtual beacon report.
Usage Guidelines
Use this command to display the client RSSI from the APs in its RF neighborhood, the channel used by each AP radio, and the number of clients associated to each radio.
Example
The example below displays the virtual beacon report for a client with MAC address 24:77:03:d1:24:b8. (host) #show ap virtual-beacon-report client-mac 24:77:03:d1:24:b8
Client MAC :24:77:03:d1:24:b8 Current association :1260-205 (9c:1c:12:fe:0f:d0) Steer attempts/Success :2/1 Consecutive (Fails/BTM Rej/BTM Timeouts) :0/0/0 Bandsteer window (Steers/Start time/Expiry time) :0/0/0 Client Device Type :Win 7 Current state :Steerable Client Supported Channels :{36,4}{52,4}{100,11}{149,4}{165,1} Current Time :Oct 29 15:56:06 2014
STA Beacon Report
-----------------
AP
IP address
Radio
ESSID
Add time
Channel/EIRP/Clients Flag
--
----------
-----
-----
-------
-------------------- ----
Signal (dBm) Last update
------------ -----------
-
1331 | show ap virtual-beacon-report
Dell Networking W-Series ArubaOS 6.4.x | User Guide
1310-205 10.100.66.102 9c:1c:12:fd:f7:b0 ethersphere-wpa2 -64
Oct 29 09:21:56 44/20/38
1248-205 10.100.66.128 9c:1c:12:fe:19:f0 ethersphere-wpa2 -85
Oct 29 09:22:08 60/24/15
1263-205 10.100.66.126 9c:1c:12:fd:d2:10 ethersphere-wpa2 -63
Oct 29 09:22:12 52/12/0
1263-205 10.100.66.126 9c:1c:12:fd:d2:00 ethersphere-wpa2 -61
Oct 29 09:22:12 1/12/1
1362-205 10.100.66.127 9c:1c:12:fd:f2:30 ethersphere-wpa2 -53
Oct 29 15:23:35 52/12/5
1263-ac 10.100.66.121 6c:f3:7f:e7:5a:b0 ethersphere-wpa2 -55
Oct 29 09:22:17 60/18/7
AP205-TE 10.100.66.124 9c:1c:12:fd:e4:d0 ethersphere-wpa2 -69
Oct 29 09:22:21 40/20/15
1372-205 10.100.66.120 9c:1c:12:fe:13:50 ethersphere-wpa2 -63
Oct 29 09:22:23 52/12/11
1310-205 10.100.66.102 9c:1c:12:fd:f7:a0 ethersphere-wpa2 -66
Oct 29 09:23:02 1/12/4
S
1263-ac 10.100.66.121 6c:f3:7f:e7:5a:a0 ethersphere-wpa2 -51
Oct 29 09:23:22 1/12/1
1242-205 10.100.66.123 9c:1c:12:fd:d1:30 ethersphere-wpa2 -70
Oct 29 09:23:24 40/19/6
AP205-TE 10.100.66.124 9c:1c:12:fd:e4:c0 ethersphere-wpa2 -76
Oct 29 09:23:27 1/12/0
1372-205 10.100.66.120 9c:1c:12:fe:13:40 ethersphere-wpa2 -75
Oct 29 09:23:29 1/12/2
1260-205 10.100.66.100 9c:1c:12:fe:0f:d0 ethersphere-wpa2 -63
Oct 29 09:24:07 52/12/6
*
1260-205 10.100.66.100 9c:1c:12:fe:0f:c0 ethersphere-wpa2 -59
Oct 29 09:25:47 1/12/0
1362-205 10.100.66.127 9c:1c:12:fd:f2:20 ethersphere-wpa2 -55
Oct 29 15:24:38 1/12/1
1248-205 10.100.66.128 9c:1c:12:fe:19:e0 ethersphere-wpa2 -81
Oct 29 10:10:30 1/12/1
S
1242-205 10.100.66.123 9c:1c:12:fd:d1:20 ethersphere-wpa2 -69
Oct 29 10:58:40 1/12/0
S
VBR Flags *-Associated S-Stale U-Unsupported Channel
Oct 29 15:55:59 Oct 29 15:56:04 Oct 29 15:55:38 Oct 29 15:55:38 Oct 29 15:55:55 Oct 29 15:55:54 Oct 29 15:55:36 Oct 29 15:55:33 Oct 29 15:52:00 Oct 29 15:55:54 Oct 29 15:55:36 Oct 29 15:55:36 Oct 29 15:54:58 Oct 29 15:55:45 Oct 29 15:55:45 Oct 29 15:54:47 Oct 29 15:29:57 Oct 29 15:44:03
The output of this command includes the following parameters:
Parameter Client MAC
Description MAC address of the client
Current association
MAC address of the AP radio to which the client is currently associated
Steer Attempts/Success
Consecutive (Fails/BTM Rej/BTM Timeouts)
Bandsteer Window (Steers/State Time/Expiry Time)
Client Device Type
Number of steer attempts, and the number of successful steers
Consecutive number of failed steer attempts, rejected BSS Transition Management Requests, and BSS Transition Management timeouts.
Number of band steers, the start time of the band steer, and the expiry time of band the steer
Type of device used by the client (e.g. Windows)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap virtual-beacon-report | 1332
Parameter Current State
Description Indicates whether the client is currently steerable
Client Supported Channels
Current Time
Lists the channels that support client use Timestamp showing the current date and time
AP
Name of the AP from which the client can detect a signal
IP address
IP address of the AP from which the client can detect a signal
Radio
MAC address of the AP radio from which the client can detect a signal
ESSID
Identifying name of the wireless network for each AP
Signal (dBm)
Signal strength, in dBm, from the AP radio
Last Update
Time that the virtual beacon report last updated information for the AP radio
Add Time
Date and time the client is successfully steered and added to the AP
Channel/EIRP/Clients
Channel used by the AP radio, the amount of power transmitted from the AP antennae, and the number of clients associated to it
Flag
The output of this column shows the following values:
l *: Flag indicating that the client is currently associated to this AP
l S: Flag indicating a stale entry, with the last client update from this radio produced 120+ seconds ago
l U: Flag indicating that the client does not support the channel the radio is currently operating on
The following example displays a virtual beacon report for all clients in the network. (host) #show ap virtual-beacon-report all
Client MAC :60:d9:c7:a2:42:cb Current association :1260-205 (9c:1c:12:fe:0f:d2) Steer attempts/Success :0/0 Consecutive (Fails/BTM Rej/BTM Timeouts) :0/0/0 Bandsteer window (Steers/Start time/Expiry time) :0/0/0 Client Device Type :Unknown Current state :Steerable Active media sessions: No Client Supported Channels :{36,4}{52,4}{100,11}{149,4}{165,1} Current Time :Oct 29 12:38:35 2014
STA Beacon Report
-----------------
AP
IP address
Radio
ESSID
Add time
Channel/EIRP/Clients Flag
--
----------
-----
-----
------
-------------------- ----
Signal (dBm) Last update
------------ -----------
--
1333 | show ap virtual-beacon-report
Dell Networking W-Series ArubaOS 6.4.x | User Guide
1372-205 10.100.66.120 9c:1c:12:fe:13:50 ethersphere-psk -67
Oct 29 07:19:33 52/21/10
1260-205 10.100.66.100 9c:1c:12:fe:0f:d0 ethersphere-psk -53
Oct 29 07:19:44 52/24/15
*
1263-ac 10.100.66.121 6c:f3:7f:e7:5a:b0 ethersphere-psk -73
Oct 29 07:19:49 52/12/5
S
1362-205 10.100.66.127 9c:1c:12:fd:f2:30 ethersphere-psk -73
Oct 29 07:52:31 60/12/12
S
1310-205 10.100.66.102 9c:1c:12:fd:f7:b0 ethersphere-psk -80
Oct 29 07:52:51 44/20/34
S
1263-205 10.100.66.126 9c:1c:12:fd:d2:10 ethersphere-psk -67
Oct 29 08:22:32 60/12/4
S
Oct 29 12:38:22 Oct 29 12:38:18 Oct 29 07:20:52 Oct 29 07:57:21 Oct 29 10:36:15 Oct 29 08:42:20
The output of this command includes the additional Active Media Sessions parameter, which indicates whether the client is involved in any active media sessions.
Related Commands
Use the following commands to enable the client match feature: l rf arm-profile client-match The following commands display additional statistics for the client match feature: l show ap arm client-match probe-report l show ap arm client-match restriction-table
Command History
Version ArubaOS 6.3
Description Command Introduced.
ArubaOS 6.4.3.0
The following parameters were introduced as part of this command output: l Steer attempts/success l Consecutive (Fails/BTM Rej/BTM Timeouts) l Client Device Type l Current State l Client Supported Channels l ESSID l Add Time l EIRP l Flag l Active Media Sessions Additionally, the all parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap virtual-beacon-report | 1334
1335 | show ap virtual-beacon-report
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap vlan-usage
show ap vlan-usage [{ap-name <ap-name>}|{bssid <bssid>|{essid <essid>|{ip-addr <ip-addr>}| {virtual-ap <virtual-ap}
Description
Show the numbers of clients on each VLAN.
Syntax
Parameter ap-name <ap-name> bssid <bssid>
essid <essid>
ip-addr <ip-addr>
Description
Show VLAN data for an AP with a specific name.
Show VLAN data for a specific Basic Service Set Identifier (BSSID) on an AP. The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
Show VLAN data for a specific Extended Service Set Identifier (ESSID). An Extended Service Set Identifier (ESSID) is a alphanumeric name that uniquely identifies a wireless network. If the name includes spaces, you must enclose the ESSID in quotation marks.
Show VLAN data for an AP with a specific IP address by entering an IP address in dotted-decimal format.
ip6-addr <ip6-addr> virtual-ap <virtual-ap>
Show VLAN data for an AP with a specific IPv6 address by entering an IP address in dotted-decimal format.
Show VLAN pool allocation by VAP name.
Examples
The output of this command displays the VLAN Usage table.
(host) #show ap vlan-usage
VLAN Usage Table
----------------
VLAN ID Clients
------- -------
64
1
65
32
66
44
The output of this command includes the following information:
Column VLAN ID Clients
Description ID number of the wireless VLAN. Number of clients currently using the specified VLAN.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap vlan-usage | 1336
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1337 | show ap vlan-usage
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap wired-ap-profile
show ap wired-ap-profile [<profile>]
Description
Show a list of all wired AP profiles, or display the configuration parameters in a specific wired AP profile.
Syntax
Parameter <profile>
Description Name of a wired AP profile.
Usage Guidelines
The command show ap wired-ap-profile displays a list of all wired AP profiles, including the number of references to each profile and the profile status. If you include the optional <profile> parameter, the command will display detailed information for that one profile.
Example
The output of this command shows the configuration parameters for the wired AP profile "default". (host) #show ap wired-ap-profile default
Wired AP profile "default"
--------------------------
Parameter
Value
---------
-----
Wired AP enable
Disabled
Forward mode
tunnel
Switchport mode
access
Access mode VLAN
1
Trunk mode native VLAN 1
Trunk mode allowed VLANs 1-4094
Trusted
Not Trusted
Broadcast
Broadcast
The output of this command includes the following information:
Column Wired AP enable Forward mode
Switchport mode
Description
Indicates whether the wired AP profile is enabled or disabled.
The configured forward mode for the profile. l bridge: Bridge locally l split-tunnel: Tunnel to controller or NAT locally l tunnel: Tunnel to controller
The profile's switching mode. l access: Set access mode characteristics of the interface.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap wired-ap-profile | 1338
Column
Access mode VLAN Trunk mode native VLAN Trunk mode allowed VLANs Trusted Broadcast
Description
l mode: Set trunking mode of the interface. l trunk: Set trunk mode characteristics of the interface.
VLAN ID of the access mode VLAN.
VLAN ID of the native VLAN.
Range of allowed VLAN IDs for the native VLAN.
Shows if the wired port on an AP using this profile is a trusted port. Possible values are Trusted or Not Trusted.
If set to broadcast, the wired AP port will forward broadcast traffic. If the parameter displays Do Not Broadcast, broadcast traffic will not be forwarded.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1339 | show ap wired-ap-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap wired-port-profile
show ap wired-port-profile
Description
Shows all AP wired port profiles and their status.
Syntax
No parameters.
Example
The example below shows that the controller has three wired port profiles. The References column lists the number of other profiles with references to the wired port profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) (config) #show ap wired-port-profile
AP wired port profile List
--------------------------
Name
References
----
----------
default
3
NoAuthWiredPort 4
shutdown
3
Total:3
Profile Status --------------
Predefined (editable) Predefined
The following command displays information for an individual wired port profile:
(host)#show ap wired-port-profile default
AP wired port profile "default" ------------------------------Parameter --------Wired AP profile Ethernet interface link profile AP LLDP profile Shut down? Remote-AP Backup AAA Profile Time to wait for authentication to succeed
Value ----default default default No Enabled N/A 20 sec
The output of this command includes the following information:
Parameter Wired AP profile
Description
Name of a wired AP profile to be used by devices connecting the AP's wired port. The wired AP profile defines the forwarding mode and switchport values used by the port.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap wired-port-profile | 1340
Parameter
Ethernet interface link profile
Description
An Ethernet Link profile to be used by devices connecting to the AP's wired port profile. This profile defines the duplex value and speed to be used by the port.
AP LLDP Profile
Name of an LLDP Profile associated with this wired port.
Shut Down?
Shows if the wired AP port is enabled (no) or disabled (yes).
Remote AP Backup
Use the rap-backup parameter to use the wired port on a Remote AP for local connectivity and troubleshooting when the AP cannot reach the controller. If the AP is not connected to the controller, no firewall policies will be applied when this option is enabled. (The AAA profile will be applied when the AP is connected to controller).
AAA Profile
Name of a AAA profile to be used by devices connecting to the AP's wired port.
Time to wait for authentication to succeed
Authentication timeout value, in seconds, for devices connecting the AP's wired port. The supported range is 1-65535 seconds, and the default value is 20 seconds.
Command History
This command was introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1341 | show ap wired-port-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap wired stats
show ap wired stats {ip-addr <ip-addr>} | {ap-name <ap-name>}|{client-ip <client-ip>} | {client-mac <client-mac>}
Description
Shows statistics for campus and remote AP wired clients.
Syntax
Parameter ap-name <ap-name>
Description Show wired AP statistics for a specified AP name.
ip-addr <ip-addr>
Show wired AP statistics for a specified AP by entering an IP address in dotted-decimal format.
client-ip <client-ip>
Show wired AP statistics for a specified client IP address.
client-mac <client-mac> Show wired AP statistics for a specified client MAC address
Example
(host) #show ap wired stats ap-name rap5wn client-mac 00:14:d1:19:3c:0b
AP Wired User Statistics
-------------------------
Counter
Value
-------
-----
Slot
0
Port
1
VLAN
1
TX Packets
78
TX Bytes
7894
RX Packets
37
RX Bytes
5352
TX Broadcast Packets 36
TX Broadcast Bytes 4410
TX Multicast Packets 22
TX Multicast Bytes 1990
The output of this command includes the following information:
Column Slot Port VLAN
Description Slot number Port number Associated VLAN number
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap wired stats | 1342
Column TX Packets
Description Number of packets sent
TX Bytes
Number of bytes sent
RX Packets
Number of packets received
RX Bytes
Number of bytes received
TX Broadcast Packets Number of broadcast packets sent
TX Broadcast Bytes
Number of broadcast bytes sent
TX Multicast Packets Number of multicast packets sent
TX Multicast Bytes
Number of multicast bytes sent
Command History
Version ArubaOS 5.0 ArubaOS 6.4.3.0
Description
Command Introduced.
This command now displays results for both Campus and Remote access points.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1343 | show ap wired stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap wmm-flow
show ap wmm-flow [{ap-name <ap-name>}|{bssid <bssid>}|{essid <essid>}|{ip-addr <ip-addr>}] dotlla|dotllg
Description
Show the Wireless Multimedia (WMM) flow table.
Syntax
Parameter ap-name <ap-name> bssid <bssid> essid <essid>
ip-addr <ip-addr> dot11a dot11g
Description
View an AP with a specified name.
View data for an AP with a specific BSSID (Basic Service Set Identifier). The Basic Service Set Identifier (BSSID) is usually the AP's MAC address.
View data for a specific ESSID (Extended Service Set Identifier). An Extended Service Set Identifier (ESSID) is a alphanumeric name that uniquely identifies a wireless network. If the name includes spaces, you must enclose the ESSID in quotation marks.
View an AP with a specified IP address by entering an IP address in dotteddecimal format.
Show the WMM flow table for a 802.11a radio.
Show the WMM flow table for a 802.11g radio.
Usage Guidelines
WMM, or Wireless Multimedia Extensions, are a subset of the 802.11e standard. WMM provides for four different types of traffic classification: voice, video, best effort, and background, with voice having the highest priority and background the lowest. Issue the show ap wmm-flow command to view WMM flow data for all APs. Include any of the optional parameters described in the table above to filter the table by a specific AP, radio channel (a or g), or both an ap and radio type.
Example
The example below shows WMM flow data for all APs. (host) #show ap wmm-flow
WMM Flow Table
--------------
AP Name ESSID Client
Description
------- ----- ------
-----------
AP125-srk NOE 00:90:7a:06:1f:5b tsid 6:prio 6:inactivity 2157352960
us:bidir:apsd:normalack:tclas prio 6 ip DIP-192.168.101.194 DP-32514 DSCP-48:one-match
AP125-srk NOE 00:90:7a:06:1f:5b tsid 0:prio 0:inactivity 100000000
us:bidir:apsd:normalack:no-match
Num Flows:0
The output of this command includes the following parameters:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap wmm-flow | 1344
Column AP name ESSID Client Description
Description
Name of an AP with recorded WMM flows
Extended Service Set Identifier (ESSID) of a wireless network.
MAC address of the client.
The description is a long string that includes the following information. TSID: Traffic Stream Identifier. The TSID should match the priority level for each flow. Priority: One of the following IEEE 802.1p priority values: l 0,3 = Best Effort l 1,2 = Background l 4-5 = Video l 6-7 = Voice Inactivity: Tspec inactivity threshold, in microseconds. <country code>: AP country code, e.g. US. bdir: flow is bidirectional. apsd: flow has enabled auto power save delivery. <ack>: Displays the ack policy negotiated for the flow. Possible values are: l normalack l noack l blockack l resack (reserved ack) Tclas: traffic classification element. Tclas information includes one of the following classification types, the 802.1p priority and IP version (ver-4 or ver-6) l type0 - Classification based on Ethernet parameters l type1 - Classification based on TCP/UDP or IP parameters (IPv4 or IPv6) l type2 - Classification based on based on IEEE802.1Q DIP: Destination IP address for the flow. DP: Destination IP Port specified in the TCLAS for flow negotiation. DCSP: The Differentiated Services Code Point (DSCP) priority value that matches the flows 802.1p priority.
Command History
Introduced in ArubaOS 3.0.
1345 | show ap wmm-flow
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap wmm-flow | 1346
show app lync call-cdrs
show app lync prioritized-calls [all]
Description
This command displays the Call Detail Record (CDR) for prioritized Lync calls in the controller.
Syntax
Parameter all
Description Displays CDR information for all Lync calls.
Example
In this example, the output is divided into multiple sections to better fit on the pages of this document. In the actual command-line interface, it appears in a single, long table. (host) #show app lync call-cdrs
Lync Session CDRs (Prioritized)
-------------------------------
CDR Id Client IP
Client Name ALG Dir Called to Status
------ ---------
----------- --- --- --------- ------
4
192.0.2.10 6000
lync IC 6001
SUCC
3
192.0.2.20 6002
lync OG 6012
SUCC
Dur(sec) -------19 85
Orig time --------May 15 15:20:34 May 15 15:16:30
MOS Value --------3.910000 3.910000
Reason -----Terminated Terminated
Codec ----G722 G722
Band ---GREEN GREEN
Setup Time(sec) --------------0 0
Re-Assoc -------0 0
Initial-BSSID ------------00:24:6c:27:5f:f0 00:24:6c:27:5f:f0
Initial-ESSID ------------test1 test1
Initial-AP Name --------------AP175 AP175
Call Type --------Voice Voice
Src port -------17120 31826
Dest port --------31826 17120
DSCP ---46 46
WMM AC -----7 7
Num CDRS:2 The output of this command includes the following parameters:
Column CDR Id Client IP Client Name
Description Displays the call detail record ID of a Lync call. Displays the IP address of the Lync client. Displays the user name of the Lync client.
1347 | show app lync call-cdrs
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column ALG Dir
Called To Status
Dur(sec) Orig time MOS Value Reason Codec Band
Setup Time(sec) Re-Assoc Initial-BSSID Initial-ESSID Initial-AP Name Call Type
Description Displays the Application Layer Gateway protocol for Lync clients.
Displays the following call direction: l OG -- outgoing l IC -- incoming
Displays the user name of the Lync client being called.
Displays the following call status: l CONNECTED -- active call l SUCC -- successful terminated call l ABORTED -- aborted call
Displays the time duration of the Lync call.
Displays the time stamp when the Lync call originated.
Displays the Mean Opinion Score of the voice call.
Displays the reason code for call termination.
Displays the voice compression protocol used for the Lync call.
Indicates the quality of the Lync call based on the following color band: l GREEN l YELLOW l RED
Displays the time taken to establish the call.
Displays the number of times the client re-associated while on an active call.
Displays the BSSID of the AP the client was connected while the call was made.
Displays the ESSID the client was connected while the call was made.
Displays the name of the AP the client was connected while the call was made.
Displays the type of Lync call: l Desktop-sharing l Desktop-sharing conference l File-transfer l Video
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show app lync call-cdrs | 1348
Column
Src Port Dest Port DSCP WMM AC
Description l Voice l Video conference l Voice conference
Displays the source port of the Real-Time Protocol (RTP) session or file transfer session.
Displays the destination port of the RTP session or file transfer session. Displays the DSCP value for the session.
Displays the value of the Wi-Fi Multimedia Access Category. The controller sends the packet with this value.
Command History
Version ArubaOS 6.3
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
1349 | show app lync call-cdrs
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show app lync call-quality
show app lync call-quality [all]
Description
This command displays the call quality information for Lync voice and video calls.
Syntax
Parameter all
Description Displays call quality information for all voice and video Lync calls.
Example
In this example, the output is divided into multiple sections to better fit on the pages of this document. In the actual command-line interface, it appears in a single, long table. (host) #show app lync call-quality
Lync Client(s) Prioritized Call Quality Reports (Only Voice & Video)
--------------------------------------------------------------------
Client(IP) Client(MAC)
Client(Name) ALG Orig Time
---------- -----------
------------ --- ---------
192.0.2.10 9c:b7:0d:89:a5:f5 6000
lync May 15 15:30:48
192.0.2.20 9c:b7:0d:89:ae:83 6002
lync May 15 15:16:30
Direction --------IC OG
Called to --------6001 6012
Duration -------8 8
Codec ----G722 G722
Delay ----0.686 0.714
Jitter -----0.000 0.000
Pkt Loss -------0.769 0.784
MOS Value --------4.130000 4.130000
Band ---GREEN GREEN
BSSID ----d8:c7:c8:89:51:f2 d8:c7:c8:89:51:f2
ESSID ----test test
AP Name ------local1 local1
Call Type --------Voice Voice
Num Records:2 The output of this command includes the following parameters:
Column Client(IP) Client(MAC) Client(Name) ALG Orig Time Direction
Description Displays the IP address of the Lync client. Displays the MAC address of the Lync client. Displays the user name of the Lync client. Displays the Application Layer Gateway protocol for Lync clients. Displays the time stamp when the Lync call originated. Displays the call direction.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show app lync call-quality | 1350
Column
Called To Duration Codec Delay Jitter Pkt Loss MOS Value Band
BSSID ESSID AP Name Call Type
Description l OG -- Outgoing l IC -- Incoming
Displays the user name of the Lync client being called.
Displays the time duration of the Lync call.
Displays the voice compression protocol used for the Lync call.
Displays the average delay in milli seconds.
Displays the jitter in milli seconds.
Displays the loss of packet in percentage.
Displays the Mean Opinion Score of the voice call.
Indicates the quality of the Lync call based on the following color band. l GREEN l YELLOW l RED
Displays the BSSID of the AP to which the Lync client is connected.
Displays the SSID of the wireless network.
Displays the name of the access point to which the Lync client is connected.
Displays the type of Lync call: l Desktop-sharing l Desktop-sharing conference l File-transfer l Video l Voice l Video conference l Voice conference
Command History
Version ArubaOS 6.3
Description Command introduced.
1351 | show app lync call-quality
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show app lync call-quality | 1352
show app lync client-status
show app client-status active-only bssid <bssid_string> essid <essid_string> extn <extn_string> ip <ipaddr> sta <mac> <cr>
Description
Displays details of clients that are actively using Lync. An entry is created for clients that have actively participated in voice, video, desktop-sharing or file-sharing sessions.
Syntax
Parameter active-only bssid <bssid_string> essid <essid_string> extn <extn_string> ip <ipaddr> sta <mac>
Description Filter records based on active Lync clients Filter records based on BSSID of a Lync client. Filter records based on ESSID of Lync client. Filter records based on the extension of a Lync client. Filter records based on the IP address of a Lync client. Filter records based on the MAC address of a Lync client.
Example
The output of the command in the example below displays all current Lync client statistics in the controller. The output is divided into multiple sections to better fit on the pages of this document, however, in the actual command-line interface, data appears in a single, long table.
(host) #show app lync client-status
Lync Client(s) Status --------------------Client(IP) Client(MAC) ---------- ----------192.0.2.10 9c:b7:0d:89:a5:f5 192.0.2.20 9c:b7:0d:89:ae:83
Client Name ----------6000 6002
Registration State -----------------REGISTERED REGISTERED
Call Status ----------In-Call Idle
BSSID ----d8:c7:c8:89:51:f2 d8:c7:c8:89:51:f2
ESSID ----test test
AP Name ------W-AP125 W-AP125
Flags -----
Vo
Num Clients:2 Flags: V - Visitor, W - Wired, R - Remote, B - Blocked, b - Best Effort, Vo-Voice, Vi-Video, Ds-Desktop Sharing, Ft-File Transfer
1353 | show app lync client-status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The output of this command includes the following parameters:
Column Client(IP) Client(MAC) Client Name Registration State
Call Status
BSSID ESSID AP Name Flags
Description Displays the IP address of the Lync client.
Displays the MAC address of the Lync client.
Displays the user name of the Lync client.
Displays the following registration state of the Lync client with Lync server: l UNKNOWN: The Lync client is connected to the controller. The client is yet to
initiate any Lync voice, video, desktop sharing, or file transfer session. l REGISTERED: The Lync client is in registered state once it makes or receives a
voice, video, desktop sharing, or file transfer session.
Displays if the Lync client is in any of the following call status: l Idle l In-Call
Displays the BSSID of the AP to which the Lync client is connected.
Displays the SSID of the wireless network to which the Lync client is connected.
Displays the name of the access point to which the Lync client is connected.
Displays any flag for a Lync client. The list of flag abbreviations is also included as part of this command.
Command History
Version ArubaOS 6.3
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show app lync client-status | 1354
show app lync tracebuf
show app lync tracebuf
Description
This command displays the Lync message trace buffer for the first 256 events. Events such as establishing voice, video, desktop sharing, and file transfer are recorded.
Syntax
No parameters.
Example
The output is divided into multiple sections to better fit on the pages of this document, however, in the actual command-line interface, data appears in a single, long table. (host) #show app lync tracebuf
Lync Voice Client(s) Message Trace
----------------------------------
Client Name Client(MAC)
Client(IP)
----------- -----------
----------
6000
9c:b7:0d:89:a5:f5 192.0.2.10
6002
9c:b7:0d:89:ae:83 192.0.2.20
Called To --------6001 6012
Event Time ---------May 15 15:30:56 May 15 15:16:30
BSSID ----d8:c7:c8:89:51:f2 d8:c7:c8:89:51:f2
CAC-Status ---------PASS PASS
Media Type ---------Voice Voice
DSCP ---46 46
WMM AC -----7 7
AP-Name ------local1 local1
Src Port -------33228 33228
Dest Port --------35546 35546
Call Status ----------End of call After call update
Num of Rows:2 The output of this command includes the following parameters:
Column
Client Name
Client (MAC)
Client (IP)
Called To
Event Time
Description Displays the user name of the Lync client. Displays the MAC address of the Lync client. Displays the IP address of the Lync client. Displays the user name of the Lync client being called. Displays the time stamp when the Lync call originated.
1355 | show app lync tracebuf
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column BSSID
Description Displays the BSSID of the access point to which the Lync client is connected.
CACStatus
Media Type
Displays if call admission control limit is reached. The values are: l PASS l FAIL l NA NOTE: When the call status for the Lync client is Call quality update, the value of the CAC-Status for the Lync client is NA.
Displays the type of Lync call: l Desktop-sharing l File-transfer l Video l Voice
DSCP
Displays the DSCP value for the session.
WMM AC
Displays the value of the Wi-Fi Multimedia Access Category. The controller sends the packet with this value.
AP-Name
Displays the name the access point receiving calls.
Src Port Displays the source port of the Real-Time Protocol (RTP) session or file transfer session.
Dest Port
Call Status
Displays the destination port of the RTP session or file transfer session.
Displays if the Lync client is in any one of the following call status: l Start of call l End of call l Before call update l Call quality update l After call update
Command History
Version ArubaOS 6.3
Description Command introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show app lync tracebuf | 1356
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
1357 | show app lync tracebuf
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show app lync traffic-control
show app lync traffic-control [<profile-name>]
Description
This command displays the types of Lync traffic prioritized through the Lync Application Layer Gateway (ALG) QoS.
Syntax
Parameter profile-name
Description Lync traffic control profile name.
Example
The following command displays the Lync traffic control profile configuration in the controller: (host) #show app lync traffic-control default
Lync Traffic-Control -------------------Parameter --------Prioritize Voice Prioritize Video Prioritize Desktop-sharing Prioritize File-transfer
Value ----Enabled Enabled Enabled Enabled
Command History
Version ArubaOS 6.3
Description Command introduced.
ArubaOS 6.4
The profile-name parameter was introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show app lync traffic-control | 1358
show ap-group
show ap-group [<ap-group>]
Description
Show settings for an AP group.
Syntax
Parameter <ap-group>
Description The name of an AP group.
Usage Guidelines
Issue this command without the optional <ap-group> parameter to display the entire AP group list, including profile status for each profile. Include an AP group name to display detailed configuration information for that AP group profile.
Example
This first example shows that the controller has nine configured AP groups. The Name column lists the names of all configured AP groups. the Profile Status column indicates whether the AP group is predefined. (Userdefined profiles will not have an entry in the Profile Status column.)
(host) #show ap-group
AP group List
-------------
Name
Profile Status
----
--------------
corp-office
branch-office-am
corp
corp1
Corp1-AM
Corp1-AM-Ch11
Corp1-AM-Ch6
corp1-AP85
corp1-lab
Total: 9
Include an AP group name to display a complete list of configuration settings for that profile. The example below shows settings for the AP group corp1.
(host) #show ap-group corp1 AP group "corp1" ------------------Parameter --------Virtual AP Virtual AP 802.11a radio profile 802.11g radio profile Wired AP profile
Value ----corp1-guest corp1-wpa2 default profile1-g default
1359 | show ap-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Ethernet interface 0 link profile Ethernet interface 1 link profile AP system profile VoIP Call Admission Control profile 802.11a Traffic Management profile 802.11g Traffic Management profile Regulatory Domain profile SNMP profile RF Optimization profile RF Event Thresholds profile IDS profile Mesh Radio profile Mesh Cluster profile
default default corp1344 default N/A N/A corp1344-channel-profile default handoff-aggressive default ids-low-setting default N/A
The output of this command includes the following parameters:
Parameter Virtual AP
Description Virtual AP profile that which configures a specified WLAN.
802.11a radio profile
Profile that defines 802.11a radio settings for the AP group.
802.11g radio profile
Profile that defines 802.11g radio settings for the AP group.
Wired AP profile
Profile that defines wired port settings for APs assigned to the AP group.
Ethernet interface 0 link profile
Profile that defines the duplex and speed of the Ethernet 0 interface on the AP.
Ethernet interface 1 link profile
Profile that defines the duplex and speed of the Ethernet 0 interface on the AP.
AP system profile
Name of the AP system profile for the AP group.
VoIP Call Admission Control profile
Name of the AP system profile for the AP group.
802.11a Traffic Management profile
Name of the 802.11a WLAN traffic management profile for the AP group.
802.11g Traffic Management profile
Name of the 802.11g WLAN traffic management profile for the AP group.
Regulatory Domain profile
Name of the regulatory domain profile for the AP group.
SNMP profile
Name of the SNMP profile for the AP group.
RF Optimization profile
Name of the RF optimization profile for the AP group.
RF Event Thresholds profile
Name of the RF event thresholds profile for the AP group.
IDS profile
IDS profile for the AP group.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap-group | 1360
Parameter Mesh Radio profile Mesh Cluster profile
Description Mesh radio profile assigned to the AP group. Mesh cluster profile assigned to the AP group.
Related Commands
Configure AP group settings using the command ap-group.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master controllers
1361 | show ap-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap-name
show ap-name [<ap-name>]
Description
Show a list of AP names. Include the <ap-name> parameter to display detailed configuration information for that AP.
Syntax
Parameter <ap-name>
Description The name of an AP.
Example
This first example shows that the controller has eight registered APs. The Name column lists the names of each registered AP. Note that APs are all user-defined, so they will not have an entry in the Profile Status column.
(host) #show ap-name
AP name List
------------
Name
Profile Status
----
--------------
mp3
sw-ad-W-AP124-11
sw-ad-W-AP125-13sw-ad-W-AP125-15sw-ad-W-AP125-17sw-ad-W-AP125-18sw-ad-W-AP125-19sw-ad-W-AP125-
3
Total: 8
Include an AP name to display a complete list of configuration settings for that AP. If the AP has default settings, the value may appear as N/A. The AP in the example below has all default profile settings.
(host) #show ap-group corp1 AP name "mp3" ------------Parameter --------Virtual AP Excluded Virtual AP 802.11a radio profile 802.11g radio profile Wired AP profile Ethernet interface 0 link profile Ethernet interface 1 link profile AP system profile VoIP Call Admission Control profile 802.11a Traffic Management profile 802.11g Traffic Management profile Regulatory Domain profile RF Optimization profile RF Event Thresholds profile IDS profile Mesh Radio profile Mesh Cluster profile Excluded Mesh Cluster profile
Value ----N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
The output of this command includes the following parameters:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap-name | 1362
Parameter Virtual AP
Description Virtual AP profile that which configures a specified WLAN.
Excluded Virtual AP
Excludes the specified mesh cluster profile from this AP.
802.11a radio profile
Profile that defines 802.11a radio settings for the AP.
802.11g radio profile
Profile that defines 802.11g radio settings for the AP.
Wired AP profile
Profile that defines wired port settings for APs assigned to the AP.
Ethernet interface 0 link profile
Profile that defines the duplex and speed of the Ethernet 0 interface on the AP.
Ethernet interface 1 link profile
Profile that defines the duplex and speed of the Ethernet 0 interface on the AP.
AP system profile
Name of the AP system profile for the AP.
VoIP Call Admission Control profile
Name of the AP system profile for the AP.
802.11a Traffic Management profile
Name of the 802.11a WLAN traffic management profile for the AP group.
802.11g Traffic Management profile
Name of the 802.11g WLAN traffic management profile for the AP.
Regulatory Domain profile
Name of the regulatory domain profile for the AP.
RF Optimization profile
Name of the RF optimization profile for the AP.
RF Event Thresholds profile Name of the RF event thresholds profile for the AP.
IDS profile
IDS profile for the AP.
Mesh Radio profile
Mesh radio profile assigned to the AP.
Mesh Cluster profile
Mesh cluster profile assigned to the AP.
Excluded Mesh Cluster profile
Excludes the specified mesh cluster profile from this AP.
Related Commands
Configure AP settings using the command ap-name.
Command History
This command was available in ArubaOS 3.0.
1363 | show ap-name
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ap-name | 1364
show arp
show arp
Description
Show Address Resolution Protocol (ARP) entries for the controller.
Syntax
No parameters
Example
This example shows configured static ARP entries for the controller.
(host) #show arp
Protocol
Address
Internet
10.3.129.98
Internet
10.3.129.253
Internet
10.3.129.250
Internet
10.3.129.99
Internet
10.3.129.96
Internet
10.3.129.254
Hardware Address 00:1A:1E:C0:80:28 00:0B:86:42:35:80 00:1A:92:45:DB:00 00:1A:1E:C0:1C:60 00:1A:1E:C0:80:1E 00:0B:86:02:EE:00
Interface vlan1 vlan1 vlan1 vlan65 vlan65 vlan1
The output of this command includes the following parameters:
Parameter Protocol
Address Hardware Address Interface
Description
Protocol using ARP. Although the controller will most often use ARP to translate IP addresses to Ethernet MAC addresses, ARP may also be used for other protocols, such as Token Ring, FDDI, or IEEE 802.11, and for IP over ATM.
IP address of the device.
MAC address of the device.
Interface used to send ARP requests and replies.
Related Commands
Add a static Address Resolution Protocol (ARP) entry using the command show arp.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master and local controllers
1365 | show arp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show arp | 1366
show audit-trail
show audit-trail {<number> | login <number>]
Description
Show the controller's audit trail log.
Syntax
Parameter <number>
login <number>
Description
Start displaying the log output from the specified number of lines from the end of the log.
Start displaying the log output from the specified number of lines from the end of the login/logout log.
Example
By default, the audit trail feature is enabled for all commands in configuration mode. The example below shows the most recent ten audit log entries for the controller.
(host) # show audit-trail 10 Feb 5 06:13:17 cli[1239]: USER: admin has logged in from 10.240.16.118. Feb 5 06:20:13 cli[1239]: USER: admin connected from 10.240.16.118 has logged out. Feb 5 06:24:37 cli[1239]: USER: admin has logged in from 10.240.16.118. Feb 5 06:37:01 cli[1239]: USER:admin@10.3.129.250 COMMAND:<wlan virtual-ap "mp-only" no vapenable > -- command executed successfully Feb 5 06:37:14 cli[1239]: USER:admin@10.3.129.250 COMMAND:<wlan virtual-ap "mp-a-only" no vap-enable > -- command executed successfully Feb 5 06:37:20 cli[1239]: USER:admin@10.3.129.250 COMMAND:<wlan virtual-ap "default" no vapenable > -- command executed successfully Feb 5 06:37:29 cli[1239]: USER:admin@10.3.129.250 COMMAND:<wlan virtual-ap "mpp-a-only" no vap-enable > -- command executed successfully Feb 5 06:46:10 cli[1239]: USER:admin@10.3.129.250 COMMAND:<interface gigabitethernet "1/2" port monitor igigabitethernet "1/1" > -- command executed successfully Feb 5 06:57:44 cli[1239]: USER:admin@10.3.129.250 COMMAND:<ap system-profile "default" heartbeat-dscp 12 > -- command executed successfully Feb 5 07:05:48 cli[1239]: USER:admin@10.3.129.250 COMMAND:<wlan virtual-ap "mp-a-only" vapenable > -- command executed successfully
Related Commands
Enable or disable the audit trail feature using the command audit-trail.
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.3
Introduced login parameter.
1367 | show audit-trail
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Enable and Config modes. Audit trails can only be enabled on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show audit-trail | 1368
show auth-survivability
show auth-survivability
Description
This command displays the auth-survivability parameters that are configured in the local controller.
Example
host # show auth-survivability Auth-Survivability: Enabled (Running) Survival-Server Server-Cert: dot1x2k-server Survival-Server Cache lifetime: 48 hours
Command History
Version ArubaOS 6.4.3.0
Description Command introduced.
Platform Support
Platforms W-7000 Series controllers
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1369 | show auth-survivability
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show auth-survivability-cache
show auth-survivability-cache
Description
This command displays the data currently in the local Survival Server cache.
Example
host(config) # show auth-survivability-cache Figure 2 Displaying the Local Survival Server Cache
Command History
Version ArubaOS 6.4
Description Command introduced.
Platform Support
Platforms W-7000 Series controllers
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show auth-survivability-cache | 1370
show auth-tracebuf
show auth-tracebuf [count <1-250] [failures] [mac <address>]
Description
Show the trace buffer for authentication events.
Syntax
Parameter count <1-250>
Description limit the output of the command to the specified number of packets.
failures
Filter the output of this command to display only authentication failures
mac <address>
Filter the output of this command to display only information for a specified MAC address.
Usage Guidelines
Use the output of this command to troubleshoot 802.1X authentication errors. Include the <address> parameter to filter data by the MAC address of the client which is experiencing errors. This command can tell you, for example, when 802.1X authentication completed and when keys were plumbed correctly.
Example
The example below shows the most recent ten trace buffer entries for the controller. Each row includes the following information:
(host) # show auth-tracebuf count 10 Auth Trace Buffer ----------------Feb 5 08:08:29 wpa2-key2 failure Feb 5 08:08:30 wpa2-key1 Feb 5 08:08:30 wpa2-key2 failure Feb 5 08:08:31 wpa2-key1 Feb 5 08:08:31 station-down Feb 5 08:08:31 station-up psk aes Feb 5 08:08:31 station-data-ready Feb 5 08:08:31 wpa2-key1 Feb 5 08:08:31 wpa2-key2 failure Feb 5 08:08:32 wpa2-key1 Feb 5 08:08:32 wpa2-key2 failure Feb 5 08:08:33 wpa2-key1 Feb 5 08:08:33 wpa2-key2 failure Feb 5 08:08:34 wpa2-key1 Feb 5 08:08:34 wpa2-key2 failure Feb 5 08:08:35 wpa2-key1
-> 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 - 119 mic
<- 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 - 117 -> 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 - 119 mic
<- 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 * 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 * 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 -
117 - wpa2
* 00:09:ef:05:1e:b2 00:00:00:00:00:00 66 <- 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 - 117 -> 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 - 119 mic
<- 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 - 117 -> 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 - 119 mic
<- 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 - 117 -> 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 - 119 mic
<- 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 - 117 -> 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 - 119 mic
<- 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 - 117
1371 | show auth-tracebuf
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Feb 5 08:08:35 Feb 5 08:08:35 psk aes Feb 5 08:08:35
station-down station-up
station-data-ready
* 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 - * 00:09:ef:05:1e:b2 00:1a:1e:97:e5:42 - -
* 00:09:ef:05:1e:b2 00:00:00:00:00:00 66 -
wpa2
Each row in the output of this table may include some or all of the following information: l A timestamp that indicates when the entry was created. l The type of exchange that was made. l The direction the packet was sent. l The source MAC address. l The destination MAC address. l BSSID/Server Name. l The packet number. l The packet length. l Additional information (if available), e.g.username, encryption and WPA type, or reason for failure.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Enable or Config modes on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show auth-tracebuf | 1372
show banner
show banner
Description
Show the current login banner
Syntax
No parameters
Usage Guidelines
Issue this command to review the banner message that appears when you first log in to the controller's command-line or browser interfaces.
Example
(host) # show banner This testlab controller is scheduled for maintenance starting Saturday night at 11 p.m.
Related Commands
Configure a banner message using the command banner motd.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1373 | show banner
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show boot
show boot history
Description
Display boot parameters, including the boot partition and the configuration file to use when booting the controller.
Syntax
Parameter history
Description Displays the controller's reloads and upgrade history.
Example
(host) #show boot history
Reboot History Table
--------------------
No Description
User Role IP
Timestamp
-- -----------
---- ---- --
---------
1 Centralized Upgrade to 6.3.1.0 for target 192.168.89.2 Successful.system - Master Fri Aug 23 16:12:39
2013
2 Centralized Upgrade to 6.3.1.0 for target 192.174.27.2 Successful.system - Master Fri Aug 23 16:12:39
2013
3 Centralized Upgrade to 6.3.1.0 for target 192.168.53.2 Successful.system - Master Fri Aug 23 16:12:40
2013
4 Centralized Upgrade to 6.3.1.0 for target 192.172.12.2 Successful.system - Master Fri Aug 23 16:12:43
2013
5 Centralized Upgrade to 6.3.1.0 for target 192.168.22.2 Successful.system - Master Fri Aug 23 16:12:43
2013
Related Commands
Configure boot parameters using the command boot.
Command History
This command was available in ArubaOS 1.0.
Release ArubaOS 1.0
Modification Command available.
ArubaOS 6.3
The history parameter was added.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show boot | 1374
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1375 | show boot
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show branch
show branch config {mac-address <mac-address>}|{name <hostname>} dhcp-instance {mac-address <mac-address>}|{name <hostname>} running-config
Description
Shows configuration and DHCP address settings on a branch controller.
Syntax
Parameter config <mac-address>
Description Shows configuration information for the branch controller
dhcp-instance mac-address <mac-address> hostname <name>
Shows the branch controller address pool information including pool name, DHCP pool start IP address, DHCP pool mask, DHCP pool broadcast IP address, and the DHCP pool gateway IP address.
running-config
Shows the running configuration for a branch controller.
Usage Guidelines
Issue this command to display the configuration, DHCP pool information and running configuration information for a branch controller.
Examples
This example shows a the branch config group settings applied to a branch controller.
(host) #show branch config mac-address 00:0b:86:f0:26:e0
model 7010 controller-ip vlan 2 vlan 2 vlan 3 interface fastethernet "1/7"
interface fastethernet "1/7" switchport access vlan 3 interface fastethernet "1/7" trusted interface fastethernet "1/2" interface fastethernet "1/2" switchport access vlan 2 interface fastethernet "1/2" trusted interface fastethernet "1/3" interface fastethernet "1/3" switchport access vlan 2 interface fastethernet "1/3" trusted interface fastethernet "1/1" interface fastethernet "1/1" switchport access vlan 2 interface fastethernet "1/1" trusted interface vlan 3 interface vlan 3 ip address 10.3.29.79 255.255.255.0 interface vlan 2 interface vlan 2 ip address 192.167.1.1 255.255.255.240 uplink wired vlan 4 interface tunnel 1
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show branch | 1376
interface tunnel 1 tunnel destination remote-node-master-ip ip route 10.100.102.217 255.255.255.255 10.3.29.254 ip route 10.100.102.173 255.255.255.255 10.3.29.254 ip route 10.1.1.41 255.255.255.255 10.3.29.254 mgmt-user "admin" "root" "ade8c0d3890aa97914d926120279aef2" service dhcp ip dhcp pool vlanx domain-name mycorp.com ip dhcp pool vlanx ip dhcp pool vlanx default-router 192.167.1.1 ip dhcp pool vlanx dns-server 192.167.1.1 ip dhcp pool vlanx network 192.167.1.0 255.255.255.240 remote-node config-id 32
Command History
Release ArubaOS 6.0
Modification Command introduced.
ArubaOS 6.2
Command was deprecated.
ArubaOS 6.4.3.0
Command reinstated.
Command Information
Platforms
Licensing
Available on W-7010, W7005, W-7024, and W-7030 controllers
Base operating system
Command Mode
Enable or Config mode on master controllers
1377 | show branch
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show branch-config-group
show branch-config-group [<group-name>]
Description
The output of this command shows configuration settings for a branch config group.
Syntax
Parameter <group-name>
Description (Optional) Name of the branch config group.
Usage Guidelines
When this command includes the optional branch config group name, the output of the command shows the configuration status of that specific branch config group. If no branch config group name is specified, the output of this command displays a high-level status of all branch config groups configured on that master controller.
Example
The following example shows the configuration status of all branch config groups on the controller.
(host) (config) #show branch-config-group
Branch Config Groups
--------------------
Name
Status
Reboot-Required
----
------
---------------
branch1 Validated
No
branch2 Validated
No
New-Group Not Validated
No
The output of this command displays the branch config group name, validated/not validated status, and reboot status for each branch config group.
l Status: A status of Validated indicates that the branch config group has a complete configuration that can be applied to branch controllers. (For example, a branch config group might have a status of Not Validated if the branch config group does not have a IP address defined for the controller or a controller VLAN interface.)
l Reboot-Required: This column indicates that the branch config group includes a configuration change that requires a reboot on the branch controllers using that config group.
The following example shows the configuration status of branch config group named "branch1"
(host) #show branch-config-group branch1 model 7005 vlan 4094 interface vlan 4094 uplink wired vlan 4094 controller-ip vlan 1 vlan 1 interface vlan 1 description "test" operstate up ip address internal
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show branch-config-group | 1378
! uplink wired vlan 1 priority 102 uplink enable interface gigabitethernet "0/0/0" bandwidth-contract app "vox" "test" downstream ! remote-node-dhcp-pool Pool1 pool-type vlan 1 domain-name example.com dns-server 10.1.1.91 range startip 5.5.5.16 endip 6.6.6.6 hosts 16 ! !
Command History
Release ArubaOS 6.4.3.0
Modification Command introduced.
Command Information
Platforms
Available on W-7010, W7005, W-7024, W-7030 , and W-7200 Series controllers.
Licensing Base operating system
Command Mode Enable mode on master controllers.
1379 | show branch-config-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show branch-dhcp-pool
show branch-dhcp-pool config-group <group-name> [pool-name <pool>]
Description
The output of this command shows a summary of DHCP pool information for branch controllers.
Syntax
Parameter config-group <group-name> pool-name <pool>
Description
Name of the branch config group
(Optional) include the name of the DHCP pool in this command to view information only for the selected DHCP pool. If these parameters are omitted, the output of this command shows information for all DHCP pools associated with the branch config group.
Usage Guidelines
Each branch config group contains a branch controller DHCP address pool, which defines a range of IP addresses allocated for branch controllers at a remote site, and the VLAN to be associated with those addresses. A remote-node dhcp pool is configured in the branch controller mode.
Use the show branch-dhcp-pool command to view a summary of branch controller address pool information.
Example
This example shows a summary of branch controller DHCP address pool information.
DHCP Address Pools
------------------
Start IP Address Mask
---------------- ----
192.168.20.2
255.255.255.252
192.168.20.6
255.255.255.252
Interface IP Address -------------------192.168.20.1 192.168.20.5
Is Active --------Active Active
Branch controller MAC Address ----------------------------00:0b:86:99:d6:97 00:0b:86:99:89:97
Hostname -------Cube-7010 7010-234
(host) #show branch-dhcp-pool config-group it pool-name controller_ip
Pool Name
: controller_ip
Vlan
: 20
Start IP
: 192.168.20.0
End IP
: 192.168.20.16
Domain Name :
Number of Hosts: 4
The output of this command includes the following parameters:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show branch-dhcp-pool | 1380
Parameter Pool Name
Description Name of the new DHCP pool.
Type
Type of pool. This can be tunnel or vlan.
Start IP Address
IP addresses at the start of the branch controller's address range, in dotted-decimal format.
End IP Address
IP address at the end of the branch controller's address range, in dotted-decimal format.
Domain Name
The DHCP domain name.
Num Hosts
Maximum number of hosts allocated by a branch controller using this pool.
Command History
Release ArubaOS 6.0 ArubaOS 6.2 ArubaOS 6.4.3.0
Modification Command introduced. Command was deprecated. Command reinstated.
Command Information
Platforms
Licensing
Available on W-7010, W7005, W-7024, and W-7030 controllers
Base operating system
Command Mode
Enable mode on master and branch controllers
1381 | show branch-dhcp-pool
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show cellular profile
show cellular profile [<name>] | [factory]
Description
Display the cellular profiles and profile settings.
Syntax
Parameter <name> factory
Description Enter the name of an existing cellular profile Display a list of factory supported cellular profiles.
Usage Guidelines
Issue this command without the <name> parameter to display configuration parameters for the entire list of available cellular profiles. Include a profile name to display configuration information for that one profile.
Example
The output of this command displays the Cellular Profile table. The example below shows eight preconfigured cellular profiles.
(host) #show cellular profile
Cellular Profile Table
----------------------
Name
Vend
Modeswitch
----
----
--
Novatel_U720
1410
Novatel_U727
1410
Kyocera_KPC680
0c88
Sierra_Compass_597 1199
Pantech_UM175
106c
Sierra_USBConn_881 1199
USBConn_Mercury_C885 1199
Globetrotter_Icon322 0af0
Default cellular priority:
Prod
----
2110 4100 180a 0023 3714 6856 6880 d033 100
Serial Dialer Tty
Driver Priority
------ ------ ---
------ -------- --------
evdo_us evdo_us evdo_us evdo_us evdo_us gsm_us gsm_us gsm_us
ttyUSB0 ttyUSB0 ttyUSB0 ttyUSB0 ttyUSB1 ttyUSB0 ttyUSB3 ttyHS3
option option option sierra option option option hso
default default default default default default default default
The output of this command includes the following parameters:
Parameters Name
Description Name of a cellular profile.
Vend
Vendor ID in hexadecimal
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show cellular profile | 1382
Parameters Prod Serial Dialer TTY Driver
Priority
Modeswitch
Description
USB product ID in hexadecimal
USB device serial number.
Name of a dialer group profile.
Modem TTY port.
One of the following cellular modem drivers: l acm: Linux ACM driver. l hso: Option High Speed driver. l option: Option USB data card driver (default). l sierra: Sierra Wireless driver.
Displays the cellular profile priority; profiles with the default priority of 100 will display the word default in the Priority column Range: 1 to 255. Default: 100
One of two USB device modeswitch settings: l eject: Eject the CDROM device. l rezero: Send SCSI CDROM rezero command.
Command History
Introduced in ArubaOS 3.4.
Command Information
Platforms 600 Series
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1383 | show cellular profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show clock
show clock [summer-time|timezone|append]
Description
Display the system clock.
Syntax
Parameter summer-time timezone append
Description Show summer (daylight savings) time settings.
Show the configured timezone for the controller.
If the timestamp feature is enabled, including a timestamp in show command output.
Usage Guidelines
Include the optional summer-time parameter to display configured daylight savings time settings. The timezone parameter shows the current timezone, with its time offset from Greenwich Mean Time.
Example
The output below shows the current time on the controller clock.
(host) # show clock Thu Feb 5 16:52:28 PST 2009
Related Commands
Configure clock settings using the commands clock append, clock summer-time recurring, and clock timezone.
Command History
This command was available in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show clock | 1384
show cluster-config
show cluster-config
Description
Show the multi-master cluster configuration for the control plane security feature.
Usage Guidelines
When you issue this command from the cluster root, the output of this command shows the cluster role of the controller, and the IP address of each member controller in the cluster. When you issue this command from a cluster member, the output of this command shows the cluster role of the controller, and the IP address of the cluster root.
Example
In the example below, the Cluster Role section in the output of this command shows that the controller on which the command was issued is the cluster root. The Cluster IPSEC Controllers section of the output shows the IP address of each cluster member. (host) (config) #show cluster-config
Cluster Role -----------Root ----
Cluster IPSEC Controllers -------------------------Switch IP address of Cluster-Members Key ------------------------------------ --172.21.18.18 ******** 172.21.18.19 ********
Related Commands
Command
Description
control-plane-security Configure the control plane security profile.
cluster-member-ip
This command sets the controller as a control plane security cluster root, and specifies the IPsec key for a cluster member.
cluster-root-ip
This command sets the controller as a control plane security cluster member, and defines the IPsec key for communication between the cluster member and the controller's cluster root.
Mode
Config mode
Config mode on cluster root controllers
Config mode on cluster member controllers
Command History
This command was introduced in ArubaOS 5.0.
1385 | show cluster-config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on cluster member or cluster root controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show cluster-config | 1386
show cluster-switches
show cluster-switches
Description
Issue this command on a master controller using control plane security in a multi-master environment to show other the other controllers to which it is connected.
Usage Guidelines
When you issue this command from the cluster root, the output of this command displays the IP address of the VLAN used by the cluster member to connect to the cluster root.
If you issue this command from a cluster member ,the output of this command displays the IP address of the VLAN used by the cluster root to connect to the cluster member.
Example
In the example below, the show cluster-switches command was issued on a cluster member. The Switch-IP section of the output shows the IP address of a VLAN on cluster root, indicating that the cluster member can currently communicate with the cluster root. If the member controller cannot communicate with the cluster root, this table will be blank.
(host) (config) #show cluster-switches
SWITCH-IP
CLUSTER-ROLE
-----------------------------
172.21.18.18
ROOT
In this example, the show cluster-switches command was issued on a cluster root. The Switch-IP section of the output shows the IP address of a VLAN on each cluster member that can currently communicate with the cluster root.
(host) (config) #show cluster-switches
SWITCH-IP
CLUSTER-ROLE
-----------------------------
172.21.18.18 MEMBER
172.21.18.19 MEMBER
Related Commands
Parameter
Description
control-plane-security Configure the control plane security profile.
cluster-member-ip
This command sets the controller as a control plane security cluster root, and specifies the IPsec key for a cluster member.
cluster-root-ip
This command sets the controller as a control plane security cluster member, and defines the IPsec key for communication between the cluster member and the controller's cluster root.
Mode
Config mode
Config mode on cluster root controllers
Config mode on cluster member controllers
1387 | show cluster-switches
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
This command was introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on cluster member or cluster root controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show cluster-switches | 1388
show command-mapping
show command-mapping [reverse]
Description
Show the mapping new commands to deprecated commands.
Syntax
Parameter reverse
Description
Sort the command map by deprecated command syntax. This command is useful to find the current command syntax for a deprecated command.
Usage Guidelines
The syntax of many commands changed after the release of ArubaOS 3.0. Use this command to display a list of current commands and their deprecated command equivalents. Include the reverse parameter sort the output of this table by the deprecated command syntax.
Example
The example below shows part of the output for this command. Note that a single new command may have replaced several older commands.
(host) # show command-mappingCommand Map
-----------
New Command
Old Command
-----------
-----------
show ap active
show wlan ap
show ap arm neighbors
show ap arm-neighbors
show ap arm rf-summary
show am rf-summary
show ap arm scan-times
show am scan-times
show ap arm state
show wlan arm
show ap association
show stm association
show wlan client
show wlan remote-client
show ap blacklist-clients
show stm dos-sta
show ap bss-table
show stm connectivity
show ap client status
show stm state
show ap coverage-holes
show rfsm coverage-holes
show ap database
show ap global-list
show sapm ap search
show ap registered
show ap debug association-failure show wlan association-failure
....
Command History
This command was available in ArubaOS 3.0.
1389 | show command-mapping
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show command-mapping | 1390
show configuration
show configuration diff
Description
Show the saved configuration on the controller.
Syntax
Parameter diff
Description
Displays a list of successfully executed configuration commands since the last write memory. The configuration differences are cleared whenever a write memory is performed.
Usage Guidelines
Issue this command to view the entire configuration saved on the controller, including all profiles, ACLs, and interface settings.
Example
The example below shows part of the output for this command. (host) #show configuration diff interface port-channel 6 interface port-channel 6 trusted ids unauthorized-device-profile "default"
Command History
Release ArubaOS 1.0
Modification Command introduced.
ArubaOS 6.3
The diff parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show configuration | 1392
show controller-ip
show controller-ip
Description
Show controller's country and domain upgrade trail.
Syntax
No parameters.
Example
The output of this command shows the controller's IP address and VLAN interface ID.
(host) # show controller-ip Switch IP Address: 10.168.254.221 Switch IP is configured to be Vlan Interface: 1
Command History
This command was available in ArubaOS 3.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1393 | show controller-ip
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show controller-ipv6
show controller-ipv6
Description
Show controller's IPv6 address and VLAN interface ID.
Syntax
No parameters.
Example
(host) # show controller-ipv6
Switch IPv6 Address: 2005:d81f:f9f0:1001::14 Switch IPv6 address is from Vlan Interface: 1 The output of this command shows the controller's IPv6 address and VLAN interface ID.
Command History
This command is introduced in ArubaOS 6.1
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show controller-ipv6 | 1394
show control-plane-security
show control-plane-security
Description
Show the current configuration of the control plane security profile.
Syntax
No parameters.
Usage Guidelines
The control plane security profile enables and disables the control plane security feature and identifies campus APs to receive security certificates. Issue this command to view current control plane security settings.
Example
The following command shows the control plane security and auto certificate provisioning features are enabled in the control plane security profile, and that the controller will send certificates to a range of IP addresses:
(host)(config) #show control-plane-security
Control Plane Security Profile
------------------------------
Parameter
Value
---------
-----
Control Plane Security
Enabled
Auto Cert Provisioning
Enabled
Auto Cert Allow All
Disabled
Auto Cert Allowed Addresses 10.1.1.16 - 10.1.42.55
Related Commands
Command control-plane-security
Description
Configure the control plane security profile by identifying APs to receive security certificates.
Mode Config mode
Command History
This command was introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Enable mode on master or local controllers
1395 | show control-plane-security
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show country
show country [trail]
Description
Show controller's country and domain upgrade trail.
Syntax
Parameter trail
Description
Display the record showing how the switch was reconfigured for it's current country domain when the controller hardware was upgraded.
Usage Guidelines
A controller's country code sets the regulatory domain for the radio frequencies that the APs use. This value is typically set during the controller's initial setup procedure. Use this command to determine the country code specified during setup.
Example
The output of this command shows the controller's country, model and hardware types.
(host) # show country
Country:US Model:DellW-650-US Hardware:Restricted US
Command History
This command was available in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show country | 1396
show cp-bwcontracts
show cp-bwcontract
Description
Displays a list of Control Processor (CP) bandwidth contracts for whitelist ACLs.
Syntax
No parameters.
Example
The CP bw contracts table lists the contract names, the ID number assigned to each contract, and its defined traffic rate in packets per second. (host) #show cp-bwcontracts
CP bw contracts --------------Contract -------cpbwc-ipv4 cpbwc-ipv6 cp-rate
Id -15785 15798 15809
Rate (packets/second) --------------------2000 2000 20
Related Commands
Command cp-bandwidth-contract
firewall cp
Description
This command configures a bandwidth contract traffic rate which can then be associated with a whitelist session ACL.
This command creates a new whitelist ACL and can associate a bandwidth contract with that ACL.
Command History
Version ArubaOS 3.4
Modification Command introduced.
ArubaOS 6.4.3.0
The CP bw contracts table now lists the traffic rate in packets/second instead of bits/second.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license.
Command Mode
Config mode on master controllers
1397 | show cp-bwcontracts
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show cpuload
show cpuload [current]
Description
Display the controller CPU load for application and system processes.
Syntax
Parameter current
Description
Include this optional parameter at the request of Dell technical support to display additional CPU troubleshooting statistics.
Example
This example shows that the majority of the controller's CPU resources are not being used by either application (user) or system processes. (host) #show cpuload user 6.9%, system 7.7%, idle 85.4%
The output of this command includes the following parameters:
Parameter user system idle
Description Percentage of controller CPU resources used by application processes. Percentage of controller CPU resources used by system processes. Percentage of unused controller CPU resources.
Command History
This command was available in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show cpuload | 1398
show crypto-local ipsec-map
show crypto-local ipsec [tag <ipsec-map-name>]
Description
Displays the current IPsec map configuration on the controller.
Syntax
Parameter tag <ipsec-map-name>
Description Display a specific IPsec map.
Usage Guidelines
The command show crypto-local ipsec displays the current IPsec configuration on the controller.
Examples
The command show crypto-local ipsec-map shows the default map configuration along with any specific IPsec map configurations.
(host) #show crypto-local ipsec-map Crypto Map Template"sample" 5 IKE Version: 1 IKEv1 Policy: All Security association lifetime seconds : [300 -86400] Security association lifetime kilobytes: N/A PFS (Y/N): N Transform sets={ default-transform } Peer gateway: 0.0.0.0 Interface: VLAN 0 Source network: 0.0.0.0/0.0.0.0 Destination network: 0.0.0.0/0.0.0.0 Pre-Connect (Y/N): N Tunnel Trusted (Y/N): N Forced NAT-T (Y/N): N
Related Commands
Command crypto-local ipsec-map
Description
Use this command to configure IPsec mapping for site-to-site VPN.
Mode Config mode
1399 | show crypto-local ipsec-map
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 3.4
Modification Command introduced.
ArubaOS 6.1 ArubaOS 6.3
The output of this command displays the configured IKE version.
The output of this command displays the Security association lifetime kilobytes parameter.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto-local ipsec-map | 1400
show crypto dp
show
show crypto dp [peer <source-ip>]
Descriptions
Displays crypto data packets.
Syntax
Parameter dp
peer <source-ip>
Description Shows crypto latest datapath packets. The output is sent to crypto logs. Clears crypto ISAKMP state for this IP.
Usage Guidelines
Use this command to send crypto data packet information to the controller log files, or to clear a crypto ISAKMP state associated with a specific IP address.
Examples
The command show crypto dp sends debug information to CRYTPO logs.
(host) # show crypto
Datapath debug output sent to CRYPTO logs.
Related Commands
Command crypto isakmp
Description
Use this command to configure Internet Key Exchange (IKE) parameters for the Internet Security Association and Key Management Protocol (ISAKMP)
Mode Enable and Config modes
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1401 | show crypto dp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto dynamic-map
show crypto dynamic-map [tag <dynamic-map-name>]
Descriptions
Displays IPsec dynamic map configurations.
Syntax
Parameter dynamic-map
Description IPsec dynamic maps configuration.
tag <dynamic-map-name> A specific dynamic map.
Usage Guidelines
Dynamic maps enable IPsec SA negotiations from dynamically addressed IPsec peers. Once you have defined a dynamic map, you can associate that map with the default global map using the command crypto map globalmap.
Examples
The command show crypto dynamic-map shows IPsec dynamic map configuration.
(host) #show crypto dynamic-map
Crypto Map Template"default-dynamicmap" 10000 IKE Version: 1
lifetime: [300 - 86400] seconds, no volume limit PFS (Y/N): N Transform sets={ default-transform }
Related Commands
Command crypto dynamic-map
Description
Use this command to configure a dynamic map.
Mode Config mode
Command History
Version ArubaOS 3.0 ArubaOS 6.1
Modification Command introduced. The output of this command displays the configured IKE version.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto dynamic-map | 1402
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1403 | show crypto dynamic-map
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto ipsec
show crypto ipsec {mtu|sa[peer <peer-ip>]|transform-set [tag <transform-set-name>]}
Descriptions
Displays the current IPsec configuration on the controller.
Syntax
Parameter mtu
Description IPsec maximum mtu.
sa
Security associations.
peer <peer-ip> transform-set
IPsec security associations for a peer. IPsec transform sets.
tag <transform-set-name> A specific transform set.
Usage Guidelines
The command show crypto ipsec displays the Maximum Transmission Unit (MTU) size allowed for network transmissions using IPsec security. It also displays the transform sets that define a specific encryption and authentication type.
Examples
The command show crypto transform-set shows the settings for both preconfigured and manually configured transform sets.
(host) #show crypto ipsec transform-set
Transform set default-transform: { esp-3des esp-sha-hmac } will negotiate = { Transport, Tunnel }
Transform set default-ml-transform: { esp-3des esp-sha-hmac } will negotiate = { Transport, Tunnel }
Transform set default-boc-bm-transform: { esp-3des esp-sha-hmac } will negotiate = { Transport, Tunnel }
Transform set default-cluster-transform: { esp-aes256 esp-sha-hmac } will negotiate = { Transport, Tunnel }
Transform set default-1st-ikev2-transform: { esp-aes256 esp-sha-hmac } will negotiate = { Transport, Tunnel }
Transform set default-3rd-ikev2-transform: { esp-aes128 esp-sha-hmac } will negotiate = { Transport, Tunnel }
Transform set default-gcm256: { esp-aes256-gcm esp-null-hmac } will negotiate = { Transport, Tunnel }
Transform set default-gcm128: { esp-aes128-gcm esp-null-hmac } will negotiate = { Transport, Tunnel }
Transform set default-rap-transform: { esp-aes256 esp-sha-hmac } will negotiate = { Transport, Tunnel }
Transform set default-remote-node-bm-transform: { esp-3des esp-sha-hmac } will negotiate = { Transport, Tunnel }
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto ipsec | 1404
Transform set default-aes: { esp-aes256 esp-sha-hmac } will negotiate = { Transport, Tunnel }
Transform set newset: { esp-3des esp-sha-hmac } will negotiate = { Transport, Tunnel }
Transform set name: { esp-aes256-gcm esp-sha-hmac } will negotiate = { Transport, Tunnel }
Related Commands
Command crypto ipsec
Description
Use this command to configure IPsec parameters.
Mode Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1405 | show crypto ipsec
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto isakmp
show crypto isakmp eap-passthrough groupname ipsecSPI key log ap <mac-address> packet-dump policy sa stats transports udpencap-behind-natdevice
Descriptions
This command displays Internet Key Exchange (IKE) parameters for the Internet Security Association and Key Management Protocol (ISAKMP).
Syntax
Parameter eap-passthrough groupname ipsecSPI key log ap <mac-address> packet-dump policy
sa peer <peer-ip>
Description Display configured IKEv2 EAP Methods.
Show the IKE Aggressive group name.
Show IPSEC spi hash table entries.
Show the IKE pre-shared keys.
Show debugging log. Show the packet dump configuration.
Show the following information for predefined and manually configured IKE policies: l IKE version l encryption and hash algorithms l authentication method l PRF methods, l DH group l lifetime settings
Show the security associations.
Shows crypto ISAKMP security associations for this IP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto isakmp | 1406
Parameter stats
transports udpencap-behind-natdevice
Description
Show detailed IKE statistics. This information can be very useful for troubleshooting problems with ISAKMP.
Show IKE Transports.
Show the Configuration if NAT-T is enabled if controller is behind a NAT device .
Usage Guidelines
Use the show crypto isakmp command to view ISAKMP settings, statistics and policies.
Examples
The command show crypto isakmp stats shows the IKE statistics.
(host) #show crypto isakmp stats
Default protection suite 10001 Version 1 encryption algorithm: 3DES - Triple Data Encryption Standard (168 bit keys) hash algorithm: Secure Hash Algorithm 160 authentication method: Pre-Shared Key Diffie-Hellman Group: #2 (1024 bit) lifetime: [300 - 86400] seconds, no volume limit
Default RAP Certificate protection suite 10002 Version 1 encryption algorithm: AES - Advanced Encryption Standard (256 bit keys) hash algorithm: Secure Hash Algorithm 160 authentication method: Rivest-Shamir-Adelman Signature Diffie-Hellman Group: #2 (1024 bit) lifetime: [300 - 86400] seconds, no volume limit
Default RAP PSK protection suite 10003 Version 1 encryption algorithm: AES - Advanced Encryption Standard (256 bit keys) hash algorithm: Secure Hash Algorithm 160 authentication method: Pre-Shared Key Diffie-Hellman Group: #2 (1024 bit) lifetime: [300 - 86400] seconds, no volume limit
Related Commands
Command crypto isakmp
Description
Use this command to configure Internet Key Exchange (IKE) parameters for the Internet Security Association and Key Management Protocol (ISAKMP).
Mode Config mode
1407 | show crypto isakmp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 3.0 ArubaOS 6.1
Modification
Command introduced.
The eap-passthrough parameter was introduced. The output of the show crypto isakmp policy command displays the configured IKE version.
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto isakmp | 1408
show crypto-local isakmp
show crypto-local isakmp ca-certificate certificate-group disable-aggressive-mode dpd key server-certificate xauth
Descriptions
This command displays Internet Key Exchange (IKE) parameters for the Internet Security Association and Key Management Protocol (ISAKMP).
Syntax
Parameter ca-certificate certificate-group disable-aggressive-mode dpd key
server-certificate xauth
Description
Shows all the Certificate Authority (CA) certificate associated with VPN clients.
Shows the existing certificate groups by server certificate name and CA certificate.
Shows if aggressive-mode is enabled or disabled.
Shows the IKE Dead Peer Detection (DPD) configuration on the local controller.
Shows the IKE preshared key on the local controller for site-to-site VPN. This is includes keys configured by Fully Qualified Domain Name (FQDN) and local and global keys configured by address.
Shows all the IKE server certificates used to authenticate the controller for VPN clients.
Shows the IKE XAuth configuration for VPN clients.
Usage Guidelines
Use the show crypto-local isakmp command to view IKE parameters.
Examples
This example shows sample output for the show crypto-local ca-certificate, show crypto-local dpd, show crypto-local key, show crypto-local server-certificate and show crypto-local xauth commands:
(host) #show crypto-local isakmp ca-certificate ISAKMP CA Certificates ----------------------CA certificate name Client-VPN # of Site-Site-Maps ------------------- ---------- -------------------
1409 | show crypto-local isakmp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Dell-Factory-CA
Y
0
(host) #show crypto-local isakmp certificate-group
ISAKMP Certificate Groups -------------------------Server certificate name CA certificate name ----------------------- -------------------
(host) #show crypto-local isakmp dpd DPD is Enabled: Idle-timeout = 22 seconds, Retry-timeout = 2 seconds, Retry-attempts = 3
(host) #show crypto-local isakmp key ISAKMP Local Pre-Shared keys configured for ANY FQDN ----------------------------------------------------Key --ISAKMP Local Pre-Shared keys configured by FQDN -----------------------------------------------FQDN of the host Key ---------------- --servers.mycorp.com ********
ISAKMP Local Pre-Shared keys configured by Address
---------------------------------------------------
IP address of the host Subnet Mask Length Key
---------------------- ------------------ ---
10.4.62.10
32
********
ISAKMP Global Pre-Shared keys configured by Address
----------------------------------------------------
IP address of the host Subnet Mask Length Key
---------------------- ------------------ ---
0.0.0.0
0
********
(host) (config) #show crypto-local isakmp server-certificate
ISAKMP Server Certificates
---------------------------
Server certificate name
Client-VPN # of Site-Site-Maps
-----------------------
---------- -------------------
Dell-Factory-Server-Cert-Chain RAP-only 0
(host) #show crypto-local isakmp xauth IKE XAuth Enabled.
Related Commands
Command crypto-local isakmp ca-certificate
Description
Use this command to assign the Certificate Authority (CA) certificate used to authenticate VPN clients.
Mode Config mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto-local isakmp | 1410
Command crypto-local isakmp ca-certificate
Description
Use this command to assign a certificate group so you can access multiple types of certificates on the same controller.
Mode Config mode
crypto-local isakmp disable-aggressive-mode
crypto-local isakmp dpd
Use this command to disable the IKEv1 aggressive mode.
Use this command to configure IKE Dead Peer Detection (DPD) on the local controller.
Config mode Config mode
crypto-local isakmp key
Use this command to configure the IKE preshared key on the local controller for site-to-site VPN.
Config mode
crypto-local isakmp server-certificate
Use this command to assign the server certificate used to authenticate the controller for VPN clients.
Config mode
crypto-local isakmp xauth
Use this command to enable the IKE XAuth for VPN clients.
Config mode
Command History
Release ArubaOS 3.4 ArubaOS 6.1
ArubaOS 6.3
Modification Command introduced.
The show crypto-local isakmp certificate-group command was introduced.
The disable-aggressive-mode parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1411 | show crypto-local isakmp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto-local pki
show crypto-local pki CRL [<name> ALL|crlnumber|fingerprint|hash|issuer|lastupdate|nextupdate] IntermediateCA [<name>ALL|alias|dates|fingerprint|hash|issuer|modulus|purpose|serial|subject]
OCSPResponderCert [<name>ALL|alias|dates|fingerprint|hash|issuer|modulus|purpose|serial|subject]
OCSPSignerCert [<name>ALL|alias|dates|fingerprint|hash|issuer|modulus|purpose|serial|subject]
PublicCert [<name>ALL|alias|dates|fingerprint|hash|issuer|modulus|purpose|serial|subject]
ServerCert [<name>ALL|alias|dates|fingerprint|hash|issuer|modulus|purpose|serial|subject]
TrustedCA [<name>ALL|alias|dates|fingerprint|hash|issuer|modulus|purpose|serial|subject]
crl-stats ocsp-client-stats rcp service-ocsp-responder [stats]
Descriptions
Issue this command to show local certificate, OCSP signer or responder certificate and CRL data and statistics.
Syntax
Parameter CRL
<CRL name> ALL
<CRL name> crlnumber <CRL name> fingerprint <CRL name> hash <CRL name> issuer <CRL name> lastupdate
Description Shows the name, original filename, reference count and expiration status of all CRLs on this controller.
Shows the version, signature algorithm, issuer, last update, next update, and CRL extensions and all other attributes of this CRL.
Shows the number of this CRL.
Shows the fingerprint of this CRL.
Shows the hash number of this CRL.
Shows the issuer of this CRL.
Shows the last update (date and time) at which the returned status is known to be correct.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto-local pki | 1412
Parameter <CRL name> nextupdate
IntermediateCA
OSCPResponderCert
OCSPSignerCert PublicCert
ServerCert
TrustedCA
<name> ALL <name> alias <name> dates <name> fingerprint <name> hash <name> issuer
Description
Shows the next date and time (date and time) where the responder retrieves updated status information for this certificate. If this information is not present, then the responder always holds up to date status information.
Shows the name, original filename, reference count and expiration status of this certificate. NOTE: IntermediateCA has the identical sub-parameters as those listed under the TrustedCA parameter in this table.
Shows the name, original filename, reference count and expiration status of all ocsprespondercert certificates on this controller. NOTE: OCSPResponderCert has the identical sub-parameters as those listed under the TrustedCA parameter in this table.
Shows the OCSP Signer certificate. NOTE: OCSPSignerCert has the identical sub-parameters as those listed under the TrustedCA parameter in this table.
Shows Public key information of a certificate. This certificate allows an application to identify an exact certificate. NOTE: PublicCert has the identical sub-parameters as those listed under the TrustedCA parameter in this table.
Shows Server certificate information. This certificate must contain both a public and a private key (the public and private keys must match). You can import a server certificate in either PKCS12 or x509 PEM format; the certificate is stored in x509 PEM DES encrypted format on the controller. NOTE: ServerCert has the identical sub-parameters as those listed under the TrustedCA parameter in this table.
Shows trusted CA certificate information. This certificate can be either a root CA or intermediate CA. Dell encourages (but does not require) an intermediate CA's signing CA to be the controller itself.
Shows the version, signature algorithm, issuer, last update, next update, and CRL extensions and all other attributes of this certificate.
Shows this certificate's alias, if it exists.
Shows the dates for which this certificate is valid.
Shows the certificate's fingerprint.
Shows the hash number of this certificate.
Shows the certificate issuer.
1413 | show crypto-local pki
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter <name> modulus
Description
Shows the modulus which is part of the public key of the certificate.
<name> purpose
Shows the certificate's purposes such as if this is an SSL server, SSL server CA and so on.
<name> serial
Shows the certificate's serial number.
<name> subject
Shows the certificate's subject identification number.
crl-stats
Shows the CRL request statistics.
ocsp-client-stats
Shows the OCSP client statistics.
rcp
Shows the revocation check point.
service-ocsp-responder [stats] Shows if OCSP responder service is enabled and shows statistics.
Usage Guidelines
Use the show crypto-local pki command to view all CRL and certificate status, OCSP client and OCSP responder status and statistics.
Example
This example displays a list of all OCSP responder certificates on this controller.
(host) (config) #show crypto-local pki OCSPResponderCert
Certificates -----------Name -------------ocspJan28 ocspresp-standalone-feb21 ocsprespFeb02 OCSPresponder1 ocspresponder2 OCSPresponderlatest
Original Filename ----------------ocspresp-jan28.cer ocspresp-feb21.cer ocspresp-feb2.cer ocspresponder-new1.cer subsubCA-ocsp-res-2.cer ocspresponder-latest.cer
Reference Count --------------0 0 1 0 0 0
Expired ------No No No No No No
The output of this command includes the following parameters:
Parameter Name Original Filename Reference Count
Description Name of the OCSP responder certificate.
Name of the original certificate when it was added to the controller.
Number of RCPs that reference this OCSP responder certificate, signer certificate or CRL.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto-local pki | 1414
Parameter Expired
Description
Shows whether the controller has enabled or disabled client remediation with Sygate-on-demand-agent.
This example shows the dates for which this OCSP responder certificate is valid.
(host) (config) #show crypto-local pki OCSPResponderCert ocspJan28 dates notBefore=Jan 21 02:37:47 2011 GMT notAfter=Jan 20 02:37:47 2013 GMT
This example displays the certificate's hash number.
(host) (config) #show crypto-local pki OCSPResponderCert ocspJan28 hash 91dcb1b3
This example shows the purpose and information about this certificate.
(host) (config) #show crypto-local pki OCSPResponderCert ocspJan28 purpose Certificate purposes:For validation SSL client : No SSL client CA : No SSL server : No SSL server CA : No Netscape SSL server : No Netscape SSL server CA : No S/MIME signing : No S/MIME signing CA : No S/MIME encryption : No S/MIME encryption CA : No CRL signing : No CRL signing CA : No Any Purpose : Yes Any Purpose CA : Yes OCSP helper : Yes OCSP helper CA : No
This example displays the certificate's subject.
(host) (config) #show crypto-local pki OCSPResponderCert ocspJan28 subject subject= /CN=WIN-T1BQQFMVDED.security1.qa.mycorp.com
Related Commands
Command crypto-local pki
Description
This command is saved in the configuration file and verifies the presence of the certificate in the controller's internal directory structure.
crypto-local pki rcp <name>
Specifies the certificates that are used to sign OCSP responses for this revocation check point
Mode Config mode
Config mode
1415 | show crypto-local pki
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 3.2 ArubaOS 6.1
Modification
Command introduced.
The following parameters were introduced: l CRL l Intermediate CA l OCSPResponderCert l OCSPSignerCert l global-ocsp-signer-cert l rcp l service-ocsp-responder
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto-local pki | 1416
show crypto map
show crypto ipsec map
Descriptions
This command displays the IPsec map configurations.
Syntax
Parameter map
Description
Usage Guidelines
Use the show crypto map command to view configuration for global, dynamic and default map configurations.
Examples
The command show crypto map shows statistics for the global, dynamic and default maps.
(host) (config) #show crypto map Crypto Map "GLOBAL-IKEV2-MAP" 10000 ipsec-isakmp Crypto Map Template"default-rap-ipsecmap" 10001 IKE Version: 2 IKEv2 Policy: DEFAULT Security association lifetime seconds : [300 -86400] Security association lifetime kilobytes: N/A PFS (Y/N): N Transform sets={ default-gcm256, default-gcm128, default-rap-transform } Crypto Map "GLOBAL-MAP" 10000 ipsec-isakmp Crypto Map Template"default-dynamicmap" 10000 IKE Version: 1 IKEv1 Policy: All Security association lifetime seconds : [300 -86400] Security association lifetime kilobytes: N/A PFS (Y/N): N Transform sets={ default-transform, default-aes }
Related Commands
Command
Description
crypto map global-map Use this command to configure the default global map.
Mode Config mode
1417 | show crypto map
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 3.0 ArubaOS 6.1
ArubaOS 6.3
Modification
Command introduced.
The output of this command displays the configured IKE version for the map.
The output of this command displays the Security association lifetime kilobytes parameter.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto map | 1418
show crypto pki
show crypto pki csr
Descriptions
This command displays the certificate signing request (CSR) for the captive portal feature.
Syntax
Parameter csr
Description
Usage Guidelines
Use the show crypto pki command to view the CSR output.
Examples
The command show crypto pki shows output from the crypto pki csr command.
(host) #show crypto pki csr
Certificate Request: Data: Version: 0 (0x0) Subject: C=US, ST=CA, L=Sunnyvale, O=sales, OU=EMEA,
CN=www.mycompany.com/emailAddress=myname@mycompany.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:e6:b0:f2:95:37:d0:18:c4:ee:f7:bd:5d:96:85: 49:a3:56:63:76:ee:99:82:fe:4b:31:6c:80:25:c4: ed:c7:9e:8e:5e:3e:a2:1f:90:62:b7:91:69:75:27: e8:29:ba:d1:76:3c:0b:14:dd:83:3a:0c:62:f2:2f: 49:90:47:f5:2f:e6:4e:dc:c3:06:7e:d2:51:29:ec: 52:8c:40:26:de:ae:c6:a0:21:1b:ee:46:b1:7a:9b: dd:0b:67:44:48:66:19:ec:c7:f4:24:bd:28:98:a2: c7:6b:fb:b6:8e:43:aa:c7:22:3a:b8:ec:9a:0a:50: c0:29:b7:84:46:70:a5:3f:09 Exponent: 65537 (0x10001) Attributes: a0:00
Signature Algorithm: sha1WithRSAEncryption 25:ce:0f:29:91:73:e9:cd:28:85:ea:74:7c:44:ba:b7:d0:5d: 2d:53:64:dc:ad:07:fd:ed:09:af:b7:4a:7f:14:9a:5f:c3:0a: 8a:f8:ff:40:25:9c:f4:97:73:5b:53:cd:0e:9c:d2:63:b8:55: a5:bd:20:74:58:f8:70:be:b9:82:4a:d0:1e:fc:8d:71:a0:33: bb:9b:f9:a1:ee:d9:e8:62:e4:34:e4:f7:8b:7f:6d:3c:70:4c: 4c:18:e0:7f:fe:8b:f2:01:a2:0f:00:49:81:f7:de:42:b9:05: 59:7c:e4:89:ed:8f:e1:3b:50:5a:7e:91:3b:9c:09:8f:b7:6b: 98:80
-----BEGIN CERTIFICATE REQUEST----MIIB1DCCAT0CAQAwgZMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UE BxMJU3Vubnl2YWxlMQ4wDAYDVQQKEwVzYWxlczENMAsGA1UECxMERU1FQTEaMBgG A1UEAxMRd3d3Lm15Y29tcGFueS5jb20xKDAmBgkqhkiG9w0BCQEWGXB3cmVkZHlA
1419 | show crypto pki
Dell Networking W-Series ArubaOS 6.4.x | User Guide
YXJ1YmFuZXR3b3Jrcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOaw 8pU30BjE7ve9XZaFSaNWY3bumYL+SzFsgCXE7ceejl4+oh+QYreRaXUn6Cm60XY8 CxTdgzoMYvIvSZBH9S/mTtzDBn7SUSnsUoxAJt6uxqAhG+5GsXqb3QtnREhmGezH 9CS9KJiix2v7to5DqsciOrjsmgpQwCm3hEZwpT8JAgMBAAGgADANBgkqhkiG9w0B AQUFAAOBgQAlzg8pkXPpzSiF6nR8RLq30F0tU2TcrQf97Qmvt0p/FJpfwwqK+P9A JZz0l3NbU80OnNJjuFWlvSB0WPhwvrmCStAe/I1xoDO7m/mh7tnoYuQ05PeLf208 cExMGOB//ovyAaIPAEmB995CuQVZfOSJ7Y/hO1BafpE7nAmPt2uYgA==
-----END CERTIFICATE REQUEST-----
Related Commands
Command crypto
crypto pki-import
Description
Use this command to generate a certificate signing request (CSR) for the captive portal feature.
Mode Enable mode
Use this command to import certificates for the captive portal feature.
Enable mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show crypto pki | 1420
show database
show database synchronization
Description
Shows database synchronization status.
Syntax
No parameters.
Usage Guidelines
Issue this command to show the status database synchronization status.
Example
This example shows a database synchronization status. (host) #show database synchronize Last synchronization time: Not synchronized since last reboot Periodic synchronization is enabled and runs every 25 minutes
Related Commands
Command
Description
database synchronize
Show the output of the database synchronize command.
Mode Enable and Config modes
Command History
Release ArubaOS 3.0
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show database | 1422
show datapath
acl id <ACL-id> acl {[ap-name <ap-name> | ip-addr <ip-address>] name <acl-name> type <acl-type>} amsdu tx application {ap-name <ap-name>|counters|ip-addr <ip-address>} bridge [ap-name <ap-name>|counters|ip-addr <ip-address>|table
<macaddr>|verbose] bwm table compression cp-bwm crypto debug {dma counters|epa|eth1info|opcode|performance|pkttrace-buffer|
trace-buffer|trace-route} dhcp {vm-mac} dpi error [counters] esi table exthdr firewall-agg-sess [counters] fqdn frame {ap-name <ap-name>|counters|ip-addr <ip-address>} hardware {counters|statistics} internal dir <dir>|file <file> ip-fragment-table {ipv4|ipv6} ip-mcast ip-reassembly {ap-name <ap-name>|counters|ip-addr <ip-address>|ipv4
|ipv6} ipv6-mcast lag table maintenance counters message-queue counters mobility {discovery-table|home-agent-table|mcast-table|stats} nat {ap-name <ap-name>|counters|ip-addr <ip-address>} network ingress nexthop-list papi counters port rap-bw-resv rap-pkt-trace rap-stats route {ap-name <ap-name>|counters|ip-addr <ip-address>]|ipv4|ipv6|table |verbose} route-cache {ap-name <ap-name>|counters|ip-addr <ip-address>|ipv4|ipv6|table|verbose} services session ap-name <ap-name> session counters session dpi{counters [all[top]|top[all]}|table <ip-address> <app-id>]|appid ip-addr <ip-ad dress>} session ip-addr <ip-address>|[counters|table <ip-address>] session ipv6 {counters|table <ipv6 address>|verbose} session session-id dpi session web-cc station [counters|mac <macaddr>|table] tcp {app <app>|counters|tunnel} tunnel [counters|heartbeat|ipv4|ipv6|station-list|table|tunnel-id
|verbose] tunnel-group user {ap-name <ap-name>|counters|ip-addr <ip-address>|ipv4|ipv6|table} utilization vlan {ap-name <ap-name>}|{ip-addr <ip-address>|table}
1423 | show datapath
Dell Networking W-Series ArubaOS 6.4.x | User Guide
vlan-mcast web-cc [counters] wifi-reassembly counters wmm counters
Descriptions
Displays system statistics for your controller.
Syntax
Parameter acl id <id-name> amsdu tx
ap-name <ap-name> ip-addr <ip-address> application counters
ap-name <ap-name> ip-addr <ip-address> bridge ap-name <ap-name> counters
ip-addr <ip-address> table <macaddr> verbose bwm
Description
Displays datapath statistics associated with a specified ACL. The ACL index is found in the show rights command.
Shows datapath AMSDU TX queue statistics
Name of the AP.
IP address of the AP
Shows application counters and errors generated by applications running on a particular AP. These include stateful firewall application layer statistics.
Name of the AP.
IP address of the AP.
Shows bridge table entry statistics including MAC address, VLAN, assigned VLAN, Destination and flag information for an AP.
Name of the AP. Shows MAC address, VLAN, assigned VLANs, destination and flags information.
Shows datapath bridge table statistics such as current entries, high water mark, maximum entries, total entries, allocation failures and max link length.
IP address of the AP. Shows MAC address, VLAN, assigned VLANs, destination and flags information.
Displays the current high, maximum, and total number of bridge table entries for the Dell controller.
Displays datapath bridge details in a tabular format.
Displays the following bandwidth management table entry statistics: l Type: Indicates whether the contract is a control plane denial-of-
service contract (0), a contract configured through the bandwidth management WebUI or CLI Interfaces (1), or a contract for
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show datapath | 1424
Parameter
ap-name <ap-name>
ip-addr <ip-addr>
table type compression cp-bwm crypto counters debug dma counters eap counters eth1info memory opcode
1425 | show datapath
Description
multicast traffic generated by the controller(2). l Cont ID: An ID number unique to each contract. l Rate: Contract traffic rate, in 256-byte packets/second. l Policed: The number of packets dropped because the policy was
applied. l Avail Credits: This value is the (contract rate)/32, and is used for
internal debugging purposes. l Queued Pkts/ Bytes: Number of bytes/pkts currently being
queued. l Flags: Flags applied to the contract. l CPU: A value in this column indicates that the traffic passed
through the slowpath CPU, and is used for internal debugging purposes. l Status: Indicates whether the bandwidth contract has been successfully applied.
View a bandwidth contract for a specific AP.
View a bandwidth contract for an AP with the specified IP address.
Display a table of all configured bandwidth contracts.
Display only bandwidth contracts of a specific type (0,1 or 2).
Displays datapath compression statistics. By default, the combined statistics of all CPUs are shown.
Displays the data path CP bandwidth management table information.
Displays crypto parameter statistics including crypto, IPsec, PPTP, WEP, TKIP, AESCCM encryption and decryptions, WEP CRC, crypto hardware, XSEC, DOT1X, and L2TP information.
Displays datapath debug details. These are low-level datapath details.
DMA statistics are displayed.
EAP termination statistics are displayed.
Displays IPv4 fragment table statistics.
Displays SOS memory statistics.
Displays datapath debugging information.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
performance all <id> counters event-guide
verbose
dhcp dpi application <appid> error
counters esi table exthdr
firewall-agg-sess counters
fqdn frame counters
Description NOTE: Use this command only under the supervision of Dell technical support.
Displays datapath debug performance statistics including the SUM/CPU, addr, and description.
Displays datapath performance counters by specified CPU ID display.
Displays datapath performance counters.
Displays : l COP0 Events l L3 Cache Events l NAE-RX Events l NAE-TX Events (by register index 0-4)
Displays debug performance statistics including: SUM/CPU, addr, description, value, and difference from last show.
Datapath DHCP -related information.
Displays the Deep Packet Inspection application default ports.
Datapath error statistic errors.
Show datapath errors including SUM, CPU, Addr and description information.
Displays the contents of the datapath ESI server table entries including server, IP, MAC, destination, VLAN, type, session and flag information.
Displays the datapath default IPv6 Extended Header Map.
Displays the datapath firewall aggregated sessions table.
Displays the datapath aggregate session statistics.
Displays datapath fully qualified domain name (FQDN) entries.
Displays frame statistics that are received and transmitted from the data path of the controller. Several output fields include the following descriptions:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show datapath | 1426
Parameter
ap-name <ap-name> ip-addr <ip-address> hardware internal dir <dir> file <file> ip-fragment-table ipv4 ipv6 counters statistics ip-mcast client destination group station ip-reassembly
Description l Descr failures-This is the number of times a packet descriptor
was not available and the packet dropped. l Dot1QDiscards-The number of packets received on a trunk port
where the VLAN presented did not match any configured on the controller and the packet dropped. l Dot1d Discards-Spanning tree is disabled and each BPDU frame is counted and dropped. l Denied Frames-Frames that are denied by the ACL's data path of the controller.
Name of the AP.
IP address of the AP.
Displays datapath hardware counters and hardware packet statistics information.
Internal details are displayed.
Hardware directory
File in the directory.
Displays ip-fragment statistics including CPU, current entries, high water mark, max , total, and aged entries.
Displays IPv4 fragment statistics.
Displays IPv6 fragment statistics.
Hardware counters.
Hardware packet statistics.
Displays the Datapath IP Multicast Entries table statistics.
Datapath Layer 3 groups for specified client.
Datapath tunnel and port membership.
Datapath Layer 3 groups.
Datapath station membership.
Displays the contents of the IP Reassembly statistics tables.
1427 | show datapath
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter ap-name <ap-name> counters ip-addr <ip-address> ipv4 ipv6
ipv6-mcast destination group station
lag table
message-queue counters
maintenance counters mobility
discovery-table
home-agent-table mcast-table
stats nat
network ingress ap-name <ap-name>
Description Name of the AP.
IP reassembly counters.
IP address of the AP
Displays the IPv4 contents of the IP Reassembly statistics table.
Displays the IPv6 contents of the IP Reassembly statistics table.
Displays the datapath IP multicast table statistics.
Displays the IPv6 tunnel and port membership.
Displays the IPv6 multicast group.
Displays the IPv6 station membership.
Displays contents of the datapath link aggregation group (LAG) or port channel table.
Displays statistics of messages received by a CPU from other datapath CPUs (only CPUs that receive messages and non-zero statistics are shown).
Displays datapath maintenance statistics.
Displays datapath IP mobility information.
Displays the discovery count table that is used to keep track of per client home agent discovery.
Displays the datapath HA table information.
Displays the mobility multicast-group table that is used to flood the multicast RA traffic to the roamed clients.
Displays the statistics of the datapath mobility.
Displays the contents of the datapath NAT entries table. It displays NAT pools as configured in the datapath. Statistics include pool, SITP start, SIP end and DIP.
Displays ingress queue counters.
Name of AP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show datapath | 1428
Parameter counters
Description Nat counters.
ip-addr <ip-address>
IP address of the AP.
nexthop-list
Displays the following types of information about the dapath for packets routed to next-hop devices.
l SOS Dest : Unique datapath identifier for each next-hop list l Active IP: l NhIdx: Unique identifier for each next-hop list l NhVer: Internally generated number used to synchronize the
next-hop and session tables.
papi
Displays datapath papi counters including: SUM/CPU, addr, description, and value.
port
Displays the datapath port table information. This includes the port number, PVID, Ingress ACL, Egress ACL, Session ACL, and the following flags: l B: Blocked by the Spanning Tree protocol l L: LSG l M: Tunneled node l Q: Trunk l T: Trusted l X: xSec l Z: QinQ
link-event
Displays port link up and link down event counters.
monitor
Displays the monitor port configuration.
stats <slot/port>
Displays the physical port statistics.
status <slot/port>
Displays the physical port status.
trusted
Displays the trusted ports.
tunneled-node
Displays the tunneled node ports.
untrusted-vlan <slot/port> Show if there are untrusted vlan entries for the indicated slot and port.
xsec
Displays the xsec ports.
rap-bw-resv ap-name
Displays the remote AP uplink BW reservation statistics of the RAP only.
1429 | show datapath
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter ip-addr
rap-pkt-trace ap-name ip-addr
rap-stats ap-name ip-addr
route ap-name <ap-name> counters
ip-addr <ip-address> ipv4 ipv6 table
verbose
route-cache ap-name <ap-name> counters
ip-addr <ip-address> ipv4 ipv6 table
verbose
Description
Displays the remote AP packet-trace statistics of the RAP only.
Displays the remote AP statistics of the RAP only.
Displays datapath route table statistics. Name of the AP. Displays route table statistics such as current entries, high water mark, maximum entries, total entries, allocation failures and max link length. IP address of the AP. Displays datapath IPv4 routing table. Displays datapath IPv6 routing table. Displays route table entries such as IP, mask, gateway, cost, VLAN and flags. Displays all detailed route table entries including IP, mask, gateway, cost, VLAN, flags, Internal VerNum Index. Displays datapath route cache table statistics. Name of the AP. Displays route cache table statistics such as current entries, high water mark, maximum entries, total entries, allocation failures and max link length. Address of IP. Displays datapath IPv4 route cache. Displays datapath IPv6 route cache. Displays route cache table entries such as IP, mask, gateway, cost, VLAN and flags. Displays all detailed route cache table entries including IP, mask, gateway, cost, VLAN, flags, Internal VerNum Index.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show datapath | 1430
Parameter services session
ap-name <ap-name> counters dpi
ip-addr <ip-address> ipv6 session-id table verbose web-cc
Description
Displays the datapath services table statistics including protocol, port and service.
Displays datapath session statistics.
Name of AP.
Displays counters statistics including current entries, high water mark, maximum entries, total entries, allocation failures, duplicate entries, cross linked entries, number of reverse entries and maximum link length.
Displays Deep Packet Information for this session. The output includes: l AclVersion: This is used to store the current version number of
the ACL that is used at session creation time and is used for troubleshooting purposes. l PktsDpi: The number of packets sent to the DPI engine for a given session. l AceIdx: The Index of the Access List entry (in a given ACL) that triggered a match during session creation. l DpiTIdx: This is an index to the DPI engine Tbl and is only used for troubleshooting purposes.
IP address of the AP.
Displays datapath IPv6 session entries and statistics including current entries, high water mark, maximum entries, total entries, allocation failures, duplicate entries, cross linked entries, number of reverse entries and maximum link length.
Displays datapath session FIB for a given session index.
Displays all the IP flows of a wireless device or Dell AP. Statistics include table entries including source IP, destination IP, protocol, SPort, DPort, Cntr, priority, ToS, age, destination, TAge and flags.
Displays additional information about the session that can be used by technical support for debugging purposes.
Displays web-content category information about the session. The output of this command includes the following data columns: l WebCC rep: Reputation score (integer). To see the reputation
type associated with that particular score, issue the command show web-cc reputation. l WebCCID: Web content category ID. To see the name of the category associated with that category ID, issue the command show web-cc category.
1431 | show datapath
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter station
counters mac <macaddr> tcp app <app> counters tunnel table
tunnel
counters
Description
l WebCCU: URL for that session entry.
Displays datapath station association table statistics.
Display the current and high water mark amount of 802.11 associated wireless devices on a controller. Values output from this command represent the water-marks since the last boot of the controller. This is the same value obtainable from the Num Associations output from the show stm connectivity command.
Hardware address, in hexadecimal format.
Displays contents of the tcp tunnel table. This command displays all tcp tunnels that are terminated by the controller.
Name of the application.
Displays the tcp tunnel statistics.
Displays the tcp tunnel table.
This command displays the Datapath Station Table Statistics detail. Display all associated wireless devices on the controller with their corresponding AP BSSID and VLAN ID. Displays the wireless device is associated with the correct encryption type (if the device is associated to an AP BSSID that has encryption enabled and verifies whether the controller is having a problem in decrypting the wireless device's frames.
Displays contents of the datapath tunnel table. This command displays all the tunnels that are terminated by the controller, including Dell AP's GRE tunnels. For example, a GRE tunnel is created and terminated on the Dell controller for every SSID/BSSID configured on the Dell AP. You can filter and view the tunnel using the following options: l counters l encaps l heartbeat l ipv4 l ipv6 l station-list l table l tunnel-id l verbose
Tunnel counters.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show datapath | 1432
Parameter heartbeat ipv4 ipv6 station-list table
tunnel-group user
ap-name <ap-name> counters ip-addr <ip-address> ipv4
ipv6
table utilization vlan
ap-name <ap-name> ip-addr <ip-address> table
vlan-mcast ap-name <ap-name>
Description Displays the datapath heartbeat tunnel details.
Displays the TCP tunnel table filtered on IPv4 entries.
Displays the TCP tunnel table filtered on IPv6 entries.
Displays the list of stations on the tunnel.
Tunnel table statistics.
Displays the tunnel group, active status and members.
Displays datapath user statistics such as current entries, pending deletes, high water mark, maximum entries, total entries, allocation failures, invalid users and maximum link length.
Name of AP.
User counters.
IP address of the AP.
Displays datapath IPv4 user entries and statistics such as current entries, pending deletes, high water mark, maximum entries, total entries, allocation failures, invalid users, and maximum link length.
Displays datapath IPv6 user entries and statistics such as current entries, pending deletes, high water mark, maximum entries, total entries, allocation failures, invalid users, and maximum link length.
User table statistics.
Displays the current CPU utilization of all datapath CPUs.
Displays VLAN table information such as VLAN memberships inside the datapath including Layer 2 tunnels which tunnel L2 traffic.
Name of the AP.
IP address of AP.
Displays VLAN number, flag, port and datapath VLAN multicast entries.
Displays the datapath VLAN multicast table.
Name of the AP.
1433 | show datapath
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter ip-addr <ip-address> table
web-cc [counters]
wifi-reassembly counters wmm counters
Description
IP address of AP.
Displays datapath VLAN Multicast table entries.
Displays web content classification table information. The output of this command includes the following data columns: l WebCC rep: Reputation score (integer). To see the reputation
type associated with that particular score, issue the command show web-cc reputation. l WebCCID: Web content category ID. To see the name of the category associated with that category ID, issue the command show web-cc category. l WebCCU: URL for that session entry. Include the optional counters parameter to display the maximum number of entries allowed in the web content category table.
Displays WiFi reassembly counters including CPU, current entries, high water-mark, maximum entries, total entries, and allocation failures.
Displays VOIP statistics, including the number of uplink and downlink resets.
Usage Guidelines
Use the show datapath command to display various datapath statistics for debugging purposes.
Example
The following example displays the discovery count table that keeps track of per client home agent discovery:
(host) #show datapath mobility discovery-table
Datapath Mobility Discovery Count Table
-------------------------------------------------
Index
Valid Version Retry# No-Response
------- ------ ------- ------ -----------
1
1
2
1
a
Ack -----0
Mac -------------10:78:D2:FA:7D:38
Vlan ----74
The following example displays the datapath HA table information:
(host) #show datapath mobility home-agent-table Datapath Mobility Home Agent Table ---------------------------------Switch IP --------------10.16.19.14 10.16.19.140
The following example displays the mobility multicast-group table that floods the multicast RA traffic to the roaming clients:
(host) # show datapath mobility mcast-table
Datapath Mobility Multicast Table
---------------------------------
GRE Tunnel HomeVlan McastGroup Members
---------- -------- ---------- -------
0x10009
501
01
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show datapath | 1434
The following example displays the statistics of the datapath mobility:
(host) #show datapath mobility stats
Datapath Mobility Stats
Mcast group entry alloc errors
:0
Frames flooded over MMG (@HA)
:0
Frames subjected to MMG (@FA)
:0
Frames sent to roamed clients
:0
HA Discovery failure to notify NACK
:0
HA Discovery invalid DCT
:0
HA Discovery DCT allocation failed
:0
HA Discovery Probes sent
:0
HA Discovery NULL bridge entry in DCT : 0
HA Discovery failed to start
:0
HA Discovery successfully started
:0
HAT insert failure
:0
HAT insert success
:0
HAT delete failure
:0
HAT delete success
:0
The following example displays the mobility multicast VLAN table information:
(host) #show ip mobile multicast-vlan-table
Mobility Multicast Vlan Table
-----------------------------
Client MAC
Home vlan Current vlan
----------
--------- ------------
40:2C:F4:36:16:07 501
501
The following example displays a list of tunnels.
(host) (config) #show datapath tunnel
+----+------+-----------------------------------------------------+
|SUM/|
|
|
|
|CPU | Addr | Description
Value |
+----+------+-----------------------------------------------------+
| | [04] | Tunnel FIB stale
37368 |
+----+------+-----------------------------------------------------+
||
|
|
| G | [00] | Current Entries
15 |
| G | [02] | High Water Mark
15 |
| G | [03] | Maximum Entries
49152 |
| G | [04] | Total Entries
29 |
| G | [06] | Max link length
1|
| G | [07] | Current Tunnel FIB
4294967295 |
| G | [08] | Tunnel FIB recompute
37368 |
+----+------+-----------------------------------------------------+
Datapath Tunnel Table Entries
-----------------------------
Flags: E - Ether encap, I - Wi-Fi encap, R - Wired tunnel, F - IP fragment OK
W - WEP, K - TKIP, A - AESCCM, G - AESGCM, M - no mcast src filtering
S - Single encrypt, U - Untagged, X - Tunneled node, 1(cert-id) - 802.1X Term-PEAP
2(cert-id) - 802.1X Term-TLS, T - Trusted, L - No looping, d - Drop Bcast/Mcast,
D - Decrypt tunnel, a - Reduce ARP packets in the air, e - EAPOL only
C - Prohibit new calls, P - Permanent, m - Convert multicast
n - Convert RAs to unicast(VLAN Pooling/L3 Mobility enabled), s - Split tunnel
V - enforce user vlan(open clients only)
H - Standby (HA-Lite)
#
Source
Destination Prt Type MTU VLAN
Acls
BSSID
Decaps
Encaps Heartbeats Flags EncapKBytes DecapKBytes
------ -------------- -------------- --- ---- ---- ---- ------------------- -----------
------ ---------- ---------- ---------- ----- ------------- -----------
10
10.15.46.20
10.15.47.104 47 8200 1500 10 0 0 1 0
00:24:6C:80:05:68
11735
136
0 IMSPa
1435 | show datapath
Dell Networking W-Series ArubaOS 6.4.x | User Guide
9
10.15.46.20
10.15.47.105 47 8200 1500 10 0 0 1 0
D8:C7:C8:F1:14:E8
10674
234
0 IMSPa
13
10.15.46.20
10.15.47.105 47 8300 1500 10 0 0 1 0
D8:C7:C8:F1:14:E0
8577
0
0 IMSPa
12
10.15.46.20
10.15.47.105 47 9000 1500 0 0 0 0 0
D8:C7:C8:C7:11:4E
183230
0
180225 TES
15
10.15.46.20
10.15.47.104 47 8300 1500 10 0 0 1 0
00:24:6C:80:05:60
433930
829442
0 IMSPa
14
10.15.46.20
10.15.47.104 47 9000 1500 0 0 0 0 0
00:24:6C:C0:00:56
183252
0
180246 TES
The following example displays output of L2 GRE Tunnel Interface.
(host) (config) #show datapath tunnel ipv6
Datapath Tunnel Table Entries
-----------------------------
Flags: E - Ether encap, I - Wi-Fi encap, R - Wired tunnel, F - IP fragment OK
W - WEP, K - TKIP, A - AESCCM, M - no mcast src filtering
S - Single encrypt, U - Untagged, X - MUX, 1 - 802.1X Term
T - Trusted, L - No looping, d - Drop Bcast/Mcast, D - Decrypt tunnel
a - Reduce ARP packets in the air, e - EAPOL only
C - Prohibit new calls, P - Permanent, m - Convert multicast, n - Convert RAs to unicast(VLAN
Pooling/L3 Mobility enabled),
V - enforce user vlan(open clients only)
H - Standby (HA-Lite)
#
Source
Destination
Prt Type MTU VLAN OVLAN
Acls BSSID
Decaps
Encaps Heartbeats Flags
------ ------------- -------------------- --- ---- ---- ---- ----- -------------- --------
--------- --------- --------- ----------- -----
16
2046:eab::25 2047:eab::25
47 0
1280 0 0
000
00:00:00:00:00:00 119209
25535 28873
TEFPR
The following example displays a partial list of crypto parameter statistics.
(host) (config) #show datapath crypto counters
Datapath Crypto Statistics
--------------------------
Crypto Accelerator
Present
Crypto Cores In Use
1
Crypto Cores Total
4
Crypto Requests Total
16
Crypto Requests Queued
0
Crypto Requests Failed
0
Crypto Timeouts
0
Crypto NoCoreFree
0
Crypto BadNPlus
0
Crypto SendNPlusFailed
0
IPSec Encryption Failures 0
IPSec Decryption Failures 0
IPSec Decryption Loops
0
IPSec Decryption BufFail 0
IPSec Decr SPI(client) ERR 0
IPSec Decrypt SA Not Ready 0
IPSec Frag Failures
0
IPSec Bad Pad Length
0
IPSec Invalid TCP Index 0
IPSec Invalid Length
0
IPSec Invalid Head-Room 0
IPSec Invalid Protocol
0
PPTP Encryption Failures 0
PPTP Decryption Failures 0
WEP Encryption Failures 0
WEP Decryption Failures 0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show datapath | 1436
WEP No Key (not serious) 0
TKIP Encryptions
0
TKIP Encryption Failures 0
TKIP Decryptions
0
TKIP Decryption Failures 0
TKIP MIC Failures 0
TKIP Decrypt Bad Counter 0
TKIP P1Key Not Ready
0
...
The following parameters appear in the output of the show datapath crypto counters command, and are useful for debugging purposes.
Parameter Crypto BadNPlus Crypto SendNPlusFailed IPSec Frag Failures
IPSec Invalid Length
IKE Rate
Description
Indicates a queue overrun in the output of the encryption circuit.
Indicates a queue overrun in the input of the encryption circuit.
This counter increments when the AP detects a failure to fragment a frame before or after IPsec encryption.
The inbound IPsec frame length is verified before and after decryption. If the frame length is found to be incorrect , this counter is incremented.
When the controller firewall receives a UDP packet, it determines if the packet is destined for an IKE (500) or IPSEC_NATT (4500) port. This counter increments when the AP receives an initial IKE packet that has an 8-byte responder cookie defined all 0s.
Example of the show datapath compression command output
+----+------+-----------------------------------------------------+
|SUM/|
|
|
|
|CPU | Addr | Description
Value |
+----+------+-----------------------------------------------------+
| | [00] | Compression Engine Present
True |
| | [01] | Comp Response received
150 |
| | [02] | Comp Response failed
0|
| | [03] | Decomp Requests
80 |
| | [04] | Decomp Response received
80 |
| | [05] | Decomp Requests queued
75 |
| G | [06] | Compression Engine Total
4|
+----+------+-----------------------------------------------------+
The following output displays the
1437 | show datapath
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 3.0 ArubaOS 5.0 ArubaOS 6.1
ArubaOS 6.1.3.2 ArubaOS 6.2 ArubaOS 6.3
ArubaOS 6.4
ArubaOS 6.4.1.0
Description
Command introduced.
The tcp parameter was introduced.
The crypto counters parameter now displays a number of TKIP/AESCCM/AESGCM decriptions per priority level along with any counter errors per priority. The ipv6 filter option is added to the following parameters in the command: l session l tunnel l user l route-cache l route l ip-reassembly
The debug opcode parameter was introduced. Issue this command only under the supervision of Dell technical support.
l The firewall-agg-sess parameter is introduced. l The heartbeat parameter is introduced.
The following parameters were introduced: l a-msdu l mobility l tunnel-group The output of the bridge ap-name parameter, displays a new flag b blocked by STP to indicate whether the firewall considers the port to be blocked.
The following parameters were introduced: l dpi l session dpi l session ipv6 dpi l session session-id dpi
The following parameters were introduced as part of the show datapath frame command output: l Excessive ARP Requests l Excessive Gratuitous ARP Requests
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show datapath | 1438
Version ArubaOS 6.4.2.0 ArubaOS 6.4.3.0
Description
The acl id <ACL-id> parameter was added.
l The session web-cc parameter was introduced. This command displays web-content category information about the session.
l The web-cc parameter was introduced. This command parameter displays web-content classification table information, including the web content category ID, reputation score, and URL.
The following changes were introduced: l The compression parameter displays datapath compression statistics.
By default, the combined statistics for all CPUs are shown. l The output of the show datapath session command now supports the
r flag,which indicates that the session was routed through a nexthop device defined by a nexthop-list. For more information, see ip nexthoplist. l The output of the show datapath cp-bwm command now displays the rate in pps.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1439 | show datapath
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show destination
show destination <string>
Description
Display the aliases for default and user-defined network destinations.
Syntax
Parameter string
Description Optional parameter to view details of a specific destination alias.
Example
This example displays the network destinations configured in the controller.
(host) #show destination
controller
----------
Position Type IP addr
-------- ---- -------
1
host 10.16.15.1
Mask/Range ----------
user ---Position -------1
Type ---network
IP addr ------255.255.255.255
Mask/Range ---------0.0.0.0
mswitch ------Position -------1
Type ---host
IP addr ------10.16.15.1
Mask/Range ----------
any --Position -------1
Type ---network
IP addr ------0.0.0.0
Mask/Range ---------0.0.0.0
The output of this command includes the following parameters:
Parameter Position Type
Description Displays the priority position of the alias. The rule type of the destination alias.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show destination | 1440
Parameter IP addr
Mask/Range
Description
The IP address configured in the alias. This can be a network address, host address or a range.
Network mark or the IP address range.
Command History
This command was available in ArubaOS 1.0. Replaced with netdestination in 3.0.
Command Information
Platforms All platforms
Licensing
You must have a PEFNG license to configure or view a destination.
Command Mode
Enable or Config mode on master and local controllers
1441 | show destination
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dialer group
crypto-local show dialer group
Description
Display dialer group information.
Syntax
No parameters.
Usage Guidelines
Displays the Dialer Group Table with the current dialing parameters.
Example
(host) #show dialer group
Dialer Group Table
------------------
Name
Init String
----
-----------
evdo_us ATQ0V1E0
gsm_us AT+CGDCONT=1,"IP","ISP.CINGULAR"
Dial String ----------ATDT#777 ATD*99#
Command History
Introduced in ArubaOS 3.4.
Command Information
Platforms W-600 Series controllers
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dialer group | 1442
show dir
crypto-local show dir usb: disk <disk-name><filesystem-path>
Description
Display the list of directories in the specified disk and the filesystem path.
Syntax
Parameter <disk-name>
Description
Name of the USB device. If you do not know the name of the USB disk, issue the command show usb-storage to view a list of device names.
<filesystem-path>
The USB file system path.
Example
The command below displays the USB directory list for a device named SEGATE-HJ1235_p1.
(host) #(show dir usb: SEGATE-HJ1235_p1/docs
USB directory list
------------------
Permission
Size
----------
----
drwxr-xr-x
0
Time Stamp Directory Name -------------- --------------
May 13 09:39 samba
The output of this command includes the following parameters:
Parameter Permission
Description Read, write and execute permissions for the directory.
Size
Size of the directory.
Time Stamp
Date and time that the directory was last modified.
Directory Name
Name of the directory on the USB device.
Command History
This command was introduced in ArubaOS 3.4.
Command Information
Platforms W-600 Series controllers
Licensing Base operating system
Command Mode
Config mode on master and local controllers
1443 | show dir
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x ap-table
show dot1x ap-table
Description
Shows the 802.1X AP table.
Syntax
No parameters.
Example
Issue this command to display details from the AP table.
AP Table
--------
MAC
IP
Essid
Type AP name
Vlan Enc
Stations
Forwarding-Mode
Profile
Acl
---
--
-----
---- -------
---- ---
-------- ---
------------
-------
---
00:1a:1e:87:ff:c0 10.3.9.242
AP 00:1a:1e:c0:7f:fc 0 -
0
FORWARD_TUNNEL_80211 default/
1
00:1a:1e:87:ff:d0 10.3.9.242 sw-pn-nokia AP 00:1a:1e:c0:7f:fc 0 WPA2-AES
0
FORWARD_TUNNEL_80211 default/default 1
00:1a:1e:82:ab:a0 10.3.9.220
AP monitor-124
0-
0
FORWARD_TUNNEL_80211 default/
1
00:1a:1e:82:ab:b0 10.3.9.220
AP monitor-124
0-
0
FORWARD_TUNNEL_80211 default/
1
00:1a:1e:87:ff:d1 10.3.9.242 sw-pn-t2 AP 00:1a:1e:c0:7f:fc 0 WPA2-PSK-AES 0
FORWARD_TUNNEL_80211 default/default 1
Num APs: 5
The output of this command includes the following parameters:
Parameter MAC IP Essid Type AP name Vlan Enc Stations
Description The MAC address of the AP The IP address of the AP The AP's ESSID Device type Name of the AP Number of VLANs associated with the specified AP AP's encryption method Number of stations associated with the specified AP
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x ap-table | 1444
Parameter Forwarding Mode Profile Acl
Description Forwarding mode used by the specified AP AP profile Number of ACLs this AP belongs to
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
1445 | show dot1x ap-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x ap-table aes
show dot1x ap-table aes
Description
Shows the AES keys of all APs.
Syntax
No parameters.
Example
Issue this command to display AES keys of all APs.
AP Table Showing AES Keys
-------------------------
AP-MAC
GTK/Size/Slot
------
-------------
00:1a:1e:87:ff:d0 * * * * * * * */128-Bit/1
00:1a:1e:87:ff:d1 * * * * * * * */128-Bit/1
The output of this command includes the following parameters:
Parameter AP-MAC GTK/Size/Slot
Description AP MAC address
GTK: The group temporal key Size: Size of the AES key Slot: Slot number
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x ap-table aes | 1446
show dot1x ap-table dynamic-wep
show dot1x ap-table dynamic-wep
Description
Shows the dynamic WEP keys of all APs.
Syntax
No parameters.
Example
Issue this command to display dynamic keys of all APs. Dynamic-WEP Key Information --------------------------AP-MAC Key1/Size/Slot Key2/Size/Slot ------ -------------- -------------Num APs: 0
The output of this command includes the following parameters:
Parameter AP-MAC Key1/Size/Slot
Key12/Size/Slot
Description
AP MAC address
Key1: The WEP key Size: Size of the WEP key Slot: Slot number
Key2: The WEP key Size: Size of the WEP key Slot: Slot number
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
1447 | show dot1x ap-table dynamic-wep
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x ap-table static-wep
show dot1x ap-table static-wep
Description
Shows the static WEP keys of all APs.
Syntax
No parameters.
Example
Issue this command to display the static WEP keys of all APs.
Static-WEP Key Information -------------------------AP-MAC Key1/Size Key2/Size ------ --------- --------Num APs: 0
Key3/Size ---------
Key3/Size ---------
The output of this command includes the following parameters:
Parameter AP-MAC Key1/Size Key2/Size Key3/Size Key3/Size
Description AP's MAC address WEP key 1 and its size WEP key 2 and its size WEP key 3 and its size WEP key 3 and its size
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x ap-table static-wep | 1448
show dot1x ap-table tkip
show dot1x ap-table tkip
Description
Displays a table of TKIP keys on the controller.
Syntax
No parameters.
Example
Issue this command to display all TKIP keys.
AP Table Showing TKIP Keys
--------------------------
AP-MAC
GTK/Size/Slot
------
-------------
00:1a:1e:6f:e5:10 * * * * * * * */256-Bit/1
Num APs: 1
The output of this command includes the following parameters:
Parameter AP-MAC GTK/Size/Slot
Description AP MAC Address
GTK: The group temporal key Size: Size of the AES key Slot: Slot number
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
1449 | show dot1x ap-table tkip
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x counters
show dot1x counters
Description
Displays a table of dot1x counters.
Example
Issue this command to display all 802.1X counter information. 802.1x Counters
AP Sync Request...................4 Sync Response..................3 Up.............................4 Down...........................1 Resps..........................4 Acl............................53
Station Sync Request...................9 Sync Response..................9 Up.............................2321 Down...........................2272 Unknown........................72
EAP RX Pkts........................4811 Dropped Pkts...................4497 TX Pkts........................5253
WPA Message-1......................2484 Message-2......................63 Message-3......................63 Message-4......................63 Group Message-1................63 Group Message-2................63 Rx Failed......................2418 IE Mismatches..................4836 Key Exchange Failures..........602
WPA2 Message-1......................2630 Message-2......................13 Message-3......................13 Message-4......................13 Rx Failed......................2079 IE Mismatches..................4158 Key Exchange Failures..........549
Radius Accept.........................1217
Station Deauths.................1151
The output of this command includes the following parameters:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x counters | 1450
Parameter AP l Sync Request l Sync Response l Up l Down l Resps l Acl
Station l Sync Request l Sync Response l Up l Down l Unknown
EAP l RX Pkts l Dropped Pkts l TX Pkts
WPA l Message-1 l Message-2 l Message-3 l Message-4 l Group Message-1 l Group Message-2 l Rx Failed l IE Mismatches l Key Exchange
Failures
WPA2 l Message-1 l Message-2 l Message-3
Description
l Number of sync requests sent l Number of sync responses sent l Number of times an AP has come up l Number of times an has gone down l Number of response messages sent to the AP due to an AP up message l Number of access control lists
l Number of sync requests sent to find all APs and stations that are connected
l Number of sync responses received l Number of times a station (any station) connected to the AP l Number of times a station (any station) disconnected from the AP l Number of times a station attempted to start an EAP exchange before
associating to an AP. In other words, the number of times the auth module saw the start of an EAP exchange before auth was notified that a station has associated an AP
l Number of EAP packets received l Number of EAP packets dropped (ignored) for any reason, such as bad
packet, length, EAP ID mismatch, etc. l Number of EAP packets sent
l Number of WPA message-1s sent l Number of WPA message-2s sent l Number of WPA message-3s sent l Number of WPA message-4s sent l Number of WPA group message-1s sent l Number of WPA group message-2s sent l Number of WPA related EAP packets dropped for any reason l Number of WPA related EAP packets dropped because the station and
controller have a different perception of what the connection details are l Number of key exchange failures
l Number of WPA2 message-1s sent l Number of WPA2 message-2s sent
1451 | show dot1x counters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter l Message-4 l Rx Failed l IE Mismatches l Key Exchange
Failures
Radius Accept
Station Deauths
Description l Number of WPA2 message-3s sent l Number of WPA2 message-4s sent l Number of WPA2 related EAP packets dropped for any reason l Number of WPA2 related EAP packets dropped because the station and
controller have a different perception of what the connection details are l Number of key exchange failures
Number of RADIUS accepts
Number of stations deaths
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x counters | 1452
show dot1x supplicant-info
show dot1x supplicant-info <supplicant-mac> <ap-mac>
Description
Shows the details about a specific supplicant.
Example
Issue this command to display the details about a supplicant.
Name MAC Address AP MAC Address Status Unicast Cipher Multicast Cipher EAP-Type Packet Statistics: EAPOL Starts EAP ID Requests EAP ID Responses EAPOL Logoffs from station EAP pkts to the station EAP pkts from station Unknown EAP pkts from station EAP Successes sent EAP Failures sent Station failed to respond Station NAKs Radius pkts to the server Radius pkts from the server Server failed to respond Server rejects WPA/WPA2-Key Message1 WPA/WPA2-Key Message2 WPA/WPA2-Key Message3 WPA/WPA2-Key Message4 WPA-GKey Message1 WPA-GKey Message2 ID of the last EAP request Length of the last EAP request ID of the last EAP response Length of the last EAP response ID of the last radius request Length of the last radius request ID of the last radius response
MYCORPNETWORKS\ccutler 00:19:7e:a9:8e:b0 00:1a:1e:11:5f:11 Authentication Success WPA2-AES WPA2-AES EAP-PEAP
0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 151 0 0 0 0 0
The output of this command includes the following parameters:
1453 | show dot1x supplicant-info
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Name MAC Address AP MAC Address Status Unicast Cipher Multicast Cipher EAP-Type EAPOL Starts EAP ID Requests EAP ID Responses EAPOL Logoffs from station EAP pkts to the station EAP pkts from station Unknown EAP pkts from station EAP Successes sent EAP Failures sent Station failed to respond Station NAKs Radius pkts to the server Radius pkts from the server Server failed to respond Server rejects WPA/WPA2-Key Message1
Description Supplicant name. Supplicant MAC address. AP MAC address. Supplicant's status. Supplicant's unicast cipher. Supplicant's multicast cipher. Supplicant's EAP-Type. Number of EAPOL starts. Number of EAP ID requests. Number of EAP ID responses. Number of EAPOL logoffs from the station. Number of EAP packets sent to the station. Number of EAP packets sent from the station. Number of unknown EAP packets sent from the station. Number of EAP successes sent. Number of EAP failures sent. Number of times the station failed to respond. Number of station negative-acknowledgement characters. Number of radius packets set to the server. Number of radius packets sent from the server. Number of times the server failed to respond. Number of times ac connection was rejected by the server. Number of WPA message-1s sent.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x supplicant-info | 1454
Parameter WPA/WPA2-Key Message2
Description Number of WPA message-2s sent.
WPA/WPA2-Key Message3
Number of WPA message-3s sent.
WPA/WPA2-Key Message4
Number of WPA message-4s sent.
WPA-GKey Message1
Number of WPA group message-1s sent.
WPA-GKey Message2
Number of WPA group message-2s sent.
ID of the last EAP request
The ID of the last EAP request.
Length of the last EAP request
The length of the last EAP request.
ID of the last EAP response
The ID of the last EAP response.
Length of the last EAP response
The length of the last EAP response.
ID of the last radius request
The ID of the last radius request.
Length of the last radius request The length of the last radius request.
ID of the last radius response
The ID of the last radius response.
Length of the last radius response The length of the last radius response.
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
1455 | show dot1x supplicant-info
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x supplicant-info list-all
show dot1x supplicant-info list all
Description
Shows all 802.1X supplicants.
Syntax
No parameters.
Example
Issue this command to display all 802.1X supplicants as well as additional relevant information.
802.1x User Information
-----------------------
MAC
Name
EAP-Type Remote
------------
--------
--------- ------
00:15:00:26:f8:f5 user1
EAP-PEAP No
Auth ---Yes
AP-MAC -----00:0b:86:8b:68:68
Enc-Key/Type ------------------* * * * * * * */WPA2-AES
Auth-Mode -----------Explicit Mode
Station Entries: 1
The output of this command includes the following parameters:
Parameter MAC Name Auth AP-MAC Enc-Key/Type
Auth-Mode EAP-Type Remote
Description Supplicant MAC address Supplicant name Shows if the supplicant authenticated successfully AP MAC address Enc-Key: Supplicant's encryption key Type: Encryption type used by the supplicant Authentication mode EAP type Is the supplicant remote
Command History
This command was introduced in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x supplicant-info list-all | 1456
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
1457 | show dot1x supplicant-info list-all
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x supplicant-info pmkid
show dot1x supplicant-info pmkid <supplicant-mac>
Description
Shows the PMKIDs of the various stations on the controller.
Syntax
No parameters.
Example
Issue this command to display the PMKIDs of the various stations on the controller.
PMKID Table
-----------
Mac
Name
AP
---
----
--
00:03:7f:bf:12:ac zoobar22 00:0b:86:a0:57:60
c2:7d:12:1a:1c:5b:40:f8:89:46:22:a5:ec:9b:fb:a6
00:03:7f:bf:12:ac zoobar22 00:0b:86:c0:04:88
bb:2d:e1:57:e1:b8:9b:a2:71:f5:98:ad:61:db:47:e7
PMKID -----
The output of this command includes the following parameters:
Parameter MAC Name AP PMKID
Description Supplicant MAC address Supplicant name AP MAC address Station PMKID
Command History
This command was introduces in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x supplicant-info pmkid | 1458
show dot1x supplicant-info statistics
show dot1x supplicant-info statistics
Description
Shows the 802.1X statistics of the users.
Syntax
No parameters.
Example
Issue this command to display the 802.1X statistics of the users.
802.1x Statistics
-----------------
Mac
Name AP
Auth-Succs Auth-Fails Auth-Tmout Re-Auths
Supp-Naks UKeyRotations MKeyRotations
---
---- --
---------- ---------- ---------- -------- ---
------ ------------- -------------
00:15:00:26:f8:f5 user1 00:0b:86:8b:68:68 1
0
0
0
0
0
0
Total:
2
0
0
0
0
0
0
Station Entries: 1 The output of this command includes the following parameters:
Parameter MAC Name AP Auth-Succs Auth-Fails Auth-Tmout Re-Auths Supp-Naks UKeyRotations MKeyRotations
Description Supplicant MAC address. Supplicant name. AP MAC address. Number of successful authentications. Number of authentication failures. Number of authentication timeouts. Number of reauthentications. Number of negative-acknowledgement characters sent by the supplicant. Number of unicast key rotations. Number of multicast key rotations.
1459 | show dot1x supplicant-info statistics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dot1x supplicant-info statistics | 1460
show dot1x watermark
crypto-local show dot1x watermark
history table {active|pending}
Description
Use this command under the guidance of Dell support to view information about the table that contains 802.1X sessions being processed.
Syntax
Parameter history
Description
Displays all historical sessions in the 802.1X session queue.
Range --
table {active|pending} Table types:
--
l active: Displays all current active sessions in the 802.1X queue and the corresponding userage.
l pending: Displays all pending sessions in the 802.1X queue, the duration for which the user is pending in the queue, and the corresponding user-age.
Default --
--
Command History
Version ArubaOS 6.3.1.0 ArubaOS 6.4.2.4
Modification Command introduced. The table parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
1461 | show dot1x watermark
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dpi
show dpi application
name all category <name> custom-app <name> global-bandwidth-contract all category <name> custom-app <name>
Description
Shows applications and application categories that are configured for deep-packet inspection. It also shows DPI global bandwidth contracts by application or application category.
Syntax
Parameter name
all category <name> custom-app <name> global-bandwidth-contract all app <name> appcategory <name>
Description Name of the application Shows all applications Shows all applications within a category. Shows all custom applications. Shows the DPI global bandwidth contracts. Shows all bandwidth contracts. Shows bandwidth contracts by application name. Shows bandwidth contracts by application category name.
Example
The output of the following command shows custom applications by name, ID, application category, and default ports that are configured for DPI.
(host) (config) #show dpi application all
Applications
------------
Name
App ID App Category
----
------ ------------
01net
948
web
050plus
1123 audio-video
0zz0
584
web
10050net
1339 web
10086cn
949
web
104com
1336 web
1111tw
1338 web
114la
950
web
115com
951
web
118114cn
952
web
11st
1191 web
Default Ports ------------tcp 80 tcp 80 443 tcp 80 tcp 80 tcp 80 443 tcp 80 tcp 80 tcp 80 tcp 80 443 tcp 80 tcp 80
Applied ------0 0 0 0 0 0 0 0 0 0 0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show dpi | 1462
Related Commands
Command dpi
Description
Use this command to configurs Deep-Packet Inspection and the global bandwidth contract for an application or application categories for the AppRF feature.
Mode Config mode
Command History
This command was introduced in ArubaOS 6.4.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1463 | show dpi
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show esi groups
show esi groups [{group-name <groupname>|{ping-name <ping-name>}]
Description
Show ESI group information.
Syntax
Parameter
group-name <groupname>
Description View the facility used when logging messages into the remote syslog server.
ping-name <ping-name>
Enter the name of a set of ping values to how the names of ESI groups using that set of ping attributes. Define a set of ESI ping values using the command esi ping.
server
Show the IP address of a remote logging server.
Usage Guidelines
The ESI parser is a mechanism for interpreting syslog messages from third party appliances such as anti-virus gateways. Use this command to view configured ESI server groups.
Example
This example below displays the name of each configured ESI group, including its ping definitions and ESI server.
(host) #show esi groups
ESI Group Table
---------------
Name
Tunnel ID Ping
Flags
----
--------- ----
-----
anything 0x1042
pingset_1 C
cupertino 0x1043
-
C
Flags:
C:Datapath Download complete
Servers ------0 0
Related Commands
Platforms Licensing
esi parser domain
This command configures an ESI syslog parser domain.
Command Mode
Config mode on master or local controllers.
esi parser rule
This command creates or changes an ESI syslog parser rule.
Config mode on master or local controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show esi groups | 1464
Platforms Licensing
esi parser rule-test
This command allows you to test all of the enabled parser rules.
Command Mode
Config mode on master or local controllers.
Command History
This command was introduced in ArubaOS 2.5.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers.
1465 | show esi groups
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show esi parser
show esi parser domains|rules|stats
Description
Show ESI parser information.
Syntax
Parameter domains
Description Show ESI parser domain information.
rules
Show ESI parser rule information.
stats
Show ESI parser rule stats.
Usage Guidelines
The ESI parser is a generic syslog parser on the controller that accepts syslog messages from external thirdparty appliances such as anti-virus gateways, content filters, and intrusion detection systems. It processes syslog messages according to user-defined rules and takes configurable actions on the corresponding system users.
ESI servers are configured into domains to which ESI syslog parser rules are applied.
Use the show esi parser domains command to show ESI parser domain information.
Example
The ESI Parser Domain table in the example below shows that the controller has two ESI domains and two ESI servers. (host) #show esi parser domains
ESI Parser Domain Table
-----------------------
Domain
ESI Servers
------
-----------
corp_domain 172.21.5.50
remote_domain 192.84.66.30
Peer Controllers ---------------10.3.132.14
Total number of servers configured: 2
Related Commands
Platforms esi parser domain
Licensing
This command configures an ESI syslog parser domain.
Command Mode
Config mode on master or local controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show esi parser | 1466
Platforms esi parser rule
esi parser rule-test
Licensing
This command creates or changes an ESI syslog parser rule.
Command Mode
Config mode on master or local controllers.
This command allows you to test all of the enabled parser rules.
Config mode on master or local controllers.
Command History
This command was introduced in ArubaOS 3.1.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers.
1467 | show esi parser
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show esi ping
show esi ping [ping-name <ping-name>]
Description
Show settings for ESI ping health check attributes.
Syntax
Parameter
ping-name <pingname>
Description
Include the optional ping-name <ping-name> parameters to display settings for one specified set of ping settings.
Example
This example below shows that the controller has three defined sets of ping attributes. (host) #show esi groups
ESI Ping Table
--------------
Name
Frequency (sec) Timeout (sec) Retry Count ID Num Groups
----
--------------- ------------- ----------- -- ----------
ping_att1
5
2
2
ESIping
5
2
2
ESIping2
50000
2
2
01 10 22
The output of this command includes the following information:
Column Name frequency timeout retry-count
Description Name of a group of ping settings. Specifies the ping frequency in seconds. Specifies the ping timeout in seconds. Specifies the ping retry count
ID
ID number assigned to the ping attributes when that set of attributes was defined.
Num Groups
Number of ESI groups to which this set of ping attributes is assigned.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show esi ping | 1468
Related Commands
Platforms esi ping
Licensing
This command specifies the ESI ping health check configuration.
Command Mode
Config mode on master or local controllers.
Command History
This command was introduced in ArubaOS 2.5.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers.
1469 | show esi ping
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show esi servers
show esi servers [{group-name <groupname>|{server-name <server-name>}]
Description
Show configuration information for ESI servers.
Syntax
Parameter
group-name <groupname>
Description
Include this optional parameter to display information for all ESI servers assigned to a specific ESI group.
server-name <server-name>
Specify an ESI server name to view configuration information for just that server.
Usage Guidelines
By default, this command displays configuration settings for all ESI servers. You can include the name of an ESI group to view servers assigned to just that group, or specify a server name to view information for that server only.
Example
This example below displays configuration details for the ESI server name forti_1.
(host) #show esi servers server-name forti_1
ESI Server Table
----------------
Name
Trusted IP Untrusted IP Trusted s/p Untrusted s/p Group Mode NAT Port ID
----
---------- ------------ ----------- ------------- ----- ---- -------- --
forti_1 10.168.173.2 10.168.171.3 -/-
-/-
default route 0
4
Flags ----U
Flags: C :Datapath Download complete U :Server Up D :Server Down PT:Trusted Ping response outstanding PU:Untrusted Ping response outstanding HT:Health Check Trusted IP HU:Health Check Untrusted IP FT:Trusted Ping failed FU:Untrusted Ping failed
The output of this command includes the following information:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show esi servers | 1470
Column Name Trusted IP
Untrusted IP
Trusted s/p
Untrusted s/p Group
Mode Nat Port ID Flags
Description Name of the ESI server.
Displays the server IP address on the trusted network. As an option, you can also enable a health check on the specified address
Displays the server IP address on the untrusted network. As an option, you can also enable a health check on the specified address
Shows the slot and port connected to the trusted side of the ESI server; slot/port format.
Shows the slot and port connected to the untrusted side of the ESI server.
Name of the ESI group to which this server is assigned. If the server has not yet been assigned to a group, this column will be blank.
Specifies the ESI server mode of operation: bridge, nat, or route
Displays the NAT destination TCP/UDP port.
ID number assigned to the server when it was first defined.
This data column displays any flags associated with this server. The flag key appears below the ESI Server Table.
Related Commands
Platforms Licensing esi server This command configures an ESI server.
Command Mode
Config mode on master or local controllers.
Command History
This command was introduced in ArubaOS 2.5.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers.
1471 | show esi servers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show faults
show fault [history]
Description
Display a list of faults, which are any problematic conditions of the ArubaOS software or hardware.
Syntax
Parameter history
Description
Include this parameter to display a history of faults cleared by the controller or the operator.
Usage Guidelines
A controller can maintain a list of up to 100 faults. Once 100 faults have been logged, any faults arising after that are dropped. The controller maintains a history of the last 100 faults that have cleared. Every time a new fault clears clear, the oldest fault in the fault history is purged from the list.
Example
This example below shows all active faults the controller, including the time the fault occurred, the fault ID number, and a description of the problem.
(host) #show faults
Active Faults ------------Time ---2009-03-02 18:13:08 2009-03-02 18:13:08 2009-03-02 18:13:08 2009-03-02 18:13:08 2009-03-02 18:13:08 2009-03-02 18:13:08 back in service. 2009-03-02 18:13:08 2009-03-02 18:13:08 back in service. 2009-03-02 18:13:08 2009-03-02 18:13:08 back in service. 2009-03-02 18:13:08 2009-03-02 18:13:08 back in service. 2009-03-02 18:13:08 2009-03-02 18:13:08 back in service. 2009-03-02 18:13:09 2009-03-02 18:13:09 back in service. 2009-03-02 18:13:09 2009-03-02 18:13:09 back in service.
Number -----93 94 95 96 97 98
99 100
101 102
103 104
105 106
107 108
109 110
Description ----------Authentication Server vortex is down. Authentication Server vortex is down. Authentication Server vortex is down. Authentication Server vortex is down. Authentication Server corp1-supersvr is down. All authentication servers in server group sg-auth2 are brought
Authentication Server corp1-supersvr is down. All authentication servers in server group sg-auth2 are brought
Authentication Server corp1-supersvr is down. All authentication servers in server group sg-auth2 are brought
Authentication Server corp1-supersvr is down. All authentication servers in server group sg-auth2 are brought
Authentication Server corp1-supersvr is down. All authentication servers in server group sg-auth2 are brought
Authentication Server corp1-supersvr is down. All authentication servers in server group sg-auth2 are brought
Authentication Server corp1-supersvr is down. All authentication servers in server group sg-auth2 are brought
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show faults | 1472
2009-03-02 18:13:09 111
Authentication Server corp1-supersvr is down.
2009-03-02 18:13:09 112
All authentication servers in server group sg-auth2 are brought
back in service.
2009-03-02 18:13:09 113
Authentication Server corp1-supersvr is down.
2009-03-02 18:13:09 114
All authentication servers in server group sg-auth2 are brought
back in service.
2009-03-02 18:13:09 115
Authentication Server corp1-supersvr is down.
Total number of entries in the queue :23
Related Commands
Command clear fault <id>|all
Description
Mode
Manually clear a single fault by specifying the fault ID number, or clear all faults by including the all parameter.
Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers.
1473 | show faults
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show file syncing profile
show file syncing profile
Description
This command displays the configuration the file syncing profile.
Syntax
None.
Usage Guidelines
Execute this command to view the file syncing profile.
Example
The following example shows the output of show file syncing profile.
(host) #show file syncing profile
File syncing profile
--------------------
Parameter
Value
---------
-----
File syncing Enabled
sync time
30
Command History
This command was introduced in ArubaOS 6.4.1.
Command Information
Platform Available on all platforms
License
Available in the base operating system
Command Mode
Enable mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show file syncing profile | 1474
show fips
show fips
This command applies only to the FIPS version of ArubaOS.
Description
Displays FIPS mode of operation status as enabled or disabled.
Syntax
No parameters.
Example
The output of this command shows that the FIPS mode of operation is currently enabled. (host) # show fips
FIPS Settings: -------------Mode Enabled
Command History
This command was introduced in ArubaOS-FIPS 2.4.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1475 | show fips
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show firewall
show firewall
Description
Display a list of global firewall policies.
Syntax
No parameters
Example
This example below shows all firewall policies currently configured on the controller.
(host) (config) #show firewall Global firewall policies -----------------------Policy -----Enforce TCP handshake before allowing data Prohibit RST replay attack Deny all IP fragments Prohibit IP Spoofing Monitor ping attack Monitor TCP SYN attack Monitor IP sessions attack Deny inter user bridging Log all received ICMP errors Per-packet logging Blacklist Grat ARP attack client Stateful SIP Processing Allow tri-session with DNAT Disable FTP server Blacklist ARP attack client Monitor ARP attack Monitor Gratuitous ARP attack GRE call id processing Session Idle Timeout WMM content enforcement Session VOIP Timeout Stateful H.323 Processing Stateful SCCP Processing Only allow local subnets in user table Monitor/police CP attacks Rate limit CP untrusted ucast traffic Rate limit CP untrusted mcast traffic Rate limit CP trusted ucast traffic Rate limit CP trusted mcast traffic Rate limit CP route traffic Rate limit CP session mirror traffic Rate limit CP auth process traffic Deny inter user traffic Prohibit ARP Spoofing Stateful VOCERA Processing Stateful UA Processing Enforce bw contracts for broadcast traffic Multicast automatic shaping Stall Detection
Action -----Disabled Disabled Disabled Enabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Enabled Disabled No Disabled Disabled Enabled Disabled Disabled Disabled Disabled Enabled Enabled Disabled Disabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Disabled Disabled Enabled Enabled Disabled Disabled Enabled
Rate ----
Port ----
50/sec
9765 pps 1953 pps 65535 ps 1953 pps 976 pps 976 pps 976 pps
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show firewall | 1476
Enforce TCP Sequence numbers
Disabled
AMSDU Rx
Enabled
Jumbo Frames
Disabled
Session-tunnel FIB
Enabled
Prevent DHCP exhaustion
Disabled
Stateful SIPS Processing
Enabled
Deny source routing
Disabled
Immediate Freeback
Disabled
DPI Classification
Enabled [Cfg: enabled, PEF license: installed]
STUN Based Traversal
Enabled
Web Content Classification
Enabled
Web Content Cache Miss Drop
Disabled
Stateful ICMP Processing
Disabled
Optimize Duplicate Address Detection frames Enabled
The output of this command includes the following information:
Parameter Enforce TCP handshake before allowing data
Prohibit RST replay attack Deny all IP Fragments Prohibit IP Spoofing Monitor ping attack Monitor TCP SYN attack Monitor IP sessions attack
Description
If enabled, this feature prevents data from passing between two clients until the three-way TCP handshake has been performed. This option should be disabled when you have mobile clients on the network as enabling this option will cause mobility to fail. You can enable this option if there are no mobile clients on the network.
If enabled, this setting closes a TCP connection in both directions if a TCP RST is received from either direction.
If enabled, all IP fragments are dropped.
When this option is enabled, source and destination IP and MAC addresses are checked; possible IP spoofing attacks are logged and an SNMP trap is sent.
If enabled, the controller monitors the number of ICMP pings per second. If this value exceeds the maximum configured rate, the controller will register a denial of service attack.
If enabled, the controller monitors the number of TCP SYN messages per second. If this value exceeds the maximum configured rate, the controller will register a denial of service attack.
If enabled, the controller monitors the number of TCP sessions requests per second. If this value exceeds the maximum configured rate, the controller will register a denial of service attack sessions.
1477 | show firewall
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Deny inter user bridging
Log all received ICMP errors Per-packet logging Blacklist Grat ARP attack client Stateful SIP Processing
Allow tri-session with DNAT Disable FTP server Blacklist ARP attack client Monitor ARP attack Monitor Gratuitous ARP attack GRE call id processing Session Idle Timeout WMM content enforcement
Session VOIP Timeout
Description
If enabled this setting prevents the forwarding of Layer-2 traffic between wired or wireless users. You can configure user role policies that prevent Layer-3 traffic between users or networks but this does not block Layer-2 traffic.
Shows if the controller will log received ICMP errors.
If active, and logging is enabled for the corresponding session rule, this feature logs every packet.
If enabled, blacklist clients exceeding the Gratuitous ARP attack rate.
Shows if the controller has enabled or disabled monitoring of exchanges between a voice over IP or voice over WLAN device and a SIP server. This option should be enabled only when thee is no VoIP or VoWLAN traffic on the network
Shows if the controller allows three-way session when performing destination NAT.
If active, this feature disables the FTP server on the controller.
If enabled, blacklist clients exceeding the ARP attack rate.
Shows the status of the ARP attack monitor.
Shows the status of the Gratuitous ARP attack monitor.
If active the controller creates a unique state for each PPTP tunnel.
Shows if a session idle timeout interval has been defined.
If traffic to or from the user is inconsistent with the associated QoS policy for voice, this feature reclassifies traffic to best effort and data path counters are incremented.
If enabled, a idle session timeout is defined for sessions that are marked as voice sessions.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show firewall | 1478
Parameter Stateful H.323 Processing Stateful SCCP Processing Only allow local subnets in user table Monitor/police CP attacks
Rate limit CP untrusted ucast traffic Rate limit CP untrusted mcast traffic Rate limit CP trusted ucast traffic Rate limit CP trusted mcast traffic
Description
Shows if the controller has enabled or disabled stateful H.323 processing.
Shows if the controller has enabled or disabled stateful SCCP processing.
If enabled, the controller only adds IP addresses which belong to a local subnet to the user table.
If enabled, the controller monitors a misbehaving user's inbound traffic rate. If this rate is exceeded, the controller can register a denial of service attack.
Shows the inbound traffic rate
Displays the untrusted multicast traffic rate limit.
Displays the trusted unicast traffic rate limit.
Displays the trusted multicast traffic rate limit.
Rate limit CP route traffic Rate limit CP session mirror traffic Rate limit CP auth process traffic Deny inter user traffic
Prohibit ARP Spoofing Stateful VOCERA Processing Stateful UA Processing Enforce bw contracts for broadcast traffic
Displays the traffic rate limit for traffic that needs generated ARP requests.
Displays the traffic rate limit for session mirrored traffic forwarded to the controller.
Displays the traffic rate limit for traffic forwarded to the authentication process.
If enabled, this setting disables traffic between all untrused users. You can configure user role policies that prevent Layer-3 traffic between users or networks but this does not block Layer-2 traffic.
When this option is enabled, possible arp spoofing attacks are logged and an SNMP trap is sent.
VOCERA processing is disabled by default.
UA processing is disabled by default.
If enabled, bw contracts are applied ot local subnet broadcast traffic.
1479 | show firewall
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Multicast automatic shaping Stall Detection Enforce TCP Sequence numbers AMSDU Rx Jumbo Frames Session-tunnel FIB Prevent DHCP Exhaustion
Stateful SIPS Processing
Deny Source Routing Immediate Freeback DPI Classification STUN Based Traversal Web Content Classification
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
If enabled, enables multicast optimization and provides excellent streaming quality regardless of the amount of VLANs or IP IGMP groups that are used.
If enabled, triggers datapath crash on stall detection. Applies to the to W-7200 Seriescontrollers only.
If enabled, prevents data from passing between two clients until the three-way TCP handshake has been performed.
Aggregated Medium Access Control Service Data Units (AMSDU) packets are dropped if this option is enabled.
If enabled, supports up to 9216 bytes of payload on the controller.
Enables session tunnel based forwarding.
If enabled, this option checks for DHCP client hardware address against the packet source MAC address. This command checks the frame's source-MAC against the DHCPv4 client hardware address and drops the packet if it does not match. This feature prevents a client from submitting multiple DHCP requests with different hardware addresses, thereby preventing DHCP pool depletion.
If disabled, disables monitoring of exchanges between a voice over IP or voice over WLAN device and a SIP server. This option should be enabled only when there is no VoIP or VoWLAN traffic on the network.
If enabled, forwarding of IP frames with source routing with the source routing options set is disallowed.
If enabled, immediately frees buffers on W7200controllers. Do not enable this option unless instructed to do so by a technical support representative.
If enabled, performs deep packet inspection.
If enabled, allows STUN- based firewall traversal.
If enabled, allows web content classification for all HTTP traffic.
show firewall | 1480
Parameter
Description
Default: disabled
Web Content Cache Miss Drop
If enabled, allows the controller to drop any packets that do not match any web content category or reputation levels in the controller's internal web content cache.
Default: disabled
Stateful ICMP Processing
Process stateful inspection of ICMP packets. Default: disabled
Optimize Duplicate Address Detection frames
Reduce flooding of IPv4 Gratuitous ARPs/IPv6 Duplicate Address Detection (DAD) frames onto wireless clients.
Default: enabled
Related Commands
Command firewall
Description This command configures firewall options on the controller.
firewall cp
This command creates whitelist session ACLs
firewall cp-bandwidth-contract This command configures bandwidth contract traffic rate limits to prevent denial of service attacks.
Command History
Release ArubaOS 3.4
Modification Command introduced.
ArubaOS 6.4
The following parameters were introduced: l Jumbo Frames l Stall Detection l DPI Classification l STUN Based Traversal
ArubaOS 6.4.1
The following parameters were introduced as part of the show firewall command: l Blacklist Grat ARP attack client l Blacklist ARP attack client l Monitor ARP attack
1481 | show firewall
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Release ArubaOS 6.4.2.0 ArubaOS 6.4.2.5
Modification
l Monitor Gratuitous ARP attack
The following parameters were introduced as part of the show firewall command: l Web Content Classification l Web Content Cache Miss Drop
The Optimize Duplicate Address Detection frames parameter was introduced.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show firewall | 1482
show firewall-cp
show firewall-cp [internal]
Description
Displays the captive-portal (CP) firewall policies on the controller.
Syntax
No Parameters
Example
The output of this command shows the CP firewall policies.
(host) #show firewall-cp
CP firewall policies
--------------------
IP Version Source IP
contract
---------- ---------
---
ipv4
any
ipv4
10.10.10.10
ipv4
2:2:2:2::2
Source Mask -----------
2.2.2.2
Protocol
--------
6 6 1
Start Port
----------
21 8 1
End Port
--------
21 9 2
Permit/Deny
-----------
Permit Permit Permit
hits
----
0 0 0
----test
Command History
Release ArubaOS 3.4
Modification Command introduced.
ArubaOS6.2
The IP Version parameter was added.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1483 | show firewall-cp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show firewall-visibility
show firewall-visibility {debug|status}
Description
Displays the policy enforcement firewall visibility process state and status information.
Syntax
Parameter debug status
Description Displays process state information for debugging firewall visibility. Displays the status of firewall visibility as enabled or disabled.
Example
The output of this command shows the status of firewall visibility. (host) #show firewall-visibility status enabled
Command History
This command is introduced in ArubaOS 6.2.
Command Information
Platforms
W-3200, W-3400, W-3600, W-6000M3, and 7200 Series controllers
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controller
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show firewall-visibility | 1484
show flush-r1-on-new-r0
ap·flush-r1-on-new-r0 {enable|disable}
Description
Use this command to view the status of flushing r1 keys on new r0.
Syntax
No parameters.
Example
The following example displays the status of flushing r1 keys on new r0: (host) (config) #show flush-r1-on-new-r0 Fast Roaming flush-r1-on-new-r0:enable
Command History
Release ArubaOS 6.3
Modification Command introduced
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode Enable mode or Config mode.
1485 | show flush-r1-on-new-r0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show gap-debug
show gap-debug
Description
Displays the troubleshooting information for the global AP database.
Usage Guidelines
Use this command to identify any issues with the global AP database. This command displays the troubleshooting information for the global AP database.
Example
The following is a sample output of this command:
(6000-202) #show gap-debug
GAP Master LMS Table
--------------------
IP
Master Cookie
Master Seq LMS Cookie
Status Msg In Prog Msg Len Attempts Last Reset Reason
--
-------------
---------- ----------
--- ----------- ------- -------- -----------------
172.20.1.101 172.20.1.102,521bbce7 0
0.0.0.0,00000000
no
-
-
down notification
172.20.1.102 172.20.1.102,521ba3b1 0
0.0.0.0,00000000
no
-
-
switched to backup
192.168.2.2 172.20.1.102,521ba5e6 0
192.168.2.2,521ba6fd
no
-
-
down notification
192.168.3.2 172.20.1.102,521ba67e 0
192.168.3.2,521ba71b
no
-
-
down notification
192.168.4.2 172.20.1.102,521ba6af 0
192.168.4.2,521ba724
no
-
-
down notification
192.168.5.2 172.20.1.102,521ba6be 0
192.168.5.2,521ba794
no
-
-
down notification
192.168.6.2 172.20.1.102,521ba694 0
192.168.6.2,521ba730
no
-
-
down notification
192.168.7.2 172.20.1.102,521ba677 0
192.168.7.2,521ba6fd
no
-
-
down notification
The output of this command includes the following information:
LMS Seq Activity
------- -------- ---
0
--
up
0
--
up
170
30
up
172
34
up
163
58
up
169
19
up
163
40
up
170
29
up
Column IP Master Cookie
Master Seq LMS Cookies
LMS Seq
Description
The IP address of the local management switch (LMS).
The cookie information on the master controller that is used to communicate with the LMS.
The sequence number used by the master controller to sync up with the LMS. This tracks the number of times the master controller has communicated with the LMS.
The cookie information on the LMS that is used to communicate with the master controller.
The sequence number used by the LMS to sync up with the master controller.This
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show gap-debug | 1486
Column Activity
Description tracks the number of times the LMS has communicated with the master controller. The time at which the last activity happened on the LMS.
Status
Indicates if the status of the LMS is up or down.
Msg in Prog
Indicates if an active communication is happening between the LMS and the master controller. It can be Yes or No. If it is yes, then the Msg Len and Attempt fields are set.
Msg Len
The length of the message that the master controller is syncing with the LMS.
Attempts
Number of times the master controller has attempted to sync with the LMS.
Last Reset Reason Indicates the reason for last reset.
Command History
This command is introduced in Dell Networking W-Series ArubaOS 6.4.x.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable or Config mode on master controllers.
1487 | show gap-debug
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show gateway health-check
show gateway health-check
Description
Display the current status of the gateway health-check feature.
Syntax
No parameters.
Usage Guidelines
The gateway health check feature can only be enabled by Dell Technical Support.
Example
This example below shows that the gateway health-check feature has not been enabled on the controller. (host) #show gateway health-check Gateway health check not enabled
Related Commands
Command gateway health-check disable
Description Disable the gateway health check
Mode Config mode
Command History
This command was introduced in ArubaOS 3.4.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show gateway health-check | 1488
show global-user-table count
show global-user-table
show global-user-table count [current-switch] <IP address> [authentication-method] {dot1x | mac | stateful-dot1x | vpn | web} [role] <role name> [bssid] <bssid MAC> [essid] <essid> [ap-name] <AP name> [phy-type] {a | b | g} [age] <starting time dd:hh:mm> <ending time dd:hh:mm>
Description
This command displays a count of global user based on the specified criteria.
Syntax
Parameter current-switch
Description Match IP address of the switch where the user is currently associated
authentication-method Count users matching the specified authentication method
role
Count users matching the specified role
bssid
Count users matching the specified BSSID
essid
Count users matching the specified ESSID. If the ESSID includes spaces, you must enclose it in quotation marks.
ap-name
Count users matching the specified AP name
phy-type
Count users matching the specified Phy type
age
Count users matching the specified age
Example
Issue this command to display a global user count. The output shown below is a result of the command show global-user-table count current-switch <ip-address>. Complete results. The number of global users : 2
The output includes the following parameters:
Parameter
Description
The number of global users: Total number of global users meeting the specified criteria.
1489 | show global-user-table count
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
This command was introduced in ArubaOS 3.4.
Command Information
Platforms
All platforms Master controller only
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show global-user-table count | 1490
show-global-user-table list
show global-user-table list current-switch] <IP address> authentication-method] {dot1x | mac | stateful-dot1x | vpn | web} role <role name> bssid <bssid MAC> devtype <device> essid <essid> ap-name <AP name> phy-type a|b|g age <starting time dd:hh:mm> <ending time dd:hh:mm> not or rows sort {sort_by_ap-name | sort_by_authtype | sort_by_bssid | sort_by_current-switch | sort_ by_essid | sort_by_ip | sort_by_mac | sort_by_name | sort_by_phy-type | sort_by_role}{asc | desc} start
Description
This command displays a list of current users on a specified switch.
Syntax
Parameter current-switch
Description Match IP address of the switch where the user is currently associated
authentication-method Count users matching the specified authentication method
role
Count users matching the specified role
bssid
Count users matching the specified BSSID
essid
Count users matching the specified ESSID. If the ESSID includes spaces, you must enclose it in quotation marks.
ap-name
Count users matching the specified AP name
phy-type
Count users matching the specified Phy type
age
Count users matching the specified age
current-switch
Match IP address of the switch where the user is currently associated
authentication-method Count users matching the specified authentication method
role
Count users matching the specified role
1491 | show-global-user-table list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter not or rows sort start
Description Show users that do not satisfy the given criteria Show users that satisfy any of the given criteria Number of rows to show Sort the list based on a specified criteria, in ascending or descending order Show user table starting from a specific row
Example
Issue this command to display a global user count. The output of this command is split into two tables in this document, however it appears in one table in the CLI.
(host) (config) show user role employee
Global Users
-----
IP
MAC
Name
name
----------
------------
------
---
192.168.160.1 00:23:6c:80:3d:bc madisonQ
10.100.105.100 00:05:4e:45:5e:c8 CorpNetwork2
wlanAP
10.100.105.102 00:14:a5:30:c2:7f fdedhia
10.100.105.97 00:1b:77:c4:a2:fa CorpNetwork2
10.100.105.109 00:21:5c:02:16:bb melindayao
Role
Age(d:h:m) Auth VPN link AP
----
---------- ---- -------- ----
employee 01:05:50 employee 00:02:22
802.1x 802.1x
AP63
employee 01:20:09 employee 00:02:18 employee 00:05:40
802.1x 802.1x 802.1x
AP98 AP98 AP09
users ----Roaming
------Associated Associated Associated Associated Associated
Essid
Bssid
Phy
---------------- -------
wirelessint-wpa2 00:1a:1e:85:d3:b1 a-HT
wirelessint-wpa2 00:1a:1e:6f:e5:51 a
wirelessint-wpa2 00:1a:1e:87:ef:f1 a
wirelessint-wpa2 00:1a:1e:87:ef:f1 a
wirelessint-wpa2 00:1a:1e:85:c2:11 a-HT
Profile
default default default default default
The output of this command includes the following parameters:
---------- --- -----
Parameter IP MAC Name Current Switch
Description IP address of user. MAC address of user. User name. IP address of the switch where the user is currently associated.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show-global-user-table list | 1492
Parameter Role Age Auth VPN Link AP name Roaming Essid Bssid Phy Profile Forward mode
Type
Description User role. User age, displayed as days:hours:minutes. Authentication method used by user. IP address of the client VPN gateway. AP name. Roaming status. User's extended service set identifier (ESSID). User's basic service set identifier (BSSID). User Phy type (a, b or g). Profile name Forwarding mode assigned to the user (tunnel, split-tunnel, decrypt-tunnel or bridge). Type of client device, if identified.
Command History
Release ArubaOS 3.4 ArubaOS 6.1
Modification
Command introduced
The devtype parameter was introduced, and the output of this command expanded to include the Type column.
Command Information
Platforms
All platforms Master controller only
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
1493 | show-global-user-table list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show guest-access-email
show guest-access-email
Description
This command shows a guest access email profile configuration. The guest access email process sends email to either the guest or the sponsor whenever a guest user account is created or when the Guest Provisioning user manually sends email from the Guest Provisioning page.
Syntax
No parameters.
Usage Guidelines
Issue this command to show the current guest access email profile parameters. The Parameter and Value columns show the configured SMTP server and SMTP ports. that process guest email. (host) #show guest-access-email
Guest-access Email Profile -------------------------Parameter Value --------- ----SMTP Server 10.1.1.4 SMTP Port 25
Related Commands
Command guest-access-email
Description
Mode
This command shows a guest access email profile configuration.
Enable or Config modes
local-userdb-guest add This command creates a guest user in a local user database.
Enable or Config modes
Command History
This command was introduced in ArubaOS 3.4.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show guest-access-email | 1494
show ha ap
show ha ap information {ip-addr <ip-addr>|ip6-addr <ip6-addr>} table
Description
This command displays information about APs using the High Availability feature.
Syntax
Parameter
Description
information ip-addr <ip-addr> ip6-addr <ip6-addr>
Issue this command under the supervision of Dell support to troubleshoot the High Availability feature.
table
Display the High Availability AP table to view information about APs configured to use the High Availability feature.
Usage Guidelines
The High Availability features work across Layer-3 networks, so there is no need for a direct Layer-2 connection between in a high-availability group When the AP first connects to its active , the active provides the IP address of a standby , and the AP attempts to establish a tunnel to the standby to the standby . If an AP fails to connect to the first standby , the active will select a new standby for that AP, and the AP will attempt to connect to that standby .
An AP will failover to its backup if it fails to contact its active through regular heartbeats and keepalive messages, or if the user manually triggers a failover using the WebUI or CLI.
Examples
The following command displays the HA table for the HA group default.
(host) #show ha ap table
HA AP Table
-----------
AP
IP-Address MAC-Address
AP-flags HA-flags
--
---------- -----------
-------- --------
ard
10.3.31.245 6c:f3:7f:c6:72:c0 LU
arr
10.3.31.222 d8:c7:c8:c0:02:7c LU
kalap105-2 10.3.31.253 00:24:6c:c0:22:6b LU
S
Total Num APs::3
Active APs::2
Standby APs::1
AP Flags: R=RAP; S=Standby; s=Bridge Split VAP L=Licensed; M=Mesh, U=Up
HA Flags: S=Standby, C=Standby connected, L=LMS, F=Sent Failover Request to AP,
H=AP flagged for Inter Controller Heartbeat
Command History
Introduced in ArubaOS 6.4
1495 | show ha ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platform Available on all platforms
License
Available in the base operating system.
Command Mode
Enable mode on master and local controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ha ap | 1496
show ha group
show ha group-membership group-profile [<profile>]}
Description
This command displays High Availability profile settings and shows the high availability group to which the controller is currently assigned.
Syntax
Parameter
Description
group-membership <pro- Name of the high availability group to which the controller should be a member. file>
group-profile [<profile>]
Display a list of all high availability groups, or include the optional <profile> parameter to display configuration settings for the specified profile.
Usage Guidelines
The High Availability feature supports redundancy models with an active controller pair, or an active/standby deployment model with one backup controller supporting one or more active controllers. Each of these clusters of active and backup controllers comprises a high-availability group. Note that all active and backup controllers within a single high-availability group must be deployed in a single master-local topology. The High Availability feature works across Layer-3 networks, so there is no need for a direct Layer-2 connection between controllers in a high-availability group.\
Examples
The following command shows that the controller from which the command was issued is a member of the high availability group ha-group2.
(host) #show ha-group-member Member of HA group :ha-group2
The example below shows that the controller has two configured high availability group profiles. The Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
HA group information List
-------------------------
Name
Profile Status
----
--------------
default
new
Total:2
Command History
Introduced in ArubaOS 6.3
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ha group | 1498
Command Information
Platform Available on all platforms
License
Available in the base operating system.
Command Mode
Enable mode on master and local controllers.
1499 | show ha group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ha heartbeat counters
show ha heartbeat counters
Description
This command displays statistics for the High Availability extended controller capacity feature.
Syntax
No parameters.
Usage Guidelines
The high availability inter-controller heartbeat feature allows for faster AP failover from an active controller to a standby controller, especially in situations where the active controller reboots or loses connectivity to the network.
The inter-controller heartbeat feature works independently from the AP mechanism that sends heartbeats from the AP to the controller. If enabled, the inter-controller heartbeat feature supersedes the AP's heartbeat to its controller. As a result, if a standby controller detects missed inter-controller heartbeats from the active controller, it triggers its standby APs to failover to the standby controller, even if those APs have not detected any missed heartbeats between the APs and their active controller. Use this feature with caution in deployments where the active and standby controllers are separated over high-latency WAN links.
When this feature is enabled, the standby controller starts sending regular heartbeats to an AP's active controller as soon as the AP has an UP status on the standby controller. By default, the standby controller sends heartbeat messages every 100ms. If the active controller becomes unreachable for the number of heartbeats defined by the heartbeat threshold (by default, 5 missed heartbeats), the standby controller immediately detects this error, and informs the APs using the standby controller to fail over from the active controller to the standby controller .
This feature is disabled by default. It can be used in conjunction with the high availability state synchronization feature only in topologies that use a single active and standby controller, or a pair dual-mode active controllers that act as standby controllers for each other. High availability inter-controller heartbeats can be enabled and configured in the high-availability group profile using the WebUI or Command-Line interfaces.
Examples
The following command displays high-availability heartbeat statistics for the high availability group default. (host) (HA group information "default") #show ha heartbeat counters
Heartbeat stats
---------------
Controller IP Active Reference Count
------------- ----------------------
172.14.0.2
1
Total Heartbeat Sent -------------------101
Total Heartbeat Received -----------------------101
Last Missed Heartbeat (Count) Time ---------------------------------0
The output of this command includes the following parameters:
Parameter Controller IP
Description IP address of the controller from which this command was issued.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ha heartbeat counters | 1500
Parameter
Description
Active Reference Count
Number of APs that are using that standby controller as their active controller.
Total HeartBeat Sent Total number of heartbeats sent by the controller.
Total Heartbeat REceived
Total nunmber of heartbeats received by the controller.
Last Missed Heartbeat Timestamp showing when the last heartbeat sent was not received, as well as the
(count) time
number of heartbeats that failed to be sent.
Command History
Introduced in ArubaOS 6.4
Command Information
Platform Available on all platforms
License
Available in the base operating system.
Command Mode
Enable mode on master and local controllers.
1501 | show ha heartbeat counters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ha oversubscription statistics
show ha oversubscription statistics
Description
This command displays statistics for the High Availability extended controller capacity feature
Syntax
No parameters.
Usage Guidelines
Starting with ArubaOS 6.4.0.0, a W-7200 Series controller acting as a standby controller can oversubscribe to standby APs by up to four times that controller's rated AP capacity, and a standby W-6000M3 controller module or W-3600 controller can oversubscribe by up to two times its rated AP capacity, as long as the tunnels consumed the standby APs do not exceed the maximum tunnel capacity for that standby controller.
Feature Requirements
All controllers using this feature must be deployed in a master-local topology where centralized licensing is enabled on the active and standby controllers. If centralized licensing is disabled, the standby AP oversubscription feature are disabled also. Standby controller oversubscription and the high availability state synchronization features are mutually incompatible cannot be be enabled simultaneously. If your deployment uses the state synchronization feature, you must disable it before you enable standby controller oversubscription.
W-3200, W-3400 and W-600 Series controllers do not support this feature.
Standby Controller Capacity
The following table describes the AP oversubscription capacity maximum supported tunnels and for controllers that support this feature.
Controller Model
W-6000M3 W-3600 W-7210 W-7220 W-7240
Standby AP Capacity 2x rated AP capacity 2x rated AP capacity 4x rated AP capacity 4x rated AP capacity 4x rated AP capacity
Maximum Tunnels Supported 16384 tunnels 16384 tunnels 16384 tunnels 32768 tunnels 65536 tunnels
To determine the number of standby tunnels consumed by APs on each active controller, multiply the number of APs on the active controllers by the number of BSSIDs per AP. As an example, consider a deployment with four active W-7210 controllers that each have 512 APs with 8 BSSIDs. The APs on each active controller consume (512 * 8) tunnels, for a combined total of 16,384 tunnels. A single W-7210 controller using the standby controller oversubscription feature can act as the standby controller for all four active controllers in
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ha oversubscription statistics | 1502
this example, because this topology is within the the 4x rated AP capacity limit and maximum tunnel limit for the a W-7210 controller model.
If the network administrator later changed all the APs in this deployment to support 10 BSSIDs, each active controller would use (512 * 10) tunnels, for a combined total of 20,480 tunnels on the four active controllers. The tunnels required by the APs on the active controllers would then exceed the maximum tunnel limit for the standby controller, so the standby controller can no longer support all APs on the active controllers.
AP Failover
If a standby controller reaches its AP oversubscription capacity or exceeds its maximum BSSID limit, the standby controller drops any subsequent standby AP connections. A dropped AP attempts to reconnect to the standby controller, but after it exceeds the maximum number of request retries, the AP informs the active controller that it is unable to connect to the standby controller. The active controller then prompts the AP to create a standby tunnel to another standby controller, if one is configured.
If an active controller fails, the APs on the active controller fail over to the standby controller. Once the standby controller has reached its capacity for active APs,it terminates tunnels to any standby APs that controller can no longer serve. When these APs detect that there is no longer a heartbeat between the AP and the standby controller, they notify their active controller that they can no longer connect to the standby. The active controller then prompts the APs to establish standby tunnels to another standby controller, if one is configured.
Examples
The following command displays oversubscription statistics for APs and tunnels
(host) #show ha oversubscription statistics
Platform oversubscription factor :
4
APs Limits
------------------
APs
Number
----
------
Platform Limit
512
Current Active
2
Current Standby
694
Active remaining
0
Standby remaining
1
Maximum allowed Standby 697
BSS Limits -------------------Tunnels ------Maximum BSS tunnels Average BSS/AP BSS tunnels in use BSS tunnels available
Limits -----16384 23 16360 24
The output of this command includes the following parameters:
Parameter Platform limit Current Active Current Standby
Description Maximum number of APs supported by the controller platform. Number of active APs currently associated to the controller. Number of APs that are currently using the controller as a standby controller.
1503 | show ha oversubscription statistics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
Active Remaining
Number of APs that can connect to this controller in Active mode.
Standby Remaining
Number of APs that can connect to this controller in Standby mode.
Maximum allowed Standby
Maximum number of Standby APs supported by the controller.
Maximum BSS tunnels
The maximum number of BSS tunnels supported by the controller.
Average BSS/AP
The average number of BSS tunnels per AP using the controller as a standby controller.
BSS tunnels in use
Number of BSS tunnels currently in use by the controller.
BSS tunnels available Number of BSS tunnels not currently in use by the controller.
Command History
Introduced in ArubaOS 6.4
Command Information
Platform Available on all platforms
License
Available in the base operating system.
Command Mode
Enable mode on master and local controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ha oversubscription statistics | 1504
show hostname
show hostname
Description
Show the hostname of the controller.
Syntax
No parameters.
Example
The output of this command shows the hostname configured for the controller. A hostname can contain alphanumeric characters, spaces, punctuation, and symbol characters.
(host) # show hostname hostname is SampleHost
Related Commands
Configure the controller's hostname using the command hostname.
Command History
This command was available in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Available on master or local controllers
1505 | show hostname
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show iap detailed-table
show iap detailed-table branch-key <brkey> long
Description
Displays the details of all the branches terminating at the controller.
Syntax
Parameter branch-key <brkey> long
Description Key for the branch, which is unique to each branch. Displays the branches connected to the controller in detailed view.
Example
This example shows the details of the branches connected to the controller: (host) #show iap detailed-table long
Name
VC MAC Address
Status
----
--------------
------
Instant-C0:8C:08 d8:c7:c8:c4:73:53 UP
Instant-C0:8C:08 d8:c7:c8:c4:73:53 UP
Instant-C0:8C:08 d8:c7:c8:c4:73:53 UP
Inner IP -------1.1.1.1
1.1.1.1
1.1.1.1
Key ------------------------------------2d15576901190269568c3d9837fc1b414e1b06 523282805aaa 2d15576901190269568c3d9837fc1b414e1b06 523282805aaa 2d15576901190269568c3d9837fc1b414e1b06 523282805aaa
Flags ----PD2 PD3 PC2
Branch (Subnet / Vlan) BID
---------------------- ---
52
0
53.1.1.8/29
0
51
0
IP Address Range -----------------52.1.1.2-52.1.1.100 53.1.1.1-53.1.1.100
Client Count -----------5 5
Flags: P = Primary Tunnel; B = Backup Tunnel; C = Centralized; U = Unassigned; D = Distributed; L = Local; 3 = Routed(L3); 2 = Bridged(L2);
The output of this command includes the following parameters:
Parameter Name
Description Name of the branch
VC MAC Address
MAC address of the Virtual Controllerof the branch
Status
Current status of the branch (UP/DOWN)
Inner IP
Internal VPN IP of the branch
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show iap detailed-table | 1506
Parameter Key
Description Key for the branch, which is unique to each branch
Flags
This column displays any flags for the branch subnet
l P = Primary Tunnel l B = Backup Tunnel l C = Centralized l D = Distributed l L = Local l U = Unassigned l 3 = Routed(L3) l 2 = Bridged(L2)
Branch (Subnet/Vlan) Subnet mask or VLAN assigned to the branch
BID
Branch ID
IP Address Range Client Count
Allocated branch subnet IP address range Number of client terminating on this controller
Command History
Release ArubaOS 6.4
Modification Command introduced
Command Information
Platforms
Licensing
All platforms
Base operating system, except for noted parameters
Command Mode
Enable or Configuration mode on master and local controller
1507 | show iap detailed-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show iap table
show iap table branch-key <brkey> long
Description
Displays the branch details connected to the controller.
Syntax
Parameter branch-key <brkey> long
Description Key for the branch, which is unique to each branch. Displays the branches connected to the controller in detailed view.
Example
This example shows the details of the branches connected to the controller: (host) #show iap table long
IAP Branch Table
----------------
Name
VC MAC Address
----
--------------
Tokyo-CB:D3:16 6c:f3:7f:cc:42:f8
Paris-CB:D3:16 6c:f3:7f:cc:3d:04
LA
6c:f3:7f:cc:42:25
Munich
d8:c7:c8:cb:d3:16
London-c0:e1
6c:f3:7f:c0:e1:b1
Instant-CB:D3 6c:f3:7f:cc:42:1e
Delhi
6c:f3:7f:cc:42:ca
Singapore
6c:f3:7f:cc:42:cb
Status -----DOWN UP UP DOWN UP DOWN DOWN UP
Inner IP -------0.0.0.0 10.15.207.140 10.15.207.111 0.0.0.0 10.15.207.120 0.0.0.0 0.0.0.0 10.15.207.122
Assigned Subnet Assigned Vlan --------------- ------------10.15.206.99/29 2 10.15.206.24/29 2 10.15.206.64/29 2
10.15.206.120/29 2
Key --b3c65c... b3c65c... b3c65c... a2a65c... b3c65c... b3c65c... b3c65c... b3c65c...
Bid(Subnet Name) ----------------
2(10.15.205.0-10.15.205.250,5),1(10.15.206.1-10.15.206.252,5) 0 7(10.15.205.0-10.15.205.250,5),8(10.15.206.1-10.15.206.252,5)
1(10.15.205.0-10.15.205.250,5),2(10.15.206.1-10.15.206.252,5) 14(10.15.205.0-10.15.205.250,5),15(10.15.206.1-10.15.206.252,5)
The output of this command includes the following parameters:
Parameter Name
Description Name of the branch.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show iap table | 1508
Parameter VC MAC Address Status Inner IP Assigned Subnet Assigned Vlan Key Bid(Subnet Name)
Description
MAC address of the Virtual Controller of the branch.
Current status of the branch (UP/DOWN).
Internal VPN IP of the branch.
Subnet mask assigned to the branch.
VLAN ID assigned to the branch.
Key for the branch, which is unique to each branch.
Branch ID (BID) of the subnet. l In the example above, the controller displays bid-per-subnet-per-branch
i.e., for "LA" branch, BID "2" for the ip-range "10.15.205.0-10.15.205.250" with client count per branch "5"). If a branch has multiple subnets, it can have multiple BIDs. l Branches that are in UP state and do not have a Bid(Subnet Name) means that the IAP is connected to a controller which did not assign any bid for any subnet. In the above example, "Paris-CB:D3:16" branch is UP and does not have a Bid(Subnet Name) information. This means that either the IAP is connected to a backup controller or connected to a primary controller without any distributed L2 or L3 subnets. For more information on bid-per-subnet-per-branch and distributed L2 and L3 subnets, see the DHCP Configuration chapter of the Dell Instant Access Point 6.2.1.0-3.3 User Guide.
Related Commands
Command iap del branch-key
Description
This command removes a branch from the controller based on the branch key.
Command History
Release ArubaOS 6.2 ArubaOS 6.3
Modification Command introduced The long parameter is introduced.
1509 | show iap table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system, except for noted parameters
Enable or Configuration mode on master and local controller
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show iap table | 1510
show iap trusted-branch-db
show iap trusted-branch-db
Description
Displays the details of IAP trusted branch database information.
Syntax
None
Example
This example shows the details of IAP trusted branch database information: (host) #show iap trusted-branch-db
Trusted Branch Validation: Enabled IAP Trusted Branch Table -----------------------Branch MAC ---------01:01:0e:3e:4c:33
Another example:
(host) #show iap trusted-branch-db
Trusted Branch Validation: Disabled IAP Trusted Branch Table -----------------------Branch MAC ---------(allow all as trusted branch)
The output of this command includes the following parameters:
Parameter Branch MAC
Description MAC address of the trusted IAP branch
Related Commands
Command iap trusted-branch-db
Description This command configures an IAP-VPN branch as trusted
Command History
Release ArubaOS 6.2
Modification Command introduced
1511 | show iap trusted-branch-db
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system, except for noted parameters
Enable or Configuration mode on master and local controller
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show iap trusted-branch-db | 1512
show ids ap-classification-rule
id-classification-rule <rule-name>
Description
Display the IDS AP classification rule profile.
Syntax
Parameter <rule-name>
Description Enter the AP classification rule profile name.
Usage Guidelines
Issue this command without the <rule-name>option to view the AP Classification Rule Profile list. Add the rule name option to display values for the rule.
Example
Below is the show command without the rule name option:
(host) (config) #show ids ap-classification-rule
IDS AP Classification Rule Profile List
---------------------------------------
Name
References Profile Status
----
---------- --------------
exclude-ssid-rule 1
rule1
1
rule2
1
Total:3
In the example above, the Reference column indicates the number of references to the rule named in the Name column. The Profile Status column is blank unless the rule is predefined. Optionally, you can enter a rule name to view the parameters for that rule. For example:
(host) (config) # show ids ap-classification-rule rule1
IDS AP Classification Rule Profile "rule1"
------------------------------------------
Parameter
Value
---------
-----
SSID
Dell-ap
Match SSIDs
true
Min SNR value
0
Max SNR value
255
Discovered APs count
2
Check for Min Discovered APs true
Classify To AP Type
suspected-rogue
Confidence level increase
5
Command History
Release ArubaOS 6.0
Modification Command introduced
1513 | show ids ap-classification-rule
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms Available on all platforms
Licensing
Command Mode
Requires the RFprotect license Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids ap-classification-rule | 1514
show ids ap-rule-matching
Description
Display the IDS active AP rules profile.
Example
(host) (config) #show ids ap-rule-matching
IDS Active AP Rules Profile
---------------------------
Parameter
Value
---------
-----
AP Rule name snr0
AP Rule name rule1
AP Rule name rule2
AP Rule name exclude-ssid-rule
In the above example, the rule names in the Value column have been activated by the ids ap-rule-matching command.
Command History
Release ArubaOS 6.0
Modification Command introduced
Command Information
Platforms Available on all platforms
Licensing
Command Mode
Requires the RFprotect license Config mode on master controllers
1515 | show ids ap-rule-matching
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids dos-profile
show ids dos-profile <profile-name>
Description
Show an IDS Denial Of Service (DoS) Profile
Syntax
Parameter <profile-name>
Description Name of an IDS DoS profile.
Usage Guidelines
Issue this command without the <profile-name>parameter to display an IDS DoS profile.
Examples
The example below shows that the controller has four configured DoS profiles. ((host) (config) #show ids dos-profile
IDS Denial Of Service Profile List
----------------------------------
Name
References Profile Status
----
---------- --------------
default
4
test
0
test1
1
Wizard-test 1
Wizard-test2 1
Total:5
In the example above, the Reference column indicates the number of references to the profile named in the Name column. The Profile Status column is blank unless the rule is predefined. The example below displays a partial output for the profile "test1".
(host) (config) #show ids dos-profile test1 Parameter --------Detect Disconnect Station Attack Disconnect STA Assoc Response Theshold Disconnect STA Deauth and Disassoc Theshold Disconnect STA Detection Quiet Time Spoofed Deauth Blacklist Detect AP Flood Attack AP Flood Threshold AP Flood Increase Time AP Flood Detection Quiet Time Detect Client Flood Attack Client Flood Threshold Client Flood Increase Time Client Flood Detection Quiet Time Detect EAP Rate Anomaly
Value ----true 5 8 900 sec Disabled false 50 3 sec 900 sec false 150 3 sec 900 sec false
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids dos-profile | 1516
EAP Rate Threshold EAP Rate Time Interval EAP Rate Quiet Time Detect CTS Rate Anomaly CTS Rate Threshold CTS Rate Time Interval CTS Rate Quiet Time Detect RTS Rate Anomaly RTS Rate Threshold RTS Rate Time Interval RTS Rate Quiet Time Detect Rate Anomalies Rate Thresholds for Assoc Frames Rate Thresholds for Disassoc Frames Rate Thresholds for Deauth Frames ...
60 3 sec 900 sec false 5000 5 sec 900 sec false 5000 5 sec 900 sec false default default default
For a detailed explanation of the output shown above, see the ids dos-profile command.
Related Commands
Configure IDS DoS profiles using the command ids dos-profile.
Command History
Release ArubaOS 6.0
Modification Command introduced
Command Information
Platforms Available on all platforms
Licensing
Command Mode
Requires the RFprotect license Config mode on master controllers
1517 | show ids dos-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids general-profile
show ids general-profile <profile-name>
Description
Display an IDS General profile.
Syntax
Parameter <profile-name>
Description Name of an IDS General profile.
Usage Guidelines
Issue this command without the <profile-name> parameter to display the IDS General profile list. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has four configured General profiles.
(host) (config) # show ids general-profile
IDS General Profile List
------------------------
Name
References Profile Status
----
---------- --------------
default
2
helen
0
wired-lb
1
Wizard-test2 1
Total:4
In the example above, the Reference column indicates the number of references to the profile named in the Name column. The Profile Status column is blank unless the rule is predefined.
The example below displays the settings for the profile Michael.
(host) (config) #show ids general-profile Michael
IDS General Profile "Michael" --------------------------Parameter --------Adhoc AP Max Unseen Timeout Adhoc (IBSS) AP Inactivity Timeout AP Inactivity Timeout AP Max Unseen Timeout Frame Types for RSSI calculation IDS Event Generation on AP Max Monitored Stations Max Unassociated Stations Min Potential AP Beacon Rate Min Potential AP Monitor Time Mobility Manager RTLS Monitored Device Stats Update Interval Packet SNR Threshold
Value ----180 sec 5 sec 20 sec 600 sec ba pr dlow dnull mgmt ctrl none 1024 256 25 % 2 sec false 0 sec 0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids general-profile | 1518
Send Adhoc Info to Controller Signature Quiet Time STA Inactivity Timeout STA Max Unseen Timeout Stats Update Interval Wired Containment Wired Containment of AP's Adj MACs Wired Containment of Suspected L3 Rogue Wireless Containment Debug Wireless Containment WMS Client Monitoring
true 900 sec 60 sec 600 sec 60 sec true true false deauth-only false all
The output of this command includes the following parameters:
Parameter Adhoc AP Max Unseen Timeout
Description
Ageout time in seconds since adhoc (IBSS) AP was last seen.
Adhoc (IBSS) AP Inactivity Timeout
Adhoc (IBSS) AP inactivity timeout in number of scans.
AP Inactivity Timeout
Time, in seconds, after which an AP is aged out.
AP Max Unseen Timeout
Ageout time, in seconds, since AP was last seen.
Frame Types for RSSI calculation
Frame types used in AM RSSI calculation.
IDS Event Generation on AP
Enable or disable IDS event generation from the AP. Event generation from the AP can be enabled for syslogs, traps, or both. This does not affect generation of IDS correlated events on the switch.
Max Monitored Stations
Maximum number of monitored stations.
Max Unassociated Stations
Maximum number of unassociated stations.
Min Potential AP Beacon Rate
Minimum beacon rate acceptable from a potential AP, in percentage of the advertised beacon interval.
Min Potential AP Monitor Time
Minimum time, in seconds, a potential AP has to be up before it is classified as a real AP.
Mobility Manager RTLS
Shows if RTLS communication with the configured mobility-manager is enabled or disabled.
Monitored Device Stats Update Interval
Time interval, in seconds, for AP to update the switch with stats for monitored devices. Minimum is 60.
Packet SNR Threshold
The packet Signal to Noise Ratio (SNR) threshold. All packets with SNR below this threshold is dropped from IDS and ARM processing.
No packets are dropped if the threshold is set to 0.
1519 | show ids general-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Send Adhoc Info to Controller
Description
Enable or disable sending adhoc information to the controller from the AP.
Signature Quiet Time
After a signature match is detected, the time to wait, in seconds, to resume checking.
STA Inactivity Timeout
Time, in seconds, after which a station is aged out.
STA Max Unseen Timeout
Time, in seconds, after which an AP is aged out.
Stats Update Interval
Interval, in seconds, for the AP to update the controller with statistics. This setting takes effect only if the Dell Mobility Manager is configured. Otherwise, statistics update to the controller is disabled.
Wired Containment
Shows if the profile has enabled or disabled containment from the wired side.
Wired Containment of AP's Adj MACs
Shows if the profile has enabled or disabled wired containment of MACs offset by one from APs BSSID.
Wired Containment of Suspected L3 Rogue
Shows if the profile has enabled or disabled the feature to identify and contain an AP with a preset wired MAC address that is completely different from the AP's BSSID. where the MAC address that the AP provides to wireless clients as a `gateway MAC' is offset by one character from its wired MAC address.
Wireless Containment
Shows if the profile has enabled or disabled containment from the wireless side.
Debug Wireless Containment
Shows if the profile has enabled or disable debugging of containment from the wireless side.
Wired Containment of AP's Adj MACs
Enable/disable wired containment of MACs offset by one from APs BSSID.
Related Commands
Configure IDS General profiles using the command ids general-profile.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids general-profile | 1520
Command History
Version ArubaOS 3.0
Description Command Introduced
ArubaOS 5.0
Mobility Manager RTLS parameter introduced
ArubaOS 6.0
Refreshed show output
ArubaOS 6.3
Introduced the Wired Containment of Suspected L3 Rogue parameter.
ArubaOS 6.4.2.3
The following parameters were introduced as part of this command output: l Packet SNR Threshold l Frame Types for RSSI calculation l Max Monitored Stations l Max Unassociated Stations
Command Information
Platforms Available on all platforms
Licensing
Command Mode
Requires the RFprotect license Config mode on master controllers
1521 | show ids general-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids impersonation-profile
show ids impersonation-profile <profile-name>
Description
Display an IDS Impersonation Profile.
Syntax
Parameter <profile-name>
Description Name of an IDS Impersonation profile.
Usage Guidelines
Issue this command without the <profile-name>parameter to display the IDS Impersonation profile list. Include a profile name to display detailed configuration information for that profile.
Examples
The example below displays that the controller has five configured Impersonation profiles. (host) (config) #show ids impersonation-profile
IDS Impersonation Profile List
------------------------------
Name
References Profile Status
----
---------- --------------
default
4
test
0
test1
1
Wizard-test 1
Wizard-test2 1
Total:5
In the example above, the Reference column indicates the number of references to the profile named in the Name column. The Profile Status column is blank unless the rule is predefined.
The example below displays the configuration settings for the profile test1. (host) (config) #show ids impersonation-profile test1
IDS Impersonation Profile "test1" --------------------------------Parameter --------Detect AP Impersonation Protect from AP Impersonation Beacon Diff Threshold Beacon Increase Wait Time Detect AP Spoofing Detect Beacon Wrong Channel Beacon Wrong Channel Detection Quiet Time Detect Hotspotter Attack Hotspotter Quiet Time
Value ----false false 50 % 3 sec true false 900 sec true 900 sec
The output of this command includes the following parameters:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids impersonation-profile | 1522
Parameter Detect AP Impersonation
Description
Shows of the profile has enabled or disabled detection of AP impersonation.
Protect from AP Impersonation
Shows if AP impersonation is enabled or disabled for the profile. When AP impersonation is detected, both the legitimate and impersonating AP are disabled using a denial of service attack.
Beacon Diff Threshold
Percentage increase in beacon rates that triggers an AP impersonation event.
Beacon Increase Wait Time
Time, in seconds, after the beacon difference threshold is crossed before an AP impersonation event is generated.
Detect AP Spoofing
AP Spoofing detection is enabled
Detect Beacon Wrong Channel
Disable detection of beacons advertising the incorrect channel
Beacon Wrong Channel Detection Quiet Time
Wait 90 seconds after detecting a beacon with the wrong channel after which the check can be resumed.
Detect Hotspotter Attack
Enable detection of the Hotspotter attack to lure away valid clients.
Hotspotter Quiet Time
Wait 90 seconds after detecting an attempt to Use the Hotspotter tool against clients.
Related Commands
Configure IDS impersonation profiles using the command ids impersonation-profile.
Command History
Version ArubaOS 3.0
Description Command Introduced
ArubaOS 6.0
Refreshed show output
Command Information
Platforms Available on all platforms
Licensing
Command Mode
Requires the RFprotect license Config mode on master controllers
1523 | show ids impersonation-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids management-profile
Description
Displays the management event correlation for IDS event traps and sylogs (logs).
Example
The following example displays the current management status. (host) (config) #show ids management-profile
IDS Management Profile ---------------------Parameter --------IDS Event Correlation Event Correlation Quiet Time
Value ----logs-and-traps 900 sec
The display output of the above command includes:
Parameter IDS Event Correlation
Description Management profile is set for logs-and-traps.
Event Correlation Quiet Time The time to wait, 900 seconds, before the event can be raised again.
Command History
Version ArubaOS 6.0
Description Command Introduced
Command Information
Platforms Available on all platforms
Licensing
Command Mode
Requires the RFprotect license Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids management-profile | 1524
show ids profile
show ids profile <profile-name>
Description
Display all ids profiles or display a specific profile name.
Syntax
Parameter <profile-name>
Description Name of an IDS profile.
Usage Guidelines
Issue this command without the <profile-name>parameter to display the list of IDS profiles. Include a profile name to display detailed information for that profile.
Examples
The example below shows that the controller has seven configured IDS Profiles. (host) (config) #show ids profile
IDS Profile List
----------------
Name
References
----
----------
default
5
test
0
test-tarpit 1
test-wired-lb 0
test1
0
Wizard-test 0
Wizard-test2 0
Profile Status --------------
Total:7 In the example above, the Reference column indicates the number of references to the profile named in the Name column. The Profile Status column is blank unless the rule is predefined. This example displays the configuration settings for the profile test1. (host) (config) #show ids profile test1
IDS Profile "test1" ------------------Parameter --------IDS General profile IDS Signature Matching profile IDS DOS profile IDS Impersonation profile IDS Unauthorized Device profile
Value ----test1 test1 test1 test1 test1
The output of this command includes the following parameters:
1525 | show ids profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter IDS General profile
Description
Name of a IDS General profile to be applied to an AP or AP group.
IDS Signature Matching profile
Name of a IDS Signature Matching profile to be applied to an AP or AP group.
IDS DOS profile
Name of a IDS Denial of Service profile to be applied to an AP or AP group.
IDS Impersonation profile
Name of a IDS Impersonation profile to be applied to an AP or AP group.
IDS Unauthorized Device profile Name of a IDS Unauthorized Device profile to be applied to an AP or AP group.
Related Commands
Configure the IDS profile using the command ids profile.
Command History
Version ArubaOS 3.0
Description Command Introduced
ArubaOS 6.0
Refreshed show output
Command Information
Platforms Available on all platforms
Licensing
Command Mode
Requires the RFprotect license Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids profile | 1526
show ids rate-thresholds-profile
show ids rate-thresholds-profile <profile-name>
Description
Show an IDS Rate Thresholds profile.
Syntax
Parameter <profile-name>
Description Name of an IDS Rate Threshold profile.
Usage Guidelines
Issue this command without the <profile-name>parameter to display the IDS Rate Threshold profile list. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has three configured IDS Rate Threshold profiles. (host) (config) #show ids rate-thresholds-profile
IDS Rate Thresholds Profile List -------------------------------Name ---default probe-request-response-thresholds test
References ---------20 10 0
Profile Status --------------
Predefined
Total:3
In the example above, the Reference column indicates the number of references to the profile named in the Name column. The Profile Status column is blank unless the rule is predefined.
This example displays the configuration settings for the profile test.\ (host) (config) #show ids rate-thresholds-profile test
IDS Rate Thresholds Profile "test"
----------------------------------
Parameter
Value
---------
-----
Channel Increase Time 15 sec
Channel Quiet Time
900 sec
Channel Threshold
300
Node Time Interval
15 sec
Node Quiet Time
900 sec
Node Threshold
200
The output of this command includes the following parameters:.
1527 | show ids rate-thresholds-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Channel Increase Time Channel Quiet Time
Channel Threshold Node Time Interval Node Quiet Time
Node Threshold
Description
Time, in seconds, in which the threshold must be exceeded in order to trigger an alarm.
The time that must elapse after a channel rate alarm before another identical alarm may be triggered. This option prevents excessive messages in the log file.
Number of a specific type of frame that must be exceeded within a specific interval in an entire channel to trigger an alarm.
Time, in seconds, in which the threshold must be exceeded in order to trigger an alarm.
The time that must elapse after a node rate alarm before another identical alarm may be triggered. This option prevents excessive messages in the log file.
Number of a specific type of frame that must be exceeded within a specific interval for a particular client MAC address to trigger an alarm.
Related Commands
Configure the IDS Rate Threshold profile using the command ids rate-thresholds-profile.
Command History
Version ArubaOS 3.0
Description Command Introduced
ArubaOS 6.0
Refreshed show output
Command Information
Platforms Available on all platforms
Licensing
Command Mode
Requires the RFprotect license Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids rate-thresholds-profile | 1528
show ids signature-matching-profile
show ids signature-matching-profile <profile-name>
Description
Show an IDS Signature Matching profile.
Syntax
Parameter <profile-name>
Description Name of an IDS Signature Matching profile.
Usage Guidelines
Issue this command without the <profile-name>parameter to display the entire IDS Signature Matching profile list. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has four configured Signature Matching profiles. (host) (config) #show ids signature-matching-profile
IDS Signature Matching Profile List
-----------------------------------
Name
References Profile Status
----
---------- --------------
default
4
test1
1
Wizard-test 1
Wizard-test2 1
Total:4 In the example above, the Reference column indicates the number of references to the profile named in the Name column. The Profile Status column is blank unless the rule is predefined. This example displays the configuration settings for the profile test1. (host) (config) #show ids signature-matching-profile test1
IDS Signature Matching Profile "test1"
--------------------------------------
Parameter
Value
---------
-----
IDS Signature Deauth-Broadcast
IDS Signature Disassoc-Broadcast
The output of this command includes the following parameters:
Parameter IDS Signature IDS Signature
Value Broadcast is not authorized Disassociate broadcast
1529 | show ids signature-matching-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands
Configure the Signature Matching profile using the command ids signature-matching-profile.
Command History
Version ArubaOS 3.0
Description Command Introduced
ArubaOS 6.0
Refreshed show output
Command Information
Platforms Available on all platforms
Licensing
Command Mode
Requires the RFprotect license Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids signature-matching-profile | 1530
show ids signature-profile
show ids signature-profile <profile-name>
Description
Show an IDS signature profile.
Syntax
Parameter <profile-name>
Description Name of an IDS Signature profile.
Usage Guidelines
Issue this command without the <profile>parameter to display the entire IDS Signature profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has eight configured Signature profiles.
(host) # show ids signature-profile
IDS Signature Profile List -------------------------Name ---AirJack ASLEAP Deauth-Broadcast default Netstumbler Generic Netstumbler Version 3.3.0x Null-Probe-Response sample
References ---------1 1 1 1 1 1 1 0
Profile Status -------------Predefined Predefined Predefined
Predefined Predefined Predefined
Total:8 This example displays the configuration settings for the profile AirJack.
(host) # show ids signature-profile IDS Signature Profile "AirJack" (predefined) --------------------------------------------Parameter Value --------- ----Frame Type beacon SSID = AirJack
The output of this command includes the following parameters:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids signature-profile | 1532
Parameter Frame Type
Description
Type of 802.11 frame. For each type of frame, further parameters may be included to filter and detect only the required frames. l assoc: Association frame type. l auth: Authentication frame type. l beacon: Beacon frame type. l control: All control frames. l data: All data frames. l deauth: Deauthentication frame type. l disassoc: Disassociation frame type. l mgmt: Management frame type. l probe-request: Probe request frame type. l probe-response: Probe response frame type. l ssid: For beacon, probe-request, and probe-response frame types, the
SSID as either a string or hex pattern. l ssid-length: For beacon, probe-request, and probe-response frame
types, the length, in bytes, of the SSID.
payload sequence number src- mac dst- mac bssid
Pattern at a fixed offset in the payload of an 802.11 frame. Sequence number of the frame. Source MAC address in the 802.11 frame header. Source MAC address in the 802.11 frame header. BSSID field in the 802.11 frame header.
Related Commands
Configure the Signature profile using the command ids signature-profile.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Enable and Config mode on master or local controllers
1533 | show ids signature-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids unauthorized-device-profile
show ids unauthorized-device-profile <profile-name>
Description
Show an IDS Unauthorized Device Profile.
Syntax
Parameter <profile-name>
Description Name of an IDS Unauthorized Device profile
Usage Guidelines
Issue this command without the <profile-name> parameter to display the IDS Unauthorized Device profile list. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has five configured Unauthorized Device profiles. (host) (config) #show ids unauthorized-device-profile
IDS Unauthorized Device Profile List
------------------------------------
Name
References Profile Status
----
---------- --------------
default
4
test
0
test1
1
Wizard-test 1
Wizard-test2 1
Total:5
In the example above, the Reference column indicates the number of references to the profile named in the Name column. The Profile Status column is blank unless the rule is predefined. This example displays the configuration settings for the profile test1.
(host) (config) #show ids unauthorized-device-profile test1
IDS Unauthorized Device Profile "test1" IDS Unauthorized Device Profile "default" ----------------------------------------Parameter --------Protect 802.11n High Throughput Devices Protect 40MHz 802.11n High Throughput Devices Detect Active 802.11n Greenfield Mode Detect Adhoc Networks Protect from Adhoc Networks Protect from Adhoc Networks - Enhanced Detect Adhoc Network Using Valid SSID Adhoc Network Using Valid SSID Quiet Time Allow Well Known MAC
Value ----false false false false false false true 900 sec N/A
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids unauthorized-device-profile | 1534
Detect Devices with an Invalid MAC OUI MAC OUI detection Quiet Time Detect Misconfigured AP Protect Misconfigured AP Detect Bad WEP Privacy Require WPA Valid 802.11g channel for policy enforcement Valid 802.11a channel for policy enforcement Valid and Protected SSIDs Valid MAC OUIs Rogue AP Classification Overlay Rogue AP Classification OUI-based Rogue AP Classification Propagated Wired MAC based Rogue AP Classification Rogue Containment Suspected Rogue Containment Suspected Rogue Containment Confidence Level Detect Station Association To Rogue AP Detect Unencrypted Valid Clients Unencrypted Valid Client Detection Quiet Time Detect Valid Client Misassociation Detect Valid SSID Misuse Protect SSID Protect Valid Stations Valid Wired MACs Detect Windows Bridge Protect Windows Bridge Detect Wireless Bridge Wireless Bridge detection Quiet Time Detect Wireless Hosted Network Wireless Hosted Network Quiet Time Protect From Wireless Hosted Networks
false 900 sec false false false false false N/A N/A N/A N/A true true true true false false 60 true true 900 sec true false false false N/A true false false 900 sec true 900 sec false
The output of this command includes the following parameters:
Parameter Protect 802.11n High Throughput Devices
Description
Shows if the profile enables or disables protection of high-throughput (802.11n) devices.
Protect 40MHz 802.11n High Throughput Devices
Shows if the profile enables or disables protection of high-throughput (802.11n) devices operating in 40 MHz mode.
Detect Active 802.11n Greenfield Mode
Shows if the profile enables or disables detection of high-throughput devices advertising greenfield preamble capability.
Detect AdHoc Networks
Shows if the profile has enabled or disabled detection of adhoc networks.
Protect from Adhoc Networks
Shows if the profile has enabled or disabled protection from WPA/WPA2 adhoc networks.
1535 | show ids unauthorized-device-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Protect from Adhoc Networks-Enhanced
Description
Shows if the profile has enabled or disabled protection from WEP/Open adhoc networks.
Detect Valid SSID Misuse
Shows if the detect valid SSID minuse is enabled (true) or disabled (false).
Adhoc Network Using Valid SSID Quiet Time Allow Well Known MAC
Shows time to wait, in seconds, after detecting an adhoc network using a valid SSID, after which the check can be resumed.
Shows if the profile allows devices with known MAC addresses to classify
rogue APs.
Detect Devices with an Invalid MAC OUI
Shows if the profile has enabled or disabled checking of the first three bytes of a MAC address, known as the organizationally unique identifier (OUI), assigned by the IEEE to known manufacturers.
MAC OUI detection Quiet Time
Time, in seconds, that must elapse after an invalid MAC OUI alarm has been triggered before another identical alarm may be triggered.
Detect Misconfigured AP
Shows if the profile has enabled or disabled detection of misconfigured APs.
Protect Misconfigured AP
Shows if the profile has enabled or disabled protection of misconfigured APs.
Detect Bad WEP
Shows if the profile has enabled or disabled detection of WEP initialization vectors that are known to be weak and/or repeating.
Privacy
Shows if the profile has enabled or disabled encryption as a valid AP configuration.
Require WPA
Shows if the controller will flag any valid AP not using WPA as a misconfigured AP.
Valid 802.11g channel for policy enforcement
A list of valid 802.1b/g channels that third-party APs are allowed to use.
Valid 802.11a channel for policy enforcement
A list of valid 802.11a channels that third-party APs are allowed to use.
Valid and Protected SSIDs
A list of valid and protected SSIDs.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids unauthorized-device-profile | 1536
Parameter Valid MAC OUIs
Description
A list of valid MAC Organizationally Unique Identifiers (OUIs).
Rogue AP Classification
Shows if the profile has enabled or disabled rogue AP classification.
Overlay Rogue AP Classification
Shows if the controller allows APs that are plugged into the wired side of the network to be classified as "suspected rogue" instead of "rogue".
OUI-based Rogue AP Classification
Propagated Wired MAC based Rogue AP Classification Rogue Containment
Shows if OUI-based rogue AP classification is enabled or disabled.
Shows if rogue AP classification through propagated wired MACs is enabled or disabled.
Shows if the controller will automatically shut down rogue APs.
Suspected Rogue Containment
Shows if the controller will automatically treat suspected rogue APs as interfering APs.
Suspected Rogue Containment Confidence Level
Confidence level of suspected Rogue AP to trigger containment, expressed as a percentage.
Detect Station Association To Rogue AP
Shows if the profile has been configured to detect station association to a rogue AP.
Detect Unencrypted Valid Clients
Shows if the profile has enabled or disabled detection of unencrypted valid clients.
Unencrypted Valid Client Detection Quiet Time
Shows the time to wait, in seconds, after detecting an unencrypted valid client after which the check can be resumed.
Detect Valid Client Misassociation Detect Valid SSID Misuse Protect SSID
Shows if the profile has enabled or disabled detection of a misassociation between a valid client and an unsafe AP.
Shows if the profile has enabled or disabled detection of Interfering or Neighbor APs using valid/protected SSIDs.
Shows if the profile has enabled or disabled use of SSID by valid APs only.
Protect Valid Stations
Shows if the controller will allow valid stations to connect to a non-valid AP.
Valid Wired MACs
List of valid and protected SSIDs.
1537 | show ids unauthorized-device-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Detect Windows Bridge Protect Windows Bridge Detect Wireless Bridge Wireless Bridge detection Quiet Time
Protect From Wireless Hosted Networks Wireless Hosted Network Quiet Time
Protect From Wireless Hosted Networks
Description
Shows if the profile has enabled or disabled detection of Windows station bridging.
Shows if the profile has enabled or disabled protection of Windows station bridging.
Shows if the profile has enabled or disabled detection of wireless bridging.
Time, in seconds, that must elapse after a wireless
bridge alarm has been triggered before another identical
alarm may be triggered.
Shows if the profile has enabled or disabled detection of a wireless hosted network.
The wireless hosted network detection feature sends a log message and trap when a wireless hosted network is detected. The quiet time displayed in this field displays the amount of time, in seconds, that must elapse after a wireless hosted network log message or trap has been triggered before an identical log message or trap can be sent again.
Shows if the profile has enabled or disabled containment on a wireless hosted network by launching a denial of service attack to disrupt associations between a Windows 7 softwareenabled Access Point (softAP) and a client, and disrupt associations between the client that is hosting the softAP and any access point to which the host connects.
Related Commands
Configure the Unauthorized Device profile using the command ids unauthorized-device-profile.
Command History
Version ArubaOS 3.0
Description Command Introduced
ArubaOS 6.1
The detect valid SSID Misuse parameter was introduced
ArubaOS 6.3
The following parameters were introduced. l Protect From Wireless Hosted Networks
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids unauthorized-device-profile | 1538
Version
Description
l Wireless Hosted Network Quiet Time l Protect From Wireless Hosted Networks l Protect from Adhoc Networks-Enhanced
Command Information
Platforms Available on all platforms
Licensing
Command Mode
Requires the RFprotect license Config mode on master controllers
1539 | show ids unauthorized-device-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids wms-general-profile
show ids wms-general-profile
Description
Display general statistics for the wms configuration.
Syntax
No parameters.
Example
This example shows per-channel statistics for all monitored APs.
(host) #show ids wms-general-profile
IDS WMS General Profile ----------------------Parameter --------AP poll interval AP poll retries AP ageout interval Adhoc AP ageout interval Station ageout interval Statistics update Persistent Neighbor APs Persistent Valid STAs AP learning Propagate Wired Macs Collect Stats for Monitored APs and Clients Learn System Wired Macs
Value ----60000 msec 3 0 minutes 31 minutes 100 minutes true true false false true false false
Column AP poll interval
Description
Interval, in milliseconds, for communication between the controller and AMs. The controller contacts the AM at this interval to download AP to station associations, update policy configuration changes, and download AP and station statistics.
AP poll retries
Maximum number of failed polling attempts before the polled AM is considered to be down.
AP ageout interval
Time, in minutes, that an AP must remain unseen by any probes before it is deleted from the database.
Adhoc AP ageout interval Time, in minutes, that an adhoc (IBSS) AP remains unseen before it is deleted (ageout) from the database.
Station ageout interval
Time, in minutes, that an client must unseen by any probes before it is deleted from the database.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ids wms-general-profile | 1540
Column Statistics update
Description Shows the status of the statistics updates in the database.
Persistent Neighbor APs Shows the status of known AP neighbors.
Persistent Valid STAs
Shows the status of known AP neighbors.
AP learning
Shows the status of "learning" of non-Dell APs.
Propagate Wired Macs
Shows if the controller has enabled or disabled the propagation of the gateway wired MACs.
Collect Stats for Monitored APs and Clients
Shows if the master controller will collect up to 25,000 statistic entries for monitored APs and clients.
Learn System Wired Macs Shows the status of "learning" of wired MACs at the controller.
The output of this command includes the following information:
Command History
Release ArubaOS 3.0 ArubaOS 6.1
Modification
Command introduced
Added the following parameters adhoc-ap-ageout-interval debug persistent-neighbor event-correlation event-correlation-quiet-time Minutes Tick
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
1541 | show ids wms-general-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ifmap
show ifmap cppm state cppm
Descriptions
Issue this command to show the CPPM IF-MAP configuration profile and the IP-MAP connection state.
Syntax
Parameter cppm state cppm
Description
Shows the CPPM IF-MAP profile parameters and their values.
Shows the CPPM IF-MAP connection state including if it is enabled, and the servers and their state.
Example
To configure this feature using the CLI:
(host) (config) #ifmap (host) (config) #ifmap cppm (host) (CPPM IF-MAP Profile) #server host <host> (host) (CPPM IF-MAP Profile) #port <port> (host) (CPPM IF-MAP Profile) #passwd <psswd> (host) (CPPM IF-MAP Profile) #enable
This show command show if the CCPM interface is enable and the CPPM server IP address, username and password.
(host) (CPPM IF-MAP Profile) #show ifmap cppm
CPPM IF-MAP Profile
-------------------
Parameter
Value
---------
-----
CPPM IF-MAP Interface Enabled
CPPM IF-MAP Server
10.10.10.10:443 admin/********
This show command shows if state of all enabled CPPM servers.
(host) (CPPM IF-MAP Profile) #show ifmap state cppm
CPPM IF-MAP Connection State [Interface: Enabled]
-------------------------------------------------
Server
State
------
-----
10.4.191.32:443 UP
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ifmap | 1542
Related Commands
Command ifmap
Description
Mode
This command is used in conjunction with ClearPass Policy Manager. It sends HTTP User Agent Strings and mDNS broadcast information to ClearPass so that it can make more accurate decisions about what types of devices are connecting to the network
Config mode
Command History
Version ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode
1543 | show ifmap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip interface brief
show ip interface brief
Description
View IP-related information on all interfaces in summary format.
Syntax
No parameters.
Example
(host) #show ip interface brief
Interface vlan 1 vlan 2 loopback mgmt
IP Address / IP Netmask 172.16.0.254 / 255.255.255.0
10.4.62.9 / 255.255.255.0 unassigned / unassigned unassigned / unassigned
Admin up up up down
The following table details the columns and content in the show command.
Protocol up up up down
Column Interface
Description List the interface and interface identification, where applicable.
IP Address /IP Netmask
List the IP address and netmask for the interface, if configured.
Admin
States the administrative status of the interface. Enabled--up Disabled--down
Protocol
Status of the IP on the interface. Enabled--up Disabled--down
Command History
Release ArubaOS 3.4
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip interface brief | 1544
show image version
Description
Display the current system image version on both partition 0 and 1.
Syntax
No parameters.
Example
The following example shows that the controller is running ArubaOS 3.4 and booting off partition 0:0.
(host) #show image version
----------------------------------
Partition
: 0:0 (/dev/hda1) **Default boot**
Software Version
: AOS-W 3.3.2.0
Build number
: 18661
Label
: 18661
Built on
: 2008-06-12 04:24:34 PDT
----------------------------------
Partition
: 0:0 (/dev/hda1)
Software Version
: AOS-W 3.3.2.0
Build number
: 18661
Label
: 18661
Built on
: 2008-06-12 04:24:34 PDT
The output of this command includes the following parameters:
Parameter Partition
Description
Partition number and name. The default boot partition will display a **Default boot** notice by the partition name.
Software Version
Version of ArubaOS software running on the partition.
Build number
Build number for the software version.
Label
The label parameter can display additional information for the build. By default, this value is the software build number.
Built on
Date the software build was created.
Command History
This command was available in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
1545 | show image version
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show image version | 1546
show interface cellular access-group
show interface cellular access-group
Description
List the Access groups configured on the cellular interface.
Example
(host) (config-cell)#show interface cellular access-group
Cell Interface: session access list 3 is configured
Command History
Release
ArubaOS 5.0
Modification
Command introduced
Command Information
Platforms
W-600 Series
Licensing
Base operating system
Command Mode
Configuration Mode (config-cell)
1547 | show interface cellular access-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface counters
show interface counters
Description
Displays a table of L2 interfaces counters.
Syntax
No parameters
Example
The example below shows the output of show interface counters on a W-650 controller.
Port GE1/0 GE1/1 GE1/2 GE1/3 GE1/4 GE1/6 GE1/7
InOctets 250559459 1615683022
204909 2964355 1612815178 23571170611 23562566444
InUcastPkts 1664878 1230973 1511 22155
12509415 15545404 15530432
InMcastPkts 0 0 0 0 0 0
8236
InBcastPkts 16 16 16 17
228 4
146
Port GE1/0 GE1/1 GE1/2 GE1/3 GE1/4 GE1/6 GE1/7
OutOctets 2504472376
169128719 1881584 5247669
26893373267 539935348
23563612641
OutUcastPkts 2645877 820198 25785 47718
20838930 8160008
15531317
OutMcastPkts 8243 8243 8243 8245 8243 8139 7
The output of this command includes the following parameters:
OutBcastPkts 16770 17083 16771 16813 16561 461 336
Parameter Port InOctets InUcastPkts InMcastPkts InBcastPkts OutOctets OutUcastPkts OutMcastPkts OutBcastPkts
Description Port number. Number of octets received through the port. Number of unicast packets received through the port. Number of multicast packets received through the port. Number of broadcast packets received through the port. Number of octets sent through the port. Number of unicast packets sent through the port. Number of multicast packets sent through the port. Number of broadcast packets sent through the port.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface counters | 1548
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
1549 | show interface counters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface fastethernet
show interface fastethernet <slot/port>
Description
Displays information about a specified fast Ethernet port.
Syntax
Parameter access-group counters switchport untrusted-vlan xsec
Description Displays access groups configured on this interface. Displays L2 interface counters for the specified interface. Displays L2 interface information. Displays port member vlan untrusted status. Displays xsec configuration.
Examples
The example below shows the output of show interface fastethernet 1/0.
FE 1/0 is up, line protocol is up Hardware is FastEthernet, address is 00:0B:86:51:14:D1 (bia 00:0B:86:51:14:D1) Description: fe1/0 Encapsulation ARPA, loopback not set Configured: Duplex ( AUTO ), speed ( AUTO ) Negotiated: Duplex (Full), speed (100 Mbps) MTU 1500 bytes, BW is 100 Mbit Last clearing of "show interface" counters 15 day 21 hr 34 min 53 sec link status last changed 15 day 21 hr 32 min 16 sec
1122463 packets input, 196293018 bytes Received 661896 broadcasts, 0 runts, 0 giants, 0 throttles 0 input error bytes, 0 CRC, 0 frame 661881 multicast, 460567 unicast 191428 packets output, 97063150 bytes 0 output errors bytes, 0 deferred 0 collisions, 0 late collisions, 0 throttles This port is TRUSTED POE Status of the port is OFF
The output of this command includes the following parameters:
Parameter FE 1/0 is... line protocol is...
Hardware is....
Description Displays the status of the specified port.
Displays the status of the line protocol on the specified port.
Describes the hardware interface type.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface fastethernet | 1550
Parameter address is...
Description
Displays the MAC address of the hardware interface.
Description
The port type, name, and connector type.
Encapsulation
Encapsulation method assigned to this port.
loopback...
Displays whether or not loopback is set.
Configured
Configured transfer operation and speed.
Negotiated
Negotiated transfer operation and speed.
MTU bytes
MTU size of the specified port in bytes.
BW is...
Bandwidth of the link.
Last clearing of "show interface counters" Time since "show interface counters" was cleared.
This port is... POE status of the port is...
Below the time, all current counters related to the specified port are listed.
Whether or not this port is trusted.
The POE status of the specified port.
#show interface fastethernet 1/0 access-group
FE 1/0:
Port-Vlan Session ACL
---------------------
SessionACL
Vlan
----------
----
Status ------
The output of this command includes the following parameters:
Parameter SessionACL Vlan Status
Description Session ACL name. VLAN number. ACL status.
#show interface fastethernet 1/0 counters
Port
InOctets
InUcastPkts
FE1/0
196310364
460655
Port FE1/0
OutOctets 97074242
OutUcastPkts 191401
InMcastPkts 661932
OutMcastPkts 3
InBcastPkts 15
OutBcastPkts 72
1551 | show interface fastethernet
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The output of this command includes the following parameters:
Parameter Port InOctets InUcastPkts
Description Port number. Number of octets received through the port. Number of unicast packets received through the port.
InMcastPkts InBcastPkts OutOctets
Number of multicast packets received through the port. Number of broadcast packets received through the port. Number of octets sent through the port.
OutUcastPkts OutMcastPkts OutBcastPkts
Number of unicast packets sent through the port. Number of multicast packets sent through the port. Number of broadcast packets sent through the port.
#show interface fastethernet 1/0 switchport Name: FE1/0 Switchport: Enabled Administrative mode: trunk Operational mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Access Mode VLAN: 0 ((Inactive)) Trunking Native Mode VLAN: 1 (Default) Trunking Vlans Enabled: ALL Trunking Vlans Active: 1-3
The output of this command includes the following parameters:
Parameter Name
Description Port name.
Switchport
Whether or not switchport is enabled.
Administrative mode
Administrative mode.
Operational mode
Operational mode.
Administrative Trunking Encapsulation Encapsulation method used for administrative trunking.
Operational Trunking Encapsulation
Encapsulation method used for operational trunking.
Access Mode VLAN
The access mode VLAN for the specified port.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface fastethernet | 1552
Parameter Trunking Native Mode VLAN Trunking Vlans Enabled Trunking Vlans Active
Description The trunking native mode VLAN for the specified port. Number of trunking VLANs currently enabled. Number of trunking VLANs currently active.
#show interface fastethernet 1/0 untrusted-vlan Name: FE1/0 Untrusted Vlan(s)
The output of this command includes the following parameters:
Parameter Name Untrusted Vlan(s)
Description Name of the specified port. List of untrusted VLANs.
#show interface fastethernet 1/1 xsec xsec vlan 7 is ACTIVE
The output of this command includes the following parameters:
Parameter
xsec vlan 7 is ACTIVE
Description
This states that xsec is active on the specified port as well as the associated VLAN.
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
1553 | show interface fastethernet
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface gigabitethernet
show interface gigabitethernet <slot/module/port>
Description
Displays information about a specified Gigabit Ethernet port.
Syntax
Parameter counters switchport untrusted-vlan xsec
Description Displays L2 interface counters for the specified interface. Displays L2 interface information. Displays port member vlan untrusted status. Displays xsec configuration.
Examples
The example below shows the output of show interface gigabitethernet 1/0.
(host)# show interface gigabitethernet 0/0/0 GE 0/0/0 is up, line protocol is up Hardware is Gigabit Ethernet, address is 00:1A:1E:00:0D:09 (bia 00:1A:1E:00:0D:09) Description: GE0/0/0 (RJ45 Connector) Encapsulation ARPA, loopback not set Configured: Duplex ( AUTO ), speed ( AUTO ) Negotiated: Duplex (Full), speed (1000 Mbps) Jumbo Support is enabled on this interface MTU 9216 Last clearing of "show interface" counters 1 day 20 hr 32 min 38 sec link status last changed 1 day 19 hr 37 min 57 sec 120719 packets input, 24577381 bytes Received 84208 broadcasts, 0 runts, 0 giants, 780 throttles 0 input error bytes, 0 CRC, 0 frame 32939 multicast, 36511 unicast 19865402 packets output, 4953350248 bytes 0 output errors bytes, 0 deferred 0 collisions, 0 late collisions, 0 throttles This port is TRUSTED
The output of this command includes the following parameters:
Parameter GE 1/0 is... line protocol is...
Description
Displays the status of the specified port.
Displays the status of the line protocol on the specified port.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface gigabitethernet | 1554
Parameter Hardware is....
Description Describes the hardware interface type.
address is...
Displays the MAC address of the hardware interface.
Description
The port type, name, and connector type.
Encapsulation
Encapsulation method assigned to this port.
loopback...
Displays whether or not loopback is set.
Configured
Configured transfer operation and speed.
Jumbo support... Negotiated
Jumbo frame support is enabled. Negotiated transfer operation and speed.
MTU bytes
MTU size of the specified port in bytes.
BW is...
Bandwidth of the link.
Last clearing of "show interface counters" Time since "show interface counters" was cleared.
link status last changed...
Time since "show interface counters" was cleared.
This port is...
POE status of the port is...
BW-Contract List/ Application Exception List/ Application BW-Contract list
Below the time, all current counters related to the specified port are listed.
Whether or not this port is trusted.
The POE status of the specified port.
Information about the bandwidth contract applied to the interface. For details, see interface fastethernet | gigabitethernet.
(host)#show interface gigabitethernet 1/0
Port GE1/0
InOctets 112670646
InUcastPkts 1137507
InMcastPkts 907019
Port GE1/0
OutOctets 58342401
OutUcastPkts 170490
OutMcastPkts 104
InBcastPkts 4983
OutBcastPkts 15373
The output of this command includes the following parameters:
1555 | show interface gigabitethernet
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Port InOctets InUcastPkts InMcastPkts InBcastPkts OutOctets OutUcastPkts OutMcastPkts OutBcastPkts
Description Port number. Number of octets received through the port. Number of unicast packets received through the port. Number of multicast packets received through the port. Number of broadcast packets received through the port. Number of octets sent through the port. Number of unicast packets sent through the port. Number of multicast packets sent through the port. Number of broadcast packets sent through the port.
#show interface gigabitethernet 1/0 switchport
Name: GE1/0 Switchport: Enabled Administrative mode: static access Operational mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Access Mode VLAN: 62 (VLAN0062) Trunking Native Mode VLAN: 1 (Default) Trunking Vlans Enabled: NONE Trunking Vlans Active: NONE
The output of this command includes the following parameters:
Parameter Name
Description Port name.
Switchport
Whether or not switchport is enabled.
Administrative mode
Administrative mode .
Operational mode
Operational mode.
Administrative Trunking Encapsulation Encapsulation method used for administrative trunking.
Operational Trunking Encapsulation
Encapsulation method used for operational trunking.
Access Mode VLAN
The access mode VLAN for the specified port.
Trunking Native Mode VLAN
The trunking native mode VLAN for the specified port.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface gigabitethernet | 1556
Parameter Trunking Vlans Enabled Trunking Vlans Active
Description Number of trunking VLANs currently enabled. Number of trunking VLANs currently active.
(host) #show interface gigabitethernet 1/0 untrusted-vlan
Name: GE1/0 Untrusted Vlan(s)
The output of this command includes the following parameters:
Parameter Name Untrusted Vlan(s)
Description Name of the specified port. List of untrusted VLANs.
(host)# show interface gigabitethernet 1/1 xsec xsec vlan 7 is ACTIVE
The output of this command includes the following parameters:
Parameter
Description
xsec vlan 7 is ACTIVE This states that xsec is active on the specified port as well as the associated VLAN.
Command History
Version ArubaOS 3.0 ArubaOS 6.4.3 ArubaOS 6.4.3
Description Command introduced. Additional command introduced. Deprecated empty Bandwidth contracts.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
1557 | show interface gigabitethernet
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface loopback
show interface loopback
Description
Displays information about the loopback IP interface.
Syntax
No parameters
Example
The example below shows the output of show interface loopback on a W-650 controller. #show interface loopback loopback interface is up line protocol is up Hardware is Ethernet, address is 00:0B:86:51:14:D0 Internet address is 10.3.49.100 255.255.255.255 The output of this command includes the following parameters:
Parameter
Description
loopback interface is... Status of the loopback interface.
line protocol is...
Status of the line protocol on the specified port.
Hardware is...
Hardware interface type.
address is...
MAC address of the loopback interface.
Internet address is...
IP address and subnet mask of the loopback interface.
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface loopback | 1558
1559 | show interface loopback
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface port-channel
show interface port-channel
Description
Displays information about a specified port-channel interface.
Syntax
Parameter access-group counters untrusted-vlan xsec
Description Displays access groups configured on this interface. Displays L2 interface counters for the specified interface. Displays port member vlan untrusted status. Displays xsec configuration.
Example
The example below shows the output of show interface port-channel 0 on a controller.
(host) #show interface port-channel 6 Port-Channel 6 is administratively up Hardware is Port-Channel, address is 00:1A:1E:00:0D:08 (bia 00:1A:1E:00:0D:08) Description: Link Aggregate (LACP) Spanning Tree is forwarding Switchport priority: 0 Jumbo Support is enabled on this interface MTU 9216 Member port: GE 0/0/4, Admin is up, line protocol is up GE 0/0/5, Admin is up, line protocol is up Last clearing of "show interface" counters 1 day 20 hr 32 min 43 sec link status last changed 1 day 20 hr 29 min 58 sec 69425936 packets input, 15102169223 bytes Received 27578 broadcasts, 0 runts, 0 giants, 0 throttles 0 input error bytes, 0 CRC, 0 frame 27568 multicast, 69398358 unicast 270782 packets output, 37271325 bytes 0 output errors bytes, 0 deferred 0 collisions, 0 late collisions, 0 throttles Port-Channel 6 is TRUSTED
The output of this command includes the following parameters:
Parameter Port-Channel 6 is... line protocol is...
Description Status of the specified port. Status of the line protocol on the specified port.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface port-channel | 1560
Parameter Hardware is....
Description Hardware interface type.
address is...
MAC address of the hardware interface.
Description
The port type, name, and connector type. If the LAG is created by LACP, it is indicated as shown in the display output above. If the LAG is created by LACP, you can not statically add or delete any ports under that port channel. All other commands are allowed. If LACP is not shown, then the LAG is created by static configuration.
Spanning Tree is...
Spanning tree status on the specified port-channel.
VLAN membership
Number of VLANs the specified port-channel is associated with.
Switchport priority
Switchport priority of the specified port-channel.
Jumbo Support is...
Displays the status of jumbo frame on a port channel.
Last clearing of "show interface counters" Time since "show interface counters" was cleared.
Port-channel 0 is...
Below the time, all current counters related to the specified port are listed.
Whether or not this port-channel is trusted.
#show interface port-channel 0 access-group
Port-Channel 0:
Port-Vlan Session ACL
---------------------
SessionACL
Vlan
Status
----------
----
------
The output of this command includes the following parameters:
Parameter SessionACL Vlan Status
Description Session ACL name. VLAN number. ACL status.
#show interface port-channel 0 counters
Port
InOctets
InUcastPkts
PC 0:
0
0
Port
OutOctets OutUcastPkts
InMcastPkts 0
OutMcastPkts
InBcastPkts 0
OutBcastPkts
1561 | show interface port-channel
Dell Networking W-Series ArubaOS 6.4.x | User Guide
PC 0:
0
0
0
0
The output of this command includes the following parameters:
Parameter PC InOctets InUcastPkts InMcastPkts InBcastPkts OutOctets OutUcastPkts OutMcastPkts OutBcastPkts
Description Port number. Number of octets received through the port. Number of unicast packets received through the port. Number of multicast packets received through the port. Number of broadcast packets received through the port. Number of octets sent through the port. Number of unicast packets sent through the port. Number of multicast packets sent through the port. Number of broadcast packets sent through the port.
#show interface port-channel 0 untrusted-vlan
Name: FE1/0 Untrusted Vlan(s)
The output of this command includes the following parameters:
Parameter Name Untrusted Vlan(s)
Description Name of the specified port. List of untrusted VLANs.
#show interface port-channel 0 xsec
xsec vlan 7 is ACTIVE
The output of this command includes the following parameters:
Parameter
Description
xsec vlan 7 is ACTIVE This states that xsec is active on the specified port as well as the associated VLAN.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface port-channel | 1562
Command History
Release ArubaOS 3.4.1
Modification Modified to display LACP when applicable.
ArubaOS 3.0.
Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable or config mode on master controllers
1563 | show interface port-channel
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface-profile voip-profile
show interface-profile voip-profile <profile-name>
Description
This command displays the specified VoIP profile configuration information.
Syntax
Parameter <profile-name>
Description Name of the VoIP profile.
Examples
The following example shows configuration details for the VoIP profile:
(host) #show interface-profile voip-profile profile1
VOIP profile "profile1"
-----------------------
Parameter Value
--------- -----
VOIP VLAN 1
DSCP
0
802.1 UP 0
VOIP Mode auto-discover
The output of this command includes the following information:
Parameter VOIP VLAN DSCP 802.1 UP VOIP Mode
Description The Voice VLAN ID. The DSCP value for the voice VLAN. The 802.11p priority level. The mode of VoIP operation. It can be auto-discover or static.
Command History
Command introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode Enable or Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface-profile voip-profile | 1564
show interface tunnel
show interface tunnel <id>
Description
Displays information about tunnel interfaces.
Syntax
Parameter id
Description Tunnel interface number.
Example
The example below shows the output of show interface tunnel for IPv4.
#show interface tunnel 2000 Tunnel 2000 is up line protocol is up Description: Tunnel Interface Internet address is 3.3.3.1 255.255.255.0 Source 192.168.203.1 Destination 192.168.202.1 Tunnel mtu is set to 1100 Tunnel is an IP GRE TUNNEL Tunnel is Trusted Inter Tunnel Flooding is enabled Tunnel keepalive is disabled
The example below shows the output of show interface tunnel for IPv6.
#show interface tunnel 21 Tunnel 21 is up line protocol is up Description: Tunnel Interface Internet address is 2005:81::1:2 Source 2082::802:1(Vlan 802) Destination 2082::802:2 Tunnel mtu is set to 1280 Tunnel is an IPv6 GRE TUNNEL Tunnel is Trusted Inter Tunnel Flooding is enabled Tunnel keepalive is disabled
The output of this command includes the following parameters:
Parameter Tunnel 2000 is... line protocol is... Description
Description Status of the specified tunnel. Displays the status of the line protocol on the specified tunnel. Description of the specified interface.
1565 | show interface tunnel
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Internet address is...
Description IP address of the specified interface.
Source
IP address of the tunnel's source.
Destination
IP address of the tunnel's destination.
Tunnel mtu is set to...
Size of the specified tunnel's MTU.
Tunnel is an...
Description of the specified tunnel.
Tunnel is...
Whether or not the specified tunnel is trusted.
Inter tunnel flooding is... Status of inter tunnel flooding on the specified tunnel.
Tunnel keepalive is...
Status of tunnel keepalive on the specified tunnel.
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface tunnel | 1566
show interface vlan
show interface vlan
Description
Displays information about a specified VLAN interface.
Syntax
No parameters
Example
The example below shows the output of show interface vlan 1 on a W-650 controller. #show interface vlan 1
VLAN1 is up line protocol is down Hardware is CPU Interface, Interface address is 00:0B:86:61:82:40 (bia 00:0B:86:61:82:40) Description: 802.1Q VLAN Internet address is 10.3.49.50 255.255.255.0 Routing interface is enable, Forwarding mode is enable Directed broadcast is disabled, BCMC Optimization disabled ProxyARP disabled Suppress ARP disabled Encapsulation 802, loopback not set MTU 1500 bytes Last clearing of "show interface" counters 4 day 0 hr 28 min 58 sec link status last changed 4 day 0 hr 28 min 58 sec Proxy Arp is disabled for the Interface DHCP Option-82 AP name and ESSID are configured on this Interface
The output of this command includes the following parameters:
Parameter VLAN1 is... line protocol is...
Hardware is... Interface address is...
Description Internet address is... Routing interface is... Forwarding mode is...
Description Status of the specified VLAN Displays the status of the line protocol on the specified port Describes the hardware interface type Displays the MAC address of the hardware interface Description of the specified VLAN IP address and subnet mask of the specified VLAN Status of the routing interface Status of the forwarding mode
1567 | show interface vlan
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Directed broadcast is...
Description
Displays whether or not directed broadcast is enabled
Encapsulation
Encapsulation type
loopback...
Loopback status
MTU
MTU size of the specified port in bytes
Last clearing of "show interface counters" Time since "show interface counters" was cleared
link status last changed
Time since link status last changed
Proxy ARP is...
Status of proxy ARP on the specified interface
DHCP Option-82 is...
Status of DHCP Option 82 if the MAC address and ESSID are configured on this interface.
Or
AP-name and ESSID are configured on this interface.
Command History
Version ArubaOS 3.0 ArubaOS 6.4.3.0
Description
Command introduced.
The DHCP Option-82 AP name and ESSID are configured on this Interface parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show interface vlan | 1568
show inventory
show inventory
Description
Displays hardware inventory of the controller.
Syntax
No parameters.
Example
Issue this command to display the hardware component inventory of the controller. The output of this command will vary, depending upon controller type.
Supervisor Card slot
Mobility Processor
Mobility Processor Assembly#
Mobility Processor Serial#
SC
Assembly#
SC
Serial#
SC
Model#
Mgmt Port HW MAC Addr
HW MAC Addr
FXPLD Version
PEER Supervisor Card
Line Card 0
Line Card 1
Line Card 2
Line Card 2 FPGA
Line Card 2 Switch Chip
Line Card 2 Mez Card
Line Card 2 SPOE
Line Card 2 Sup Card 0
Line Card 2 Sup Card 1
Line Card 2 Assembly#
Line Card 2 Serial#
Line Card 2 SPOE Assembly#
Line Card 2 SPOE Serial#
Line Card 2 MEZZ Assembly#
Line Card 2 MEZZ Serial#
Line Card 3
Line Card 3 FPGA
Line Card 3 Switch Chip
Line Card 3 Mez Card
Line Card 3 SPOE
Line Card 3 Sup Card 0
Line Card 3 Sup Card 1
Line Card 3 Assembly#
Line Card 3 Serial#
Line Card 3 SPOE Assembly#
Line Card 3 SPOE Serial#
Line Card 3 MEZZ Assembly#
Line Card 3 MEZZ Serial#
FAN 0
FAN 1
FAN 2
Fan Tray Assembly#
:1 : FPGA Rev 0x30030920 : 2010027B : F00488202 : 2010032B (Rev:02.00) : FP0001470 (Date:07/01/24) : M3mk1 : 00:0B:86:F0:23:02 : 00:0B:86:01:C5:00 to 00:0B:86:01:C5:7 : (Rev: 20) : Absent : Absent : Not accessible from this SC : Present : LCCI Rev 0x6 : Broadcom 56308 Rev 0x3 : Present : Present : Absent : Present ( Active ) : 2000001C (Rev:03.00) (24FE+2GE) : C00000277 (Date:02/22/05) : 2000020B (Rev:01.00) (SPOE-2) : FP0000100 : 2000002A (Rev:01.00) : S00000540 : Present : LCCI Rev 0x6 : Broadcom 56308 Rev 0x3 : Present : Present : Absent : Present ( Active ) : 2000001C (Rev:03.00) (24FE+2GE) : C00007293 (Date:09/27/05) : 2000003B (Rev:02.00) (SPOE-1) : S00001750 : 2000002A (Rev:01.00) : C00007172 : OK, Speed High : OK, Speed High : OK, Speed High : 2000007C (Rev:01.00)
1569 | show inventory
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Fan Tray Serial# Back Plane Assembly# Back Plane Serial# Power Supply type Power Supply 0 Power Supply 1 Power Supply 2 M3mk1 Card Temperatures
AMP Card Temperatures
M3mk1 Card Voltages
: C00013879 (Date:12/18/04)
: 2000006B (Rev:01.00)
: A00000250 (Date:12/18/04)
: Power One (400W)
: OK (400W)
: FAILED
: Absent
: M3mk1 card
47 C
: CPU
47 C
: Processor Card
41 C
: Mobility Processor
56 C
: M3mk1 5000mV
5010 mV
: M3mk1 3300mV
3340 mV
: M3mk1 2500mV
2432 mV
: M3mk1 1800mV
1790 mV
: M3mk1 1500mV
1490 mV
: M3mk1 1250mV
1260 mV
: M3mk1 1200mV
1200 mV
: M3mk1 IBC 12000mV
11815 mV
: M3mk1 CPU Fan Speed
6887 RPMs
: M3mk1 CPU CORE 1200mV 1080 mV
: M3mk1 XGMII VTT 750mV
750 mV
: M3mk1 VTT0(a&b) 900mV
900 mV
: M3mk1 VTT1(c&d) 900mV
900 mV
: AMP 3300mV
3320 mV
: AMP 2500mV
2480 mV
: AMP 1800mV
1800 mV
: AMP 1500mV
1500 mV
: AMP BCM 1200mV
1200 mV
: AMP FPGA 1200mV(1)
1200 mV
: AMP FPGA 1200mV(2)
1200 mV
The output includes the following parameters:
Parameter Supervisor Card Slot Mobility Processor
SC Assembly# SC Serial# SC Model# Mgmt Port HW MAC Address HW MAC Address FXPLD Version
PEER Supervisor Card
Description Supervisor card slot number Revision of the image downloaded to the FPGA. This can change if a newer image is included in a newer release. Assembly number of the supervisor card. Serial number of the supervisor card. Model number of the supervisor card. MAC address of the mgmt port MAC address Revision of programmable logic device on supervisor card. States whether or not a PEER supervisor card is present.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show inventory | 1570
Parameter Line Card <slot number>
Description
States whether or not a line card is present in the specified slot
Line Card <slot number> FPGA
Name/type of FPGA associated with the specified line card slot
Line Card <slot number> Switch Chip
Name/type of switch card associated with the specified line card slot
Line Card <slot number> Mez Card
States whether or not a mezzanine card is present in the specified slot
Line Card <slot number> SPOE
States whether or not a SPOE card is present in the specified slot
Line Card <slot number> Sup Card 0
States whether or not a supervisor card 0 is present in the specified slot
Line Card <slot number> Sup Card 1
States whether or not a supervisor card 1 is present in the specified slot
Line Card <slot number> Assembly#
Assembly number of the line card in the specified slot
Line Card <slot number> Serial#
Serial number of the line card in the specified slot
Line Card <slot number> SPOE Assembly# Assembly number of SPOE line card in the specified slot
Line Card <slot number> SPOE Serial#
Serial number of SPOE line card in the specified slot
Line Card <slot number> MEZZ Assembly# Assembly number of the mezzanine card in the specified slot
Line Card <slot number> MEZZ Serial#
Serial number of the mezzanine card in the specified slot
FAN <Fan number>
Status of the specified fan
Fan Tray Assembly#
Assembly number of the fan tray
Fan Tray Serial#
Serial number of fan tray
Back Plane Assembly#
Assembly number of the back plane
Back Plane Serial#
Serial number of the back plane
Power Supply Type
Power supply type
Power Supply <power supply number>
Power supply status
1571 | show inventory
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter M3mk1 Card Temperatures l M3mk1 card l CPU
AMP Card Temperatures l Processor Card l Mobility Processor
M3mk1 Card Voltages
Description
l The temperature from the sensor on the supervisor card
l The temperature from the CPU die
l The temperature from the sensor on the Mobility Processor card
l The temperature from the FPGA die
This parameter displays to columns of voltages for many components displayed previously by this command. The voltage displayed in the right column should match the corresponding value in the left column, generally with +/5%.
Command History
This command was introduced in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show inventory | 1572
show iostat
show iostat
Description
Displays IO statistics information. This command reports Central Processing Unit (CPU) statistics and input/output statistics for devices and partitions.
Syntax
No parameters.
Example
Issue this command to display the IO statistics of the controller.
cpu 290556 0 4305598 107533173 cpu0 290556 0 4305598 107533173 page 46291 249539 swap 0 0 intr 17959116 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 17950877 0 8148 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000 0 0 0 0 0 0 0 0 30 61 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00000000000000000000000000000000000000000000000 00000000000000000000
0000000000000 disk_io: (3,0):(679,460,7196,219,950) ctxt 135640513 btime 1241728432 processes 357519
The output includes the following parameters:
Parameter cpu
page swap intr disk_io ctxt
Description
The number of jiffies (1/100th of a second) that the system spent in user mode, user mode with low priority, system mode, and the idle task, respectively.
The number of pages the system paged in and the number that were paged out (from disk).
The number of swap pages that have been brought in an out.
The number of interrupts received from the system boot.
(x,y) is (major, minor):(xx, xx, xxxx, x, x) is (noinfo, read_io_ops, blks_read, write_ io_ops, blks_written)
The number of context switches that the system underwent.
1573 | show iostat
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter btime processes
Description The boot time, in seconds. The number of forks since boot.
Command History
This command was introduced in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show iostat | 1574
show ip access-group
show ip access-group
Description
Display access control lists (ACLs) configured for each port on the controller.
Syntax
No parameters.
Examples
The example below shows part of the output of this command. If a port does not have a defined session ACL, the Port-Vlan Session ACL table will be blank.
(host) # show ip access-group FE 1/0: Rx access list 200 is applied session access list User14 is applied
Port-Vlan Session ACL
---------------------
SessionACL
Vlan
----------
----
coltrane
22
Status -----configured
The output of this command includes the following parameters:
Parameter Description Session ACL Name of the ACL applied to the interface.
VLAN
If the ACL was applied to a VLAN associated with this port, this column will show the VLAN ID.
Status
Shows whether or not the session ACL is configured.
Related Commands
Command interface fastethernet | gigabitethernet ip accessgroup
Description
Configure an access group for an interface.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip access-group | 1576
Command History
Release ArubaOS 3.0 ArubaOS 3.4
Modification Command introduced The VLAN output parameters was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master or local controllers
1577 | show ip access-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip access-list
show ip access-list {brief|<string>}
Description
Display a table of all configured access control lists (ACLs), or show details for a specific ACL.
Syntax
Parameter Description
brief
Display a table of information for all ACLs.
<string>
Specify the name of a single ACL to display detailed information on that ACL.
Examples
The example below shows general information for all ACLs in the Access List table. (Host) #show ip access-list brief
Access list table ----------------Name ---200 33 allowall ap-acl captiveportal captiveportal6 control test-logon logon cplogout default guest log-https srcnat stateful-dot1x stateful-kerberos validuser
Type ---eth standard session session session session session
session session session session session session session session
Use Count ---------
2 2 4 2 7 1
2 1
Roles -----
trusted-ap default-vpn-role rap_role ap-role coltrane-logon wizardtest-logon test-logon logon guest-logon logon ap-role coltrane-logon wizardtest-logon guest stateful guest
stateful-dot1x logon test-24325
The output of this command includes the following parameters:
Parameter Description
Name
Name of an access-control list (ACL).
Type
Shows that the ACL is one of the following ACL policy types: l Ethertype l Standard
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip access-list | 1578
Parameter Description
l Session l MAC l Extended
Use Count Number of rules defined in the ACL.
Roles
Names of user roles associated with the ACL.
Include the name of a specific ACL to show detailed configuration information for that ACL. The output in the example below has been divided into two sections to better fit int this document. The output in the commandline interface will appear in a single, long table.
(host)# show ip access-list captiveportal6 ip access-list session captiveportal6 captiveportal6 -------------Priority Source Destination Service
Action NextHopList TimeRange Log Expired
-------- ------ ----------- -------
------ ----------- --------- --- -------
1
user controller6 svc-https
captive
2
user any
svc-http
captive
3
user any
svc-https
captive
4
user any
svc-http-proxy1 captive
5
user any
svc-http-proxy2 captive
6
user any
svc-http-proxy3 captive
6
Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
----- --- ----- --------- ------ ------- ------------- ------
Low
6
Low
6
Low
6
Low
6
Low
6
Low
6
The output of the show ip access-list command may include some or all of the following parameters:
Parameter Description
Priority
Name of an access-control list (ACL).
Source
The traffic source, which can be one of the following:
l alias: The network resource (use the netdestination command to configure aliases; use the show netdestination command to see configured aliases)
1579 | show ip access-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Description
l any: Matches any traffic. l host: A single host IP address. l network: The IP address and netmask. l user: The IP address of the user.
l localip: The set of all local IP addresses on the system, on which the ACL is applied.
Destination
The traffic destination, which can be one of the following: l alias: The network resource (use the netdestination command to configure aliases;
use the show netdestination command to see configured aliases) l any: Matches any traffic. l host: A single host IP address. l network: An IP address and netmask. l user: The IP address of the user.
l localip: The set of all local IP addresses on the system, on which the ACL is applied.
Service
Application Action
Network service, which can be one of the following: l An IP protocol number (0-255). l The name of a network service (use the show netservice command to see configured
services). l any: Matches any traffic. l tcp: A TCP port number (0-65535). l destination port number: specify the TCP port number (0-65535) l source: TCP/UDP source port number l udp: A UDP port number (0-65535).
Name of the application to which the access control list is applied. (For a complete list of supported applications, issue the command show dpi application all.)
Action if rule is applied, which can be one of the following: deny: Reject packets. dst-nat: Perform destination NAT on packets. dual-nat: Perform both source and destination NAT on packets. permit: Forward packets. redirect: Specify the location to which packets are redirected, which can be one of the following: l Datapath destination ID (0-65535). l esi-group: Specify the ESI server group configured with the esi group command l opcode: Specify the datapath destination ID (0x33, 0x34, or 0x82). Do not use this
parameter without proper guidance from Dell. tunnel: Specify the ID of the tunnel configured with the interface tunnel command. src-nat: Perform source NAT on packets.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip access-list | 1580
Parameter Description
IpsecMap
Packets can be redirected over a VPN tunnel by specifying the name of an IPsec map in the access control list. This column specifies the name of an IPsec map used by a router ACL. For more information on IPsec maps, see crypto-local ipsec-map.
Timerange
Any defined time range for this rule.
NextHopList
If the access rule uses policy-based routing to forwards packets to a nexthop device, then this column displays the next-hop list associated with the rule. More more information on next-hop lists, see ip nexthop-list on page 540.
Tunnel
Packets can be redirected over an L3 GRE tunnel. If the ACL routes packets over a tunnel, this column specifies the tunnel used by the ACL.
TunnelGrou p
Packets can be redirected over an L3 GRE tunnel group. If the ACL routes packets over a tunnel in a tunnel group, this column specifies the tunnel group used by the ACL. For more information on tunnel groups, see tunnel-group.
Log
Shows if the rule was configured to generate a log message when the rule is applied.
Expired
Shows if the rule has expired.
Queue
Shows if the rule assigns a matching flow to a priority queue (high/low).
8021.p
802.11p priority level applied by the rule (0-7).
Blacklist
Shows if the rule should blacklist any matching user.
Mirror
Shows if the rule was configured to mirror all session packets to datapath or remote destination.
DisScan
Shows if the rule was configured to pause ARM scanning while traffic is present.
IPv4/6
Shows the IP version.
Related Commands
Command ip access-list session
Description Configure an access list for an interface.
Command History
Introduced in ArubaOS 3.0.
1581 | show ip access-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip access-list | 1582
show ip cp-redirect-address
show ip cp-redirect-address
Description
Show the captive portal automatic redirect IP address.
Syntax
No parameters.
Examples
The example below shows the IP address to which captive portal users are automatically directed. (host) # show ip cp-redirect-address Captive Portal redirect Address... 10.3.63.11
Related Commands
Command ip cp-redirect-address
Description This command configures a redirect address for captive portal.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master or local controllers
1583 | show ip cp-redirect-address
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip dhcp
show ip dhcp {binding|database|statistics}
Description
Show DHCP Server Settings.
Syntax
Parameter binding database statistics
Description Show DHCP server bindings. Show DHCP server settings. Show DHCP pool statistics.
Examples
The example below shows DHCP statistics for two configured networks. (host) # show ip dhcp statistics
DHCPv4 enabled; DHCPv6 enabled
DHCP Pools
----------
Network Name Type Active Configured leases Active leases Free leases Expired leases
Abandoned leases
------------ ---- ------ ----------------- ------------- ----------- -------------- ---
-------------
2-2-2-nw
v4 Yes
242
0
242
0
0
3-2-2-nw
v4 Yes
254
0
254
0
0
test
v4 Yes
254
0
254
0
0
2011
v6 No
5
-
-
-
-
2012
v6 No
5
-
-
-
-
Current leases
750
Total leases
512
The output of this command includes the following parameters:
Parameter Network Name Type Active Configured leases Active leases
Description Range of addresses that the DHCP server may assign to clients. Indicates the IP version of the DHCP server. It can be v4 or v6. Indicates if the DHCP server is active or not. Number of leases configured on the DHCP server. Number of active DHCP leases.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip dhcp | 1584
Parameter Free leases Expired leases
Abandoned leases
Description
Number of available DHCP leases.
Number of leases that have expired because they have extended past their valid lease period.
Number of abandoned leases. Abandoned leases will not be reassigned unless there are no free leases available.
Related Commands
Command ip dhcp pool ipv6 dhcp pool
Description This command configures a DHCP pool on the controller. This command configures a DHCPv6 pool on the controller.
Command History
Release ArubaOS 3.0 ArubaOS 6.3
Modification
Command introduced
The output of the statistics command was modified to show more details such as DHCPv6 statistics.
1585 | show ip dhcp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip domain-name
show ip domain-name
Description
Show the full domain name and server.
Syntax
No parameters.
Examples
The example below shows that the IP domain lookup feature is enabled, but that no DNS server has been configured on the controller. (host) #show ip domain-name
IP domain lookup: IP Host.Domain name:
Enabled MyCompany2400.
No DNS server configured
Related Commands
Command
Description
ip domain lookup
This command enables Domain Name System (DNS) hostname to address translation.
ip domain-name
This command configures the default domain name.
ip dhcp pool
This command configures a DHCP pool on the controller.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip domain-name | 1586
show ip health-check
Description
Display the health-check status of the uplink interfaces of a branch-office controller.
Syntax
No parameters.
Example
The following example displays the status of two uplinks on a branch controller.
(host) #show ip health-check
IP Health-Check Entries
-----------------------
Probe IP
Src Interface
--------
-------------
10.10.10.254 vlan 1
10.10.10.254 Cellular
State -----UP DOWN
Probe Profile -------------Default Default
Avg RTT(ms) ---------20.4 0
The output of this command includes the following data columns.
Parameter Probe IP Src Interface
State Probe-Profile
Avt RTT (in ms)
Description
IP address of the master controller.
IP address of the uplink gateway interface through which the probes were sent.
Shows if the uplink is in an UP or DOWN state.
A branch controller supports only the default IP probe profile. For information on configuring an IP probe profile, see ip probe
The average round trip time, in milliseconds. If the round trip time is less than 1 millisecond, the average round trip time will appear as 0.
Related Commands
Command ip probe
Description
This command configures WAN health-check ping-probes for measuring WAN availability and latency on branch controller uplinks.
show ip probe
This command displays the settings for the WAN health-check ping-probes.
1587 | show ip health-check
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 6.4.3
Modification Command Introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip health-check | 1588
show ip igmp
show ip igmp config|counters|{group maddr <maddr> [<mac> <source>]}|{interface [vlan <vlan>]}| {proxy-group vlan <vlan>}|{proxy-mobility-group maddr <maddr>}|proxy-mobiity-stats|proxy-stats
Description
Display Internet Group Management Protocol (IGMP) timers and counters.
Syntax
Parameter config
Description Show the current IGMP configuration
counters
Display a list counters for the following IGMP queries: l received-total l received-queries l received-v1-reports l received-v2-reports l received-leaves l received-unknown-types l len-errors l checksum-errors l not-vlan-dr l transmitted-queries l forwarded
group maddr <maddr>
Displays the following IGMP group information:
l mac: Specify MAC address of the specific member.
l source: Specify the source address of the specific SSM group.
interface vlan <vlan>
Show IGMP interface information
proxy-group vlan <vlan>
Show IGMP proxy group information for a specific interface.
proxy-mobility-group maddr <maddr> Display the IGMP proxy group information stored for mobile clients which are away from the controller.
proxy-mobiity-stats
Display the most important messages exchanged between the mobility process and the IGMP proxy.
proxy-stats
Display the number of messages transmitted and received by the IGMP proxy on the upstream interface
1589 | show ip igmp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Examples
The example below displays the IGMP interface table for all VLANs on the controller.
(host) # show ip igmp interface vlan 2
IGMP Interface Table
--------------------
VLAN Addr
Netmask
MAC Address
Destination IGMP Proxy
---- ----
-------
-----------
- -----------
64 10.6.4.252 255.255.255.0 00:0b:86:01:99:00
65 10.6.5.252 255.255.255.0 00:0b:86:01:99:00
1
10.6.2.252 255.255.255.0 00:0b:86:01:99:00
66 10.6.6.252 255.255.255.0 00:0b:86:01:99:00
63 10.6.3.252 255.255.255.0 00:0b:86:01:99:00
IGMP ---disabled disabled disabled disabled disabled
Snooping Querier
-------- -------
disabled 10.6.4.252 disabled
disabled 10.6.5.252 disabled
disabled 10.6.2.252 disabled
disabled 10.6.6.252 disabled
disabled 10.6.3.252 disabled
---------CP
CP CP CP CP
The output of this command includes the following parameters:
Parameter VLAN
Description A VLAN ID number.
Addr
IP address of a VLAN router.
Netmask
Subnet mask for the IP address.
MAC Address MAC destination address.
IGMP
Indicates if IGMP is enabled (or disabled) on the interface.
Snooping
Indicates if IGMP snooping is enabled (or disabled).
Querier
IP address of an IGMP querier.
Destination Traffic destination.
IGMP Proxy
Indicates if IGMP proxy is enabled (or disabled).
The following example displays the current IGMP configuration settings for the controller. (host) #show ip igmp config
IGMP Config ----------Name ---robustness-variable query-interval query-response-interval startup-query-interval startup-query-count
Value ----2 30 100 31 2
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip igmp | 1590
last-member-query-interval last-member-query-count version-1-router-present-timeout version-2-router-present-timeout max-members-per-group quick-client-convergence ssm-range
10 2 400 400 300 enabled IANA standard range. 232.0.0.0/8
The output of this command includes the following parameters:
Parameter robustness-variable
Description
This variable is increased from its default level of 2 to allow for expected packet loss on a subnetwork.
query-interval
Interval, in seconds, at which the controller sends host-query messages to the multicast group address 224.0.0.1 to solicit group membership information.
query-response-interval
Maximum time, in .1 second intervals, that can elapse between when the controller sends a host-query message and when it receives a response. This must be less than the queryinterval.
startup-query-count
Number of queries that the controller sends out on startup, separated by startup-query-interval. The default setting is the value of the robustness-variable parameter.
startup-query-interval
Interval, in seconds, at which the controller sends general queries on startup. The default value of this parameter is 1/4 of the query-interval.
last-member-query-count
Number of group-specific queries that the controller sends before assuming that there are no local group members.
last-member-query-interval
Maximum time, in seconds, that can elapse between groupspecific query messages.
version-1-router-present-timeout
Timeout, in seconds, if the controller detects a version 1 IGM router.
version-2-router-present-timeout Timeout, in seconds, if the controller detects a version 2 IGM router.
The following examples displays the information on IGMP groups :
(host) #show ip igmp group
IGMP Group Table
----------------
(Source,Group)
Members
--------------
-------
(172.12.2.2, 232.0.0.2) 2
(172.12.2.2, 232.0.0.1) 2
(*, 224.0.0.252)
2
(*, 239.255.255.250)
2
Total Groups: 4
(host) #show ip igmp group maddr 232.0.0.1 source 172.12.2.2
1591 | show ip igmp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
IGMP Group (172.12.2.2, 232.0.0.1) Table
----------------------------------------
Member
MAC
Vlan Destination Version Age
------
---
---- ----------- ------- ---
172.13.0.4
00:00:00:00:00:00 13 0/0/0
0
4
172.12.255.252 98:fc:11:c6:20:04 13 Tunnel 9
3
4
Related Commands
Command ip igmp
Description
This command configures Internet Group Management Protocol (IGMP) timers and counters.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing
Base operating system
Command Mode Available in Config or Enable mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip igmp | 1592
show ip mobile
show ip mobile active-domains binding [<host-ip>|<host-ipv6>|<host-macaddr>|brief] domain [<name>] global hat host [<host-ip>|<host-ipv6>|<host-macaddr>|brief] multicast-vlan-table [client-macaddr] packet-trace [<count>] remote <host-ip>|<host-ipv6>|<host-macaddr> trace <host-ip>|<host-ipv6>|<mac-addr>|{force <host-ip>|<mac-addr>} traffic dropped|foreign-agent|home-agent|proxy trail <host-ip>|<host-ipv6><host-macaddr> tunnel visitor [<host-ip>|<host-ipv6>|<host-macaddr>|brief]
Description
Display statistics and configuration information for the mobile protocol.
Syntax
Parameter active domains binding
[<host-ip>] [<host-ipv6>] [<host-macaddr>] [brief] domain [<name>]
global hat
Description
IP mobility domains active on this switch
Display a list of Home Agent Bindings
Filter the Home Agent Bindings list to display data for a specific host IPv4 address.
Filter the Home Agent Bindings list to display data for a specific host IPv6 address.
Filter the Home Agent Bindings list to display data for a specific host MAC address.
Limit the output of this command to show just two lines of data.
Display subnet, VLAN and home agent information for all mobility domains, or specify a mobility domain name to view data for that domain only.
View the current Mobility Agents global configuration
Display the Active Home Agent Table
1593 | show ip mobile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter host
Description Display a list of Mobile IP hosts.
[<host-ip>]
Filter the Mobile Host List to display data for a specific host IPv4 address.
[<host-ipv6>]
Filter the Mobile Host List to display data for a specific host IPv6 address.
[<host-macaddr>]
Filter the Mobile Host List to display data for a specific host MAC address.
[brief]
Limit the output of this command to show just two lines of data.
multicast-vlan-table
Displays mobility multicast VLAN table information.
mac
MAC address of the client.
packet-trace [<count>]
The output of this command shows when packets of different types were sent between a source IP or MAC address and a destination IP or MAC address.
remote <host-ip>|<host-ipv6>|<host-macaddr>
This is a debug command can be used to identify the controller associated with the specified client IPv4/IPv6 address or MAC address. The output of this command shows the home agent (HA) and foreign agent (FA) for a mobile client, as well as the client's roaming status.
trace
Show if the Mobile IP feature will poll remote controllers for mobility status of station
<host-ip>
Host IPv4 address.
<host-ipv6>
Host IPv6 address.
<mac-addr>
Host MAC address
force <host-ip>|<mac-addr>
Show if the Mobile IP feature will poll remote controllers for mobility status of station.
traffic
Display mobile IP protocol statistics for: l Proxy Mobile IP l Home Agent Registrations l Foreign Agent Registrations l Registration Revocations
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip mobile | 1594
Parameter dropped
Description Show only counters for dropped mobility traffic.
foreign-agent
Show only mobile IP foreign agent statistics.
A foreign agent is the controller which handles all mobile IP communication with a home agent on behalf of a roaming client.
home-agent
Show only mobile IP home agent statistics.
A home agent for a mobile client is the controller where the client first appears when it joins the mobility domain.
proxy
Show only counters for mobile IP proxy traffic.
trail <host-ip>|<host-ipv6>|<host-macaddr>
Show the mobile IP roaming trail by entering a host's IP(IPv4 or IPv6)or MAC address.
tunnel
Show the Mobile Tunnel Table for IPIP Tunnels.
visitor
Display a list of mobile nodes visiting a foreign agent.
[<host-ip>]
Filter the Foreign Agent Visitor list to display data for a specific host IPv4 address.
[<host-ipv6>]
Filter the Foreign Agent Visitor list to display data for a specific host IPv6 address.
[<host-macaddr>]
Filter the Foreign Agent Visitor list to display data for a specific host MAC address.
[brief]
Limit the output of this command to show just two lines of data.
Examples
The example below lists mobility domains configured on the controller, and shows information for any subnets defined on these domains.
(host) #show ip mobile domain Mobility Domains:, 2 domain(s) ------------------------------
Domain name default Home Agent Table, 0 subnet(s)
Domain name newdomain
Home Agent Table, 2 subnet(s)
subnet
mask
VlanId Home Agent
--------------- --------------- ------ ---------------
10.2.124.76
255.255.255.255 1
10.4.62.2
172.21.5.50
255.255.255.255 1
10.4.62.2
Description ----------------------Corporate mobility entry Reserved entries
1595 | show ip mobile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The output of this command includes the following parameters: Parameter Description Home Agent IP address of the home agent or mobility agent. Description Description of the HAT entry.
Use the show ip mobile host command to track mobile users.
(host) # show ip mobile host Mobile Host List, 1 host(s) --------------------------9c:b7:0d:3f:a6:dd 10.16.23.219 mob1 IPv4: 10.16.23.219 IPv6: fe80::826:aa9a:fe35:53e0 2004:deed::34 Roaming Status: Home Switch/Home VLAN, Service time 0 days 01:34:19 Home VLAN 623 on network 10.16.23.0/24 DHCP lease for PC at Sun Dec 23 20:32:00 2012 for 86400 secs from 10.16.28.1
The output of this command includes the following parameters:
Parameter <mac-addr> <ip-addr> Roaming Status Home VLAN DHCP lease
Description MAC and IP addresses of the host
Displays how long the host has used its current controller and VLAN.
VLAN ID, IP address and subnet of the home VLAN.
Displays the amount of time the station has had its current DHCP lease.
Related Commands
Command ip mobile active-domain
ip mobile domain ip mobile foreign-agent ip mobile home-agent ip mobile proxy
Description This command configures the mobility domain that is active on the controller.
This command configures the mobility domain on the controller.
This command configures the foreign agent for IP mobility.
This command configures the home agent for IP mobility.
This command configures the proxy mobile IP module in a mobilityenabled controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip mobile | 1596
Command ip mobile revocation
Description
This command configures the frequency at which registration revocation messages are sent.
ip mobile trail (deprecated) This command configures the capture of association trail for all devices.
Command History
Release ArubaOS 3.0 ArubaOS 6.4
Modification
Command introduced.
The multicast-vlan-table, ipv6, mac-address, parameters were introduced. The proxy-dhcp parameter was deprecated.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master or local controllers
1597 | show ip mobile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip nat pool
show ip nat pool
Description
Display pools of IP addresses for network address translation (NAT.
Syntax
No parameters
Examples
The example below shows the current NAT pool configuration on the controller.
(host) # show ip nat pools
NAT Pools
---------
Name Start IP
End IP
---- --------
---------
2net
2.1.1.1
DNAT IP ------2.1.1.125
The output of this command includes the following parameters:
Parameter Description
Name
Name of the NAT pool.
Start IP
IP address that defines the beginning of the range of source NAT addresses in the pool.
End IP
IP address that defines the end of the range of source NAT addresses in the pool.
DNAT IP
Destination NAT IP address, if defined.
Related Commands
Command ip nat
Description This command configures a pool of IP addresses for network address translation (NAT).
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms
All platforms
Licensing
Though this command is available in the operating system, you must have a PEFNG license to configure a NAT pool.
Command Mode
Available in Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip nat pool | 1598
1599 | show ip nat pool
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip nexthop-list
Description
Display nexthop list settings for policy-based routing.
Syntax
No parameters.
Usage Guidelines
A nexthop IP is the IP address of a adjacent router or device with layer-2 connectivity to the controller. The Nexthop list provides redundancy for the nexthop devices by forwarding the traffic to a backup nexthop device in case of failures. If active nexthop device on the list becomes unreachable, traffic matching a policybased routing ACL is forwarded using the highest-priority active nexthop on the list. For more information on this feature, see ip nexthop-list on page 540.
Example
The following command displays the configuration settings for the one configured nexthop list.
(host))# show ip nexthop-list
--------------------
Nexthop-list Name Nexthop-list Id
----------------- ---------------
NH_list_1
0x4401
Preemptive Failover ------------------Enabled
Active IP --------10.10.10.254
Nexthop IPs(Priority) --------------------10.18.2.254(2), 10.10.10.254(1)
The output of this command displays the following information
Parameter
Description
Nexthop-list Name Name of the nexthop list
Nexthop-list Id
Nexthop list ID assigned by the controller.
Preemptive Failover
This column indicates whether preemptive failover is enabled or disabled.
If preemption is enabled and a higher priority nexthop becomes reachable again, packets are again forwarded to the higher priority nexthop.
Active IP
Nexthop IPs(Priority)
IP address of the actively used nexthop device.
List of the IP addresses of all nexthop IPs, including the priority assigned to each device when the list was configured.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip nexthop-list | 1600
Related Commands
Command ip route
ip nexthop-list
Description
This command configures a static route on the controller. (These routes can use a nexthop list.)
Configure nexthop list settings for policy-based routing.
Command History
Version ArubaOS 6.4.3.0
Description Command introduced.
Command Information
Platform
License
Command Mode
Available on all platforms Available in the base operating system.
Config mode on master controllers
1601 | show ip nexthop-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip ospf
show ip ospf database debug route interface [tunnel|vlan] <id> neighbor rapng-vpn aggregate-routes <ip-addr> redistribute subnet
Description
Display statistics and configuration information for the Open Shortest Path First (OSPF) routing protocol.
Syntax
Parameter database
Description Show database information for the OSPF protocol.
debug route
Show debugging information for OSPF routes.
interface [tunnel|vlan] <id>
Display the status of OSPF on an individual interface by specifying a tunnel or VLAN ID number. The tunnel ID range is 1-16777215.
neighbor
Display data for OSPF neighboring routers.
rapng-vpn
Display IAP-VPN information.
aggregate-routes <ip-addr> Display IAP-VPN aggregate route information.
redistribute
Display OSPF route distribution information.
subnet
Display the subnets manually added to the Subnet Exclude List via the router ospf subnet exclude <addr> <mask>command.
Example
If you issue this command without any of the optional parameters described in the table above, the show ip ospf command will display general router and area settings for the OSPF.
(host) (config-subif)# show ip ospf OSPF is currently running with Router ID 123.45.110.200 Number of areas in this router is 1 Area 10.1.1.0
Number of interfaces in this area is 2 Area is totally stub area
SPF algorithm executed 0 times
The output of this command includes the following parameters.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip ospf | 1602
Parameter OSPF Router ID Number of areas Area
Description Verifies that OSPF is running and the router ID that OSPF is running on.
List the number of areas configured in the router.
Displays the Area ID followed by: l number of interfaces in the area l indicates if the area is a totally stub area l number of times the SPF algorithm has been executed
To display OSPF settings for an individual interface, you must specify a VLAN or tunnel ID number. The example below displays part of the output of the show ip ospf interface vlan command.
(host) # show ip ospf interface vlan 10 Vlan 3 is up, line protocol is up Internet Address 3.3.3.1, Mask 255.255.255.0, Area 10.1.1.1 Router ID 10.4.131.227, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State WAIT, Priority 1 Designated Router id 0.0.0.0, Interface Address 3.3.3.1 Backup designated Router id 0.0.0.0, Interface Address 3.3.3.1 Timer intervals configured, Hello 10, Dead 40, Retransmit 5 Neighbor Count is 0 Tx Stat: Hellos 1 DbDescr 0 LsReq 0 LsUpdate 0 LsAck 0 Pkts 1 Rx Stat: Hellos 0 DbDescr 0 LsReq 0 LsUpdate 0 LsAck 0 Pkts 0
DisCd 0 BadVer 0 BadNet 0 BadArea 0 BadDstAdr 0 BadAuType 0 BadAuth 0 BadNeigh 0 BadPckType 0 BadVirtLink 0
...
The output may include some or all of the following parameters.
Parameter Vlan <number>
Description Identifies that the interface type and ID are up and functional.
Internet Address
Internet address, network mask, and area assigned to the interface.
Router ID
Displays the router ID, that the network type is Broadcast, and the cost value.
Transmit Delay
Details of the transmit delay, state, and priority.
Designated Router
Details of the designated router ID and interface address.
Backup Designated Router ID
Details of the backup router ID and interface address.
Timer intervals configured Details of elapse time intervals for Hello, Dead, Transmit (wait), and retransmit.
1603 | show ip ospf
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Neighbor Count Tx Stat
Rx Stat
DisCd BadVer BadNet BadArea BadDstAdr BadAuType BadAuth BadNeigh BadPckType BadVirtLink
Description
Details the number of neighbors and adjacent neighbors.
Counters and statistics for transmitted data. l Hellos: Number of transmitted hello packets. These packets are sent
every hello interval. l DbDescr: Number of transmitted database description packets. l LsReq: Number of transmitted link state request packets. l LsUpdate: Number of transmitted link state update packets. l LsAck: Number of transmitted link state acknowledgment packets l Pkts: Total number of transmitted packets.
Counters and statistics for received data. l Hellos: Number of received hello packets. These packets are sent
every hello interval. l DbDescr: Number of received database description packets. l LsReq: Number of received link state request packets. l LsUpdate: Number of received link state update packets. l LsAck: Number of received link state acknowledgment packets l Pkts: Total number of received packets.
Number of received packets that are discarded.
Number of received packets that have bad OSPF version number.
Number of received packets that belong to different network than the local interface.
Number of received packets that belong to different area than the local interface.
Number of received packets that have wrong destination address.
Number of received packets that have different authentication type than the local interface.
Number of received packets where authentication failed.
Number of received packets which didn't have a valid neighbor.
Number of received packets that have wrong OSPF packet type.
Number of received packets that didn't match have a valid virtual link.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip ospf | 1604
Related Commands
Command ip ospf
Description Configure OSPF on the interface
router ospf
Configure OSPF on the router
Command History
Release ArubaOS 3.4 ArubaOS 6.0
Dell Networking W-Series ArubaOS 6.4.x ArubaOS 6.3.1
ArubaOS 6.4.3.0
Modification Command introduced
Added the options: area, default-cost, nssa, and default-information originate always
The redistribute and rapng-vpn aggregate-routes <ip-addr> parameters were introduced. The database parameter output now displays the link-state advertisement (LSA) type.
The tunnel ID limit was changed from 2147483647 to 16777215.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master or local controllers
1605 | show ip ospf
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip pppoe-info
show ip pppoe-info
Description
Display configuration settings for Point-to-Point Protocol over Ethernet (PPPoE).
Syntax
No parameters.
Examples
The example below shows the current PPPoE configuration. (host) #show ip pppoe-info
PPPoE username: rudolph123 PPPoE password: <HIDDEN> PPPoE service name: ppp2056 PPPoE VLAN: 22
The output of this command includes the following parameters:
Parameter PPPoE username
Description PAP username configured on the PPPoE access concentrator.
PPPoE password
If this parameter displays the word <HIDDEN>, a PAP password is configured on the PPPoE access concentrator. If this parameter is <NONE>, there is no PPOE password configured.
PPPoE service name PPPoE service name.
PPPoE VLAN
VLAN configured to use PPPoE to obtain an IP address via the command interface vlan <id> ip address pppoe.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip pppoe-info | 1606
show ip probe
show ip probe
Description
This command displays the settings for the WAN health-check ping-probes for measuring WAN reachability and latency.
Syntax
No parameters
Usage Guidelines
The health-check feature uses ping-probes for measuring WAN reachability and latency. Latency is calculated based on the round-trip time (RTT) of ping responses. Ping settings are configured globally using the ip probe default command.
Examples
The following command displays the current IP probe settings for the WAN health-check feature
(host) #show ip probe
IP Probe Entries
----------------
Name
Probe Mode Frequency(in sec)
----
---------- -----------------
default Ping
5
Retries ------3
Burst size ---------5
The output of this command contains the following information:
Column Name
Description
ArubaOS supports a single instance of ip probe profile, which is always named default.
Probe Mode
Ping is the only mode currently supported by this feature.
Frequency retries
Probe interval, in seconds. The WAN health-check feature sends the number of probes in the Burst Size column during each frequency interval.
Number of times the controller attempts to resend a probe.
burst-size
Number of probes sent during the probe frequency interval that appears in the Frequency column.
Related Commands
ip probe
1607 | show ip probe
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platform
License
Command Mode
Available on all platforms Available in the base operating system.
Config and Enable mode on master and local controllers
Command History
Release ArubaOS 6.4.3
Modification Command introduced
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip probe | 1608
show ip radius
show ip radius nas-ip|source-interface
Description
Display global parameters for configured RADIUS servers.
Syntax
Command nas-ip
source-interface
Description
Show the Network Access Server (NAS) IP address attribute sent in outgoing RADIUS requests
Show the source address of outgoing RADIUS requests
Examples
The example below shows the RADIUS client NAS IP address. (host) #show ip radius nas-ip
RADIUS client NAS IP address = 10.168.254.221
Related Commands
Command ip radius
Description
This command configures global parameters for configured RADIUS servers.
Command History
Introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master or local controllers
1609 | show ip radius
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip route
show ip route counters static stats
Description
View the Dell controller routing table.
Syntax
Command counters static
stats
Description Displays the number of routes present, categorized by type. Include this optional parameter to display only static routes. Displays route statistics.
Usage Guidelines
This command displays static routes configured on the controller via the ip route command. Use the ip defaultgateway command to set the default gateway to the IP address of the interface on the upstream router or switch to which you connect the controller.
Examples
The example below shows the ip address of routers and the VLANs to which they are connected.
(host) #show ip route Codes: C - connected, O - OSPF, R - RIP, S - static M - mgmt, U - route usable, * - candidate default, V - RAPNG VPN Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10 Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10 Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10 Gateway of last resort is 10.15.231.185 to network 0.0.0.0 at cost 1 S* 0.0.0.0/0 [1/0] via 10.15.231.185* O 10.15.228.0/27 [333/0] via 21.21.21.1* O 12.12.12.0/25 [0/0] via 21.21.21.1* O 22.22.22.0/24 [3/0] via 21.21.21.1* O 23.23.23.0/24 [2/0] via 21.21.21.1* O 25.25.25.0/24 [333/0] via 21.21.21.1* ... V 201.201.203.0/26 [10/0] ipsec map O 202.202.202.0/29 [0/0] via 21.21.21.1* C 192.100.2.0/24 is directly connected, VLAN2 C 10.15.231.184/29 is directly connected, VLAN1 C 172.16.0.0/24 is directly connected, VLAN3 C 21.21.21.0/24 is directly connected, VLAN21 C 5.5.0.2/32 is an ipsec map 10.15.149.30-5.5.0.2
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip route | 1610
Related Commands
Command ip radius
Description
This command configures global parameters for configured RADIUS servers.
Command History
Release ArubaOS 3.0 ArubaOS 6.3
Modification Command introduced Introduced counters parameter.
.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master or local controllers
1611 | show ip route
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipc statistics app-ap
show ipc statistics app-ap {am|sapd|sta} {ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ipaddr>}
Description
Display Inter Process Communication (IPC) statistics for a specific AP or BSSID.
Syntax
Parameter am sapd stm ap-name <ap-name> bssid <bssid>
ip-addr <ip-addr>
Description Show IPC statistics for an air monitor.
Show IPC statistics for the SAPD process.
Show IPC statistics for station management communications.
Show IPC statistics for an AP with a specific name.
Show IPC statistics for a specific Basic Service Set Identifier (BSSID). An AP's BSSID is usually the AP's MAC address.
Show IPC statistics for an AP with a specific IP address. Enter the IP address in dotted-decimal format.
Usage Guidelines
Issue this command at the request of Dell support to troubleshoot application errors.
Example
The following example shows IPC statistics for the SAPD process on an AP named mpp125.
(host) #show ipc statistics app-ap sapd ap-name mpp125
Local Statistics
To application
Tx Msg Tx Blk Tx Ret Tx Fail Rx Ack Rx Msg Rx Drop Rx Err Tx
Ack
MESH
3
0
1
0
3
1
1
0
1
RF Client
1
0
0
0
1
1
0
0
1
STM
1
0
0
0
1
0
0
0
0
Nanny
1
0
0
0
1
0
0
0
0
Remote Statistics
To application
Tx Msg Tx Blk Tx Ret Tx Fail Rx Ack Rx Msg Rx Drop Rx Err Tx
Ack
AMAPI CLI Client
0
0
0
0
0
1
0
0
1
STM
248
0
0
0
0
248
0
0
0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipc statistics app-ap | 1612
Allocated Buffers 0
Static Buffers
1
Static Buffer Size 1444
The output of this command includes the following data columns:
Parameter Tx Msg
Description Number of transmitted messages.
Tx Blk
Number of blocking messages transmitted.
Tx Ret
Number of transmitted messages that were returned.
Tx Fail
Number of failure messages that were transmitted.
Rx Ack
Number of received acknowledgements.
Rx Msg
Number of received messages.
Rx Drop
Number of received messages that were dropped.
Rx Err
Number of received messages with errors.
Tx Ack
Number of transmitted acknowledgements.
Allocated Buffers
Number of allocated buffers for IPC messages.
Static Buffers
Number of static buffers for IPC messages.
Static Buffer Size
Size of the static buffer.
Command History
This command was available in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
1613 | show ipc statistics app-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipc statistics app-id
show ipc statistics app-id <app-id>
Description
Display Inter Process Communication (IPC) statistics for a specific AP or BSSID.
Syntax
Parameter <app-id>
Description Application ID number. This number must be obtained from Dell support.
Usage Guidelines
Issue this command at the request of Dell support to troubleshoot application errors.
Command History
This command was available in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipc statistics app-id | 1614
show ipc statistics app-name
show ipc statistics app-name <name>
Description
Display Inter Process Communication (IPC) statistics for a specific application.
Syntax
Parameter
Description
<name>
One of the following application names: l aaa: Administrator Authentication l ads: Anomaly Detection l auth-resp: Authentication
Response l authmgr: User Authentication l certmgr: Certificate Manager l cfgm: Config Manager l cpsec: Control-Plane Security
Manager l cts: Transport Service l dbsync: Database Synchronization l dds: Distributed data store l dhcp: DHCP Server l esi: Server Load Balancing l fpapps: Layer 2,3 control l gsmmgr: GSM manager l ha_mgr: HA manager l httpd: HTTPD l ike: IKE Daemon l l2tp: L2TP l licensemgr: License Manager l mdns: AirGroup mdns l mobileip: Mobile IP
l ntp: NTP Daemon l ospf: OSPF l phonehome: PhoneHome l pim: Protocol Independent
Multicast l pktfilter: Packet Filter l pptp: PPTP l profmgr: Profile Manager l publisher: Publish subscribe
service l resolver: Resolver l sapm: SAPM l snmp: SNMP agent l stm: Station Management l stm-lopri: Station Management
Low Priority l syslogd: Syslog Manager l ucm: l userdb: User Database Server l wms: Wireless Management
Example
The following example shows IPC statistics for the STM process. (host) #show ipc statistics app-name stm
Local Statistics
1615 | show ipc statistics app-name
Dell Networking W-Series ArubaOS 6.4.x | User Guide
To application
Tx Msg Tx Blk Tx Ret Tx Fail Rx Ack Rx Msg Rx Drop Rx Err Tx
Ack
AMAPI Web Client
0
0
0
0
0 34405
0
0
34405
Layer2/3
233098
1
0
0 233095
12
0
0
12
Authentication Se 1076236
0
0
0 1076236
0
0
0
0
Authentication
54494
7448
54
1 54050 468811
0
0
0
Publisher
4
0
0
0
4
2
52
0
2
AMAPI CLI Client
1
0
0
0
1
702
0
0
702
Profile Manager
1
1
0
0
1
0
0
0
0
Mobile IP
1120303
0
0
0 1076236
1
0
0
0
Syslog Manager
2
2
0
0
2
0
0
0
0
WMS
0
0
0
0
0
19
0
0
19
PIM
2
1
0
0
2
1
1
0
1
Configuration Man
2
1
0
0
2
13
0
0
12
License Manager
1
1
0
0
1
0
0
0
0
Datapath
3281237 66425
1
0 1907552 1382289
104
6
0
Nanny
1
0
0
0
0
0
0
0
0
Remote Statistics
To application
Tx Msg Tx Blk Tx Ret Tx Fail Rx Ack Rx Msg Rx Drop Rx Err Tx
Ack
WMS
59
0
0
0
59
0
0
0
0
STM
54983
0
0
0
0 1527435
0
0
0
Allocated Buffers 0
Static Buffers
4
Static Buffer Size 1400
The output of this command includes the following data columns:
Parameter Tx Msg
Description Number of transmitted messages.
Tx Blk
Number of blocking messages transmitted.
Tx Ret
Number of transmitted messages that were returned.
Tx Fail
Number of failure messages that were transmitted.
Rx Ack
Number of received acknowledgements.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipc statistics app-name | 1616
Parameter Rx Msg Rx Drop Rx Err Tx Ack Allocated Buffers Static Buffers Static Buffer Size
Description Number of received messages. Number of received messages that were dropped. Number of received messages with errors. Number of transmitted acknowledgements. Number of allocated buffers for IPC messages. Number of static buffers for IPC messages. Size of the static buffer.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1617 | show ipc statistics app-name
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv4 user-table
show ipv4 user-table ap-group <ap-group> ap-name <ap-name> authentication-method dot1x|mac|opensystem|psk|stateful-dot1x|via-vpn|vpn|web bssid <A:B:C:D:E:F> debug essid <STRING> internal ip <addr> [log] mac <A:B:C:D:E:F> mobile {[bindings][visitors]} name <STRING> phy-type {[a]|[b]} role <STRING> rows <NUMBER> <NUMBER> station verbose
Description
Displays IPv4 user table entries. You can filter the output based on various parameters are described in table.
Syntax
Parameter ap-group <ap-group>
Description
Filter the output of this command by showing users connected to APs that belong to the specified AP group.
ap-name <ap-name>
Filter the output of this command by showing users connected to an AP with the specified AP name.
authentication-method
Filter the output of this command by the authentication method used for the device:
dot1x
Show data for devices using 802.1X authentication.
mac
Show data for devices using MAC authentication.
opensystem
Show data for devices using open (no) authentication.
psk
Show data for devices that do not use authentication but use a pre-shared key
for encryption.
stateful-dot1x
Show data for devices using stateful 802.1X authentication.
via-vpn
Show data for devices that authenticate using Dell VIA.
vpn
Show data for devices using VPN authentication.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv4 user-table | 1618
Parameter web
bssid debug essid internal ip <A.B.C.D>
log mac mobile
name phy-type role rows station verbose
Description Show data for devices using captive portal authentication.
Displays entries in the IPv4 user-table that are associated to the specified BSSID.
Displays entries in the IPv4 user-table that are in debug mode.
Displays entries in the IPv4 user-table that are associated to the specified ESSID. If the ESSID includes spaces, you must enclose it in quotation marks.
Displays internal IPv4 users.
Displays IPv4 users that match the specified IPv4 IP address. Displays the log information for the specified IPv4 client. Displays users with the specified MAC address.
Displays list of mobile users in the IPv4 user table. The following filters are available for this parameter: l bindings--list of users that have moved away from the current controller. l rows--displays entries that match the specified row number. l unique--displays unique entries in the IPv6 user-table. l visitors--displays users that have associated with the current controller.
Displays IPv4 user table entries that match the specified name.
Displays IPv4 user table entries that match a or b phy-type.
Displays IPv4 user table entries that match the specified role.
Displays specific rows in the IPv4 user table. Enter the starting row number and the number of rows to be displayed.
Displays the station table information for the IPv4 user table entries.
Displays the complete IPv4 user table with all details.
Example
This example displays a list of users.
(host) #show ipv4 user-table
Users
-----
IP
MAC
Name
VPN link AP name
Roaming
Forward mode Type
Host Name
Essid/Bssid/Phy
Role
Age(d:h:m) Auth Profile
1619 | show ipv4 user-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
----------
------------
------
----
----------
---- -------- -------
------- ---------------
-------
------------ ----
---------
10.20.102.175 08:70:45:43:b5:e5 iakasapu
employee 00:01:11
802.1x
SH-1F-11
Wireless alpha-voip/d8:c7:c8:44:31:40/g-HT aplha-india
tunnel
iPhone
10.20.102.176 58:94:6b:79:7b:ec ALCATEL-LUCENT\john
employee 00:01:20
802.1x
SH-1F-06
Wireless alpha-wpa2/6c:f3:7f:4a:47:91/a-HT aplha-india
tunnel
Win 7
10.16.82.1
24:77:03:d1:07:ac ALCATEL-LUCENT\jerry
employee 00:01:42
802.1x
SH-1F-19
Wireless alpha-wpa2/6c:f3:7f:e7:45:b1/a-HT aplha-india
tunnel
Windows
10.20.102.229 58:c3:8b:5f:76:1e allan@example.com
employee 00:00:02 802.1x
SH-3F-06
Wireless alpha-voip/00:24:6c:80:74:00/g-HT aplha-india
tunnel
Android
10.20.102.113 24:77:03:cf:ff:98 ALCATEL-LUCENT\laura
employee 00:01:27
802.1x
SH-GF-1
Wireless alpha-wpa2/d8:c7:c8:44:2c:51/a-HT aplha-india
tunnel
Win 7
10.20.102.36
00:27:10:5c:b5:38 mbabu
employee 00:01:04
802.1x
SH-1F-13
Wireless alpha-wpa2/d8:c7:c8:89:c9:f1/a-HT aplha-india
tunnel
Win 7 BLR-MBABU-T410
10.20.102.131 58:94:6b:7a:40:c0 ALCATEL-LUCENT\sneeralgi
employee 00:00:53
802.1x
SH-3F-05
Wireless alpha-wpa2/00:24:6c:80:50:28/a-HT aplha-india
tunnel
Win 7
10.20.102.156 84:7a:88:05:72:1b hvyas
employee 00:01:19
802.1x
SH-1F-22
Wireless alpha-wpa2/6c:f3:7f:e7:44:d1/a-VHT aplha-india
tunnel
Android
(host) #show ipv4 user-table authentication-method dot1x
Users
-----
IP
MAC
Name
Role
Age(d:h:m) Auth
VPN link AP name
Roaming Essid/Bssid/Phy
Profile
Forward mode Type
Host Name
----------
------------
------
----
----------
---- -------- -------
------- ---------------
-------
------------ ----
---------
10.20.102.175 08:70:45:43:b5:e5 iakasapu
employee 00:01:12
802.1x
SH-1F-11
Wireless alpha-voip/d8:c7:c8:44:31:40/g-HT aplha-india
tunnel
iPhone
10.20.102.176 58:94:6b:79:7b:ec ALCATEL-LUCENT\skilladi
employee 00:01:21
802.1x
SH-1F-06
Wireless alpha-wpa2/6c:f3:7f:4a:47:91/a-HT aplha-india
tunnel
Win 7
10.16.82.1
24:77:03:d1:07:ac ALCATEL-LuCENT\nchudasma
employee 00:01:43
802.1x
SH-1F-19
Wireless alpha-wpa2/6c:f3:7f:e7:45:b1/a-HT aplha-india
tunnel
Windows
10.20.102.229 58:c3:8b:5f:76:1e allan@example.com
employee 00:00:03 802.1x
SH-3F-06
Wireless alpha-voip/00:24:6c:80:74:00/g-HT aplha-india
tunnel
Android
10.20.102.113 24:77:03:cf:ff:98 ALCATEL-LUCENT\aismail
employee 00:01:27
802.1x
SH-GF-1
Wireless alpha-wpa2/d8:c7:c8:44:2c:51/a-HT aplha-india
tunnel
Win 7
10.20.102.36
00:27:10:5c:b5:38 mbabu
employee 00:01:05
802.1x
SH-1F-13
Wireless alpha-wpa2/d8:c7:c8:89:c9:f1/a-HT aplha-india
tunnel
Win 7 BLR-MBABU-T410
10.20.102.131 58:94:6b:7a:40:c0 ALCATEL-LUCENT\sneeralgi
employee 00:00:54
802.1x
SH-3F-05
Wireless alpha-wpa2/00:24:6c:80:50:28/a-HT aplha-india
tunnel
Win 7
The output of this command includes the following parameters:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv4 user-table | 1620
Parameter IP MAC Name Role Age (d:h:m) Auth AP name Roaming Essid/Bssid/Phy Profile
Description IP address of the client in that row that authenticating using dot1x MAC address of the client. Name of the client. The role assigned to the client. Total time that client is connected to controller. Authentication type. Name of the AP associated with the client. Current roaming status of the client. ESSID/BSSID/Phy to which the client is associated. Displays the AAA profile.
Command History
Release ArubaOS 3.3 ArubaOS 6.3
Modification
Command introduced
The optional log parameter was introduced to display log files for events triggered by a specific user. Only W-6000, W-3600 and W-7200 Series controllers support per-user logging.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
1621 | show ipv4 user-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 access-list (deprecated)
show ipv6 access-list [<string> | brief]
Description
Displays IPv6 access list configured in the controller.
Syntax
Parameter string brief
Description To view details of a specific ACL. To view a summary of all IPv6 ACLs.
Command History
Version ArubaOS 3.3 ArubaOS 6.1
Modification
Command introduced
Command deprecated. This command has been replaced by the show ip access-list command.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 access-list (deprecated) | 1622
show ipv6 datapath session counters (deprecated)
show ipv6 datapath session counters
Description
Displays datapath session table statistics.
Command History
Version ArubaOS 1.0
Modification Command introduced
ArubaOS 6.1
Command deprecated. This command has been replaced by the show datapath session ipv6 counters command.
1623 | show ipv6 datapath session counters (deprecated)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 datapath session table (deprecated)
show ipv6 datapath session table <IPv6 Address>
Description
Displays current IPv6 session on the controller.
Syntax
Parameter <IPv6 IP Address>
Description
Optional parameter. If specified, displays IPv6 datapath session table for that IP address. By default, displays session table for all IPv6 addresses.
Command History
Version ArubaOS 3.0 ArubaOS 6.1
Modification
Command introduced
Command deprecated. This command has been replaced by the show datapath session ipv6 table command.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 datapath session table (deprecated) | 1624
show ipv6 datapath user counters (deprecated)
show ipv6 datapath user counters
Description
Displays datapath user table statistics.
Command History
Version ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
Command deprecated. This command has been replaced by the show datapath user ipv6 command.
1625 | show ipv6 datapath user counters (deprecated)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 datapath user table (deprecated)
show ipv6 datapath user table
Description
Displays ipv6 datapath user table entries.
Command History
Version ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
Command deprecated. This command has been replaced by the show datapath user ipv6 command.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 datapath user table (deprecated) | 1626
show ipv6 dhcp
show ipv6 dhcp binding database [pool<pool_name>]
Description
Shows DHCPv6 server settings.
Syntax
Parameter binding database statistics
Description Show DHCPv6 server bindings. Show DHCPv6 server settings. Show DHCPv6 pool statistics.
Examples
The example below shows the DHCPv6 database:
(host)#show ipv6 dhcp database
DHCPv6 enabled
# 2001-feed-64-nw subnet6 2001:feed::/120 {
option vendor-class-identifier "ArubaAP"; option dhcp6.vendor-opts "2001:feed::235"; range6 2001:feed::1 2001:feed::234; range6 2001:feed::236 2001:feed::ffff:ffff:ffff:fffe; } # 2003-feed-64-nw subnet6 2003:feed::/120 { option vendor-class-identifier "ArubaAP"; option dhcp6.vendor-opts "2001:feed::235"; range6 2003:feed::1 2003:feed::234; range6 2003:feed::236 2003:feed::ffff:ffff:ffff:fffe; } # DHCPv6 subnet6 2001:470:faca:4::/120 { default-lease-time 43200; max-lease-time 43200; option dhcp6.domain-search "test.org"; option vendor-class-identifier "ArubaAP"; option dhcp6.vendor-opts "2001:feed::235"; option dhcp6.name-servers 2001:470:20::2; option dhcp6.preference 25; option dhcp6.usr-opt-24-DHCPv6 "Domain Search List"; range6 2001:470:20::1 2001:470:faca:4::1; range6 2001:470:20::3 2001:470:faca:4:ffff:ffff:ffff:fffe; }
1627 | show ipv6 dhcp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The example below shows the DHCPv6 database for a specific pool:
(host) (config) #show ipv6 dhcp database [pool <pool-name>] (host) (config) #show ipv6 dhcp database pool DHCPv6
# DHCPv6 subnet6 2001:470:faca:4::/120 {
default-lease-time 43200; max-lease-time 43200; option dhcp6.domain-search "test.org"; option vendor-class-identifier "ArubaAP"; option dhcp6.vendor-opts "2001:feed::235"; option dhcp6.name-servers 2001:470:20::2; option dhcp6.preference 25; option dhcp6.usr-opt-24-DHCPv6 "Domain Search List"; range6 2001:470:20::1 2001:470:faca:4::1; range6 2001:470:20::3 2001:470:faca:4:ffff:ffff:ffff:fffe; }
The example below shows the DHCPv6 binding information:
(host)# show ipv6 dhcp binding # Client: fe80::1cf:2e1:cd13:356b; IA ID 0x13001f3c ia-na "\023\000\037<\000\001\000\001\030\223\211\242\000%\263J\372\364" { cltt epoch 1364206514; # Mon Mar 25 15:45:14 2013 iaaddr 2001:470:faca:4:21a:1eff:fe00:9e6 { binding state expired; preferred-life 187; max-life 300; ends epoch 1364206814; # Mon Mar 25 15:50:14 2013 }
The example below shows the DHCPv6 active pools:
(host) #show ipv6 dhcp active-pools
DHCPv6 Active Pools ------------------Vlan Pool Name ---- --------10 DHCPv6
Related Commands
Command ipv6 dhcp pool
Description This command configures a DHCPv6 pool on the controller.
Command History
Introduced in ArubaOS 6.3.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 dhcp | 1628
show ipv6 firewall
show ipv6 firewall
Example
This example displays the status of all firewall configurations.
(host) #show ipv6 firewall
Global IPv6 firewall policies ----------------------------Policy -----Monitor ping attack Monitor TCP SYN attack Monitor IPv6 sessions attack Deny inter user bridging Deny all IPv6 fragments Per-packet logging Enforce TCP handshake before allowing data Prohibit RST replay attack Session Idle Timeout Session mirror destination Prohibit IPv6 Spoofing Enable IPv6 Stateful Firewall
Action -----Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled
Rate ----
Slot/Port ---------
The output of this command includes the following parameters:
Parameter Monitor ping attack Monitor TCP SYN attack Monitor IPv6 sessions attack
Deny inter user bridging
Deny all IPv6 fragments
Description
If enabled, the controller monitors the number of ICMP pings per second. If this value exceeds the maximum configured rate, the controller will register a denial of service attack.
If enabled, the controller monitors the number of TCP SYN messages per second. If this value exceeds the maximum configured rate, the controller will register a denial of service attack.
If enabled, the controller monitors the number of TCP session requests per second. If this value exceeds the maximum configured rate, the controller will register a denial of service attack sessions.
If enabled this setting prevents the forwarding of Layer-2 traffic between wired or wireless users. You can configure user role policies that prevent Layer-3 traffic between users or networks but this does not block Layer-2 traffic.
If enabled, all IPv6 fragments are dropped.
1629 | show ipv6 firewall
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Per-packet logging
Description
If active, and logging is enabled for the corresponding session rule, this feature logs every packet.
Enforce TCP handshake before allowing data
If enabled, this feature prevents data from passing between two clients until the three-way TCP handshake has been performed. Enabling this option causes mobility to fail. So, disable this option if you have mobile clients on the network as.
Prohibit RST replay attack
If enabled, this setting closes a TCP connection in both directions if a TCP RST is received from either direction.
Session Idle Timeout
Shows if a session idle timeout interval has been defined.
Session mirror destination
Destination to which mirrored packets are sent.
Prohibit IPv6 Spoofing
Status on IPv6 spoofing. When this option is enabled, IP and MAC addresses are checked; possible IP spoofing attacks are logged and an SNMP trap is sent.
Enable IPv6 Stateful Firewall
Shows if IPv6 stateful firewall is enabled.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 firewall | 1630
show ipv6 interface
show ipv6 interface [brief]
Description
View IPv6-related information on all interfaces.
Syntax
Parameter brief
Description
Optional parameter. If specified, displays the IPv6-related information on all the interfaces in a summary format.
Example
(host) #show IPv6 interface VLAN1 is up line protocol is down IPv6 Router Advertisements are disabled IPv6 is disabled VLAN46 is up line protocol is up IPv6 is enabled, link-local address is fe80::1a:1e00:2e00:9f0 Global unicast address(es): 2046:eab::25, subnet is 2046:eab::/64 IPv6 Router Advertisements are disabled VLAN50 is up line protocol is up IPv6 Router Advertisements are disabled IPv6 is disabled VLAN10 is up line protocol is up IPv6 is enabled, link-local address is fe80::1a:1e00:a00:9f0 Global unicast address(es): 2010:eab::1, subnet is 2010:eab::/64 fc01:eab::1, subnet is fc01:eab::/64 IPv6 Router Advertisements are enabled loopback is up line protocol is up IPv6 is enabled, link-local address is fe80::1a:1e0f:ff00:9f0 Global unicast address: 2046:eab::2, subnet is 2046:eab::2/128 TUNNEL2 is up line protocol is up tunnel mode is Layer2 IPv6 GRE, tunnel vlan 10 tunnel source ipv6 address is 2046:eab::25 tunnel destination ipv6 address is 2047:eab::25
(host) #show ipv6 interface brief
Interface
[Status/Protocol]
vlan 800
[ up/up ]
unassigned
vlan 1
[ up/down]
unassigned
vlan 802
[ up/up ]
fe80::b:8603:226d:863c/64
2082::802:1/64
vlan 32
[ up/up ]
unassigned
vlan 801
[ up/up ]
fe80::b:8603:216d:863c/64
2005:81::1/64
1631 | show ipv6 interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
vlan 50
[ up/down]
fe80::b:8600:326d:863c/64
2050:3::50:1/64
loopback
[ up/up ]
fe80::b:860f:ff6d:863c/64
mgmt
[down/down]
unassigned
tunnel 2
[ up/up ]
unassigned
The following table details the columns and content in the show command.
Column Interface
Status/Protocol
Description
List the interface and interface identification with the IPv6 address and netmask for the interface, if configured.
States the administrative status and the IPv6 status on the interface. Enabled--up Disabled--down
Command History
Release ArubaOS 6.1 ArubaOS 6.4
Modification Command introduced The tunnel parameter was introduced in the output.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 interface | 1632
show ipv6 mld config
show ipv6 mld config
Description
Displays Multicast Listener Discover (MLD) configuration details.
Example
This example displays the current MLD configuration values. (host) #show ipv6 mld config
MLD Config ---------Name ---robustness-variable query-interval query-response-interval ssm-range
Value ----2 125 100 FF3X::4000:1 - FF3X::FFFF:FFFF
The output of this command includes the following parameters:
Parameter robustness-variable
query-interval query-response-interval
ssm-range
Description
Denotes the value that is used to calculate the timeout value of an MLD client.
Denotes the time interval at which the MLD query is sent.
Denotes the time interval at which the MLD query response should be received.
Denotes the source specific multicast range. When you enter the SSM Range ensure that the upstream router has the same range, else the multicast stream would be dropped. Note: Only SSM enabled clients can subscribe to the multicast stream in the multicast range. The default ssm-range in case of IPv6 is FF3X::4000:1 - FF3X::FFFF:FFFF, this range is configurable. If MLDv1 or a non SSM client sends a report on a specified SSM range, it is rejected by the controller.
Command History
Release ArubaOS 3.3 ArubaOS 6.4
Modification Command introduced. The ssm-range parameter was introduced.
1633 | show ipv6 mld config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 mld config | 1634
show ipv6 mld counters
show ipv6 mld counters
Description
Displays the statistics of MLD.
Example
This example displays the MLD statistics for the following values.
(host) #show ipv6 mld counters
MLD Statistics -------------Name ---received-total received-queries received-v1-reports received-leaves received-unknown-types len-errors checksum-errors not-vlan-dr transmitted-queries forwarded
Value ----0 0 0 0 0 0 0 0 0 0
The output of this command includes the following parameters:
Parameter received-total
Description The total number of MLD messages.
received-queries
The total number of MLD queries.
received-v1-reports
The total number of MLD v1 reports received.
received-leaves
The total number of MLD v1 leave messages received.
received-unknown-types The total number of unrecognized messages received.
len-errors
The total number of error message where the length check has failed.
checksum-errors
The total number of error message where the checksum has failed.
not-vlan-dr
The number of messages received for which the current controller is not the designated router.
transmitted-queries
The total number of transmitted MLD queries.
1635 | show ipv6 mld counters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter forwarded
Description The total number of MLD messages forwarded.
Command History
This command was available in ArubaOS 3.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 mld counters | 1636
show ipv6 mld group
show ipv6 mld group
Example
This example displays MLD group details. (host) #show ipv6 mld group
MLD Group Table
---------------
Group
Members Mode
Age
-----
------- ----
---
ff02::1:ff00:0
2
Exclude 4
ff02::1:ff00:1900 2
Exclude 1
ff1e::2
2
Include 0
ff02::1:3
4
Exclude 1
ff02::202
2
Exclude 4
ff02::2
3
Exclude 1
ff02::1:ff20:d6e2 2
Exclude 4
ff02::c
4
Exclude 2
ff02::1:ffab:4027 2
Exclude 6
ff02::d
2
Exclude 1
ff02::1:ff00:12 2
Exclude 4
ff02::1:ffd6:4d41 1
Exclude 7
ff02::16
2
Exclude 1
ff02::1:ffd6:4d40 1
Exclude 1
ff02::1:ff8a:4951 2
Exclude 4
ff02::1:ff5b:aac4 2
Exclude 11
ff02::1:ff9f:df01 2
Exclude 3
Total Groups: 17
The output of this command includes the following parameters:
Parameter Group Members Mode
Age
Description
Name of MLD groups.
Number of members in an MLD group.
Controller supports two IPv6 multicast source filtering modes - Include and Exclude.In Include mode, the reception of packets sent to a specified multicast address is enabled only from the source addresses listed in the source list. In Exclude mode, the reception of packets sent to a specific multicast address is enabled from all source addresses (MLDv1 mode).
This parameter specifies the aging time.
This example displays MLD group address details. (host) #show ipv6 mld group maddr ff1e::2 mac 9c:b7:0d:3f:a8:fc
MLD member 9c:b7:0d:3f:a8:fc Table
----------------------------------
Source
Age
------
---
2001:feed::2 26
1637 | show ipv6 mld group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
The output of the show ipv6 mld group command includes the following parameters:
Parameter Source Age
Description IP address of the multicast source. This parameter specifies the aging time.
Command History
Release ArubaOS 3.3 ArubaOS 6.4
Modification Command introduced The mode and age parameters were introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 mld group | 1638
show ipv6 mld interface
show ipv6 mld interface
Example
This example displays MLD status on VLANs. To view details for a specific VLAN, you can specify the VLAN ID. (host) #show ipv6 mld interface
MLD Interface Table
-------------------
VLAN Link local address
Upstream port
---- ------------------
------
1
::
160 ::
Snooping
--------
disabled disabled
Proxy
-----
disabled disabled
Querier
-------
:: ::
Querier-dest
------------
unknown unknown
Upstream querier
----------------
:: ::
-------
-
The output of this command includes the following parameters:
Parameter VLAN Link local address Snooping
Description Denotes the VLAN ID. IP address of the VLAN interface. Status of MLD snooping.
Proxy Querier Querier-dest Upstream querier Upstream port
Status of MLD proxy configuration. IPv6 address of the MLD querier for the VLAN. Denotes the destination of MLD querier on VLAN. Denotes the address of upstream MLD querier on VLAN. Denotes the destination of upstream MLD querier on VLAN.
Command History
This command was available in ArubaOS 3.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers.
1639 | show ipv6 mld interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 mld proxy-group
show ipv6 mld proxy-group [vlan <vlan>]
Example
This example displays MLD proxy-group details.
(host) #show ipv6 mld proxy-group
MLD Proxy Group Table
---------------------
VLAN Addr
Group
---- ----
-----
10 fe80::b:8600:a61:cc5c ff1e::5
10 fe80::b:8600:a61:cc5c ff02::1:ff9e:dc4c
10 fe80::b:8600:a61:cc5c ff02::1:3
10 fe80::b:8600:a61:cc5c ff02::1:ff83:d718
10 fe80::b:8600:a61:cc5c ff02::1:ff13:356b
10 fe80::b:8600:a61:cc5c ff02::c
Total displayed proxy groups: 6
Num Members ----------2 1 2 1 1 2
The output of this command includes the following parameters:
Parameter VLAN Addr Group Num Members
Description Denotes the VLAN ID. IP address of the VLAN interface. Name of MLD group. Number of members in an MLD group.
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 mld proxy-group | 1640
show ipv6 mld proxy-stats
show ipv6 mld proxy-stats
Example
This example displays the status of the MLD proxy.
(host) #show ipv6 mld proxy-stats
MLD Proxy Statistics(Upstream)
------------------------------
Name
Sent Received
----
---- --------
Queries -
39
Joins 51 112
Leaves 9
0
The output of this command includes the following parameters:
Parameter Name Sent Received
Description Type of packet. Number of packets sent. Number of packets received.
Command History
This command was available in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
1641 | show ipv6 mld proxy-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 mld proxy-mobility-group
show ipv6 mld proxy-mobility-group [maddr <maddr>]
Example
This example displays MLD proxy-mobility-group details.
(host) #show ipv6 mld proxy-mobility-group MLD MIP Group Table ------------------Group Members ----- ------ff1e::2 1 ff02::1:3 2 ff02::c 1
The output of this command includes the following parameters:
Parameter Group Members
Description Name of MLD mobility group. Number of members in an MLD mobility group.
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 mld proxy-mobility-group | 1642
show ipv6 mld proxy-mobility-stats
show ipv6 mld proxy-mobility-stats
Example
This example displays the details of MLD proxy-mobility statistics. (host) #show ipv6 mld proxy-mobility-stats
MLD Mobility Multicast Statistics
---------------------------------
Name
Sent Received
----
---- --------
Joins
-
2
Leaves
-
0
Intra-move
-
1
Inter-move
-
0
Client-away
-
0
Back-home
-
0
Query-db
-
0
Query-foreign-db -
0
Query-home-db
-
0
Add-visitor
-
0
Replies
0
-
The output of this command includes the following parameters:
Parameter Name Sent Received
Description Type of packet. Number of packets sent. Number of packets received.
Command History
This command was available in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
1643 | show ipv6 mld proxy-mobility-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 neighbors
show ipv6 neighbors
Description
Displays the IPv6 neighbors configured on a VLAN interface.
Usage Guidelines
This command displays the IPv6 neighbors configured on a VLAN interface via the ipv6 neighbor command.
Examples
The example below shows the ipv6 neighbors configured on VLAN 1 .
(host) #show ipv6 neighbors vlan 1
IPv6 Neighbors
--------------
IPv6 Address
Age Link-layer Addr State
Interface
------------
--- --------------- -----
---------
2cce:205:160:100::fe - 00:0b:86:61:13:28 PERMANENT vlan 1
Command History
Introduced in ArubaOS 6.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 neighbors | 1644
show ipv6 ra status
show ipv6 ra status
Description
Displays the IPv6 RA status on the VLAN interfaces.
Usage Guidelines
This command displays the IPv6 RA status on the VLAN interfaces.
Examples
The example below shows the IPv6 RA status on the VLAN interfaces .
(host) #show ipv6 ra status
IPv6 RA Status
--------------
VlanId State
------ -----
1
enabled
220
enabled
230
enabled
7
enabled
Prefix(es) ---------2001:abcd:1234:dead::/64 2200:eab:feed:12::/64 2300:eab:feed::/64 2001:470:faca:2::/64 2001:470:faca:3::/64 2001:470:faca:4::/64
Command History
Introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master or local controllers
1645 | show ipv6 ra status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 route
show ipv6 route [counters | static]
Description
Displays the Dell controller IPv6 routing table.
Syntax
Command counters static
Description Displays the number of routes present, categorized by type. Include this optional parameter to display only static IPv6 routes.
Usage Guidelines
This command displays static IPv6 routes configured on the controller via the ipv6 route command. Use the ipv6 default-gateway command to set the default gateway to the IPv6 address of the interface on the upstream router or switch to which you connect the controller.
Examples
The examples below show the ipv6 address of routers and the VLANs to which they are connected.
(host) #show ipv6 route
Codes: C - connected, O - OSPF, R - RIP, S - static M - mgmt, U - route usable, * - candidate default
Gateway of last resort is 2001::3 to network ::/128 at cost 1 S* ::/0 [1/0] via 2001::3* C 2001::/64 is directly connected, VLAN1 C 2010:abcd:1234:dead::/64 is directly connected, VLAN10
(host) #show ipv6 route static
Gateway of last resort is 2001::3 to network ::/128 at cost 1 S* ::/0 [1/0] via 2001::3*
Command History
Release ArubaOS 6.1 ArubaOS 6.3
Modification Command introduced. Introduced counters parameter.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 route | 1646
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master or local controllers
1647 | show ipv6 route
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 user-table
show ipv6 user-table ap-group <ap-group> ap-name <ap-name> authentication-method dot1x|mac|opensystem|psk|stateful-dot1x|via-vpn|vpn|web bssid <A:B:C:D:E:F> debug essid <STRING> internal ip <A.B.C.D> [log] mac <A:B:C:D:E:F> mobile {[bindings][visitors]} name <STRING> phy-type {[a]|[b]} role <STRING> rows <NUMBER> <NUMBER> station verbose
Description
Displays IPv6 user table entries. You can filter the output based on various parameters are described in table.
Syntax
Parameter ap-group <ap-group>
Description
Filter the output of this command by showing users connected to APs that belong to the specified AP group.
ap-name <ap-name>
Filter the output of this command by showing users connected to an AP with the specified AP name.
authentication-method
Filter the output of this command by the authentication method used for the device:
dot1x
Show data for devices using 802.1X authentication.
mac
Show data for devices using MAC authentication.
opensystem
Show data for devices using open (no) authentication.
psk
Show data for devices that do not use authentication but use a pre-shared key
for encryption.
stateful-dot1x
Show data for devices using stateful 802.1X authentication.
via-vpn
Show data for devices that authenticate using Dell VIA.
vpn
Show data for devices using VPN authentication.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 user-table | 1648
Parameter web
bssid debug essid internal ip <A.B.C.D>
log mac mobile
name phy-type role rows station verbose
Description Show data for devices using captive portal authentication.
Displays entries in the IPv6 user-table that are associated to the specified BSSID.
Displays entries in the IPv6 user-table that are in debug mode.
Displays entries in the IPv6 user-table that are associated to the specified ESSID. If the ESSID includes spaces, you must enclose it in quotation marks.
Displays internal IPv6 users.
Displays IPv6 users that match the specified IPv6 IP address. Displays the log information for the specified IPv6 client. Displays users with the specified MAC address.
Displays list of mobile users in the IPv6 user table. The following filters are available for this parameter: l bindings--list of users that have moved away from the current controller. l rows--displays entries that match the specified row number. l unique--displays unique entries in the IPv6 user-table. l visitors--displays users that have associated with the current controller.
Displays IPv6 user table entries that match the specified name.
Displays IPv6 user table entries that match a or b phy-type.
Displays IPv6 user table entries that match the specified role.
Displays specific rows in the IPv6 user table. Enter the starting row number and the number of rows to be displayed.
Displays the station table information for the IPv6 user table entries.
Displays the complete IPv6 user table with all details.
Example
This example displays a list of users.
(host)#show ipv6 user-table
Users
-----
IP
MAC
link AP name Roaming Essid/Bssid/Phy
Host Name
Name
Role
Age(d:h:m) Auth VPN
Profile Forward mode Type
1649 | show ipv6 user-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
----------
------------
------ ----
---------- ---- ----
---- ------- ------- ---------------
------- ------------ ----
---------
2010:eab::59ee:264a:a702:ca57 c0:14:3d:d9:e2:1b salz
guest
00:04:30 802.1x
AP-105 Away
IPv6-dot1x-7220/00:24:6c:11:88:40/g-HT default tunnel
Win 7
User Entries: 1/1
This example displays 802.1X authenticated users in the IPv6 user table.
(host)#show ipv6 user-table authentication-method dot1x
Users
-----
IP
MAC
Name
Role
Age(d:h:m)
Auth VPN link AP name
Roaming Essid/Bssid/Phy
Profile
----------
------------
------ ----
---------- --
-- -------- -------
------- ---------------
-------
fe80::216:ceff:fe2c:b485
00:16:ce:2c:b4:85 Wing-A logon
00:00:06
802.1x
00:0b:86:c1:0e:8c Wireless Wing-A/00:0b:86:90:e8:c0/g default-dot1x
2003:d81f:f9f0:1001:617c:9151:6d25:f754 00:16:ce:2c:b4:85 Wing-A logon
00:00:06
802.1x
00:0b:86:c1:0e:8c Wireless Wing-A/00:0b:86:90:e8:c0/g default-dot1x
The output of this command includes the following parameters:
Parameter IP MAC Name Role Age (d:h:m) Auth AP name Roaming Essid/Bssid/Phy Profile
Description IP address of the client in that row that authenticating using dot1x MAC address of the client. Name of the client. The role assigned to the client. Total time that client is connected to controller. Authentication type. Name of the AP associated with the client. Current roaming status of the client. ESSID/BSSID/Phy to which the client is associated. Displays the AAA profile.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ipv6 user-table | 1650
Command History
Release ArubaOS 3.3 ArubaOS 6.3
Modification
Command introduced
The optional log parameter was introduced to display log files for events triggered by a specific user. Only W-6000, W-3600 and W-7200 Series controllers support per-user logging.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
1651 | show ipv6 user-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show keys
show keys [all]
Description
Show whether optional keys and features are enabled or disabled on the controller.
Syntax
Parameter Description
all
Include this optional parameter to display the status of all optional keys and features. If this
parameter is omitted, the output displays the status of the most commonly used features
and keys.
Example
The following example displays the status of the most commonly used keys and features on the controller.
(host) #show keys Licensed Features ----------------Feature ------Access Points Remote Access Points Outdoor Mesh Access Points RF Protect Voice Service Module VPN Server Module xSec Module Next Generation Policy Enforcement Firewall Module Advanced Cryptography Service provider AP RF Protect Policy Enforcement Firewall Remote APs External Services Interface Client Integrity Module VPN Server Wired 802.1X xSec Module MMC AP Netgear AP Voice Services Module Mesh Point APs AP Developers Module Power Over Ethernet Internal Test Functions Public Access Policy Enforcement Firewall for VPN users Advanced Cryptography Service Provider Access Point L2/L3 Switching Maritime Regulatory Domain
Status -----64 64 64 64 Unlimited 512 96 64 2024 0 ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED ENABLED DISABLED DISABLED ENABLED ENABLED DISABLED ENABLED DISABLED ENABLED ENABLED ENABLED DISABLED DISABLED ENABLED
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show keys | 1652
Related Commands
To view the license usage database (including the license key strings) use the command show license on page 1658.
Command History
This command was available in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
1653 | show keys
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show lacp
show lacp <group_number> {counters | internal | neighbor}
Description
View the LACP configuration status.
Syntax
Parameter <group_number>
counters internal neighbor
Description Enter the Link aggregation group number. Range: 0-7 Enter the keyword counters to view the LACP traffic. Enter the keyword internal to view the LACP internal information. Enter the keyword neighbor to view the LACP neighbor information.
Example
The port uses the group number +1 as its "actor admin key". By default, all the ports use the long timeout value (90 seconds).
(Host)#show lacp 0 neighbor
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting fast LACPDUs
A - Device is in active mode P - Device is in passive mode
Partner's information
---------------------
Port Flags Pri OperKey State Num Dev Id
---- ----- ---- ------- ----- ---- ----------------
FE 1/1 SA
1 0x10
0x45 0x5 00:0b:86:51:1e:70
FE 1/2 SA
1 0x10
0x45 0x6 00:0b:86:51:1e:70
When a port, in a LAG, is misconnected (that is, the partner device is different than the other ports or the neighborship times out or can not exchange LACPDUs with the partner), the port status is displayed as "DOWN" (see the following example).
(Host)#show lacp 0 internal Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting fast LACPDUs A - Device is in active mode P - Device is in passive mode
Port ---FE 1/1 FE 1/2
Flags ----SA SA
Pri AdminKey ---- -------1 0x1 1 0x1
OperKey State Num Status
-------- ----- ---- -------
0x1
0x45 0x2 DOWN
0x1
0x45 0x3 UP
The "counters" option allows you to view LACP received (Rx) traffic, transmitting (Tx) traffic, data units (DU) received and transmitted by port.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show lacp | 1654
(Host)#show lacp 0 counters
Port LACPDUTx LACPDURx MarkrTx
---- -------- -------- -------
FE 1/1 10
10
0
FE 1/2 12
12
0
MarkrRx MrkrRspTx MrkrRspRx
-------- --------- ---------
0
0
0
0
0
0
Related Command
Command lacp group show interface port-channel show lacp sys-id
Description Enable LACP and configure on the interface View information on a specified port-channel interface View the LACP system ID information
Command History
Release ArubaOS 3.4.1
Modification Command introduced
Command Information
Platform All Platforms
Licensing Base operating system
Command Mode
Enable and Configuration modes for Master and Local controllers
1655 | show lacp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show lacp sys-id
show lacp sys-id
Description
View the LACP system MAC address and port priority.
Example
This command returns the port priority and the MAC address (comma separated). In the example below, the port priority is the default value 32768 followed by the MAC address 00:0B:86:40:37:C0.
(Host)#show lacp sys-id 32768,00:0B:86:40:37:C0
Related Commands
Command lacp group lacp port-priority show lacp show interface port-channel
Description Enable LACP and configure on the interface Configure the LACP port priority View the LACP configuration status View information on a specified port channel interface
Command History
Release ArubaOS 3.4.1
Modification Command introduced
Command Information
Platform All Platforms
Licensing Base operating system
Command Mode
Enable and Configuration modes (config) for Master and Local controller
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show lacp sys-id | 1656
show lcd-menu
show lcd-menu
Description
Displays the current LCD Menu configuration.
Syntax
None.
Example
An example output of the show lcd-menu command.
lcd-menu
--------
Parameter
Value
---------
-----
menu maintenance upgrade-image partition0 enabled
menu maintenance upgrade-image partition1 enabled
menu maintenance upgrade-image
enabled
menu maintenance upload-config
enabled
menu maintenance factory-default
enabled
menu maintenance media-eject
enabled
menu maintenance reload-system
enabled
menu maintenance halt-system
enabled
menu maintenance
enabled
menu
enabled
Related Commands
Command History
Release ArubaOS 6.2
Modification Command introduced.
Command Information
Platforms W-7200
Licensing Base operating system
Command Mode
Config mode on local and master controllers
1657 | show lcd-menu
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license
show license [limits]
Description
Displays the license table.
Syntax
Parameter Description
limits
Enter the keyword limit to display the current license limits.
Example
An example output of the show license command.
(host) # show license
License Table ------------Key --x7kbiBm5-3jI5MiBY-HVTAH/ci-llxPiKBV-dY8QGBMg-240 1024
itY24Hca-HSQlvJhi-yZtW6RB7-HGuBXzIq-N6hd6TNV-nZk 128
oqdLOxZ6-+FS5DT2P-iNmtvc3o-NFyasYrO-ixGUrszE-4uo 128
GIleLrCX-d8lxt3z5-vQC50n60-f31amOxu-Rf0uEoTn-qXQ 128
ldsXG7ik-pj/HVm4t-Qt3541UC-3wzC+Efj-yn08g/HF-/Dg 128
sJvaPL88-gWDdlMpj-LZMZ2YKK-2fU8NV6l-XIH4wRk8-44I
QtemJpLj-Qm5D9WvK-8c9lbaL6-t2nU6/Pj-LSNd00FZ-tJo
WNx6RasB-Qn9YVZ+5-giraq0Uy-aoIqS3as-FXmFh5dY-cSs 1024
u/GdQHWa-m4bzUCMC-ydMsWTif-hDMDajyB-qAlIMwnN-pGM Enforcement Firewall for VPN users
F9dGNdjV-EmwLhqlI-oKMQQepZ-b9Jl3OB2-HQjwmc+r-vhI Policy Enforcement Firewall Module: 128
License Entries: 11
Installed --------2010-01-21
21:00:22 2010-01-21
21:01:03 2010-01-21
21:01:13 2010-01-21
21:01:22 2010-01-21
21:01:3 2010-05-05 08:51:57 2010-05-05 08:52:07 21:18:55 2010-01-21
21:20:56 2010-01-25
18:44:19 2010-01-25
18:44:19
Expires ------Never Never Never Never Never Never Never
Never Never Never
Flags -----
E E E E E E E E E
Service Type ------- ----Access Points: 120abg Upgrade: 121abg Upgrade: 124abg Upgrade: 125abg Upgrade: RF Protect: 512 RF Protect: 1024
xSec Module: Policy Next Generation
Flags: A - auto-generated; E - enabled; R - reboot required to activate
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license | 1658
The output of this command includes the following data columns:
Parameter Key Installed Expires Flags
Service Type
Description
The license key.
The license installation date and time.
The date that your evaluation license expires is listed in this column. Permanent license will always have a "Never" in this column. Expired evaluation licenses will also be indicated in this column.
This column displays some status about your license. The legend for this column appears at the bottom of the display output. They are: A: The license is auto-generated. E: The license if fully enabled. R: You must reboot your controller to fully enable this license.
The license name (feature).
Related Commands
To view additional statistics for license key usage, use the command show keys.
Command History
Release ArubaOS1.0
Modification Command introduced.
ArubaOS 3.4
Verbose parameter was deprecated. This command now displays the entire license key by default.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on local and master controllers
1659 | show license
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license aggregate
show license aggregate
Description
Display the license limits sent from centralized licensing clients to the licensing server.
Syntax
No Parameters.
Usage Guidelines
If your deployment uses the centralized licensing feature, you can issue this command from the command-line interface of the centralized licensing server controller to view license limits sent by licensing clients.
Example
Issue this command from the command-line interface of the centralized licensing server controller. The following example displays output of the show license aggregate command.
Aggregate License Table
-----------------------
Hostname
IP Address AP PEF RF Protect xSec Module ACR Last update (secs. ago)
--------
---------- --- --- ---------- ----------- --- -----------------------
Spectrum14 172.3.21.10 3587 2432 1536
8192
06
Total AP License Count Total PEF License Count Total RF Protect License Count Total XSEC License Count Total ACR License Count
:3587 :2432 :1536 :8192 :0
The output of this command includes the following data columns:
Parameter Hostname IP Address
AP
PEF
RF Protect
xSec Module
Description
Name of the licensing client controller.
IP address of the licensing client controller.
Total number of AP licenses sent from licensing clients associated with this controller.
Total number of Policy Enforcement Firewall (PEF) licenses sent from licensing clients associated with this controller.
Total number of RFprotect licenses sent from licensing clients associated with this controller.
Total number of Extreme Security (xSec) licenses sent from licensing clients associated with this controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license aggregate | 1660
Parameter
Description
ACR
Total number of advanced Cryptography (ACR) licenses sent from licensing cli-
ents associated with this controller.
Last update (secs. ago
Time, in seconds, that has elapsed since the licensing table on the master licensing controller was updated.
Total <license> License Count
These rows display the total numbers of licenses available for each license type. These numbers include licenses sent from licensing clients and and any licenses currently installed on the licensing master.
Related Commands
Issue this command from the command-line interface of the centralized licensing master controller.
Command History
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on centralized licensing master controllers
1661 | show license aggregate
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license client-table
show license client-table
Description
Display the centralized license limits applied to each licensing client.
Syntax
No Parameters.
Usage Guidelines
If your deployment uses the centralized licensing feature, issue this command from the command-line interface of a centralized licensing client to view license limits applied to that licensing client from the licensing table.
Example
The following example displays output of the show license client-table command.
(host) #show license client-table
Built-in limit: 32
License Client Table
--------------------
Service Type
System Limit
Remaining Lic.
------------
------------
--------
Access Points
256
Next Generation PEF Module
256
RF Protect
256
xSec Module
4096
Advanced Cryptography
4096
Server Lic.
-----------
5120 2047 6143 16384 1024
Used Lic.
---------
1 1 1 0 0
Contributed Lic.
----------------
5120 2048 6144 16384 1024
------
255 255 255 4096 1024
The output of this command includes the following data columns:
Parameter Service Type System Limit Server Lic.
Used Lic. Contributed Lic.
Description
Type of license on the licensing client.
The maximum number of licenses supported by the controller platform.
Number of licenses available for use by the licensing client. NOTE: This number is limited by the total license capacity of the controller platform. A controller cannot use more licenses than is supported by that controller platform, even if additional license are available.
Total number of licenses of each license type used by the licensing client controller.
Total number of licenses of each license type contributed by the licensing client controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license client-table | 1662
Parameter Remaining Lic.
Description
Total number of remaining licensing available on this controller. This number is also limited by the total license capacity of the controller platform.
Related Commands
To view additional statistics for license usage on the licensing server, use the command show license aggregate.
Command History
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on centralized licensing client controllers
1663 | show license client-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license debug
show license debug
Description
Displays a summary of the current settings of the centralized licensing feature.
Syntax
No parameters
Example
The following example shows the output of the show license debug command.
(host) # show license debug
Summary of licensing state Centralized Licensing: Enabled Switch Role: Master License Role: License Server Master IP: 192.0.2.100 Switch IP: 192.0.1.103 License Server IP: 0.0.0.0
The output of this command includes the following data columns:
Parameter Centralized licensing Switch Role License Role
Master IP Switch IP License Server IP
Description
Shows if centralized licensing is enable or disabled
Role of the controller on which this command is run
Licensing role of the controller on which this command is run. A master controller can be a licensing client or a licensing server. Local controllers can be licensing clients only.
IP address used by the master controller. If the master controller is using VRRP, this parameter displays the VRRP virtual IP address. IP address assigned to the controller on which this command is run. <Reserved for future use>
Related Commands
To view additional statistics for license usage on the licensing server master, use the command show license aggregate.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license debug | 1664
Command History
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on local and master controllers.
1665 | show license debug
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license heartbeat stats
show license heartbeat stats
Description
Display the license heartbeat statistics between the centralized licensing server and the license client.
Syntax
No Parameters.
Usage Guidelines
If your deployment uses the centralized licensing feature, issue this command from the command-line interface of a centralized licensing server to view heartbeat requests to and responses from each licensing client associated to that licensing server. If you issue this command from a licensing client, the output displays information for that one client only.
Example
The following example displays output of the show license heartbeat stats command issued from the
licensing server.
(host) #show license heartbeat stats
License Heartbeat Table
-----------------------
IP Address
HB Req HB Resp
10.3.17.130
233
233
10.3.17.120
233
233
10.3.17.190
234
234
10.3.17.140
233
233
Total Missed 0 0 0 0
Last Update 18 19 9 7
The output of this command includes the following data columns:
Parameter IP address HB Req HB Resp Total Missed Last Update
Description IP address of the licensing client. Heartbeat requests sent from the licensing client. Heartbeat responses received from the license server. Total number of heartbeats that were not received by the licensing client. Number of seconds elapsed since the licensing client last sent a heartbeat request.
Related Commands
To view additional statistics for license usage on the licensing server master, use the command show license aggregate.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license heartbeat stats | 1666
Command History
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on centralized licensing master or licensing client controllers.
1667 | show license heartbeat stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license profile
show license profile
Description
Display the license profile to determine if centralized licensing is enabled on the controller.
Syntax
No Parameters.
Usage Guidelines
If your deployment uses the centralized licensing feature, issue this command from the command-line interface of a centralized licensing master or client to determine if centralized licensing is enabled on that controller. Note that each controller supports only one licensing profile.
Example
The following example displays output of the show license profile command issued from a licensing master.
(host) #show license profile
License provisioning profile
----------------------------
Parameter
Value
---------
-----
Centralized Licensing Enabled
Related Commands
To view additional statistics for license usage on the licensing server master, use the command show license aggregate.
Command History
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on centralized licensing server or client controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license profile | 1668
show license server-table
show license server-table
Description
Display the license table as it appears on the centralized licensing server.
Syntax
No Parameters.
Usage Guidelines
If your deployment uses the centralized licensing feature, issue this command from the command-line interface of a centralized licensing server to view to view licensing counts for each supported license type..
Example
The following example displays output of the show license server-table command issued from a licensing
server.
(host) #show license server-table License Server Table -------------------Service Type -----------Access Points Next Generation Policy Enforcement Firewall Module RF Protect xSec Module Advanced Cryptography
Aggregate Lic. -------------3587 2432 1536 8192 0
Used Lic. --------0 3 3 0 0
Remaining Lic. -------------3587 2429 1533 8192 0
The output of this command includes the following data columns:
Parameter Service Type Available Lic. Used Lic.
Remaining Lic.
Description Type of license on the licensing server.
Number of licenses in the licensing table on the licensing server.
Total number of licenses of each license type reported as used by the licensing clients or licensing server.
Total number of remaining licensing available in the licensing table.
Related Commands
To view additional statistics for license usage on the licensing server master, use the command show license aggregate.
1669 | show license server-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on centralized licensing master or licensing client controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license server-table | 1670
show license server-redundancy
show license server-redundancy
Description
Display information about a redundant server used by the centralized licensing feature.
Syntax
No Parameters.
Usage Guidelines
If your deployment uses the centralized licensing feature, issue this command from the command-line interface of a centralized licensing server to view to information for the redundant server.
Example
The following example displays output of the show license server-redundancy command issued from a licensing server. (host) #show license server-redundancy License Server redundancy configuration: License VRRP Id 1 current state is BACKUP License Peer's IP Address is 10.1.1.42
Related Commands
For more information on configuring a redundant licensing server for the centralized licensing feature, see license .
Command History
Release ArubaOS 6.3
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on centralized licensing master or licensing client controllers.
1671 | show license server-redundancy
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license-usage
show license-usage acr | ap | user | xsec |client
Description
Display license usage information.
Syntax
Parameter acr ap user
Description Show ACR license usage Show AP license usage information. Show Policy Enforcement Firewall (PEF) user license usage.
xsec client
Show Extreme Security (xSec) user and tunnel license usage.
For deployments using centralized licensing, show the license usage by centralized licensing clients.
Examples
The following example displays the user license usage. (host) #show license-usage user
User License Usage -----------------Name ---License Limit License Usage License Available License Exceeded
Value ----2048 12 2036 0
The AP license usage is displayed below:
(host) #show license-usage AP
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license-usage | 1672
AP Licenses ----------Type ---AP Licenses RF Protect Licenses PEF Licenses Overall AP License Limit
Number -----512 512 512 512
AP Usage -------Type ---Active CAPs Standby CAPs RAPs Remote-node APs Tunneled nodes Total APs
Count ----3 0 0 0 0 3
Remaining AP Capacity --------------------Type Number ---- -----CAPs 509 RAPs 509
When you issue the show license-usage client command from the command-line interface of a controller configured as a centralized licensing server, the output displays license usage statistics for each licensing client associated to that server. The output in the example below is separated into two tables to better fit in this document. In the ArubaOS command-line interface, the output appears in a single wide table.
License Clients License Usage
-----------------------------
Hostname
IP Address
--------
----------
controller_corp11 192.0.2.10
controller_corp17 192.0.2.12
AP Lic. Used -----------16 16
PEF Lic. Used -------------
1 1
RF Protect Lic. Used --------------------
1 1
xSec Lic. Used -------------0 1
ACR Lic. Used ------------0 0
Last update (secs. ago) ----------------------16 18
Total AP Licenses Used
:32
Total PEF Licenses Used
:2
Total RF Protect Licenses Used :2
Total XSEC Licenses Used
:1
Total ACR Licenses Used
:0
Total no. of clients
:2
The output of the show license-usage client command includes the following data columns:
Parameter Hostname IP Address
Description Name of the licensing client controller. IP address of the licensing client controller.
1673 | show license-usage
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter AP
Description
Total number of AP licenses used by a licensing client associated with this controller.
PEF
Total number of Policy Enforcement Firewall (PEF) licenses used by a
licensing client associated with this controller.
RF Protect
Total number of RFprotect licenses used by a licensing client associated with this controller.
xSec Module
Total number of Extreme Security (xSec) licenses used by a licensing client associated with this controller.
ACR
Total number of advanced Cryptography (ACR) licenses used by a licensing
client associated with this controller.
Last update (secs. ago) Time, in seconds, that has elapsed since the licensing table on the licensing client was updated.
Command History
Release ArubaOS 3.0
Modification Command Introduced.
ArubaOS 3.3
The following parameters were introduced in the output of show license-usage ap. l Total 802.11n-120abg Licenses l 802.11n-120abg Licenses Used l Total 802.11n-121abg Licenses l 802.11n-121abg Licenses Used l Total 802.11n-124abg Licenses l 802.11n-124abg Licenses Used l Total 802.11n-125abg Licenses l 802.11n-125abg Licenses Used
ArubaOS 5.0
Deprecated the option "vpn"
ArubaOS 6.1
Added option for ACR license
ArubaOS 6.2
The output of the show license-usage ap and show license-usage user commands was reorganized to reflect the newest license scheme.
ArubaOS 6.3
The client parameter was added to display license usage by centralized licensing clients.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show license-usage | 1674
Command Information
Platforms All platforms
Licensing
Base operating system. The output of this command varies, according to the licenses currently installed on the controller.
Command Mode
Enable or Config mode on master controllers
1675 | show license-usage
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show lldp interface
show lldp interface [fastethernet <slot/port> | gigabitethernet <slot/port>]
Description
This command displays the LLDP interfaces information.
Syntax
Parameter fastethernet <slot/port> gigabitethernet <slot/port>
Description Displays LLDP information on a fastethernet port. .Displays LLDP information on a gigabitethernet interface.
Example
The example shows two commands. The output of the show lldp interface command displays information for all LLDP interfaces.
(host) #show lldp interface
LLDP Interfaces Information
---------------------------
Interface LLDP TX LLDP RX LLDP-MED TX interval Hold Timer
--------- ------- ------- -------- ----------- ----------
GE1/3
Enabled Enabled Enabled 30 120
The following example only shows information for the GE1/3 interface.
(host) #show lldp interface gigabitethernet 1/3 Interface: gigabitethernet1/3 LLDP Tx: Enabled, LLDP Rx: Enabled LLDP-MED: Enabled Transmit interval: 30, Hold timer: 120
Parameter Interface
Description Name of an LLDP interface.
LLDP TX LLDP RX LLDP-MED TX interval Hold Timer
Shows if LLDP Protocol Data Unit (PDU) transmission is enabled or disabled.
Shows if the controller has enabled or disabled processing of received LLDP PDUs.
Shows if LLDP MED protocol is enabled or disabled.
The LLDP transmit interval, in seconds.
The LLDP transmit hold multiplier.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show lldp interface | 1676
Command History
Release ArubaOS 6.4
Modification Command Introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
1677 | show lldp interface
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show lldp neighbor
show lldp neighbor interfaces [fastethernet <slot/port> | gigabitethernet <slot/port> [detail]]
Description
This command displays information about LLDP peers.
Syntax
Parameter fastethernet <slot/port> gigabitethernet <slot/port> detail
Description Displays LLDP information on a fastethernet port. Displays LLDP information on a gigabitethernet interface. Include details.
Example
The command in the first example below shows that the ports GE1/3 and GE1/4 recognize each other as an LLDP peers.
(host)#show lldp neighbor Capability codes: (R)Router, (B)Bridge, (A)Access Point, (P)Phone, (O)Other LLDP Neighbor Information ------------------------Local Intf Chassis ID Capability Remote Intf Expiry-Time (Secs) --------- ----------- ----------- ----------- -----------------GE1/3 00:0b:86:6a:25:40 B:R GE0/0/17 105 GE1/4 00:0b:86:6a:25:40 B:R GE0/0/18 105 System name ----------Dell W-3600 Dell W-3600 Number of neighbors: 2 (host) #show lldp neighbor interface gigabitethernet 1/3 detail Interface: gigabitethernet1/3, Number of neighbors: 1 -----------------------------------------------------------Chassis id: d8:c7:c8:ce:0d:63, Management address: 192.168.0.252 Interface description: bond0, ID: d8:c7:c8:ce:0d:63, MTU: 1522 Device MAC: d8:c7:c8:ce:0d:63 Last Update: Thu Sep 27 10:59:37 2012 Time to live: 120, Expires in: 103 Secs System capabilities : Bridge,Access point Enabled capabilities: Access point System name: IAP-105 System description: ArubaOS (MODEL: 105), Version 6.1.3.4-3.1.0.0 (35380) Auto negotiation: Supported, Enabled Autoneg capability: 10Base-T, HD: yes, FD: yes 100Base-T, HD: yes, FD: yes 1000Base-T, HD: no, FD: yes Media attached unit type: 1000BaseTFD - Four-pair Category 5 UTP, full duplex mode (30) MAC: 7c:d1:c3:c7:e9:72: Blacklist MAC: 9c:b7:0d:7d:0b:72: Blacklist MAC: 7c:d1:c3:d1:02:c8: Blacklist
The output of the show lldp neighbor command includes the following information:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show lldp neighbor | 1678
Parameter Local Intf Chassis ID Capability
Remote Intf Expiry-time System Name
Description Slot and port number. MAC address of the LLDP Peer. Shows the capabilities of the peer to operate as a router, bridge, access point, phone or other network device. Remote interface. Expiry time. Name of the peer system, as supplied by the peer.
The output of the show lldp neighbor interface gigabitethernet <slot/module/port> detail command varies, depending upon the type of LLDP peer detected. The output in the example above contains the following information:
Parameter Interface Number of Neighbors Chassis id Management address Interface description ID MTU Device MAC Last Update Time to live Expires in System capabilities
Description Name of the port for which you are viewing LLDP neighbor information. Number of LLDP neighbors seen by the port. MAC address of the neighbor device. MAC address of the neighbor's management port. Description of the LLDP neighbor interface. Interface ID of the LLDP neighbor interface. Maximum Transmission Unit size allowed by the neighbor device in bytes. Shows the MAC address of the IAP connected to the MAS port. Date and time the neighbor device's status changed. Time, in seconds, for which this information is valid. Time, in seconds, before this information is considered invalid. This column shows the capabilities of the peer to operate as a router, bridge, access point, phone or other network device.
1679 | show lldp neighbor
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Enabled capabilities
Description
This column if the peer has been actively configured to operate as a router, bridge, access point, phone or other network device.
System name
Name of the peer system, as supplied by the peer.
System description
Description of the peer system, as supplied by the peer.
Auto negotiation
Shows if link auto-negotiation is enabled for the peer interface.
Media attached unit type
This parameter displays additional details about an LLDP-MED device attached to the interface. The specific details depend upon the capabilities of the device.
VLAN
VLAN ID assigned to the peer interface.
pvid
Indicates if the VLAN ID is assigned to the peer access port.
MAC
Shows the MAC address of the rogue AP detected by the Instant AP(IAP),
which is blacklisted by the MAS.
LLDP-MED
Shows details for LLDP-MED (Media Endpoint Discovery), if applicable.
Device Type Capability
Type of LLDP-MED device connected to the peer interface. Capabilities of the LLDP-MED device connected to the peer interface.
Command History
Release ArubaOS 6.4
Modification Command Introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show lldp neighbor | 1680
show lldp statistics
show lldp statistics [interface fastethernet <slot/port> | gigabitethernet <slot/port>]
Description
This command displays the LLDP statistics information.
Syntax
Parameter fastethernet <slot/port> gigabitethernet <slot/port>
Description Displays LLDP information on a fastethernet port. Displays LLDP information on a gigabitethernet interface.
Usage Guidelines
By default, this command displays LLDP statistics for the entire list of LLDP interfaces. Include a slot/port number to display statistics only for that one interface.
Example
The example command below shows LLDP statistics for the Gigabit Ethernet interface 0/0. (host) #show lldp statistics interface gigabitethernet 0/0
LLDP Statistics --------------Interface --------gigabitethernet0/0
Received Unknow TLVs Malformed Transmitted
-------- ----------- --------- -----------
1249
0
0
1249
The output of this command includes the following information:
Parameter Interface Received Unknown TLVs
Number of Malformed packets Transmitted
Description Name of an LLDP interface. Number of packets received on that interface. Number of LLDP Protocol Data Units (PDUs) with an unknown typelength-value (TLV). Number of malformed packets received on that interface. Number of packets transmitted from that interface.
Command History
Release ArubaOS 6.4
Modification Command Introduced.
1681 | show lldp statistics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show lldp statistics | 1682
show local-cert-mac
show local-cert-mac tag <mac>
Description
Display the IP, MAC address and certificate configuration of local controllers in a master-local configuration.
Syntax
Parameter tag <tag>
Description
IP address of the local controller or MAC address of the local controller certificate.
Usage Guidelines
By default the output of this command shows each local controller's IP and MAC address and the type of certificate used by those local controllers (Custom or Factory). Use the optional tag parameter to display information for a single controller only.
Example
The output of this command shows that two local controllers have a custom certificate installed.
(host) # show local-cert-mac
Local Switches configured by Local Certificate
-----------------------------------------------
Switch IP of the Local MAC address of the Local Certificate
---------------------- ------------------------------------
10.4.62.3
0B:86:F0:12:AC:15
Cert-Type ---------
CA cert -------
10.4.62.5 00:0B:86:F0:05:60 Custom Undefined
The output of this command includes the following information:
Column Switch IP of the Local
Description IP address of the local controller
MAC address of the Local Certificate
MAC address of the certificate on the local controller
Cert-Type
Type of certificate used by the local controller. l Custom: User-installed, custom certificate l Factory: Factory-installed certificate
CA Cert
Name of the Certificate Authority (CA) certificate.
1683 | show local-cert-mac
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands
Command local-factory-cert
Description
This command configures the factory-installed certificate for secure communication between a local controller and a master controller.
local-custom-cert
This command configures a custom certificate for secure communication between a local controller and a master controller.
Mode
Enable or Config mode on master controllers.
Enable or Config mode on master or local controllers.
Command History
Available in ArubaOS 6.1
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show local-cert-mac | 1684
show localip
show localip
Description
Displays the IP address and VPN shared key between master and local.
Syntax
No parameters.
Example
The output of this command shows the controller's IP address and shared key between master and local controllers. (host) # show localip
Local Switches configured by Local Switch IP
---------------------------------------------
Switch IP address of the Local Key
------------------------------ ---
0.0.0.0
********
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1685 | show localip
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show local-userdb
show local-userdb {[maximum-expiration][start <offset> page <page_size]}
Description
Shows information about user's accounts in the local user database.
Syntax
Parameter maximum-expiration
<offset> <page_size>
Description How long the account is valid, in minutes, in the internal database. The user account record's location (by number) as it is listed in the database. The number of user account records that display on one page.
Usage Guidelines
Issue this command without any parameters to display a general overview of user's accounts in the database. Use the maximum-expiration parameter to show how long the account is valid for in minutes. Use the start <offset> page <page_size> parameters to control which user account records in the database display initially and the number of account records displayed on a page.
Example
This example shows the basic summary of a user accounts in the database.
(host) #show local-userdb maximum-expiration start 5 page 4
local-userdb maximum-expiration 90
User Summary -----------Name ---guest-0657984 guest-8330301 guest-5433352 guest-3469360
Password -------******** ******** ******** ********
Role ---guest guest guest guest
E-Mail ------
Enabled ------Yes Yes Yes Yes
Expiry ------
Status -----Active Active Active Active
Sponsor-Name ------------
Grantor-Name -----------admin admin admin admin
User Entries: 11
The output of this command includes the following parameters:
Parameter Name Password
Description Name of the user. The user's password.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show local-userdb | 1686
Parameter Role
E-mail Enabled Expiry Status Sponsor-Name Grantor-Name User Entries
Description
Role for the user. This role takes effect when the internal database is specified in a server group profile with a server derivation rule. If there is no server derivation rule configured, then the user is assigned the default role for the authentication method.
Shows the email address of the user account.
Shows whether the account is enabled or disabled.
Shows the expiration date for the user account. If this is not set, the account does not expire.
Shows whether the profile has enabled or disabled the ability to use the HTTP protocol to redirect users to the captive portal page.
Shows the sponsor's name.
Shows the grantor's name.
Shows the number of user accounts in the database.
Related Commands
Command local-userdb add
Description
Use this command to configure the parameters displayed in the output of this show command.
local-userdb-guest add Use this command to configure parameters for a guest user account.
Mode Enable and Config modes
Enable and Config modes
Command History
Release ArubaOS 3.0 ArubaOS 3.4
Modification Command introduced The Expiry, Status, Sponsor-name and Grantor-name were introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master and local controllers
1687 | show local-userdb
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show local-userdb-ap
local-userdb-ap mac-address <macaddr> start
Description
View detailed information for the obsolete RAP whitelist database used in ArubaOS 6.1 and earlier.
Syntax
Parameter
Description
mac-address <mac-addr> MAC address of the remote AP to be removed from the Remote AP Whitelist table.
start <offset>
Start displaying the table at the specified record in the database
Usage Guidlines
When you upgrade from ArubaOS 5.0-6.1 to ArubaOS 6.2 or later, the remote AP whitelist table will automatically move from the legacy Remote AP whitelist to the newer Remote AP whitelist. Issue the show local-userdb-ap command to view and troubleshoot any AP entries that did not properly move to the new table during the upgrade procedure. In the example below, the command output has been divided into two tables to fit on a single page of this document. In the command-line interface, this output would appear in a single, wide table.
(host) #show local-userdb-ap
AP-entry Details ----------------
Name ---00:0b:86:c3:58:38 00:0b:86:66:01:aa anymore 00:1a:1e:c0:1b:e0 00:0b:86:66:03:3f 00:0b:86:66:02:09
AP-Group -------local default
default default default
AP-Name ------chuck rap2
00:1a:1e:c0:1b:e0 rap 00:0b:86:66:02:09
Full-Name --------chuck moscato
moscato-rap
Authen-Username --------------naveen
naveen INDIAQA\naveen
Revoke-Text -----------
AP is not valid
AP_Authenticated ---------------Authenticated Provisioned Authenticated Authenticated Provisioned
Description -----------
Date-Added ---------Thu Mar 5 21:25:36 2009 Thu Mar 5 21:25:49 2009 Wed Mar 4 20:16:16 2009 Tue May 19 07:53:29 2009 Fri May 8 10:37:40 2009
Enabled ------Yes No Yes Yes Yes
AP Entries: 5
The output of this command includes the following information:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show local-userdb-ap | 1688
Parameter Name AP-Group AP-name Full-name Authen-Username
Revoke-Text
AP_Authenticated
Description Date-Added Enabled
Description
MAC address of the AP.
Name of the AP group to which the AP has been assigned.
Name of the AP. If no name has been specified, this column will display the AP's MAC address
Text string used to identify the AP. This field often describes the AP's user, and corresponds to the User Name field in the RAP whitelist in the WebUI.
User name of the user who authenticated the remote AP. This parameter holds the user name of the user who authenticated the remote AP. This is related to the zero touch authentication feature, as a user needs authenticate an AP before it gets its complete configuration. Before the AP is authenticated, it is given a restricted configuration to allow users to perform captive portal authorization via the remote AP's ENET ports to authenticate the remote AP. The username used during captive portal authentication will be stored in this field. This cannot be added manually when creating a localuserdb-ap entry.
The command local-userdb-aprevoke includes an optional revokecomment parameter that allows network administrators to explain why the AP was revoked. If an AP is revoked, and a revoke comment entered, this text appears in the revoke-text column in the show local-userdb-ap command. When a local DB entry is reenabled via the command local-userdb-ap modify mac-addr mode enable, this field is cleared.
This column indicates the authorization status of the AP. An AP can either be Authenticated or Provisioned. Remote APs that do not support certificated-based provisioning will always display a Provisioned status. Remote APs that support certificated-based provisioning can display either a Authenticated or Provisioned status, depending on their configuration and authentication status. l If the remote AP has a defined AP authorization profile, the remote AP will
be in a "Provisioned" state with a limited configuration until it is authenticated. After it the remote AP has been authenticated, it will be in an "Authenticated" state. l If the remote AP does not have a defined AP authorization profile, the remote AP will be in a"Provisioned" state, but will still receive the full configuration assigned to that AP and its AP group.
A text string used to further identify the remote AP.
Date and time that the AP was added to the local user database
This column shows if the entry in the database is enabled or disabled. Database entries can be enabled or disabled using the CLI commands:
local-userdb-ap {add|modify} mac-address <mac-addr> mode {enable|disable}
and
local-userdb-ap revoke mac-address <mac-addr>
1689 | show local-userdb-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands
Command local-userdb-ap del
Description Delete Remote AP entries from the obsolete remote AP whitelist table.
whitelist-db rap add
Add, delete, modify or revoke remote AP entries in the current emote AP whitelist table.
Command History
ArubaOS 5.0
Modification Command introduced.
ArubaOS 6.2
Command replaced by show whitelist-db rap on page 2039.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show local-userdb-ap | 1690
show local-userdb-branch
show local-userdb-branch mac-address <mac-addr> start <offset>
Description
The output of this command lists the MAC address and assigned branch config group for branch controllers associated with that master.
Syntax
Parameter
Description
mac-address <mac-addr> Branch controller's MAC address in the local user database.
start
The user account record's location (by number) as it is listed in the database.
<page_size>
The number of user account records that display on one page.
Usage Guidelines
If your network includes multiple master controller under a single root master controller, the output of this command shows all branch controllers and master controllers on the network.By default, this command displays all entries in the whitelist. To display only part of the branch controller whitelist, include the start <offset> parameters to start displaying the branch controller whitelist at the specified entry value. You can also include the optional mac-address <mac-addr> parameters to display values for a single branch controller entry.
Example
This example shows the basic summary of a user accounts in the database. (host) #show local-userdb-branch
Branch-controller-entry Details
-------------------------------
Mac
Branch-config-group
---
-------------------
00:0b:86:bb:b5:47 eng
00:0b:86:b8:a2:60 plm-2
00:0b:86:99:89:97 it
Hostname -------7024-242 7005-236 7010-234
Branch Controller Entries: 3 The output of this command includes the following parameters:
Parameter Name
Description Mac address of the branch controller
Branch-Config-Group profile Name of the branch controller group
Branch controller entries
Number of branch controllers associated to this master controller.
1691 | show local-userdb-branch
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 6.0 ArubaOS 6.2 ArubaOS 6.4.3.0
Modification Command introduced. Command deprecated. Command reinstated.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show local-userdb-branch | 1692
show local-userdb-guest
show local-userdb-guest
Description
Shows information about guest accounts in the local user database.
Syntax
Parameter maximum-expiration
<offset> <page_size>
Description How long the account is valid, in minutes, in the internal database. The user account record's location (by number) as it is listed in the database. The number of user account records that display on one page.
Usage Guidelines
Issue this command without any parameters to display a general overview of guest accounts in the database. Use the maximum-expiration parameter to show how long the account is valid for in minutes. Use the start <offset> page <page_size> parameters to control which guest account records in the database display initially and the number of account records displayed on a page.
Example
This example shows the basic summary of a user accounts in the database.
(host) #show local-userdb-guest maximum-expiration start 5 page 4
local-userdb-guest maximum-expiration 90
Guest UserSummary
-----------------
Name
Password
----
--------
guest-0657984 ********
guest-8330301 ********
guest-5433352 ********
guest-3469360 ********
Role ---guest guest guest guest
E-Mail ------
Enabled ------Yes Yes Yes Yes
Expiry ------
Status -----Active Active Active Active
Sponsor-Name ------------
Grantor-Name -----------admin admin admin admin
User Entries: 11
The output of this command includes the following parameters:
Parameter Name Password
Description Name of the user. The user's password.
1693 | show local-userdb-guest
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Role
E-mail Enabled Expiry Status Sponsor-Name Grantor-Name User Entries
Description
Role for the user. This role takes effect when the internal database is specified in a server group profile with a server derivation rule. If there is no server derivation rule configured, then the user is assigned the default role for the authentication method.
Shows the email address of the user account.
Shows whether the account is enabled or disabled.
Shows the expiration date for the user account. If this is not set, the account does not expire.
Shows whether the profile has enabled or disabled the ability to use the HTTP protocol to redirect users to the captive portal page.
Shows the sponsor's name.
Shows the grantor's name.
Shows the number of user accounts in the database.
Related Commands
Command local-userdb add
Description
Mode
Use this command to configure the parameters displayed in the output of this show command.
Enable and Config modes
local-userdb-guest add Use this command to configure parameters for a guest user account.
Enable and Config modes
Command History
Release ArubaOS 3.0 ArubaOS 3.4
Modification Command introduced The Expiry, Status, Sponsor-name and Grantor-name were introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show local-userdb-guest | 1694
show local-userdb username
show local-userdb username <name>
Description
Shows information about specific user account in the internal controller database.
Usage Guidelines
Issue this command to display an overview of a particular user account in the database.
Example
This example shows the basic summary of a user account Paula in the database.
(host) #show local-userdb username Paula
User Summary -----------Name Password ---- -------paula ********
Role ---guest
E-Mail ------
Enabled ------Yes
Expiry ------
Status -----Inactive
Sponsor-Name ------------
Grantor-Name -----------admin
User Entries: 1
Command History
Release ArubaOS 3.0
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master and local controllers
1695 | show local-userdb username
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show local-userdb username
show local-userdb username <name>
Description
Shows information about specific user account in the internal controller database.
Usage Guidelines
Issue this command to display an overview of a particular user account in the database.
Example
This example shows the basic summary of a user account Paula in the database.
(host) #show local-userdb username Paula
User Summary -----------Name Password ---- -------paula ********
Role ---guest
E-Mail ------
Enabled ------Yes
Expiry ------
Status -----Inactive
Sponsor-Name ------------
Grantor-Name -----------admin
User Entries: 1
Command History
Release ArubaOS 3.0
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show local-userdb username | 1696
show localip
show localip
Description
Displays the IP address and VPN shared key between master and local.
Syntax
No parameters.
Example
The output of this command shows the controller's IP address and shared key between master and local controllers. (host) # show localip
Local Switches configured by Local Switch IP
---------------------------------------------
Switch IP address of the Local Key
------------------------------ ---
0.0.0.0
********
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1697 | show localip
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show log all
show log all [<number>]
Description
Show the controller's full log.
Syntax
Parameter <number>
Description
Start displaying the log output from the specified number of lines from the end of the log.
Example
This example shows the most ten recent log entries for the controller.
(host) #show log all 10
Mar 3 13:26:20 Mar 3 13:26:20 Mar 3 13:26:20 database Mar 3 13:26:20 database Mar 3 13:46:54 Mar 3 13:57:53 Mar 3 13:57:53 Mar 3 13:57:53 Mar 3 13:57:53 database Mar 3 13:57:53 database
localdb[567]: <133006> <ERRS> |localdb| User admin Failed Authentication localdb[567]: <133006> <ERRS> |localdb| User admin Failed Authentication localdb[567]: <133019> <ERRS> |localdb| User admin was not found in the
localdb[567]: <133019> <ERRS> |localdb| User admin was not found in the
fpcli: USER: admin connected from 10.100.100.66 has logged out. fpcli: USER: admin has logged in from 10.100.100.66. localdb[567]: <133006> <ERRS> |localdb| User admin Failed Authentication localdb[567]: <133006> <ERRS> |localdb| User admin Failed Authentication localdb[567]: <133019> <ERRS> |localdb| User admin was not found in the
localdb[567]: <133019> <ERRS> |localdb| User admin was not found in the
Command History
This command was introduced in ArubaOS 3.4.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Available in Enable and Config modes.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show log all | 1698
show log ap-debug
show log ap-debug{[<number>][all]}
Description
Show the controller's AP debug logs.
Syntax
Parameter <number>
all
Description
Start displaying the log output from the specified number of lines from the end of the log.
Shows all the AP debug logs for the controller.
Example
This example shows the ten most recent AP debug logs for the controller.
(host) #show log ap-debug 10
Nov 24 20:54:24 KERNEL(AP39@10.6.1.21): Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved Nov 24 20:54:24 KERNEL(AP39@10.6.1.21): wifi0: Base BSSID 00:1a:1e:25:97:d0, 16 available BSSID(s) Nov 24 20:54:24 KERNEL(AP39@10.6.1.21): edev->dev_addr=00:1a:1e:ca:59:7c Nov 24 20:54:24 KERNEL(AP39@10.6.1.21): wifi1: Base BSSID 00:1a:1e:25:97:c0, 16 available BSSID(s) Nov 24 20:54:24 KERNEL(AP39@10.6.1.21): edev->dev_addr=00:1a:1e:ca:59:7c Nov 24 20:54:24 KERNEL(AP39@10.6.1.21): ^H<6>Ethernet Channel Bonding Driver: v3.0.1 (January 9, 2006) Nov 24 20:54:24 KERNEL(AP39@10.6.1.21): secure_jack_link_state_change: Error finding device eth0 Nov 24 20:54:25 KERNEL(AP39@10.6.1.21): Kernel watchdog refresh ended.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Available in Enable and Config modes.
1699 | show log ap-debug
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show log arm-user-debug
show log arm-user-debug{[<number>][all]}
Description
Show the controller's ARM user debug logs.
Syntax
Parameter <number>
all
Description
Start displaying the log output from the specified number of lines from the end of the log.
Shows all the ARM user debug logs for the controller.
Example
This example shows the controller's last ten ARM user debug logs.
(host) #show log arm-user-debug 10
Aug 12 16:03:03 :508164: <DBUG> |ARM Process| Client Match: Found 11v Capable STA b0:ee:45:49:60:3c Aug 12 16:03:03 :508201: <DBUG> |ARM Process| Client Match: Sending BSS transition req to client b0:ee:45:49:60:3c token 14 Aug 12 16:03:03 :508202: <DBUG> |ARM Process| Client Match: Timer started for BTM response STA b0:ee:45:49:60:3c timerid 5176652 Aug 12 16:03:06 :508161: <DBUG> |ARM Process| Client Match Received probe report: AP 6c:f3:7f:e7:1d:20 ESSID sganu-wpa2-psk Assoc ESSID sganu-wpa2-psk for client b0:ee:45:49:60:3c with signal -44 Aug 12 16:03:06 :508161: <DBUG> |ARM Process| Client Match Received probe report: AP d8:c7:c8:46:e0:00 ESSID sganu-wpa2-psk Assoc ESSID sganu-wpa2-psk for client b0:ee:45:49:60:3c with signal -38 Aug 12 16:03:06 :508161: <DBUG> |ARM Process| Client Match Received probe report: AP 6c:f3:7f:e7:1d:20 ESSID sganu-wpa2-psk Assoc ESSID sganu-wpa2-psk for client b0:ee:45:49:60:3c with signal -35 Aug 12 16:03:11 :508161: <DBUG> |ARM Process| Client Match Received probe report: AP d8:c7:c8:46:e0:00 ESSID sganu-wpa2-psk Assoc ESSID sganu-wpa2-psk for client b0:ee:45:49:60:3c with signal -36 Aug 12 16:03:13 :508203: <DBUG> |ARM Process| Client Match: Timer cleared for BTM response STA b0:ee:45:49:60:3c timerid 5176652 Aug 12 16:03:13 :508186: <DBUG> |ARM Process| Client Match: Tracking unsuccessful failure for client b0:ee:45:49:60:3c num fails 0 btm rejects 0 btm timeouts 4 Aug 12 16:03:13 :508185: <DBUG> |ARM Process| Client Match: move status: Uncontrolled-Radio complete move for client b0:ee:45:49:60:3c from Source AP ap135 d8:c7:c8:46:e0:00 Eff_Signal 0 dBm (Signal -0 dBm EIRP 0 dBm) to Target AP ac 6c:f3:7f:e7:1d:20 Eff_Signal -0 dBm (Signal 0 dBm EIRP 0 dBm) Actual AP ap135 d8:c7:c8:46:e0:00 Time diff 9 Reason Denied; User action
Command History
Version ArubaOS 6.4.3.0
Description Command introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show log arm-user-debug | 1700
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Available in Enable and Config modes.
1701 | show log arm-user-debug
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show log bssid-debug
show log bssid-debug{[<number>][all]}
Description
A Basic Service Set Identifier (BSSID) uniquely defines each wireless client and Wireless Broadband Router. This command shows the controller's BSSID debug logs.
Syntax
Parameter <number>
all
Description
Start displaying the log output from the specified number of lines from the end of the log.
Shows all the BSSID debug logs for the controller.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Available in Enable and Config modes
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show log bssid-debug | 1702
show log errorlog
show log errorlog{[<number>][all]}
Description
Show the controller's system errors and other critical information.
Syntax
Parameter <number>
all
Description
Start displaying the log output from the specified number of lines from the end of the log.
Shows all the error logs for the controller.
Example
This example shows the ten most recent system log errors.
(host) #show log errorlog 10
Mar 5 10:30:34 <sapd 106007> <ERRS> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Rogue AP detected with SSID cto-dnh-blah, BSSID 00:0b:86:b5:86:c0, Wired MAC 00:0b:86:02:ee:00, and IP 10.3.49.254 Mar 5 10:31:39 <sapd 404080> <ERRS> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: ADHOC network detected with Src 00:13:ce:45:91:a0, BSSID 02:13:ce:2d:37:50, ESSID adhoc_ap70 Channel 11 and RSSI 22 Mar 5 10:32:12 <sapd 106007> <ERRS> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Rogue AP detected with SSID cto-dnh-blah, BSSID 00:0b:86:b5:86:c0, Wired MAC 00:0b:86:02:ee:00, and IP 10.3.49.254 Mar 5 10:32:46 <sapd 106007> <ERRS> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Rogue AP detected with SSID cto-dnh-blah, BSSID 00:0b:86:b5:86:c0, Wired MAC 00:0b:86:02:ee:00, and IP 10.3.49.254 Mar 5 10:40:32 <localdb 133019> <ERRS> |localdb| User admin was not found in the database Mar 5 10:40:32 <localdb 133006> <ERRS> |localdb| User admin Failed Authentication Mar 5 10:41:10 <sapd 106007> <ERRS> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Rogue AP detected with SSID sw-rlo-open, BSSID 00:0b:86:c9:9e:20, Wired MAC 00:00:00:00:00:00, and IP 0.0.0.0 Mar 5 10:41:31 <sapd 106007> <ERRS> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Rogue AP detected with SSID QA_MARORA_VOCERA, BSSID 00:0b:86:c9:9e:21, Wired MAC 00:0b:86:02:ee:00, and IP 10.3.49.254 Mar 5 10:48:01 <sapd 404080> <ERRS> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: ADHOC network detected with Src 00:13:ce:45:d9:4d, BSSID 02:13:ce:28:40:48, ESSID adhoc_ap70 Channel 11 and RSSI 8 Mar 5 11:04:21 <sapd 404080> <ERRS> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: ADHOC network detected with Src 00:13:ce:45:d9:4d, BSSID 02:13:ce:2d:37:50, ESSID adhoc_ap70 Channel 11 and RSSI 9
Command History
This command was available in ArubaOS 3.0.
1703 | show log errorlog
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Available in Enable and Config modes.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show log errorlog | 1704
show log essid-debug
show log essid-debug{[<number>][all]}
Description
Show the controller's ESSID debug logs. An Extended Service Set Identifier (ESSID) is used to identify the wireless clients and Wireless Broadband Routers in a WLAN. All wireless clients and Wireless Broadband Routers in the WLAN must use the same ESSID.
Syntax
Parameter <number>
all
Description
Start displaying the log output from the specified number of lines from the end of the log.
Shows all the ESSID debug logs for the controller.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Available in Enable and Config modes.
1705 | show log essid-debug
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show log network
show log network{[<number>][all]}
Description
Show the controller's system network errors.
Syntax
Parameter <number>
all
Description
Start displaying the log output from the specified number of lines from the end of the log.
Shows all the network logs for the controller.
Example
This example shows the controller's recent network log errors (host) #show log network all
Feb 17 14:47:14 :209801: <WARN> |fpapps| Physical link down: port 1/1 Feb 17 14:48:04 :209801: <WARN> |fpapps| Physical link down: port 1/1
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Available in Enable and Config modes.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show log network | 1706
show log security
show log security{[<number>][all]}
Description
Show the controller's security logs.
Syntax
Parameter <number>
all
Description
Start displaying the log output from the specified number of lines from the end of the log.
Shows all the security logs for the controller.
Example
This example shows the controller's last seven security logs.
(host) #show log security 7
Mar 5 11:53:43 :124004: <DBUG> |authmgr| Local DB auth failed for user admin, error (User not found in UserDB) Mar 5 11:53:43 :124003: <INFO> |authmgr| Authentication result=Authentication failed(1), method=Management, server=Internal, user=10.100.100.66 Mar 5 11:53:43 :124004: <DBUG> |authmgr| Auth server 'Internal' response=1 Mar 5 11:53:43 :125027: <DBUG> |aaa| mgmt-auth: admin, failure, , 0 Mar 5 11:53:43 :125024: <NOTI> |aaa| Authentication Succeeded for User admin, Logged in from 10.100.100.66 port 1778, Connecting to 10.3.49.100 port 22 connection type SSH Mar 5 11:53:58 :103060: <DBUG> |ike| ipc.c:ipc_get_cfgm_role:2826 Sending REQUEST for CFGM Role Mar 5 11:53:58 :103060: <DBUG> |ike| ipc.c:get_local_cfg_trigger_ike:2653 IKE got trigger from CFGM : state :3
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Available in Enable and Config modes.
1707 | show log security
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show log system
show log system{[<number>][all]}
Description
Show the controller's system logs.
Syntax
Parameter <number>
all
Description
Start displaying the log output from the specified number of lines from the end of the log.
Shows all the system logs for the controller.
Example
This example shows the controller's last ten system logs.
(host) #show log system 10
Mar 5 11:55:59 :316073: <DBUG> |wms| Received New AP Message: AP 00:0b:86:b5:87:c2 Status 1 Num-WM 0 Mar 5 11:55:59 :316083: <DBUG> |wms| mysql: UPDATE ap_table SET ssid='qa-abu-customerissue', current_channel='11', type='generic-ap', ibss='no', phy_type='80211g', rap_type='interfering', match_mac='00:00:00:00:00:00', power_level='255', status='up' WHERE id='71575' ; Mar 5 11:55:59 :316029: <DBUG> |wms| Sending message to Probe: IP:10.3.49.253 MsgType:PROBE_RAP_TYPE AP 00:0b:86:b5:87:c2 Type:1 Mar 5 11:55:59 :316036: <DBUG> |wms| Received New STA Message: MAC 00:0b:86:b5:87:c2 Status 0 Mar 5 11:55:59 :316032: <DBUG> |wms| STA Probe: ADD Probe 00:0b:86:a2:e7:40 for STA 00:0b:86:b5:87:c2 Mar 5 11:56:00 :399814: <DBUG> |fpapps| PoE: RAN THRU ITERATION 2 Mar 5 11:56:00 :326001: <DBUG> |AP 1.1.1@10.3.49.253 sapd| AM: am_read_bss_data_stats: radio 0: pktsIn 0 pktsOut 0 bytesIn 0 bytesOut 0 Mar 5 11:56:00 :326001: <DBUG> |AP 1.1.1@10.3.49.253 sapd| AM: am_read_bss_data_stats: radio 0: pktsIn 0 pktsOut 52107 bytesIn 0 bytesOut 18143486 Mar 5 11:56:01 :326001: <DBUG> |AP 1.1.1@10.3.49.253 sapd| AM: MPPS 2722 CPPS 338 PKTS 452036609 BYTES 2062458092 INTR 334327351 Mar 5 11:56:02 :399814: <DBUG> |fpapps| PoE: Evaluating port 1/5 rv is 0 and crv is 1 state :3
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Available in Enable and Config modes.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show log system | 1708
show log user
show log user{[<number>][all]}
Description
Show the controller's user logs.
Syntax
Parameter <number>
all
Description
Start displaying the log output from the specified number of lines from the end of the log.
Shows all the user logs for the controller.
Example
This example shows the controller's last ten user logs.
(host) #show log user 10
Mar 5 13:29:57 :501083: <WARN> |stm| Probe request: 00:0b:86:cd:1a:00: Invalid Station MAC address from AP 10.3.49.253-00:0b:86:a2:e7:40-1.1.1 Mar 5 13:32:08 :501083: <WARN> |stm| Probe request: 00:0b:86:cd:1a:00: Invalid Station MAC address from AP 10.3.49.253-00:0b:86:a2:e7:40-1.1.1 Mar 5 13:36:41 :501083: <WARN> |stm| Probe request: 00:0b:86:cd:1a:00: Invalid Station MAC address from AP 10.3.49.253-00:0b:86:a2:e7:40-1.1.1 Mar 5 13:38:42 :501083: <WARN> |stm| Probe request: 00:0b:86:cd:1a:00: Invalid Station MAC address from AP 10.3.49.253-00:0b:86:a2:e7:40-1.1.1 Mar 5 13:40:41 :501083: <WARN> |stm| Probe request: 00:0b:86:cd:1a:00: Invalid Station MAC address from AP 10.3.49.253-00:0b:86:a2:e7:40-1.1.1 Mar 5 13:42:51 :501083: <WARN> |stm| Probe request: 00:0b:86:cd:1a:00: Invalid Station MAC address from AP 10.3.49.253-00:0b:86:a2:e7:40-1.1.1 Mar 5 13:47:03 :501083: <WARN> |stm| Probe request: 00:0b:86:cd:1a:00: Invalid Station MAC address from AP 10.3.49.253-00:0b:86:a2:e7:40-1.1.1 Mar 5 13:49:07 :501083: <WARN> |stm| Probe request: 00:0b:86:cd:1a:00: Invalid Station MAC address from AP 10.3.49.253-00:0b:86:a2:e7:40-1.1.1 Mar 5 13:53:08 :501083: <WARN> |stm| Probe request: 00:0b:86:cd:1a:00: Invalid Station MAC address from AP 10.3.49.253-00:0b:86:a2:e7:40-1.1.1 Mar 5 13:55:14 :501083: <WARN> |stm| Probe request: 00:0b:86:cd:1a:00: Invalid Station MAC address from AP 10.3.49.253-00:0b:86:a2:e7:40-1.1.1
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Available in Enable and Config modes.
1709 | show log user
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show log user-debug
show log user-debug{[<number>][all]}
Description
Show the controller's user debug logs.
Syntax
Parameter <number>
all
Description
Start displaying the log output from the specified number of lines from the end of the log.
Shows all the user debug logs for the controller.
Example
This example shows the controller's last ten user debug logs.
(host) #show log user-debug 10
Mar 5 13:57:24 :501090: <DBUG> |stm| 00:0b:86:a2:e7:40-1.1.1 SSID Mar 5 13:57:24 :501090: <DBUG> |stm| 00:0b:86:a2:e7:41-1.1.1 SSID Mar 5 13:58:26 :501082: <DBUG> |stm| 00:0b:86:a2:e7:40-1.1.1 Mar 5 13:58:26 :501085: <DBUG> |stm| 00:0b:86:a2:e7:40-1.1.1 SSID Mar 5 13:58:26 :501090: <DBUG> |stm| 00:0b:86:a2:e7:40-1.1.1 SSID Mar 5 13:58:26 :501090: <DBUG> |stm| 00:0b:86:a2:e7:41-1.1.1 SSID Mar 5 13:58:27 :501082: <DBUG> |stm| 00:0b:86:a2:e7:40-1.1.1 Mar 5 13:58:27 :501085: <DBUG> |stm| 00:0b:86:a2:e7:40-1.1.1 SSID Mar 5 13:58:27 :501090: <DBUG> |stm| 00:0b:86:a2:e7:40-1.1.1 SSID Mar 5 13:58:27 :501090: <DBUG> |stm| 00:0b:86:a2:e7:41-1.1.1 SSID
Probe response: 00:18:f8:ab:77:a4: AP 10.3.49.253Probe response: 00:18:f8:ab:77:a4: AP 10.3.49.253Probe request: 00:18:f8:ab:77:a4: AP 10.3.49.253Probe request: 00:18:f8:ab:77:a4: AP 10.3.49.253Probe response: 00:18:f8:ab:77:a4: AP 10.3.49.253Probe response: 00:18:f8:ab:77:a4: AP 10.3.49.253Probe request: 00:18:f8:ab:77:a4: AP 10.3.49.253Probe request: 00:18:f8:ab:77:a4: AP 10.3.49.253Probe response: 00:18:f8:ab:77:a4: AP 10.3.49.253Probe response: 00:18:f8:ab:77:a4: AP 10.3.49.253-
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Available in Enable and Config modes.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show log user-debug | 1710
show log wireless
show log wireless{[<number>][all]}
Description
Show the controller's wireless logs.
Syntax
Parameter <number>
all
Description
Start displaying the log output from the specified number of lines from the end of the log.
Shows all the wireless logs for the controller.
Example
This example shows the controller's last ten wireless logs.
(host) #show log wireless 10
Mar 5 13:59:31 :404003: <WARN> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Interfering AP detected with SSID mak-cp-psk and BSSID 00:0b:86:8b:70:20 Mar 5 13:59:35 :404003: <WARN> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Interfering AP detected with SSID and BSSID 00:0b:86:c0:06:83 Mar 5 13:59:38 :404003: <WARN> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Interfering AP detected with SSID and BSSID 00:0b:86:c0:06:85 Mar 5 13:59:41 :404003: <WARN> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Interfering AP detected with SSID and BSSID 00:0b:86:89:f9:42 Mar 5 13:59:41 :404003: <WARN> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Interfering AP detected with SSID QA-SANJAY-OSUWIRELESS and BSSID 00:0b:86:89:f9:40 Mar 5 13:59:44 :404003: <WARN> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Interfering AP detected with SSID QA-SANJAY-OSUVOICE and BSSID 00:0b:86:8c:fb:c0 Mar 5 13:59:44 :404003: <WARN> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Interfering AP detected with SSID Google and BSSID 00:0b:86:4f:82:c0 Mar 5 13:59:47 :404003: <WARN> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Interfering AP detected with SSID QA-SANJAY-OSUVOICE and BSSID 00:0b:86:89:f9:41 Mar 5 13:59:50 :404003: <WARN> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Interfering AP detected with SSID and BSSID 00:0b:86:c0:06:86 Mar 5 13:59:50 :404003: <WARN> |AP 1.1.1@10.3.49.253 sapd| AM 00:0b:86:a2:e7:40: Interfering AP detected with SSID cto-dnh-blah and BSSID 00:0b:86:60:b8:80
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Available in Enable and Config modes.
1711 | show log wireless
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show log wireless | 1712
show logging
show logging facility|server|{level [verbose]}
Description
the IP address of the remote logging server, as well as facility log types and their associated facility levels.
Syntax
Parameter facility server level [verbose]
Description
View the facility used when logging messages into the remote syslog server.
Show the IP address of a remote logging server.
Show logging levels at which the messages are logged. Include the optional verbose parameter to display additional data for logging subcategories and processes.
Usage Guidelines
The ArubaOS logging levels follow syslog convention: l level 7: Emergency l level 6: Alert l level 5: Critical l level 4: Errors. l level 3: Warning l level 2:Notices l level 1:Informational l level 0: Debug The default logging level is leve1 1. You can change this setting via the logging command.
Example
This example below displays defined logging levels for each logging facility.
(host) #show logging level
LOGGING LEVELS
--------------
Facility Level
-------- -----
network warnings
security warnings
system warnings
user
warnings
wireless warnings
1713 | show logging
Dell Networking W-Series ArubaOS 6.4.x | User Guide
This example below displays the IP address of a remote log server. If a remote log server has not yet been defined, this command will not display any output.
(host) #show logging server
Remote Server: 1.1.1.1
FACILITY MAPPING TABLE
----------------------
local-facility severity
-------------- --------
user
debugging
remote-facility --------------local1
Related Commands
Command Description
logging
Use this command to specify the IP address of the remote logging server, as well as facility log types and their associated facility levels.
Mode
Config mode on master and local controllers
Command History
This command was introduced in ArubaOS 2.5.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show logging | 1714
show loginsessions
show loginsessions
Description
Displays the current administrator login sessions statistics.
Syntax
No parameters.
Example
Issue this command to display the admin login session statistics.
Session Table ------------ID User Name -- --------1 admin
User Role --------root
Connection From --------------10.100.102.43
Idle Time --------00:00:00
Session Time -----------00:27:59
The output includes the following parameters:
Parameter ID User Name User Role Connection From Idle Time Session Time
Description Sessions identification number Administrator's user name Administrator's role The IP address from which the administrator is connecting Amount of time the user has been idle Total time the session has been open
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
1715 | show loginsessions
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show mac-address-table
show mac-address-table
Description
Displays a MAC forwarding table.
Syntax
No parameters.
Example
Issue this command to display the MAC forwarding table.
Dynamic Address Count:
0
Static Address (User-defined) Count:
System Self Address Count:
Total MAC Addresses :
6
Maximum MAC addresses :
MAC Address Table
------------------
Destination Address Address Type VLAN
------------------- ------------ ----
00:0b:86:00:00:00 Mgmt
1
00:0b:86:f0:05:60 Mgmt
1
00:0b:86:00:00:00 Mgmt
62
00:0b:86:f0:05:60 Mgmt
62
00:0b:86:00:00:00 Mgmt
4095
00:0b:86:f0:05:60 Mgmt
4095
0 0
6
Destination Port ---------------vlan 1 vlan 1 vlan 62 vlan 62 vlan 4095 vlan 4095
The output includes the following parameters:
Parameter Dynamic Address Count
Description
Count of dynamic addresses currently associated with the controller
Static Address (User-defined) Count Count of static, user-defined addresses associated with the controller
System Self Address Count
Number of self system addresses
Total MAC Addresses
Total number of MAC addresses associated with the controller
Maximum MAC Addresses
Maximum number of MAC addresses
Destination Address
Destination MAC address
Address Type
Destination address type
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show mac-address-table | 1716
Parameter VLAN Destination Port
Description Associated VLAN Destination port
Command History
This command was introduced in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
1717 | show mac-address-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show master-configpending
show master-configpending
Description
Displays the list of global commands which are not saved and are not sent to the local controller.
Syntax
No parameters.
Example
This example below displays the commands which are not saved and are not sent to the local controller. (host) #show master-configpending
aaa profile "default-xml-api" aaa xml-api server "10.17.93.2" aaa xml-api server "10.17.93.2" aaa xml-api server "10.17.93.2" key "12345678" aaa profile "default-xml-api" aaa profile "default-xml-api" xml-api-server "10.17.93.2" user-role "logon" user-role "logon" captive-portal "default" user-role "logon" user-role "logon" no captive-portal "default" user-role "logon" user-role "logon" captive-portal "default" voice rtp-analysis-config voice rtp-analysis-config rtp-analysis voice rtp-analysis-config rtp-analysis voice rtp-analysis-config no rtp-analysis voice rtp-analysis-config rtp-analysis
Related Commands
Command master-redundancy
Description
This command associates a VRRP instance with master controller redundancy.
master-local
This command displays the statistics between the local and the master controllers.
switches
This command provides the details on the switches connected to the master controller, including the master controller itself.
Command History
This command was introduced in ArubaOS 6.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show master-configpending | 1718
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master controllers.
1719 | show master-configpending
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show master-local stats
show master-local stats [<ip-addr>] [<page>]
Description
Display statistics for communication between master and local controllers.
Syntax
Parameter <ip-addr> <page>
Description Include the IP address of a controller to display statistics that controller only. Start displaying the output of this command at the specified page number.
Usage Guidelines
By default, master and Local controllers exchange heartbeat messages every 10 seconds. These "Heartbeats" a include configuration timestamp. If a master controller has later timestamp than the local controller, the state of the local controller changes from `Update Successful' to `Update Required'.
Example
This example below shows statistics for all communications between the master and local controller. (host) #show master-local stats
Missed -> HB Resp from Master
-----------------------------
IP Address HB Req
HB Resp
Last Synced
---------- ------
-------
-----------
10.6.2.252 194721
194208
Thu Feb 26 21:12:04 2009
Total Missed Last Sent Missed Peer Reset Cfg Terminate
------------ ---------------- ---------- -------------
926
0
105
1
The output of this command includes the following data columns:
Parameter IP Address HB Req HB Resp Total Missed
Description IP address of the local controller. Heartbeat requests sent from the local controller. Heartbeat responses sent from the master controller. Total number of heartbeats that were not received by the local controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show master-local stats | 1720
Parameter Last Sent Missed
Peer Reset
Cfg Terminate Last Synced
Description
This counter will increment if controller misses the last heartbeat from the peer controller. This counter will keep on incrementing until the heartbeat message is received from peer.
The number of times the connection to peer is been reset. The connection could reset due to network connectivity problems or when the peer switch reboots.
Number of times the controller has failed to upgrade to a new configuration
Timestamp showing the last time the local controller synched its configuration from the master controller.
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers.
1721 | show master-local stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show master-redundancy
show master-redundancy
Description
Display the master controller redundancy configuration.
Syntax
No parameters.
Example
This example below shows the current master redundancy configuration, including the ID number of the master VRRP virtual router and the IP address of the peer controller for master redundancy. (host) #show master-redundancy Master redundancy configuration:
VRRP Id 2 current state is MASTER Peer's IP Address is 2.1.1.4
Related Commands
Command
master-redundancy master-vrrp
Description
This command associates a VRRP instance with master controller redundancy.
vrrp
This command configures the Virtual Router Redundancy Protocol (VRRP).
master-redundancy peer- This command configures the IP address and preshared key or certificate for a
ip
redundant master controller on another master controller.
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show master-redundancy | 1722
show memory
show memory aaa ap {meshd|rfd|sapd}|{ap-name <ap-name>}|{bssid <bssid>}|{ip-addr <ip-addr>} auth certmgr cfgm cpsec dbsync debug [verbose] dhcpd ecc fpapps fpcli isakmpd l2tpd mdns mobileip ospf pim pptpd profmgr slb snmpd stm udbserver wms <cr>
Description
Show the amounts of free and available memory on the controller, or include a process name to show memory information for a process on the AP or controller.
Syntax
Parameter aaa ap
Description Display memory information for the AAA process on the controller. Display memory information for a process running on a specific AP.
meshd
Display memory information for the meshd process on the specified AP.
rfd
Display memory information for the rfd process on the specified AP.
sapd
Display memory information for the rfd process on the specified AP.
ap-name <ap-name> Display memory information for an AP with the specified AP name.
bssid <bssid>
Display memory information for an AP with the specified BSSID.
1723 | show memory
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
ip-addr <ip-addr> Display memory information for an AP with the specified IP address.
auth
Display memory information for the auth process on the controller.
certmgr cfgm
Display the memory information for certmgr process. Display memory information for the cfgm process on the controller.
cpsec dbsync
Displays memory information for the Control Plane Security process on the controller.
Display memory information for the dbsync process on the controller.
debug [verbose]
Display detailed memory information to debug memory errors the controller. This command should only be used under the supervision of Dell Technical Support.
dhcpd ecc fpapps
Display memory information for the DHCP process on the controller. Display the DRAM ecc counters on the controller. Display memory information for the fpapps process on the controller.
fpcli
Display memory information for the fpcli process on the controller.
isakmpd
Display memory information for the isakmpd process on the controller.
l2tpd
Display memory information for the l2tpd process on the controller.
mdns mobileip
Display memory information for the mDNS process on the controller. Display memory information for the mobileip process on the controller.
ospf
Display memory information for the ospf process on the controller.
pim
Display memory information for the pim process on the controller.
pptpd
Display memory information for the pptpd process on the controller.
profmgr
Display memory information for the profmgr process on the controller.
slb
Display memory information for the slb process on the controller.
apsnmpd
Display memory information for the apsnmpd process on the controller.
stm
Display memory information for the auth process on the controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show memory | 1724
Parameter udbserver wms
Description Display memory information for the udbserver process on the controller. Display memory information for the wms process on the controller.
Usage Guidelines
Include the name of a process to show memory information for that process. Use this command under the supervision of Dell technical support to help debug process errors.
Example
The command show memory displays, in Kilobytes, the total memory on the controller, the amount of memory currently being used, and the amount of free memory. (host) # show memory Memory (Kb): total: 256128, used: 162757, free: 93371
Include the name of a process to show memory statistics for that process. The example below shows memory statistics for mobileip.
(host) # show memory mobileip
Type
Num Allocs
default
92
Size Allocs
Total Allocs 145622
0x1000be14 0x10016cb0 0x10021604 0x10032e34 0x30019a24 0x30019bd8 0x30019bf0 0x30019c28 0x3001b134 0x300326b8 0x30032738 0x3019dfdc 0x3019ee60 0x3019ef18 0x301b63bc 0x301b6470 0x301b648c 0x301b7614 0x301b7770 0x301bd460
PC
1
64
1
41000
1
80
1
24
1
2200
1
41000
1
41000
1
11263
2
1967
9
72
4
64
1
44
3
48
1
784
13
312
10
200
10
920
3
36
8
128
3
60
Total Size
The output of this command includes the following columns:
Column Type
Description
The show memory command currently shows information for predefined processes only, so this column always displays the parameter default.
1725 | show memory
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column Num Alloc Size Allocs Total Allocs Total Size
PC
Allocs
Size
Description
Current number of memory allocations.
Total size of all memory allocations, in bytes.
Maximum number of allocations used throughout in the life of the process.
Maximum size of allocations used throughout in the life of the process, in bytes.
Program counter: the address of a memory allocation. (For internal use only.)
Number of memory allocations at that program counter. (For internal use only.)
Size of all memory allocations at that program counter. (For internal use only.)
Command History
Release ArubaOS 3.0 ArubaOS 6.3
Modification
Command introduced.
The following parameters were introduced: l aaa l cpsec l ecc l mdns
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show memory | 1726
show mgmt-role
show mgmt-role
Description
This command allows the user to view a list of management role configurations.
Syntax
No parameters.
Example
Issue this command to display a list of management user roles.
Management User Roles
---------------------
ROLE
DESCRIPTION
----
-----------
root
Super user role
read-only
Read only commands
network-operations network-operations
guest-provisioning guest-provisioning
location-api-mgmt location-api-mgmt
no-access
Default role, no commands are accessible for this role
location-api-mgmt location-api-mgmt
The output includes the following parameters:
Parameter ROLE DESCRIPTION
Description Name of the management user role Description of the management user role
Command History
This command was introduced in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master controllers
1727 | show mgmt-role
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show mgmt-server
show mgmt-server message-counters process {auth | fw_visibility | spectrum | stm | wms} profile <profile-name>
Description
Displays the message counter information of management server.
Syntax
Parameter message-counters
Description
Message counter in the recent past.
process {auth | fw_visibility | spectrum | stm | wms}
Controller processes: l Authentication l Firewall Visibility l Spectrum l Station Management l WLAN Management System
profile <profile-name>
Displays the list of configuration profiles and the details of the specified configuration profiles for the management server.
Example
The output of this command shows the message counter information of the WLAN Management System process in the controller. (host) (config) #show mgmt-server message-counters process wms
Message Counter History
-----------------------
Message Number Time
Monitored STA Info Monitored STA Stats
-------------- ----
------------- -------------------
82
Tue Apr 2 14:56:43 2013
3
81
Tue Apr 2 14:56:13 2013
67
80
Tue Apr 2 14:55:43 2013
2
79
Tue Apr 2 14:55:13 2013
2
Packets ------1 1 1 1
Monitored AP Info ----------------0 14 0 0
Monitored AP Stats -----------------0 218 0 0
----3 2 0 0
The output of the following command displays the details of the default-amp management configuration profile:
(host) #show mgmt-server profile default-amp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show mgmt-server | 1728
Mgmt Config profile "default-amp" (Predefined (editable))
---------------------------------------------------------
Parameter
Value
---------
-----
Stats
Enabled
Tag
Enabled
Sessions
Enabled
Monitored Info Disabled
Monitored Stats Disabled
Misc
Enabled
Location
Enabled
Voice Info
Disabled
Command History
Release ArubaOS 3.4
Modification Command introduced.
ArubaOS 6.3
The wms process is introduced to track the Advanced Monitoring (AMON) message counters.
ArubaOS 6.3.1
The profile parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
1729 | show mgmt-server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show mgmt-servers
show mgmt-servers
Description
Displays list of management servers that receive Advanced Monitoring (AMON) messages from the controller.
Syntax
Parameter mgmt-servers
Description
Management Servers. This could be W-AirWave Management Server or any other server that receive messages from the controller using AMON protocol.
Example
The output of this command shows list of management servers in the controller. (host) (config) #show mgmt-servers
List of Management Servers
--------------------------
Type
Primary Server Profile
----
-------------- -------
AirWave 10.4.14.200
default-amp
ALE
1.1.1.1
default-ale
Num Rows:2
Command History
Release ArubaOS 3.4 ArubaOS 6.3.1
Modification
Command introduced.
The management server configuration profile column was included in the output.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show mgmt-servers | 1730
show mgmt-users
show mgmt-users [ <username> | local-authentication-mode <username> | ssh-pubkey <username> | webui-cacert <username> ]
Description
Displays list of management users on the controller and also details of each management users.
Syntax
Parameter username local-authentication-mode ssh-pubkey webui-cacert
Description To view details of a specific management user. Status of local-authentication mode. Number of management users using the ssh-pubkey. Number of management users using web CA certificates.
Example
The output of this command shows the client certificate name, username, user role, and revocation checkpoint for management users using the ssh-pubkey in the controller. (host) #show mgmt-user ssh-pubkey
SSH Public Key Management User Table -----------------------------------CLIENT-CERT USER ROLE STATUS REVOCATION CHECKPOINT ----------- ---- ---- ------ --------------------client1-rg test1 root ACTIVE ca-rg client2-rg test2 root ACTIVE none client3-rg test3 root ACTIVE ca-rg client1-rg test4 root ACTIVE ca-rg
Command History
Release ArubaOS 3.3.2
Modification Command introduced
ArubaOS 6.3
The ssh-pubkey Revocation Checkpoint parameter was introduced.
1731 | show mgmt-users
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show mgmt-users | 1732
show tunneled-node config
show tunneled-node config
Description
Displays wired tunneled node configuration details.
Syntax
No parameters.
Example
The output of this command shows the tunneled node configuration details. (host) # show tunneled-node config
Tunneled Node:Enabled Tunneled Node Server:4.4.4.1 Tunnel Loop Prevention:Disabled Tunnel Node MTU:5000
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
The command name was changed to show tunneled-node config.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show tunneled-node config | 1734
show netdestination
show netdestination <netdestination name>
Description
Displays IPv4 and IPv6 network destination information.
Syntax
No parameters.
Example
Issue this command to display all netdestination configured on this controller. The output below displays information for all configured IPv4 and IPv6 netdestinations. To display additional detailed information for an individual netdestinations, include the name of the netdestination at the end of the command.
(host) >enable
Password:******
(host) #show netdestination
Name: white-list
Position Type IP addr Mask-Len/Range
-------- ---- ------- --------------
Name: localnetwork
Position Type
IP addr Mask-Len/Range
-------- ----
------- --------------
1
network 0.0.0.2 0.0.0.0
The output includes the following parameters:
Parameter Name Position Type IP addr Mask/Range
Description Network destination name Network destination position Network destination type IP address of the network destination Network destination subnet mask and range
Command History
This command was introduced in ArubaOS 3.0.
1735 | show netdestination
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing
You must have a PEFNG license to configure or view a netdestination.
Command Mode
Enable or config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show netdestination | 1736
show netexthdr
show netexthdr <alias-name>
Description
This command displays the IPv6 extension header (EH) types that are denied.
Syntax
Parameter Description <alias-name> Specify the EH alias name.
Default
default
Usage Guidelines
Example
The following command displays the denied extended header types in the default EH: (host) #show netexthdr default
Extended Header type(s) Denied -----------------------------51,
Command History
Release ArubaOS 6.1
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on the master controllers
1737 | show netexthdr
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show netservice
show netservice [<string>]
Description
Show network services
Syntax
Parameter <string>
Description Name of a network service.
Usage guidelines
Issue this command without the optional <string> parameter to view a complete table of network services on the controller. Include the <string> parameter to display settings for a single network service only.
Example
The following example shows the protocol type, ports and application-level gateway (ALG) for the DHCP service.
(host) #show netservice svc-dhcp
Services
--------
Name
Protocol Ports ALG
----
-------- ----- ---
svc-dhcp udp
67
68
Related Commands
To configure an alias for network protocols, use the command netservice.
Command History
This command was available in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show netservice | 1738
show netstat stats
show netstat stats
Description
Show network statistics for current active network connections, filtered by protocol type.
Syntax
No parameters
Usage guidelines
Issue this command to display aggregate statistics for IP, ICMP, TCP and UDP protocols, and extended TCP statistics
Example
The following example shows incoming and outgoing packet statistics for the controller.
(host) #show netstat stats Ip:
1084012095 total packets received 2 with invalid headers 3 forwarded 426940 incoming packets discarded 932097114 incoming packets delivered 1004595164 requests sent out 52847 fragments dropped after timeout 201323411 reassemblies required 50179757 packets reassembled ok 53204 packet reassembles failed 136827034 fragments created Icmp: 1969625 ICMP messages received 5 input ICMP message failed. ICMP input histogram:
destination unreachable: 1752058 timeout in transit: 1684 redirects: 70805 echo requests: 145073 echo replies: 5 249806 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 51944 time exceeded: 52796 redirect: 2 echo replies: 145064 Tcp: 3 active connections openings 0 passive connection openings 0 failed connection attempts 0 connection resets received 2 connections established 1006383 segments received 1147229 segments send out 9603 segments retransmitted 0 bad segments received.
1739 | show netstat stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
2568 resets sent Udp:
928478757 packets received 40767 packets to unknown port received. 426937 packet receive errors 910267627 packets sent
Related Commands
To configure an alias for network protocols, use the command netservice.
Command History
Release ArubaOS 6.4.0
Modification
The stats parameter, which was optional in earlier version of ArubaOS was made a required part of the command syntax.
ArubaOS 1.0
Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on local and master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show netstat stats | 1740
show network-printer
show network-printer [config | job <printer-name> | status]
Description
Displays configuration, job status details, and printer status of USB printers connected to a W-600 Series controller.
Syntax
Parameter config job status
Description Displays the configuration details of the printer service on the controller. Displays the list of job in queue in all printers connected to the controller. Displays the status of all printers connected to the controller.
Example
The output of this command shows the status of all printers connected to the controller. (host) #show network-printer status
Networked Printer Status -----------------------Printer Name -----------usblp_Hewlett-Packard_HP_Color_LaserJet_CP3505_CNBJ8B1003 usblp_HP_Officejet_Pro_L7500_MY872231FX
Printer Alias ------------HPLJ_P3005 HPOJ_L7500
Status -----idle idle
Comment ------enabled enabled
Command History
This command was available in ArubaOS 3.4
Command Information
Platforms W-600 Series controller
Licensing Base operating system
Command Mode Enable mode
1741 | show network-printer
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show network-storage
show network-storage [ files opened | shares {<file-system-path> | disk | status | users {disk <disk-name>} ]
Description
Displays details about the USB storage device connect to a W-600 Series controller.
Syntax
Parameter Description files opened Displays the list of opened files in the USB storage device connected to the controller.
shares
Displays the list of shares that are created in the USB storage device. This option provides the following details: l name of the share l name of the disk by alias. l the folder associated with the share, l the access mode
status
Displays the status of the storage service on the controller.
users
Displays the list of users by IP address, connected share name and connection time.
Example
The output of this command shows the status of all printers connected to the controller. (host) #show network-storage users
NAS Users --------Share Name ---------Documents Documents
Machine -------
Connected at -----------192.168.1.4 Fri Apr 21 14:28:59 2009 192.168.1.5 Fri Apr 21 14:17:09 2009
Command History
This command was available in ArubaOS 3.4
Command Information
Platforms W-600 Series controller
Licensing Base operating system
Command Mode Enable mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show network-storage | 1742
show ntp trusted-keys
show ntp trusted-keys
Description
Show information for the NTP trusted key
Syntax
No parameters.
Example
The following example shows values for the NTP authentication keys, Key ID and Md5 secret key. (host) #show ntp authentication-keys
Key Id -----12345
md5 secret ---------4567
The output of this command includes the following parameters:
Parameter Key ID md5 secret
Description The key identifier used to when you configured the NTP authentication key.
The key value for the MD5 hash used when you configured the NTP authentication key.
Related Commands
To configure NTP authentication keys, use the command ntp authentication-key.
Command History
This command was available in ArubaOS 6.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
1743 | show ntp trusted-keys
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ntp peer
show ntp peer <IPv4/IPv6 Address>
Description
Show NTP peer information.
Syntax
Parameter <IPv4/IPv6 Address>
Description IPv4/IPv6 Address of the peer.
Example
The output of this commands shows IPv4 and IPv6 address of the peer. (host) #show ntp peer 2008::2
remote 2008::2, local 2008::1
hmode client, pmode sym_active, stratum 16, precision -20
leap 11, refid [73.78.73.84], rootdistance 0.00000, rootdispersion 0.00262
ppoll 6, hpoll 6, keyid 0, version 4, association 53202
reach 000, unreach 1, flash 0x1620, boffset 0.00000, ttl/mode 0
timer 0s, flags config, bclient
reference time:
00000000.00000000 Wed, Feb 6 2036 22:28:16.000
originate timestamp: 00000000.00000000 Wed, Feb 6 2036 22:28:16.000
receive timestamp: d6186e9b.5723196a Sun, Oct 27 2013 21:03:23.340
transmit timestamp: d6186e9b.5723196a Sun, Oct 27 2013 21:03:23.340
filter delay: 0.00000 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: 0.000000 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
filter order: 0
1
2
3
4
5
6
7
offset 0.000000, delay 0.00000, error bound 3.99217, filter error 0.00000
remote host:
2008::2
local interface:
2008::1
time last received: 59s
time until next send: 5s
reachability change: 61s
packets sent:
1
packets received:
1
bad authentication: 0
bogus origin:
0
duplicate:
0
bad dispersion:
1
bad reference time: 0
candidate order:
0
flags:
config, bclient
(host) #show ntp peer 10.20.22.17
remote ::, local :: hmode client, pmode unspec, stratum 3, precision -23 leap 00, refid [125.62.193.121], rootdistance 0.32069, rootdispersion 0.15305 ppoll 6, hpoll 6, keyid 0, version 4, association 26134
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ntp peer | 1744
reach 001, unreach 2, flash 0x0400, boffset 0.00113, ttl/mode 0
timer 0s, flags config, bclient
reference time:
d6186d7e.c99ed7ba Sun, Oct 27 2013 20:58:38.787
originate timestamp: 00000000.00000000 Wed, Feb 6 2036 22:28:16.000
receive timestamp: d6186e24.f02d3f57 Sun, Oct 27 2013 21:01:24.938
transmit timestamp: d6186e24.f02d3f57 Sun, Oct 27 2013 21:01:24.938
filter delay: 0.00113 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: 0.398620 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
filter order: 0
1
2
3
4
5
6
7
offset 0.398620, delay 0.00113, error bound 2.81735, filter error 0.00276
remote host:
10.20.22.17
local interface:
10.16.32.90
time last received: 1s
time until next send: 1s
reachability change: 1s
packets sent:
2
packets received:
1
bad authentication: 0
bogus origin:
0
duplicate:
0
bad dispersion:
0
bad reference time: 0
candidate order:
0
flags:
config, bclient, iburst
Usage guidelines
The show ntp peer command is used for NTP server troubleshooting, and should only be used under the supervision of Dell technical support. Issue the show ntp servers command to view basic settings for currently configured NTP servers.
Related Commands
To configure an NTP server, use the command ntp server.
Command History
Release ArubaOS 3.0
Modification Command introduced.
ArubaOS 6.4
The IPv6 parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
1745 | show ntp peer
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ntp servers
show ntp servers [brief]
Description
Show information for Network Time Protocol (NTP) servers.
Syntax
Parameter brief
Description Display the IP address of the defined NTP servers, iburst and key settings.
Examples
The following example shows values for the primary and backup NTP servers. The primary server is marked with an asterisk (*) and the backup server is marked with an equals sign (=). Note that a backup server will not display delay, offset or dispersion data, as it is not currently in use.
(host) (config) #show ntp server
NTP Server Table Entries
------------------------
Flags:
* Selected for synchronization
+ Included in the final selection set
# Selected for synchronization but distance exceeds maximum
- Discarded by the clustering algorithm
= mode is client
remote
local
st poll reach delay
offset
disp
==============================================================================================
===
*2012::d63d:7eff:fe46:7309
2012::40
3 1024
377 0.00169 -0.001367
0.13815
The output of this command includes the following parameters:
Parameter Description
flags
The flags indicate the status of the server.
remote
IP address of the remote NTP server defined using the CLI command ntp server.
local
IP address of the local clock.
st
NTP uses hierarchical levels of clock sources, or strata, and assigns each layer a number
starting with zero at the root. The st column in the output of this command represents the
number of servers between the configured NTP server and the root reference clock.
poll
Interval, in seconds, between the local NTP server's attempt to poll the remote NTP server.
reach
An index that measures whether or not the remote NTP server could be reached at eight most recent polling intervals. If the NTP server has just been configured and hasn't yet been polled successfully, the value will be zero (0). A value of 377 indicates that the last eight poll queries were successful.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ntp servers | 1746
Parameter Description
delay
Delay, in seconds, between the time that the local clock polls the NTP server and the NTP server returns a reply.
offset
The difference in time, in seconds, between the local clock and the NTP server.
disp
Dispersion represents the maximum error of the local clock relative to the reference clock,
and is a measurement of the time server and network quality. Lower dispersion values are
preferred over higher dispersion values.
The following example shows the ntp servers configuration. The NTP server IP address, key ID and iburst status are shown when the ntp servers brief command is used.
The following output is for IPv4:
(host) (config) #show ntp servers brief server 1.1.1.1 key 1234 server 10.1.1.245 iburst key 12345
The following output is for IPv6: (host) (config) #show ntp servers brief server 2012::d63d:7eff:fe46:7309
Related Commands
To configure an NTP server, use the command ntp server.
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
The key-id parameter output displays when the ntp servers brief command is used.
ArubaOS 6.4
Flags indicating the status of the server, were introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
1747 | show ntp servers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ntp status
show ntp status
Description
Show information for a NTP server.
Syntax
No parameters.
Example
The following example shows values for the primary NTP server. (host) #show ntp status
Authentication: time since restart: time since reset: packets received: packets processed: current version: previous version: declined: access denied: bad length or format: bad authentication: rate exceeded: system peer: system peer mode: leap indicator: stratum: precision: root distance: root dispersion: reference ID: reference time: system flags: jitter: stability: broadcastdelay: authdelay:
enabled 2347 7594 4 0 0 0 0 0 0 0 0 10.1.1.250 client 00 3 -18 0.03236 s 0.06728 s [10.1.1.250] cd45b701.bcbc05d5 Tue, Feb 17 2009 14:21:53.737 auth monitor ntp kernel stats 0.005020 s 0.866 ppm 0.003998 s 0.000000 s
The output of this command includes the following parameters:
Parameter authentication time since restart time since reset
Description Indicates if authentication is enabled for the NTP server. Time in hours since the system was last rebooted.
The number of seconds since the last time the local NTP server was restarted.
packets received
Total number of packets received.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ntp status | 1748
Parameter packets processed current version previous version declined access denied bad length or format packets received bad authentication rate exceeded system peer system peer mode
leap indicator
stratum precision root distance root dispersion
reference ID
Description Number of packets received in response to previous packets sent. Number of packets matching the current NTP version. Number of packets matching the previous NTP version. Number of packets declined. Number of packets for which access has been denied. Number of packets with invalid length, format or port number. Total number of packets received.
Number of NTP packets that failed to be authenticated.
Number of packets discarded due to rate limitation.
The IP address of the peer NTP server.
The peer mode of this remote association: l Symmetric Active l Symmetric Passive l Client l Server l Broadcast
This parameter indicates whether or not a leap-second should be inserted or removed at the end of the last day of the current month. l 00 no warning l 01 +1 second (following minute has 61 seconds) l 10 -1 second (following minute has 59 seconds)
The stratum level of the peer
The advertised precision of the switch. This value can range from -4 and 20, inclusive.
Total round trip delay to the stratum 1 reference clock.
Total dispersion to the stratum 1 reference clock. This value is a cumulative measure of all errors associated with the network hops and servers between the NTP server and its stratum 1 server.
IPv4/IPv6 address of the remote NTP server.
1749 | show ntp status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
reference time
system flags jitter stability broadcastdelay authdelay
Description
Note: When NTP server is reachable through IPv4 address, use the address as is. If done through IPv6 address, the Reference ID is calculated instead of directly taking the IPV6 address on the NTP Server. The controller performs a MD5 checksum and the last 4 bytes are considered as the reference ID.
Time when the local system clock was last set or corrected, in NTP timestamp format.
This parameter displays any flags configured for this NTP entity.
The average magnitude of jitter between several time queries.
The average magnitude of offset between several time queries
The broadcast delay of this NTP server association, in seconds.
The authentication delay of this NTP server association, in seconds.
Related Commands
To configure an NTP server, use the command ntp server.
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.4
The following parameters were introduced:
l time since restart l packets received l packets processed l current version l previous version l declined l access denied l bad length or format l bad authentication l rate exceeded
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ntp status | 1750
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
1751 | show ntp status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show packet-capture
show packet-capture controlpath-pcap [hex] datapath-pcap [hex]
Description
Displays packet capture status on the controller.
Syntax
Parameter controlpath-pcap [hex] datapath-pcap [hex]
Description Displays controlpath packets captured in the local-filesystem. Displays datapath packets captured in the local-filesystem.
Example
The output of this command shows the packet capture configuration details.
(host) #show packet-capture
Active Capture Destination
--------------------------
Destination IP
1.2.3.4
Active Capture (Controlpath)
----------------------------
Interprocess Disabled
Sysmsg
Disabled
TCP
Enabled Ports: 2
UDP
Enabled Ports: 5
Other
Enabled
Active Capture (Datapath)
-------------------------
Wifi-Client Enabled Mac: 00:0b:86:6d:47:6c
Ipsec
Enabled Peer: 10.1.1.1
(host) (config) #show packet-capture-defaults
Default Capture Destination
---------------------------
Destination Local-Filesystem
Default Capture (Controlpath)
-----------------------------
Interprocess Disabled
Sysmsg
Disabled
TCP
Enabled Ports: 80 8080
UDP
Enabled Ports: All
Other
Disabled
Default Capture (Datapath)
--------------------------
Wifi-Client Enabled Mac: 00:0b:86:6d:47:6c
Ipsec
Disabled
Filter: Decrypted Filter: Encrypted
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show packet-capture | 1752
Command History
Release ArubaOS 3.3.2 ArubaOS 6.3
Modification Command introduced. Controlpath-pcap and datapath-pcap parameters added.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1753 | show packet-capture
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show packet-capture-defaults
show packet-capture-defaults
Description
Displays the status of default packet capture options.
Syntax
No parameters.
Example
The output of this command shows packet capture status. (host) # show packet-capture-defaults
Current Active Packet Capture Actions(current switch) ===================================================== Packet filtering for TCP ports disabled. Packet filtering for UDP ports disabled. Packet filtering for internal messaging opcodes disabled. Packet filtering for all other packets disabled.
Packet Capture Defaults(across switches and reboots if saved) ============================================================ Packet filtering for TCP ports disabled. Packet filtering for UDP ports disabled. Packet filtering for internal messaging opcodes disabled. Packet filtering for all other packets disabled.
Command History
This command was available in ArubaOS 3.3.2
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show packet-capture-defaults | 1754
show pan active-profile
show pan active-profile
Description
This command shows the active PAN firewall profile at the local controller level.
Syntax
No syntax.
Usage Guidelines
Issue this command to show the current active PAN firewall profile running on the controller.
(host) #show pan active-profile Palo Alto Networks Active Profile --------------------------------Parameter --------Active Palo Alto Networks profile
Value ----PAN-Group-1
Command History
ArubaOS 6.4
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master or local controllers
1755 | show pan active-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show pan-options
show pan-options
Description
This command displays configured settings for integrating a branch controller with a Palo Alto Networks (PAN) firewall.
Syntax
No syntax.
Usage Guidelines
Issue this command to see the connection status of the PAN firewalls associated with the controller. (host)#show pan profile PAN-Group-1
Palo Alto Networks Servers Profile "PAN-Group-1"
------------------------------------------------
Parameter
Value
---------
-----
Palo Alto Networks Firewall
1.2.3.4:443 abc/********
Palo Alto Networks Firewall
2.2.2.2:123 2222/********
Palo Alto Networks Firewall
3.3.3.3:333 3333/********
Palo Alto Networks Firewall
1.1.1.1:443 admin/********
Command History
ArubaOS 6.4
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show pan-options | 1756
show pan state
show pan state
Description
This command shows the current connection status of PAN firewalls.
Syntax
No syntax.
Usage Guidelines
Issue this command to see the connection status of the PAN firewalls associated with the controller.
(host) #show pan state Palo Alto Networks Servers Connection State[PAN-Group-1] -------------------------------------------------------Firewalls State --------- ----1.2.3.4:443 DOWN 2.2.2.2:123 UP[11/25/13 12:45:49]Established 3.3.3.3:333 UP[11/25/13 12:45:48]Established 1.1.1.1:443 UP[11/25/13 12:45:50]Established
Command History
ArubaOS 6.4
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master or local controllers
1757 | show pan state
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show pan statistics
show pan statistics
Description
This command shows PAN firewall interface statistics.
Syntax
No syntax.
Usage Guidelines
Issue this command to see PAN firewall interface statistics.
(host) (config) #show pan statistics
Palo Alto Networks Interface Statistics Summary
-----------------------------------------------
Login Reqts Logout Reqts Refresh Reqts
----------- ------------ -------------
0
0
0
Per-PAN server Statistics Summary
---------------------------------
PAN Server
User-ID Reqts Sent Skipped Success
----------
------------- ---- ------- -------
1.2.3.4:443 0
0
0
0
0
Failure -------
Last Error ----------
Parameter
Description
Palo Alto Networks Interface Statistics Summary
Login Reqts
Total number of login requests.
Logout Reqts
Total number of logout requests.
Refresh Reqts
Total number of refresh requests.
Per-PAN server Statistics Summary
PAN Server
The PAN Server IP address.
User-ID Reqts
Total number of login, logout, and refresh requests.
Sent
Number of requests sent.
Skipped
Number of requests skipped.
Success
Number of requests successfully handled.
Failure
Number of requests that were not successfully received.
Last Error
The last failure error received.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show pan statistics | 1758
Command History
ArubaOS 6.4
Modification Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master or local controllers
1759 | show pan statistics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show pan-gp
show pan-options
Description
This command displays Palo Alto Networks portal or gateway settings on a branch or local controller.
Syntax
No parameters.
Usage Guidelines
Issue this command to view GlobalProtect protocol settings for a Palo Alto Networks portal or gateway on a on a branch controller using the Palo Alto Networks firewall integration feature.
Examples
The following example displays the portal information seen by a branch controller connected to a Palo Alto Networks portal.
(host) #show pan-gp portal-info Global Protect Portal Information ================================= Portal Config............. 172.16.2.1:443 Name...................... Portal-profile-1 State..................... GET CONFIG SUCCESS Config Refresh Interval... 1 hours Root CA Name.............. LSVPNCert Gateway [01] Name.............. 172.16.2.1 Desc.............. GW-1 Priority.......... 10 Gateway [02] Name.............. 172.16.2.50 Desc.............. GW-2 Priority.......... 15 Refresh Timer Armed....... YES Failure Timer Armed....... NO
The following example displays the gateway information seen by a branch controller connected to a Palo Alto Networks gateway.
show pan-gp gateway-info Global Protect Gateway Information ================================= Name...................... PAN-GW-1 Description............... PAN-GW-1-S State..................... GET CONFIG SUCCESS Config Refresh Interval... 1 hours Software Version.......... 1.0.0 Satellite Serial Number... SN000B8699E0D7 Accept published routes... YES Gateway Address........... 172.16.2.1 Default Gateway........... 192.168.100.254 IP Address................ 192.168.100.87 IP Mask................... 255.255.255.255 Priority.................. 10 Keepalive Information Enabled........... YES Interval.......... 3 secs Action............ 0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show pan-gp | 1760
Threshold......... 5 Source Address.... 192.168.100.254 Dest Address...... 192.168.100.87 Key Information Authentication.... sha1 Encryption........ aes256 C2S SPI........... 45735d16 S2C SPI........... 366f1987 SA Lifetime Lifetime.......... 3 mins Lifetime Secs..... 180 Delayed Timer Armed....... NO Refresh Timer Armed....... YES SA Lifetime Timer Armed... YES Failure Timer Armed....... NO Name...................... PAN-GW-2 Description............... PAN-GW-2-S State..................... GET CONFIG SUCCESS Config Refresh Interval... 2 hours Software Version.......... 1.0.0 Satellite Serial Number... SN000B8699E0D7 Accept published routes... YES Gateway Address........... 172.16.2.50 Default Gateway........... 192.168.101.254 IP Address................ 192.168.101.116 IP Mask................... 255.255.255.255 Priority.................. 15 Keepalive Information Enabled........... YES Interval.......... 3 secs Action............ 0 Threshold......... 5 Source Address.... 192.168.101.254 Dest Address...... 192.168.101.116 Key Information Authentication.... sha1 Encryption........ aes256 C2S SPI........... 51d03875 S2C SPI........... 31d42d17 SA Lifetime Lifetime.......... 5 mins Lifetime Secs..... 300 Delayed Timer Armed....... NO Refresh Timer Armed....... YES SA Lifetime Timer Armed... YES Failure Timer Armed....... NO
Related Commands
pan-options ip nexthop-list pan active-profile
Modification
This command configures options to integrate a branch controller with a Palo Alto Networks (PAN) firewall.
Define a nexthop list for policy-based routing.
This command selects an active Palo Alto Network (PAN) profile from a set of profiles.
1761 | show pan-gp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
pan profile uplink
Modification
This command configures a Palo Alto Networks (PAN) profile to allow a controller to communicate with a PAN firewall.
Manage and configure the uplink network connection.
Command History
ArubaOS 6.4.3.0
Modification Command introduced.
Command Information
Platforms
Licensing
W-7000 Series controllers, when configured as a branch controller, or any controller model when used in conjunction with uplink manager feature.
Base operating system
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show pan-gp | 1762
show pan-options
show pan-options
Description
This command displays configured options to integrate a branch controller with a Palo Alto Networks (PAN) firewall.
Syntax
No parameters.
Usage Guidelines
Issue this command to view Palo Alto Networks firewall integration settings for branch, standalone or local controllers. Note that the PAN firewall integration feature can only be used on standalone or local controllers when used in conjunction with the controller uplink VLAN manager feature, which must be enabled using the uplink command in the controller command-line interface.
Examples
(host)# show pan-options Configure Palo Alto Networks options -----------------------------------Parameter --------Portal IP for Palo Alto Networks Global Protect
Value ----portal-ip 172.16.2.1 cert cert_LSVPNCert
The output of this command contains the following parameters:
Parameter Value
Description
This column contains displays the following parameters for Palo Alto firewall integration feature:
l portal-ip <ip-addr>: The IP address of the firewall management portal
l cert <cert-name>: Name of the self-signed or external certification authority (CA) certificate to sign the controller and gateway server certificates
Related Commands
pan-options ip nexthop-list pan active-profile
Modification
This command configures options to integrate a branch controller with a Palo Alto Networks (PAN) firewall.
Define a nexthop list for policy-based routing.
This command selects an active Palo Alto Network (PAN) profile from a set of profiles.
1763 | show pan-options
Dell Networking W-Series ArubaOS 6.4.x | User Guide
pan profile uplink
Modification
This command configures a Palo Alto Networks (PAN) profile to allow a controller to communicate with a PAN firewall.
Manage and configure the uplink network connection.
Command History
ArubaOS 6.4.3.0
Modification Command introduced.
Command Information
Platforms
Licensing
W-7000 Series controllers, when configured as a branch controller, or any controller model when used in conjunction with uplink manager feature.
Base operating system
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show pan-options | 1764
show papi kernel-socket-stats
show papi kernel-socket-stats
Description
This command shows the state of UDP PAPI sockets in the kernel.
Syntax
No syntax.
Usage Guidelines
Issue this command to show the state of the UDP PAPI sockets in the kernel. The following example shows partial output of this command.
(host) #show papi-security
(7240-223) #show papi kernel-socket-stats Kernel PAPI Statistics
Port
RxSockbufSize RxSockbufHimark CurRxQLen MaxRxQLen Drops
9344(9344)
2097152
7104
0
3
0
8449(Utility Process)
2097152
0
0
0
0
9345(9345)
2097152
0
0
0
0
514(514)
2097152
0
0
0
0
9476(9476)
2097152
0
0
0
0
9348(9348)
2097152
0
0
0
0
9220(9220)
2097152
0
0
0
0
8453(Control Plane Security Daemon)
2097152
2368
0
1
0
9222(9222)
2097152
0
0
0
0
9478(9478)
2097152
0
0
0
0
8455(Spectrum Process)
2097152
0
0
0
0
8456(STM Monitoring)
2097152
0
0
0
0
9224(9224)
2097152
0
0
0
0
9481(9481)
2097152
0
0
0
0
9482(9482)
2097152
0
0
0
0
8458(Arci cli helper server)
2097152
0
0
0
0
9226(9226)
2097152
0
0
0
0
9483(9483)
2097152
0
0
0
0
9355(9355)
2097152
0
0
0
0
8459(WMS Monitoring)
2097152
0
0
0
0
9484(9484)
2097152
0
0
0
0
9485(9485)
2097152
0
0
0
0
9486(9486)
2097152
0
0
0
0
9359(9359)
2097152
0
0
0
0
9231(9231)
2097152
0
0
0
0
Command History
ArubaOS 6.2
Modification Command introduced.
1765 | show papi kernel-socket-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show papi kernel-socket-stats | 1766
show perf-test reports
show perf-test reports ap {ap-name <ap-name>}|{ip-addr <ip>}|{ip6-addr <ip6>} controller
Description
Use this command under the guidance of Dell technical support to view the results of an Iperf throughput test launched from an AP or controller.
Syntax
Parameter
Description
ap ap-name <ap-name>
Display the results of an Iperf throughput test launched from an AP. Name of the AP.
ip-addr <ip-addr>
IPv4 address of the AP.
ip6-addr <ip6-addr> IPv6 address of the AP.
controller
Display the results of an Iperf throughput test launched from a controller.
Usage Guidelines
Issue this command to view a report file of test data from a client-mode Iperf throughput test launched from an AP or controller. Tests launched in server mode do not generate reports. Only W-AP130 Series, W-AP220 Series, and W-AP105 access points connected to a W-7200 Series or W-6000M3 controller support this feature.
Related Commands
Command perf-test
Description
Use this command under the guidance of Dell technical support to launch an Iperf throughput test
Command History
Introduced in ArubaOS 6.3.
Command Information
Platforms W-6000M3 controllers
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
1767 | show perf-test reports
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show poe
show poe [slot/port]
Description
Displays the PoE status of all or a specific port on the controller.
Syntax
No parameters.
Example
The output of this command shows the PoE status of port 10 in slot 1. (host) # show poe 1/10
PoE Status
----------
Port
Status
----
------
FE 1/10 Off
Voltage(mV) ----------N/A
Current(mA) ----------N/A
Power (mW) ---------N/A
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show poe | 1768
show policer-profile (deprecated)
show policer-profile <profile-name>
Description
Displays the policer profile configuration.
Command History
This command was deprecated in ArubaOS 6.2.
1769 | show policer-profile (deprecated)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show port link-event
show port link-event
Description
Displays the link status on each of the port on the controller.
Syntax
No parameters.
Example
The output of this command shows the link status on all ports in the controller. (host) # show port link-event
Slot/Port ---------
2/ 0 2/ 2 2/ 4 2/ 6 2/ 8 2 / 10 2 / 12 2 / 14 2 / 16 2 / 18 2 / 20 2 / 22 2 / 24 3/ 0 3/ 2 3/ 4 3/ 6 3/ 8 3 / 10 3 / 12 3 / 14 3 / 16 3 / 18 3 / 20 3 / 22 3 / 24
UP -0 0 0 0 0 10 1 1 5 1 0 2 0 24 0 1 0 94 0 49751 2589 2 8245 74 1 0
DOWN ---0 0 0 0 0 9 0 0 4 0 0 2 0 23 0 0 0 94 0
49750 2588 1 8244 73 0 0
Slot/Port ---------
2/ 1 2/ 3 2/ 5 2/ 7 2/ 9 2 / 11 2 / 13 2 / 15 2 / 17 2 / 19 2 / 21 2 / 23 2 / 25 3/ 1 3/ 3 3/ 5 3/ 7 3/ 9 3 / 11 3 / 13 3 / 15 3 / 17 3 / 19 3 / 21 3 / 23 3 / 25
UP -0 1 0 1 0 2 0 6 9 5 4 9 0 0 0 1 0 0 5886 50 228 2423 5098 2 0 0
DOWN ---0 1 0 1 0 1 0 5 8 4 4 9 0 0 0 0 0 0 5886 49 227 2423 5098 2 0 0
Command History
This command was available in ArubaOS 3.3.2
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show port link-event | 1770
show port monitor
show port monitor
Description
Displays the list of ports that are configured to be monitored.
Syntax
No parameters.
Example
The output of this command shows the link status on all ports in the controller. (host) # show port monitor
Monitor Port Port being Monitored
------------ --------------------
FE 1/10
FE 1/20
Command History
This command was available in ArubaOS 3.3.2
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1771 | show port monitor
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show port monitor | 1772
show port stats
show port status [<slot/port>]
Description
Displays the activity statistics on each of the port on the controller.
Syntax
Parameter <slot/port>
Description
l Physical port in <slot>/<port> format for W-3000 Series controller.
l Physical port in <slot>/<module>/<port> format for W-6000M3 and W-7200 Series controllers.
Example
The output of this command shows the link status on all ports in the controller. (host) # show port stats
Port Statistics --------------Port PacketsIn ---- --------GE 1/0 0 GE 1/1 0 GE 1/2 3142 GE 1/3 0 PC 0 0 PC 1 0
PacketsOut ---------0 0 176 0 0 0
BytesIn ------0 0 170305 0 0 0
BytesOut -------0 0 26266 0 0 0
InputErrorBytes --------------0 0 0 0 0 0
OutputErrorBytes ---------------0 0 0 0 0 0
CRCErrors --------0 0 0 0 0 0
The output of this command includes the following parameters:
Parameter Port PacketIn PacketOut BytesIn BytesOut InputErrorBytes
Description Displays the physical port on the controller. Indicates the total number of incoming packets to the port. Indicates the total number of outgoing packets from the port. Indicates the total number of incoming data (in bytes) to the port. Indicates the total number of outgoing data (in bytes) from the port. Indicates input error bytes on the port.
1773 | show port stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter OutputErrorBytes CRCErrors
Description Indicates the output error bytes on the port. Indicates the Cyclic Redundancy Check (CRC) errors on the port.
Command History
Release ArubaOS 3.3.2 ArubaOS 6.4.3.0
Modification Command introduced. The PC # (port-channel) value was introduced under the Port column.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show port stats | 1774
show port status
show port status [<slot/port>]
Description
Displays the status of all ports on the controller.
Syntax
Parameter <slot/port>
Description
l Physical port in <slot>/<port> format for W-3000 Series controller.
l Physical port in <slot>/<module>/<port> format for W-6000M3 and W-7200 Series controllers.
Example
The output of this command shows the status of all ports in the controller. (host) # show port status
Port Status
-----------
Slot-Port PortType AdminState OperState PoE Trusted SpanningTree PortMode
--------- -------- ---------- --------- --- ------- ------------ --------
0/0/0
GE
Enabled
Up
N/A Yes
Forwarding Access
0/0/1
GE
Enabled
Down
N/A Yes
Disabled
Access
0/0/2
GE
Enabled
Down
N/A Yes
Disabled
Access
0/0/3
GE
Enabled
Down
N/A Yes
Disabled
Access
0/0/4
GE
Enabled
Down
N/A Yes
Disabled
Access
0/0/5
GE
Enabled
Down
N/A Yes
Disabled
Access
Speed ----1 Gbps Auto Auto Auto Auto Auto
Duplex ------
Full Auto Auto Auto Auto Auto
The output of this command includes the following parameters:
Parameter SlotPort
PortType
Description
Displays the physical port in <slot>/<port> format for W-3000 Series controller and <slot>/<module>/<port> format in W-6000M3 and W7200 Series controllers.
Displays the type of physical port.
1775 | show port status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
AdminState OperState PoE Trusted SpanningTree PortMode Speed Duplex
Description l FE: Fast Ethernet l GE: Gigabit Ethernet l PC: Port Channel Indicates if the physical port is enabled or disabled. Indicates if the current status of the physical port is up or down. Indicates if the physical port is Power over Ethernet (PoE) enabled. Indicates if the physical port is trusted. Indicates the state of spanning tree. Indicates the port mode of the physical port. Indicates the port speed. Indicates the direction of traffic.
Command History
Release ArubaOS 3.3.2 ArubaOS 6.4.3.0
Modification
Command introduced.
Following values were introduced: l The PC# (port-channel) value was introduced under the PortMode
column. l The PC (port-channel) value was introduced under the PortType
column. l Speed and Duplex columns were introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show port status | 1776
show port trusted
show port trusted
Description
Displays the list of ports configured with trusted profiles.
Syntax
No parameters.
Example
The output of this command shows the list of ports with trusted profile.
(host) # show port trusted
FE 1/0 FE 1/1 FE 1/2 FE 1/3 FE 1/4 FE 1/5 FE 1/6 FE 1/7 FE 1/8 FE 1/9 FE 1/10 FE 1/11 FE 1/12 FE 1/13 FE 1/14 FE 1/15 FE 1/16 FE 1/17 FE 1/18 FE 1/19 FE 1/20 FE 1/21 FE 1/22 FE 1/23 GE 1/24 GE 1/25
Command History
This command was available in ArubaOS 3.3.2
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1777 | show port trusted
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show port xsec
show port xsec
Description
Displays the list of xSec enabled ports.
Syntax
No parameters.
Example
The output of this command shows the list of xSec enabled ports. (host) #show port xsec
Xsec Ports ---------Interface xsec vlan state --------- --------- -----
Command History
This command was available in ArubaOS 3.3.2
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show port xsec | 1778
show priority-map
show priority-map
Description
Displays the list of priority maps on a interface.
Syntax
No parameters.
Example
The output of this command shows the priority maps configured on all interfaces. (host) # show priority-map
Priority Map ------------ID Name DSCP-TOS -- ---- -------1 my-map 4-20,60
DOT1P-COS ---------
4-7
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1779 | show priority-map
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show processes
show processes [sort-by {cpu | memory}]
Description
Displays the list of all system process running on the controller. You can sort the list either by CPU intensive or memory intensive processes.
Syntax
Parameter sort-by
cpu memory
Description Add a sort filter to the output This will sort output based on CPU usage. This will sort output based on memory usage.
Example
The output of this command shows list of system processes sorted by CPU usage. (host) # show priority-map
%CPU S PID PPID VSZ RSS F NI START
TIME
EIP CMD
3.7 S 595 517 20908 12184 040 0 Apr24 03:39:04 303a4fa8 /mswitch/bin/fpapps
0.2 S 12354 410 1028 296 000 0 02:13 00:00:00 30087fa8 sleep 10
0.1 S 536 441 12012 7264 040 0 Apr24 00:09:08 100e4a74 /mswitch/mysql/libexec/mysqld --
basedir=/mswitch/mysql --datadir=/var/
0.0 S
2
1
0 0 040 0 Apr24 00:00:00 00000000 [keventd]
0.0 S
4
0
0 0 040 0 Apr24 00:00:00 00000000 [kswapd]
0.0 S
6
0
0 0 040 0 Apr24 00:00:00 00000000 [kupdated]
0.0 S 57
1
0 0 040 0 Apr24 00:00:00 00000000 [kjournald]
0.0 S 67
1 1036 424 000 0 Apr24 00:00:00 30087fa8 /bin/sh /mswitch/bin/syslogd_
start
0.0 S
1
0 1028 384 100 0 Apr24 00:00:12 30087fa8 init
0.0 S 397
1 1732 804 100 0 Apr24 00:00:00 30152fa8 /mswitch/bin/nanny
/mswitch/bin/nanny_list 0
0.0 S 399 397 14140 10172 100 0 Apr24 00:00:16 303c8fa8 /mswitch/bin/arci-cli-helper
0.0 S 402
1 768 268 040 0 Apr24 00:00:00 30060fa8 /sbin/tftpd -s -l -u nobody
/mswitch/sap
0.0 S 69 67 1404 752 100 0 Apr24 00:01:27 300d3fa8 /mswitch/bin/syslogd -x -r -n -m
0 -f /mswitch/conf/syslog.conf
0.0 S 407 397 3100 1028 100 0 Apr24 00:00:00 302a0fa8 /mswitch/bin/packet_filter
0.0 S 408 397 4296 1340 100 0 Apr24 00:00:00 30339fa8 /mswitch/bin/certmgr
0.0 R
3
0
0 0 040 19 Apr24 00:00:01 00000000 [ksoftirqd_CPU0]
0.0 S 453 397 700 284 000 0 Apr24 00:01:20 30087fa8 /mswitch/bin/msgHandler -g
0.0 S 468 397 1236 492 100 0 Apr24 00:00:00 300f8fa8 /mswitch/bin/pubsub
0.0 S 484 397 18456 14064 100 0 Apr24 00:00:19 303c8fa8 /mswitch/bin/cfgm
Command History
This command was available in ArubaOS 3.0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show processes | 1780
Command Information
Platformss All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1781 | show processes
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-errors
show profile-errors
Description
Displays the list of invalid user-created profiles.
Syntax
No parameters.
Example
The output of this command shows list of profiles that are invalid and also displays the error in those profiles.
In this example, the VLAN 1000 that is mapped to a virtual-ap that does not exist. (host) #show profile-errors
Invalid Profiles ---------------Profile -------
Error -----
wlan virtual-ap "test-vap" VLAN 1000 does not exist
The following are the list of some profile errors:
Error Named VLAN [named_VLAN] is removed
Named VLAN [named_VLAN] is not mapped
Description
These errors are displayed if a virtual AP profile is configure with a VLAN that does not exist.
Named VLAN [named_VLAN] is invalid
VLAN [x] does not exist
Server group is invalid User derivation rule is invalid User role is invalid
This error is displayed if an AAA profile is configured an invalid server group.
This error is displayed if a user role in an AAA profile is invalid.
Controller country code is undefined
Country [country_name] does not match controller country [country_name]
These errors are displayed, if your controller is not set to the correct country code or if the country code specified in a WLAN profile does not match the controller's country code.
Opmode requires WPA key
This message is displayed if a SSID profile is configured without a WPA key.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-errors | 1782
Error
WARNING: if weptxkey = [x], wepkey[x] must be set in order to use static WEP
Description
This message is displayed if a SSID profile is configured to use a static WEP and the WEP is not configured.
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1783 | show profile-errors
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-hierarchy
show profile-hierarchy
Description
Displays the profile hierarchy template.
Syntax
No parameters.
Usage Guidelines
The output of this command shows how profiles relate to each other, and how some higher-level profiles reference other lower-level profiles. The output of this command will vary, depending upon controller configuration and licenses.
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-hierarchy | 1784
show profile-list aaa
show profile-list aaa [{alias-group [page | start]} | {authentication [captive-portal | dot1x | mac | stateful-ntlm | wispr]} |{authentication-server [ldap | radius | tacacs | windows]} | {profile} | {rfc-3576-server} | {server-group} | {xml-api}]
Description
Displays the list of AAA profiles.
Syntax
Parameter alias-group
page start authentication captive-portal dot1x mac stateful-ntlm wispr authentication-server ldap radius tacacs windows profile rfc-3576-server
server-group xml-api
Description Lists all alias-groups. Specify the number of items to display Specify the first item to display List of aaa authentication profiles. Captive portal authentication profiles. 802.1X authentication profiles. MAC authentication profiles. Stateful-NTLM authentication profiles. WISPr authentication profiles. List of aaa authentication servers List of servers using LDAP for AAA authentication. List of servers using RADIUS for AAA authentication. List of servers using TACACS+ for AAA authentication. List of Windows servers used for AAA authentication. Displays the AAA profile details. Displays IP address of RADIUS servers that use RFC 3576 specification to exchange authorization messages. List of server group used for RADIUS accounting. List of servers configured in an external XML API server.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-list aaa | 1786
Example
The output of this command shows list of AAA profiles that use captive-portal authentication. (host) # show profile-list aaa authentication captive-portal
Captive Portal Authentication Profile List
------------------------------------------
Name
References Profile Status
----
---------- --------------
default 1
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1787 | show profile-list aaa
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-list ap
show profile-list ap [ enet-link-profile | mesh-cluster-profile | mesh-ht-ssid-profile | mesh-radio-profile | regulatory-domain-profile | snmp-profile | snmp-user-profile | system-profile | wired-ap-profile ]
Description
Displays the list of AP profiles.
Syntax
Parameter enet-link-profile mesh-cluster-profile mesh-ht-ssid-profile
mesh-radio-profile regulatory-domain-profile snmp-profile snmp-user-profile system-profile wired-ap-profile
Description Display a list of AP Ethernet link profiles. Display a list of mesh cluster profiles used by mesh nodes. Display a list of mesh high-throughput SSID profiles used by mesh nodes. Display a list of mesh radio profiles used by mesh nodes. Display a list of AP regulatory profiles. Display a list of SNMP profiles. Display a list of SNMPv3 user profiles. Display a list of AP system profiles. Display a list of wired AP profiles.
Example
The output of this command shows list of profiles that are invalid and also displays the error in those profiles. (host) # show profile-list aaa authentication captive-portal
Captive Portal Authentication Profile List
------------------------------------------
Name
References Profile Status
----
---------- --------------
default 1
Command History
This command was available in ArubaOS 3.0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-list ap | 1788
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1789 | show profile-list ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-list ap-group
show profile-list ap-group
Description
Displays the status of AP groups profiles in the controller.
Syntax
No parameters.
Example
The output of this command shows the status of AP group profiles in the controller. (host) # show profile-list ap-group
AP group List
-------------
Name
Profile Status
----
--------------
default
Total:1
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-list ap-group | 1790
show profile-list ap-name
show profile-list ap-name
Description
Displays the status of AP profiles in the controller.
Syntax
No parameters.
Example
The output of this command shows status of AP profiles in the controller. (host) # show profile-list ap-name
AP name List -----------Name Profile Status ---- --------------
Total:0
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1791 | show profile-list ap-name
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-list ha
show profile-list ha group-profile [page | start]
Description
Displays the list of HA profiles.
Syntax
Parameter group-profile
page start
Description Lists all HA group information. Specify the number of items to display Specify the first item to display
Example
The output of this command shows list of HA group profile information. (host) # show profile-list ha group-profile
HA group information List ------------------------Name Profile Status ---- -------------Total:0
Command History
This command was available in ArubaOS 6.3
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-list ha | 1792
show profile-list ids
show profile-list ids [dos-profile | general-profile | impersonation-profile | profile | rate-thresholds-profile | signature-matching-profile | signature-profile | unauthorized-device-profile ]
Description
Displays the status of all IDS profiles in the controller.
Syntax
Parameter dos-profile
Description Display a list of IDS DoS profiles.
general-profile
Display a list of IDS generate profiles.
impersonation-profile
Display a list IDS impersonation profile.
profile
Display a list of IDS profiles.
rate-thresholds-profile
Display a list of IDS rate threshold profiles.
signature-matching-profile
Display a list of IDS signature-matching profiles.
signature-profile
Display a list of IDS signature profiles.
unauthorized-device-profile Display a list of IDS unauthorized device profiles.
Example
The output of this command shows a list of all IDS DoS profiles. (host) # show profile-list ids dos-profile
IDS Denial Of Service Profile List
----------------------------------
Name
References
----
----------
default
1
ids-dos-disabled
1
ids-dos-high-setting 1
ids-dos-low-setting
1
ids-dos-medium-setting 1
Profile Status --------------
Predefined Predefined Predefined Predefined
Total:5
Command History
This command was available in ArubaOS 3.0
1793 | show profile-list ids
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-list ids | 1794
show profile-list mgmt-server
show profile-list mgmt-server {profile <profile_name>} [page <number>] [start <number>]
Description
Displays all the Mgmt Config profiles in the controller.
Syntax
Parameter mgmt-server {profile <profile_name> page <number>
start <number>
Description Specifies the name of the management server profile.
Include this optional parameter to limit output of this command to the specified number of items. Include this optional parameter to start displaying the output of this command at the specified index number.
Example
The output of this command shows the management server profiles in the controller.
(host) (config) #show profile-list mgmt-server profile
Mgmt Config profile List
------------------------
Name
References Profile Status
----
---------- --------------
default-ale 0
Predefined (editable)
default-amp 0
Predefined (editable)
Total:2
Command History
This command was available in ArubaOS 6.3
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config or Enable mode.
1795 | show profile-list mgmt-server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-list rf
show profile-list rf [ arm-profile | dot11a-radio-profile | dot11g-radio-profile | event-thresholds-profile | ht-radio-profile | optimization-profile ]
Description
Displays the status of all radio profiles.
Syntax
Parameter arm-profile dot11a-radio-profile
dot11g-radio-profile
event-thresholds-profile ht-radio-profile optimization-profile
Description Details of Adaptive Radio Management (ARM) Profile.
Details of AP radio settings for the 5GHz frequency band, including the ARM profile and the high-throughput (802.11n) radio profile.
Details of AP radio settings for the 2.4 GHz frequency band, including the ARM profile and the high-throughput (802.11n) radio profile.
Details of events thresholds profile.
Details of high-throughput AP radio settings
Details of the RF optimization profile
Example
The output of this command shows status of ARM profile. (host) # show profile-list rf arm-profile
Adaptive Radio Management (ARM) profile List
--------------------------------------------
Name
References Profile Status
----
---------- --------------
default 2
Total:1
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-list rf | 1796
1797 | show profile-list rf
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-list wlan
show profile-list wlan bcn-rpt-req-profile client-wlan-profile dotllk-profile dot11r-profile edca-parameters-profile handover-trigger-profile hotspot ht-ssid-profile ssid-profile traffic-management-profile virtual-ap voip-cac-profile wmm-traffic-management-profile]
Description
Displays the status of WLAN profiles on the controller.
Syntax
Parameter bcn-rpt-req-profile client-wlan-profile dot11r-profile dot11k-profile edca-parameters-profile
handover-trigger-profile hotspot
advertisement-profile angp-3gpp-nwk-profile anqp-domain-name-profile anqp-ip-addr-avail-profile anqp-nai-realm-profile anqp-nwk-auth-profile anqp-roam-cons-profile
Description Shows a list of all Beacon Report Request profiles Shows a list of all client WLAN profiles Shows a list of all 802.11r profiles Show a list of all 802.11K profiles
Show a list of all enhanced distributed channel access (EDCA) profile for APs or for clients (stations) Shows a list of all Handover Trigger profiles Hotspot/Passpoint configuration settings Shows a list of all Advertisement profile Shows a list of all ANQP 3GPP Cellular Network profiles Shows a list of all ANQP Domain Name profiles Shows a list of all ANQP IP Address Availability profiles Shows a list of all ANQP NAI Realm profiles Shows a list of all ANQP Network Authentication profiles Shows a list of all ANQP Roaming Consortium profiles
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-list wlan | 1798
Parameter anqp-venue-name-profile h2qp-conn-capability-profile h2qp-op-cl-profile h2qp-operator-friendly-profile h2qp-wan-metrics-profile hs2-profile
ht-ssid-profile
Description Shows a list of all ANQP Venue Name profiles Shows a list of all H2QP Connection Capability profiles Shows a list of all H2QP Operating Class Indication profiles Shows a list of all H2QP Operator Friendly Name profiles Shows a list of all H2QP WAN Metrics profiles Shows a list of all Hotspot 2.0 profiles Show a list of all high-throughput SSID profiles
traffic-management-profile
Show a list of all traffic management profiles
virtual-ap
Show a list of all the virtual AP profiles
voip-cac-profile
Show a list of all voice over IP (VoIP) call admission control (CAC) profiles
wmm-traffic-management-profile
Show a list of all WMM traffic management profiles
Example
The output of this command shows that the controller has a single ARM profile, "default". (host) # show profile-list rf arm-profile
Adaptive Radio Management (ARM) profile List
--------------------------------------------
Name
References Profile Status
----
---------- --------------
default 2
Total:1
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.3 ArubaOS 6.4
The dot11r prarameter was introduced. The hotspot parameters were introduced.
1799 | show profile-list wlan
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show profile-list wlan | 1800
show provisioning-ap-list
show provisioning-ap-list
Description
Displays the list of all APs that are in queue to be provisioned by the admin.
Syntax
No parameters.
Command History
Release ArubaOS 3.4
Modification Command introduced
ArubaOS 6.4.2.0
The output of this command displays the service tag of an AP.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1801 | show provisioning-ap-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show provisioning-params
show provisioning-params
Description
Displays the list of parameters and the values used to provision the APs.
Syntax
No parameters.
Example
The output of this command shows list of all provisioning parameters and their values.
(host) # show provisioning-params
AP provisioning
---------------
Parameter
Value
---------
-----
AP Name
N/A
AP Group
default
Location name
N/A
SNMP sysLocation
N/A
Master
N/A
Gateway
N/A
Netmask
N/A
IP Addr
N/A
DNS IP
N/A
Domain Name
N/A
Server Name
N/A
Server IP
N/A
Antenna gain for 802.11a
N/A
Antenna gain for 802.11g
N/A
Use external antenna
No
Antenna for 802.11a
both
Antenna for 802.11g
both
IKE PSK
N/A
PAP User Name
N/A
PAP Password
N/A
PPPOE User Name
N/A
PPPOE Password
N/A
PPPOE Service Name
N/A
PPPOE CHAP Secret
N/A
USB User Name
N/A
USB Password
N/A
USB Device Type
any
USB Device Identifier
N/A
USB Dial String
N/A
USB Initialization String
N/A
USB TTY device path
N/A
Mesh Role
none
Installation
default
Latitude
N/A
Longitude
N/A
Altitude
N/A
Antenna bearing for 802.11a
N/A
Antenna bearing for 802.11g
N/A
Antenna tilt angle for 802.11a N/A
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show provisioning-params | 1802
Antenna tilt angle for 802.11g N/A
Mesh SAE
sae-default
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1803 | show provisioning-params
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show qos-profile (deprecated)
show qos-profile <profile-name>
Description
Displays the QoS profile configuration.
Command History
This command was deprecated in ArubaOS 6.2.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show qos-profile (deprecated) | 1804
show rap-wml
show rap-wml [cache <server-name> | server | wired-mac <bssid-of-AP>]
Description
Displays the name and attributes of a MySQL database or a MySQL server.
Syntax
Parameter cache servers wired-mac
Description Displays the cache of all lookups for a database server. Displays the database server state. Displays the wired MAC discovered on traffic through the AP.
Example
The output of this command shows status of all database servers. (host) # #show rap-wml servers
WML DB Servers
--------------
name ip type user password db-name cache ageout(sec) in-service
---- -- ---- ---- -------- ------- ----- ----------- ----------
WML DB Tables
-------------
server db table column timestamp-column lookup-time(sec) delimiter
------ -- ----- ------ ---------------- ---------------- ---------
Mesh SAE
sae-default
query-count -----------
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1805 | show rap-wml
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references aaa authentication
crypto-local show references aaa authentication {captive-portal <profile-name>}|{dot1x <profile-name>}|{mac <profile-name>}|mgmt|stateful-dot1x|{stateful-ntlm <profile-name>}|vpn|wired|{wispr {profilename>} [page <number>] [start <number>]
Description
Show AAA profile references.
Syntax
Parameter captive-portal <profile-name> dot1x <profile-name> mac <profile-name> mgmt <profile-name> stateful-dot1x stateful-ntlm <profile-name> vpn wired wired wispr <profile-name> page <number> start <number>
Description
Show the number of references to a captive-portal profile.
Show the number of references to a 802.1X authentication profile.
Show the number of references to a MAC authentication profile.
Show the number of references to a management authentication profile.
Show the number of references to the stateful 802.1X authentication profile.
Show the number of references to the specified stateful NTLM authentication profile.
Show the number of references to VPN authentication.
Show the number of references to wired authentication.
Show the number of references to a wispr authentication.
Show the number of references to the specified WISPr authentication profile.
Include this optional parameter to limit output of this command to the specified number of items.
Include this optional parameter to start displaying the output of this command at the specified index number.
Example
Use this command to show where a specified AAA profile has been applied. The output of the example shown below indicates that the aaa profile default-dot1x contains a single reference to the 802.1X authentication profile default.
(host) #show references aaa authentication dot1x default
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references aaa authentication | 1806
References to 802.1X Authentication Profile "default"
-----------------------------------------------------
Referrer
Count
--------
-----
aaa profile "default-dot1x" authentication-dot1x 1
Total References:1
Command History
Version ArubaOS 3.0
Modification Command introduced
ArubaOS 3.4.1
The stateful-ntlm and wispr parameters were introduced.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
1807 | show references aaa authentication
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references aaa authentication-server
crypto-local show references aaa authentication-server {ldap <ldap-server-name>}|{radius <radius-servername>}|{tacacs <tacacs-server-name>} [page <number>] [start <number>]
Description
Display information about AAA authentication servers.
Syntax
Parameter ldap <ldap-server-name> radius <radius-server-name> tacacs <radius-server-name> page <number> start <number>
Description
Show the number of server groups that include references to the specified LDAP server.
Show the number of server groups that include references to the specified RADIUS server.
Show the number of server groups that include references to the specified TACACS server.
Include this parameter to limit output of this command to the specified number of items.
Include this parameter to start displaying the output of this command at the specified index number.
Example
Issue this command to show the AAA server groups that include references to the specified server. The example below shows that two server groups, default and rad, each include a single reference to the radius server rad01.
(host) #show references aaa authentication-server radius rad01
References to RADIUS Server "rad01" ----------------------------------Referrer -------aaa server-group "default" server_group aaa server-group "rad" server_group Total References:2
Count ----1 1
Command History
This command was introduced in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references aaa authentication-server | 1808
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
1809 | show references aaa authentication-server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references aaa profile
crypto-local show references aaa profile <profile-name>
Description
Show references to an AAA Profile.
Syntax
Parameter profile <profile-name>
Description Name of an AAA profile for which you want to view references.
Example
Issue this command to show the wlan virtual AP profiles that include references to the specified AAA profile. The example below shows that seven different virtual AP profiles include a single reference to the AAA profile default.
(host) #References to AAA Profile "default"
-----------------------------------
Referrer
Count
--------
-----
wlan virtual-ap "1.0.0_corporateHQ-wpa2" aaa-profile 1
wlan virtual-ap "110.0.corporateHQ-wpa2" aaa-profile
1
wlan virtual-ap "default" aaa-profile
1
wlan virtual-ap "corporateHQ-vocera" aaa-profile
1
wlan virtual-ap "corporateHQ-voip-wpa2" aaa-profile 1
wlan virtual-ap "Test123" aaa-profile
1
wlan virtual-ap "branch12" aaa-profile
1
Total References:7
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references aaa profile | 1810
show references aaa rfc-3576-server
show references aaa rfc-3576-server <server-ip>{page<page> start<start>}
Description
Show information about the configuration profiles that reference a specific RFC 3576 server.
Syntax
Parameter <server-ip> page <page>
start <start>
Description
IP address of an RFC-3576 server
Include this parameter to limit output of this command to the specified number of items.
Include this parameter to start displaying the output of this command at the specified index number
Example
This first example shows that the default AAA profile and the AirGroup CPPM-server AAA profile reference an RFC 3567 Server with the IP address 10.1.1.41.
(host) #(host) (config) #show references aaa rfc-3576-server 10.1.1.41
References to RFC 3576 Server "10.1.1.41"
-----------------------------------------
Referrer
Count
--------
-----
aaa profile "default" rfc-3576-server
1
airgroup cppm-server aaa rfc-3576-server 1
Total References:2
Related Commands
Command aaa rfc-3576-server
Description Define RFC 3576 server profiles.
Mode Config mode
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1811 | show references aaa rfc-3576-server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references aaa server-group
crypto-local show references aaa server-group {<sg-name>[page][start]}
Description
Show references to a server group.
Syntax
Parameter server-group <sg-name> page <number> start <number>
Description
Name of the server group for which you want to show references
Include this parameter to limit output of this command to the specified number of items.
Include this parameter to start displaying the output of this command at the specified index number.
Example
Issue this command to display a list of AAA profiles that include references to the specified server group. (host) #show references aaa server-group default
References to Server Group "default" -----------------------------------Referrer -------aaa profile "aircorp-office-ssid" mac-server-group aaa profile "amigopod-guest" mac-server-group aaa profile "default" mac-server-group aaa profile "default-airwave-office" mac-server-group aaa profile "defaultcorporate" mac-server-group aaa profile "defaultcorporate-no-okc" mac-server-group aaa profile "defaultcorporate-okc" mac-server-group aaa profile "default-dot1x" mac-server-group aaa profile "default-India" mac-server-group aaa profile "default-india-hotel" mac-server-group aaa profile "default-India-split" mac-server-group aaa profile "voip-psk" mac-server-group aaa profile "default-dot1x-psk" mac-server-group aaa profile "default-mac-auth" mac-server-group aaa profile "default-open" mac-server-group aaa profile "default-xml-api" mac-server-group Total References:16
Count ----1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Command History
This command was introduced in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references aaa server-group | 1812
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
1813 | show references aaa server-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references activate-service-whitelist
crypto-local show references activate-service-whitelist <server-ip>{page<page> start<start>}
Description
Displays activate service whitelist profile references.
Syntax
Parameter activate-service-whitelist
Description
Name of the activate service whitelist profile for which you want to show references
page <number> start <number>
Include this parameter to limit output of this command to the specified number of items.
Include this parameter to start displaying the output of this command at the specified index number.
Example
Issue this command to display a list of activate service whitelist profiles that include references to the specified profile (host) #show references activate-service-whitelist References to activate-service-whitelist ---------------------------------------Referrer Count -------- ----Total References:0
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references activate-service-whitelist | 1814
show references airgroup
crypto-local show references airgroup cppm-server aaa [page <number>] [start <number>]
Description
Display information about AAA authentication servers.
Syntax
Parameter cppm-server aaa page <number>
start <number>
Description Specifies the ClearPass Policy Server information.
Specifies the AAA parameters for AirGroup.
Include this optional parameter to limit output of this command to the specified number of items.
Include this optional parameter to start displaying the output of this command at the specified index number.
Example
Use this command to show the AAA server groups that include references to the AirGroup.
References to Airgroup AAA profile ---------------------------------Referrer Count -------- ----Total References:0
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references airgroup | 1816
show references ap
crypto-local show references ap
enet-link-profile <profile-name> mesh-cluster-profile <profile-name> mesh-ht-ssid-profile <profile-name> mesh-radio-profile <profile-name> regulatory-domain-profile <profile-name> system-profile <profile-name> wired-ap-profile <profile-name> page <number> start <number>
Description
Show the number of references to a specific AP profile.
Syntax
Parameter enet-link-profile <profile-name>
Description
Show AP groups that include a references to this Ethernet link profile.
mesh-cluster-profile <profile-name>
Show AP groups that include a references to this mesh cluster profile.
mesh-ht-ssid-profile <profile-name>
Show AP groups that include a references to this mesh high-throughput SSID profile.
mesh-radio-profile <profile-name>
Show AP groups that include a references to this mesh radio profile.
regulatory-domain-profile <profile-name> Show AP groups that include a references to this regulatory domain profile.
system-profile <profile-name>
Show AP groups that include a references to this system profile.
wired-ap-profile <profile-name>
Show AP groups that include a references to this wired AP profile.
page <number>
Include this optional parameter to limit output of this command to the specified number of items.
start <number>
Include this optional parameter to start displaying the output of this command at the specified index number.
1817 | show references ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Example
The example below shows that 10 different AP groups include links to the AP Ethernet link profile Default. These 10 AP groups reference the Default Ethernet link profile for both their Ethernet 0 and Ethernet 1 interfaces, for a total of 20 references altogether.
(host)#show references ap enet-link-profile default
References to AP Ethernet Link profile "default"
------------------------------------------------
Referrer
Count
--------
-----
ap-group "10.0.0" enet0-profile
1
ap-group "10.0.0" enet1-profile
1
ap-group "corp" enet0-profile
1
ap-group "corp" enet1-profile
1
ap-group "Corp_AM_Ch1" enet0-profile
1
ap-group "Corp_AM_Ch1" enet1-profile
1
ap-group "Corp_AM_Ch6" enet0-profile
1
ap-group "Corp_AM_Ch6" enet1-profile
1
ap-group "corpTest" enet0-profile
1
ap-group "corpTest" enet1-profile
1
ap-group "default" enet0-profile
1
ap-group "default" enet1-profile
1
ap-group "India_Local" enet0-profile
1
ap-group "India_Local" enet1-profile
1
ap-group "ops" enet0-profile
1
ap-group "ops" enet1-profile
1
ap-group "voip-test" enet0-profile
1
ap-group "voip-test" enet1-profile
1
ap-group "voip-test-nokia" enet0-profile 1
ap-group "voip-test-nokia" enet1-profile 1
Total References:20
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references ap | 1818
show references guest-access-email
crypto-local show references guest-access-email [page <number>] [start <number>]
Description
Show references to the global guest access email profile.
Syntax
Parameter page <number>
start <number>
Description
Include this optional parameter to limit output of this command to the specified number of items.
Include this optional parameter to start displaying the output of this command at the specified index number.
Example
(host) #show references guest-access-email
References to Guest-access Email Profile ---------------------------------------Referrer Count -------- ----Total References:0
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
1819 | show references guest-access-email
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references ha
crypto-local show references ha group-profile <profile-name> {page<page> start<start>}
Description
Displays HA group profile references.
Syntax
Parameter group-profile <profile-anme>
Description
Name of the HA group profile for which you want to show references
page <number> start <number>
Include this parameter to limit output of this command to the specified number of items.
Include this parameter to start displaying the output of this command at the specified index number.
Example
Issue this command to display a list of references for a specific HA group profile. (host) (config) #show references ha group-profile newgroup References to HA group information "newgroup" --------------------------------------------Referrer Count -------- ----Total References:0
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references ha | 1820
show references ids
crypto-local show references ids
dos-profilegeneral-profile general-profile impersonation-profile profile rate-thresholds-profile signature-matching-profile signature-profile unauthorized-device-profile
Description
Displays IDS profile references.
Syntax
Parameter dos-profilegeneral-profile
Description Show references to an IDS Denial Of Service Profile
general-profile
Show references to an IDS General Profile
impersonation-profile profile rate-thresholds-profile
Show references to an IDS Rate Thresholds Profile
signature-matching-profile Show references to an IDS Signature Matching Profile
signature-profile
Show references to an IDS Signature Profile
unauthorized-device-profile Show references to an IDS Signature Profile
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
1821 | show references ids
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references ifmap cppm
crypto-local show references ifmap cppm {page<page> start<start>}
Description
Displays the CPPM IF-MAP references.
Syntax
Parameter ifmap cppm page <number>
start <number>
Description
Shows references to the CPPM IF-MAP profile.
Include this parameter to limit output of this command to the specified number of items.
Include this parameter to start displaying the output of this command at the specified index number.
Example
Issue this command to display a list of references for the CPPM IF-MAP profile. (host) #show references ifmap cppm References to CPPM IF-MAP Profile --------------------------------Referrer Count -------- ----Total References:0
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references ifmap cppm | 1822
show references license profile
crypto-local show references license profile {page<page> start<start>}
Description
Displays the license provisioning profile references.
Syntax
Parameter license
profile page <number>
start <number>
Description
Shows references to the license provisioning profile.
Enables or disables centralized licensing.
Include this parameter to limit output of this command to the specified number of items.
Include this parameter to start displaying the output of this command at the specified index number.
Example
Issue this command to display a list of references for the license provisioning profile. (host) #show references license profile References to License provisioning profile -----------------------------------------Referrer Count -------- ----Total References:0
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
1823 | show references license profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references mgmt-server profile
crypto-local show references mgmt-server profile <profile_name>
Description
Shows the management server configuration profiles.
Syntax
Parameter mgmt-server profile page <number>
start <number>
Description
Specifies the management profile name.
Include this optional parameter to limit output of this command to the specified number of items.
Include this optional parameter to start displaying the output of this command at the specified index number.
Example
(host) (config) #show references mgmt-server profile default References to Mgmt Config profile "default" ------------------------------------------Referrer Count -------- ----Total References:0
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references mgmt-server profile | 1824
show references papi-security
crypto-local show references papi-security [page <number>] [start <number>]
Description
Show references to a PAPI security profile.
Syntax
Parameter page <number>
start <number>
Description
Include this optional parameter to limit output of this command to the specified number of items.
Include this optional parameter to start displaying the output of this command at the specified index number.
Example
(host) #show references papi-security
References to PAPI Security Profile ----------------------------------Referrer Count -------- ----Total References:0
Command History
This command was introduced in ArubaOS 3.4.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
1825 | show references papi-security
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references rf
crypto-local show references rf
dot11a-radio-profile <profile-name> dot11g-radio-profile <profile-name> event-thresholds-prof <profile-name> ht-radio-profile <profile-name> optimization-profile <profile-name>
Description
Show RF profile references.
Syntax
Parameter dot11a-radio-profile dot11g-radio-profile event-thresholds-prof ht-radio-profile optimization-profile
Description Show references to a 802.11a radio profile Show references to a 802.11g radio profile Show references to an RF Event Thresholds Profile Show references to a High-throughput radio profile Show references to an RF Optimization Profile
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references rf | 1826
show references upgrade-profile
crypto-local show references upgrade-profile {page<page> start<start>}
Description
Displays the upgrade profile references.
Syntax
Parameter upgrade-profile page <number>
start <number>
Description
Shows references to the upgrade profile.
Include this parameter to limit output of this command to the specified number of items.
Include this parameter to start displaying the output of this command at the specified index number.
Example
Issue this command to display a list of references for the upgrade profile. (host) #show references upgrade-profile References to Upgrade Profile ----------------------------Referrer Count -------- ----Total References:0
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
1827 | show references upgrade-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references user-role
crypto-local show references user-role <role_name>
Description
Show access rights for user role.
Syntax
Parameter <role_name>
Description The role name assigned to a user.
Example
(host) #show references user-role guest
References to User Role "guest" ------------------------------aaa profile "airwave-office-ssid" mac-default-role aaa profile "amigopod-guest" mac-default-role aaa profile "corp1344-voip" mac-default-role aaa profile "default" mac-default-role aaa profile "default-airwave-office" mac-default-role aaa profile "default-corp1344" mac-default-role aaa profile "default-corp1344-no-okc" mac-default-role aaa profile "default-corp1344-okc" mac-default-role aaa profile "default-dot1x" mac-default-role aaa profile "default-dot1x-psk" mac-default-role aaa profile "default-dot1x-psk" dot1x-default-role aaa profile "default-India" mac-default-role aaa profile "default-india-hotel" mac-default-role
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references user-role | 1828
show references web-server
crypto-local show references web-server [page <number>] [start <number>]
Description
Show the Web server configuration references.
Syntax
Parameter page <number>
start <number>
Description
Include this optional parameter to limit output of this command to the specified number of items.
Include this optional parameter to start displaying the output of this command at the specified index number.
Example
(host) #show references web-server
References to Web Server Configuration -------------------------------------Referrer Count -------- ----Total References:0
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
1829 | show references web-server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references wlan
crypto-local show references wlan
bcn-rpt-req-profile client-wlan-profile dot11k-profile <profile-name> dot11r-profile <profile-name> edca-parameters-profile <profile-name> handover-trigger-profile hotspot {advertisement-profile}|{anqp-3gpp-nwk-profile <profile-name>}|{anqp-domain-name-
profile <profile-name>}|{anqp-ip-addr-avail-profile <profile-name>}|{anqp-nai-realmprofile <profile-name>}|{anqp-nwk-auth-profile <profile-name>}|{anqp-roam-cons-profile <profile-name>}|{anqp-venue-name-profile <profile-name>}|{h2qp-conn-capability-profile <profile-name>}|{h2qp-op-cl-profile <profile-name>}|{h2qp-operator-friendly-name-profile <profile-name>}|{h2qp-wan-metrics-profile <profile-name>}|{hs2-profile <profile-name>} |ht-ssid-profile <profile-name> ht-ssid-profile rrm-ie-profile ssid-profile <profile-name> traffic-management-pr <profile-name> tsm-req-profile virtual-ap <profile-name> voip-cac-profile <profile-name> wmm-traffic-management
Description
Show information about the different configuration profiles that reference a specific WLAN profile.
Syntax
Parameter bcn-rpt-req-profile
client-wlan-profile dot11k-profile <profile-name> dot11r-profile <profile-name> edca-parameters-profile <profile-name>
handover-trigger-profile
Description
Shows references to a Beacon Report Request profile.
Shows references for the Client WLAN profile.
Shows references to a 802.11k profile.
Shows references to a 802.11r profile.
Shows references to an EDCA parameters profile.
Show references to a Handover Trigger profile.
hotspot
Shows references to one of the following hotspot profile types:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references wlan | 1830
Parameter
ht-ssid-profile <profile-name> rrm-ie-profile ssid-profile <profile-name> traffic-management-pr <profile-name> virtual-ap <profile-name> tsm-req-profile voip-cac-profile <profile-name> wmm-traffic-management
Description
l advertisement-profile l anqp-3gpp-nwk-profile l anqp-domain-name-profile l anqp-ip-addr-avail-profile l anqp-nai-realm-profile l anqp-nwk-auth-profile l anqp-roam-cons-profile l anqp-venue-name-profile l h2qp-conn-capability-profile l h2qp-op-cl-profile l h2qp-operator-friendly-name-profile l h2qp-wan-metrics-profile l hs2-profile
Shows references to a high-throughput SSID profile.
Shows references to an RRM IE profile.
Shows references to an SSID management profile.
Shows references to a traffic management profile.
Shows references to a virtual AP profile.
Show references to a TSM Report Request profile.
Shows references to a VOIP Call Admission Control profile.
Shows references to a WMM Traffic management profile.
Example
The following example shows that two different WLAN hotspot 2.0 profiles reference the default WLAN hotspot advertisement profile.
(host) #show references wlan hotspot advertisement-profile default
References to Advertisement Profile "default"
---------------------------------------------
Referrer
Count
--------
-----
wlan hotspot hs2-profile "deploytest" advertisement-profile 1
wlan hotspot hs2-profile "default" advertisement-profile
1
1831 | show references wlan
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Total References:2
Command History
ArubaOS 3.0
Modification Command introduced.
ArubaOS 6.4
The hotspot parameter was added.
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show references wlan | 1832
show rf am-scan-profile
show rf am-scan-profile [<profile-name>]
Description
Display the Air Monitor (AM) scanning profile list. Optionally display parameter and values of a specified Air Monitor profile.
Syntax
Parameter <profile-name>
Description Name of this instance of the profile.
Usage Guidelines
Enter the basic show command to view a list of profiles, the number of profiles and the profile status. For example: (host) #show rf am-scan-profile
AM Scanning profile List
------------------------
Name
References Profile Status
----
---------- --------------
default 9
north 0
Total:2
Example
In the example above, their are two profile names; default and north. The Reference column indicates the number of references to this profile name. The Profile Status column is blank unless the profile is predefined. Optionally, you can enter a profile name to view the parameters for that profile. For example: (host) #show rf am-scan-profile default
AM Scanning profile "default" ----------------------------Parameter --------Scan Mode Dwell time: Active channels Dwell time: Regulatory Domain channels Dwell time: non-Regulatory Domain channels Dwell time: Rare channels
Value ----all-reg-domain 500 250 200 100
The explanation of the display output is described in the table below.
1833 | show rf am-scan-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Scan-mode
Description The scanning mode for the radio
all-reg-domain
Scan channels in all regulatory domain
rare
Scan all channels (all regulatory domains and rare channels)
reg-domain
Scan channels in the APs regulatory domain
Dwell time: Active channels
Dwell time (in ms) for channels where there is wireless activity
Dwell time: Regulatory Domain channels
Dwell time (in ms) for AP's Regulatory domain channels
Dwell time: non-Regulatory Domain channels
Dwell time (in ms) for channels not in the APs regulatory domain
Dwell time: Rare channels
Dwell time (in ms) for rare channels
Command History
Release ArubaOS 6.0
Modification Command introduced
Command Information
Platforms All Platforms
Licensing RFProtect
Command Mode Configuration Mode (config)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf am-scan-profile | 1834
show rf arm-rf-domain-profile
show rf arm-rf-domain profile
Description
This profile contains a non-editable key defined by the master controller, and used to sign over-the air (OTA) ARM updates exchanged between APs.
Syntax
No parameters
Example
The output of this command displays the OTA key defined by the master controller. (host) # #show rf arm-rf-domain-profile
ARM RF domain ------------Parameter --------ARM RF domain key
Value ----27f71ad66f28c374a8904b4a82177e2c
Command History
Release ArubaOS 6.2
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
1835 | show rf arm-rf-domain-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf arm-profile
show rf arm-profile [<profile>]
Description
Show an Adaptive Radio Management (ARM) profile.
Syntax
Parameter <profile>
Description Name of an ARM profile.
Usage Guidelines
Issue this command without the <profile> parameter to display the entire ARM profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has five configured ARM profiles. The References column lists the number of other profiles with references to the ARM profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) # show rf arm-profile
Adaptive Radio Management (ARM) profile List
--------------------------------------------
Name
References Profile Status
----
---------- --------------
airwave
2
default
4
default-AP85
2
no-scanning
1
Wireless-rf-profile
1
Total:5.
This example displays the configuration settings for the profile Wireless_rf_profile.
(host) #show rf arm-profile default
Adaptive Radio Management (ARM) profile "Wireless_rf_profile"
-------------------------------------------------
Parameter
Value
---------
-----
Assignment
single-band
Allowed bands for 40MHz channels
a-only
80MHz support
Enabled
Client Aware
Enabled
Max Tx EIRP
127 dBm
Min Tx EIRP
9 dBm
Rogue AP Aware
Disabled
Scan Interval
10 sec
Aggressive scanning
true
Active Scan
Disabled
ARM Over the Air Updates
Enabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf arm-profile | 1836
Scanning Multi Band Scan VoIP Aware Scan Power Save Aware Scan Video Aware Scan Ideal Coverage Index Acceptable Coverage Index Free Channel Index Backoff Time Error Rate Threshold Error Rate Wait Time Channel Quality Aware Arm Channel Quality Threshold Channel Quality Wait Time Minimum Scan Time Load aware Scan Threshold Mode Aware Arm Scan Mode Client Match Client Match report interval (sec) Client Match Unsteerable Client Ageout Client Match Unsteerable Client Ageout Interval Client Match Sticky Client Check Interval (sec) Client Match Sticky client check SNR (dB) Client Match SNR threshold(dB) Client Match Sticky Min Signal Client Match Restriction timeout (sec) Client Match Load Balancing threshold (%) Client Match VBR Stale Entry Age (sec) Client Match Max steer failures Client Match Load Balancing client threshold Client Match Load Balancing SNR threshold (dB)
Enabled Enabled Enabled Disabled Enabled 10 4 25 240 sec 50 % 30 sec Disabled 70 % 120 sec 8 1250000 Bps Disabled all-reg-domain Enabled 30 Enabled 20 3 25 99 70 255 20 120 5 10 77
The output of this command includes the following parameters:
Parameter Assignment
Description Displays the current ARM channel/power assignment mode.
Allowed bands for 40MHz channels
Shows if 40 MHz mode of operation is allowed on the 5 GHz (802.11a) or 2.4 GHz (802.11b/g) frequency band only, on all frequency bands, or on neither frequency band.
Client Aware
Shows if the client aware feature is enabled or disabled. When enabled, the AP does not change channels when there are active clients.
Max Tx Power
The highest transmit power levels for the AP, from 0-30 dBm in 3 dBm increments. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. In the event that an AP is configured for a Max Tx Power setting it cannot support, this value will be reduced to the highest supported power setting.
Min Tx Power
The lowest transmit power levels for the AP, from 0-30 dBm, in 3 dBm increments. Note that power settings will not change if the Assignment option is set to disabled or maintain.
1837 | show rf arm-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Multi Band Scan Rogue AP Aware
Scan Interval
Aggressive Scanning Active Scan
Scanning Scan Time VoIP Aware Scan
Power Save Aware Scan Video Aware Scan Ideal Coverage Index Acceptable Coverage Index
Description
If enabled, single-radio APs will try to scan across bands for rogue AP detection.
If enabled, Dell APs may change channels to contain off-channel rogue APs with active clients. This security features allows APs to change channels even if the Client Aware setting is disabled. This setting is disabled by default, and should only be enabled in highsecurity environments where security requirements are allowed to consume higher levels of network resources. You may prefer to receive Rogue AP alerts via SNMP traps or syslog events.
If Scanning is enabled, the Scan Interval defines how often the AP will leave its current channel to scan other channels in the band. Off-channel scanning can impact client performance. Typically, the shorter the scan interval, the higher the impact on performance. If you are deploying a large number of new APs on the network, you may want to lower the Scan Interval to help those APs find their optimal settings more quickly. Raise the Scan Interval back to its default setting after the APs are functioning as desired.
When the aggressive scanning feature is enabled, an AP radio with no clients will scan channels every second.
If enabled, the AP initiates active scanning via probe request. This option elicits more information from nearby APs, but also creates additional management traffic on the network. Active Scan is disabled by default, and should not be enabled except under the direct supervision of Dell Support.
Shows if the AP has enabled or disabled AP scanning of other channels.
The amount of time, in milliseconds, an AP will drift out of the current channel to scan another channel.
Shows if Dell's VoIP Call Admission Control (CAC) prevents any single AP from becoming congested with voice calls. If CAC is enabled, you should also enable VoIP Aware Scan in the ARM profile, so the AP will not attempt to scan a different channel if one of its clients has an active VoIP call.
When enabled, the AP will not scan if Power Save is active.
If Video Aware Scan is enabled in the ARM profile, the AP will not attempt to scan a different channel if one of its clients has an active video session.
The coverage that the AP should try to achieve on its channel. The denser the AP deployment, the lower this value should be.
The minimal coverage that the AP should try to achieve on its channel. The denser the AP deployment, the lower this value should be.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf arm-profile | 1838
Parameter Free Channel Index
Description
The difference in the interference index between the new channel and current channel must exceed this value for the AP to move to a new channel. The higher this value, the lower the chance an AP will move to the new channel.
Backoff Time
Time, in seconds, an AP backs off after requesting a new channel or power level.
Error Rate Threshold
The percentage of errors in the channel that triggers a channel change.
Error Rate Wait Time Channel Quality Aware Arm Channel Quality Threshold Channel Quality Wait Time
Time, in seconds, that the error rate has to maintain or surpass the error rate threshold before it triggers a channel change.
Shows if ARM changes are based on on channel quality and noise floor values. If this parameter is disabled, only noise-floor values will be used to change channels. Default: Disabled
Displays the hannel quality percentage below which ARM initiates a channel change.
If channel quality is below the specified channel quality threshold for this wait time period, ARM initiates a channel change.
Minimum Scan Time
Time, in seconds, that a channel must be scanned before it is considered for assignment.
Load aware Scan Threshold
The traffic throughput level an AP must reach before it stops scanning, in bytes/second. A value of 0 to disables this feature.
Mode Aware Arm
If enabled, ARM will turn APs into Air Monitors (AMs) if it detects higher coverage levels than necessary. This helps avoid higher levels of interference on the WLAN. Although this setting is disabled by default, you may want to enable this feature if your APs are deployed in close proximity (e.g. less than 60 feet apart).
Scan Mode Client Match
This parameter defines the scan mode for the AP.
l all-reg-domain: The AP scans channels within all regulatory domains. This is the default setting.
l reg-domain:Limit the AP scans to just the regulatory domain for that AP.
The client match feature helps optimize network resources by balancing clients across channels, regardless of whether the AP or the controller is responding to the wireless clients' probe requests.
If enabled, the controller compares whether or not an AP has more clients than its neighboring APs on other channels. If an AP's client load is at or over a predetermined threshold as compared to its immediate neighbors, or if a neighboring Dell AP on another channel does not have any clients, load balancing will be enabled on that AP. This feature is enabled by default
1839 | show rf arm-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Client Match report interval (sec)
Client Match Unsteerable Client Ageout Interval
Description
This interval defines how often an AP sends an updated client probe report to the controller. Each client probe report contains a list of MAC addresses for clients that have been active in the last two minutes, and the AP radio SNR values seen by those clients.
The client entries in an unsteerable client list remain in effect for the interval defined by this parameter before they age out.
Client Match Unsteerable Client Ageout
When client match and the client match unsteerable client ageout feature are enabled, the controller periodically sends APs that are not a desired AP match for a client in a list of unsteerable clients. These lists contain a list of MAC addresses for up to 128 clients that should not be steered to that AP.
Client Match Sticky Client Check Interval (sec)
Frequency at which the AP checks for client's received SNR values. If the SNR value drops below the threshold defined by the cm-sticky-snr parameter for three consecutive check intervals, that client may be moved to an different AP.
Client Match Sticky Client Check SNR (dB)
If the client's received signal strength indicator (RSSI) is above this signalto-noise ratio (SNR) threshold, that client will be allowed to stay associated to its current AP. If the client's received signal strength is below this threshold, it may be moved to a different AP.
Client Match SNR threshold(dB)
A client triggered to move to a different AP may consider an AP radio a better match if the client detects that the signal from the AP radio is stronger than its current radio by the dB level defined by the cm-sticky-snr-thresh parameter, and the candidate radio also has a minimum signal level defined by the cm-sticky-min-signal parameter.
Client Match Sticky Min Signal
A client triggered to move to a different AP may consider an AP radio a better match if the client detects that the signal from the candidate AP radio is at or higher than the minimum signal level defined by this parameterand the candidate radio has a higher signal strength than the radio to which the client is currently associated. (The required improvement in signal strength can be defined using the cm-sticky-snr-delta command.)
Client Match Restriction timeout (sec)
When a client is steered from one AP to a more desirable AP, the steer timeout feature helps facilitate the move by defining the amount of time that any APs to which the client should NOT associate will not respond to the AP.
Client Match Load Balancing threshold (%)
When the client match feature is enabled, clients may be steered from a highly utilized channel on an AP to a channel with fewer clients. If a channel on an AP radio has this percentage fewer clients than another channel supported by the client, the client match feature may move clients from the busier channel to the channel with fewer clients.
Client Match VBR Stale Entry Age (sec)
The controller maintains client match data for up to 4096 clients showing the detected SNR values for up to 16 candidate APs per client. This table is periodically updated as APs send client probe reports to the controller. This parameter defines the amount of time that the controller should retain client match data from each client probe report.
Client Match Max Steer Failures
The controller keeps track of the number of times the client match feature failed to steer a client to a different radio, and the reason that each steer
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf arm-profile | 1840
Parameter
Client Match Load Balancing Client Threshold Client Match Load Balancing SNR Threshold (dB)
Description
attempt was triggered. If the client match feature attempts to steer a client to a new radio multiple consecutive times for the same reason but client steering fails each time, the controller notifies the AP to mark the client as unsteerable for that specific trigger.
This parameter defines the maximum allowed number of client match steering fails with the same trigger before the client is marked as unsteerable for that trigger.
If an AP radio has fewer clients than the client match load balancing threshold defined by this parameter, the AP will not participate in load balancing.
Clients must detect a SNR from an underutilized AP radio at or above this threshold before the client match feature considers load balancing a client to that radio.
Command History
Release ArubaOS 3.0 ArubaOS 6.3
Modification
Command introduced
The noise-wait-time, and noise-threshold parameters were deprecated, and the support for the following parameters were introduced. l 80MHz support l Aggressive scanning l Client match
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
1841 | show rf arm-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf dot11a-radio-profile
show rf dot11a-radio-profile [<profile>]
Description
Show an 802.11a Radio profile.
Syntax
Parameter <profile>
Description Name of an 802.11a profile.
Usage Guidelines
Issue this command without the <profile> parameter to display the entire 802.11a Radio profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has three configured 802.11a Radio profiles. The References column lists the number of other profiles with references to the 802.11a Radio profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) # show rf dot11a-radio-profile
802.11a radio profile List
--------------------------
Name
References Profile Status
----
---------- --------------
default
18
default-AP85 1
test
1
Total:3.
This example displays the configuration settings for the profile default.
(host) # show rf dot11a-radio-profile default 802.11a radio profile "default" Parameter --------Radio enable Mode High throughput enable (radio) Very high throughput enable (radio) Channel Transmit EIRP Non-Wi-Fi Interference Immunity Enable CSA CSA Count Spectrum Monitoring Spectrum Monitoring Profile Advertise 802.11d and 802.11h Capabilities Spectrum Load Balancing Spectrum Load Balancing Mode
Value ----Enabled ap-mode Enabled Enabled N/A 15 dBm 2 Disabled 4 Enabled default-a Disabled Disabled channel
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf dot11a-radio-profile | 1842
Spectrum Load Balancing Update Interval (sec) Spectrum Load Balancing Threshold (%) Spectrum Load Balancing Domain Beacon Period Beacon Regulate Advertized regulatory max EIRP ARM/WIDS Override Reduce Cell Size (Rx Sensitivity) Management Frame Throttle interval Management Frame Throttle Limit Maximum Distance RX Sensitivity Threshold RX Sensitivity Tuning Based Channel Reuse Adaptive Radio Management (ARM) Profile High-throughput Radio Profile AM Scanning Profile
30 seconds 20 percent N/A 100 msec Disabled 0 OFF 0 dB 1 sec 20 0 meters 0 dB disable default default-a default
The output of this command includes the following parameters:
Parameter Radio enable
Description Shows if the AP has enabled or disabled transmissions on this radio band.
Mode
Access Point operating mode. Available options are: l am-mode: Air Monitor mode l ap-mode: Access Point mode l apm-mode: Access Point Monitor mode l sensor-mode: RFprotect sensor mode
High throughput enable (radio)
Very High ThroughputEnable Channel
Shows if high-throughput (802.11n) is enabled on the radio. A high-throughput profile manages 40 Mhz tolerance settings, and controls whether or not APs using this profile will advertise intolerance of 40 MHz operation. (This option is disabled by default, allowing 40 MHz operation.) A high-throughput profile also determines whether an AP radio using the profile will stop using the 40 MHz channels surrounding APs or stations advertise 40 Mhz intolerance. This option is enabled by default.
Enable or disable support for Very High Throughput (802.11ac) on the radio. This option is enabled by default.
Channel number for the AP 802.11a, 802.11n, or 802.11ac physical layer.
Beacon Period
Time, in milliseconds, between successive beacon transmissions. The beacon advertises the AP's presence, identity, and radio characteristics to wireless clients.
Beacon Regulate
If enabled, this option introduces randomness in the beacon generation so that multiple APs on the same channel do not send beacons at the same time, which causes collisions over the air. This option is disabled by default.
Transmit EIRP
Maximum transmit power (EIRP) in dBm from 0 to 51 in .5 dBm increments. Further limited by regulatory domain constraints and AP capabilities.
1843 | show rf dot11a-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Advertise 802.11d and 802.11h Capabilities
Description
If enabled, the radio advertises its 802.11d (Country Information) and 802.11h (Transmit Power Control) capabilities.
TPC Power
The transmit power advertised in the TPC IE of beacons and probe responses
Spectrum load balancing
The Spectrum load balancing feature helps optimize network resources by balancing clients across channels, regardless of whether the AP or the controller is responding to the wireless clients' probe requests.
If enabled, the controller compares whether or not an AP has more clients than its neighboring APs on other channels. If an AP's client load is at or over a predetermined threshold as compared to its immediate neighbors, or if a neighboring Dell AP on another channel does not have any clients, load balancing will be enabled on that AP. This feature is disabled by default.
Spectrum load balancing mode
SLB Mode allows control over how to balance clients. Channel-based loadbalancing balances clients across channels. Radio-based load-balancing distributes clients across radios on the same band, independent of channels.
Spectrum load balancing mode update interval
This parameter specifies how often spectrum load balancing calculations are made (in seconds). The default value is 30 seconds.
Spectrum load balancing threshold
If the spectrum load balancing feature is enabled, this parameter controls the percentage difference between number of clients on a channel channel that triggers load balancing. The default value is 20%, meaning that spectrum load balancing is activated when there are 20% more clients on one channel than on another channel used by the AP radio.
Advertised Regulatory Max EIRP
Shows if the radio is configured to work around a known issue on Cisco 7921G telephones by capping for a radio's maximum equivalent isotropic radiated power (EIRP). When you enable this parameter, even if the regulatory approved maximum for a given channel is higher than this EIRP cap, the AP radio using this profile will advertise only this capped maximum EIRP in its radio beacons.
The supported value is131 dBm.
Spectrum load balancing domain
Define a spectrum load balancing domain to manually create RF neighborhoods.
Use this option to create RF neighborhood information for networks that have disabled Adaptive Radio Management (ARM) scanning and channel assignment.
l If spectrum load balancing is enabled in a 802.11a radio profile but the spectrum load balancing domain is not defined, ArubaOS uses the ARM feature to calculate RF neighborhoods.
l If spectrum load balancing is enabled in a 802.11a radio profile and a spectrum load balancing domain isalso defined, AP radios belonging to the same spectrum load balancing domain will be considered part of the same RF neighborhood for load balancing, and will not recognize RF neighborhoods defined by the ARM feature.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf dot11a-radio-profile | 1844
Parameter
Description
RX Sensitivity Tuning Based Channel Reuse
Shows if the channel reuse feature's current operating mode, static, dynamic or disable.
l Static: This mode of operation is a coverage-based adaptation of the Clear Channel Assessment (CCA) thresholds. In the static mode of operation, the CCA is adjusted according to the configured transmission power level on the AP, so as the AP transmit power decreases as the CCA threshold increases, and vice versa.
l Dynamic: In this mode, the Clear Channel Assessment (CCA) thresholds are based on channel loads, and take into account the location of the associated clients. When you set the Channel Reuse This feature is automatically enabled when the wireless medium around the AP is busy greater than half the time. When this mode is enabled, the CCA threshold adjusts to accommodate transmissions between the AP its most distant associated client.
l Disable: This mode does not support the tuning of the CCA Detect Threshold.
RX Sensitivity Threshold
Enable CSA
CSA Count Management Frame Throttle Interval Management Frame Throttle Limit ARM/WIDS Override
Reduce Cell Size (Rx Sensitivity)
If the Rx Sensitivity Tuning Based Channel reuse feature is set to static mode, this parameter manually sets the AP's Rx sensitivity threshold (dBm). The AP will filter out and ignore weak signals that are below the channel threshold signal strength. For example, if the RX sensitivity threshold was set to -65 dBm, the AP would ignore signals with a strength from -1 dBM to -64 dBm. If the value is set to zero, the feature will automatically determine an appropriate threshold.
Shows if Channel Switch Announcements (CSAs) are enabled or disabled. CSAs, as defined by IEEE 802.11h, enable an AP to announce that it is switching to a new channel before it begins transmitting on that channel. This allows clients that support CSA to transition to the new channel with minimal downtime.
Number of channel switch announcements that must be sent prior to switching to a new channel. The default CSA count is 4 announcements.
Averaging interval for rate limiting mgmt frames from this radio, in seconds. A management frame throttle interval of 0 seconds disables rate limiting.
Maximum number of management frames that can come in from this radio in each throttle interval.
If enabled, this option disables Adaptive Radio Management (ARM) and Wireless IDS functions and slightly increases packet processing performance. If a radio is configured to operate in Air Monitor mode, then the ARM/WIDS override functions are always enabled, regardless of whether or not this check box is selected.
The cell size reduction feature allows you manage dense deployments and to increase overall system performance and capacity by shrinking an AP's receive coverage area, thereby minimizing co-channel interference and optimizing channel reuse. The possible range of values for this feature is 0-55 dB. The default 0 dB reduction allows the radio to retain its current default Rx sensitivity value.
1845 | show rf dot11a-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
Adaptive Radio Management (ARM) Profile
Name of an Adaptive Radio Management profile associated with this 802.11a profile.
High-throughput Radio Profile
Name of a High Throughput Radio profile associated with this 802.11a profile.
Maximum Distance
Maximum distance between a client and an AP or between a mesh point and a mesh portal, in meters. This value is used to derive ACK and CTS timeout times. A value of 0 specifies default settings for this parameter, where timeouts are only modified for outdoor mesh radios which use a distance of 16km..
Spectrum Monitoring
If enabled, the AP operates as a hybrid AP that can simultaneously serve clients and monitor a single channel for spectrum analysis data.
Spectrum Monitoring Profile
The spectrum monitoring profile referenced by APs using this 802.11a radio profile. For details, see rf spectrum-profile on page 784
AM Scanning Profile
The AM scanning profile referenced by APs using this 802.11a radio profile. For details, seerf am-scan-profile on page 734
Command History
Release ArubaOS 3.0 ArubaOS 3.3.2 ArubaOS 3.4.0
ArubaOS 3.4.2 ArubaOS 6.0
ArubaOS 6.1
Modification
Command introduced.
Introduced support for the high-throughput IEEE 802.11n standard.
Support for the following parameters: l Spectrum load balancing l RX Sensitivity Tuning Based Channel Reuse l RX Sensitivity Threshold l ARM/WIDS Override
Support for the Beacon Regulate parameter
Support for the following parameters: l AM Scanning Profile l Advertised regulatory max EIRP l Spectrum Load balancing mode l Spectrum load balancing update interval (sec)
Support for the following parameters: l Spectrum Monitoring
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf dot11a-radio-profile | 1846
Release
ArubaOS 6.2.1.0 ArubaOS 6.3
Modification l Spectrum load balancing threshold (%) The Reduce Cell Size (Rx Sensitivity) parameter was introduced. The very-high-throughput-enable parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
1847 | show rf dot11a-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf dot11g-radio-profile
show rf dot11g-radio-profile [<profile>]
Description
Show an 802.11g Radio profile.
Syntax
Parameter <profile>
Description Name of a 802.11g profile.
Usage Guidelines
Issue this command without the <profile>parameter to display the entire 802.11g profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has four configured 802.11g profiles. The References column lists the number of other profiles with references to the 802.11g profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column
(host) # show rf arm-profile
Adaptive Radio Management (ARM) profile List
--------------------------------------------
Name
References Profile Status
----
---------- --------------
airwave
4
default
4
no-scanning
1
nokia-rf-profile
1
Total:4. This example displays the configuration settings for the profile airwave.
(host) # show rf dot11g-radio-profile default Parameter --------Radio enable Mode High throughput enable (radio) Channel Beacon Period Beacon Regulate Transmit EIRP Advertise 802.11d and 802.11h Capabilities TPC Power Spectrum load balancing Spectrum Load balancing mode Spectrum load balancing update interval (sec) Advertised regulatory max EIRP Spectrum Load Balancing domain
Value ----Enabled ap-mode Enabled N/A 100 msec Disabled 15 dBm Disabled 15 dBm Disabled channel 30 seconds 0 N/A
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf dot11g-radio-profile | 1848
RX Sensitivity Tuning Based Channel Reuse RX Sensitivity Threshold Non 802.11 Interference Immunity Enable CSA CSA Count Management Frame Throttle interval Management Frame Throttle Limit ARM/WIDS Override Reduce Cell Size (Rx Sensitivity) Protection for 802.11b Clients Adaptive Radio Management (ARM) Profile High-throughput Radio Profile Maximum Distance Spectrum Monitoring Spectrum Monitoring Profile AM Scanning Profile
disable 0 -dBm Level-2 Disabled 4 1 sec 20 Disabled 0 dB Enabled default default-g 0 meters Disabled default-a default
The output of this command includes the following parameters:
Parameter Radio enable
Description Shows if the AP has enabled or disabled transmissions on this radio band.
Mode
Access Point operating mode. Available options are: l am-mode: Air Monitor mode l ap-mode: Access Point mode l apm-mode: Access Point Monitor mode l sensor-mode: RFprotect sensor mode
High throughput enable (radio)
Shows if high throughput (802.11n) is enabled or disabled on this radio.
A high-throughput profile manages 40 Mhz tolerance settings, and controls whether or not APs using this profile will advertise intolerance of 40 MHz operation. (This option is disabled by default, allowing 40 MHz operation.)
A high-throughput profile also determines whether an AP radio using the profile will stop using the 40 MHz channels surrounding APs or stations advertise 40 Mhz intolerance. This option is enabled by default.
Channel
Channel number for the AP 802.11a/802.11n physical layer.
Beacon Period
Time, in milliseconds, between successive beacon transmissions. The beacon advertises the AP's presence, identity, and radio characteristics to wireless clients.
Beacon Regulate
If enabled, this option introduces randomness in the beacon generation so that multiple APs on the same channel do not send beacons at the same time, which causes collisions over the air. This option is disabled by default.
Transmit EIRP
Maximum transmit power (EIRP) in dBm from 0 to 51 in .5 dBm increments. Further limited by regulatory domain constraints and AP capabilities.
Advertise 802.11d and 802.11h Capabilities
If enabled, the radio advertises its 802.11d (Country Information) and 802.11h (Transmit Power Control) capabilities.
1849 | show rf dot11g-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter TPC Power
Description
The transmit power advertised in the TPC IE of beacons and probe responses
Spectrum load balancing
The Spectrum load balancing feature helps optimize network resources by balancing clients across channels, regardless of whether the AP or the controller is responding to the wireless clients' probe requests.
If enabled, the controller compares whether or not an AP has more clients than its neighboring APs on other channels. If an AP's client load is at or over a predetermined threshold as compared to its immediate neighbors, or if a neighboring Dell AP on another channel does not have any clients, load balancing will be enabled on that AP. This feature is disabled by default.
Spectrum load balancing mode
SLB Mode allows control over how to balance clients. Channel-based loadbalancing balances clients across channels. Radio-based load-balancing distributes clients across radios on the same band, independent of channels.
Spectrum load balancing mode update interval
This parameter specifies how often spectrum load balancing calculations are made (in seconds). The default value is 30 seconds.
Spectrum load balancing threshold
If the spectrum load balancing feature is enabled, this parameter controls the percentage difference between number of clients on a channel channel that triggers load balancing. The default value is 20%, meaning that spectrum load balancing is activated when there are 20% more clients on one channel than on another channel used by the AP radio.
Advertised Regulatory Max EIRP
Shows if the radio is configured to work around a known issue on Cisco 7921G telephones by capping for a radio's maximum equivalent isotropic radiated power (EIRP). When you enable this parameter, even if the regulatory approved maximum for a given channel is higher than this EIRP cap, the AP radio using this profile will advertise only this capped maximum EIRP in its radio beacons.
The supported value is131 dBm.
Spectrum load balancing domain
Define a spectrum load balancing domain to manually create RF neighborhoods.
Use this option to create RF neighborhood information for networks that have disabled Adaptive Radio Management (ARM) scanning and channel assignment.
l If spectrum load balancing is enabled in a 802.11g radio profile but the spectrum load balancing domain is not defined, ArubaOS uses the ARM feature to calculate RF neighborhoods.
l If spectrum load balancing is enabled in a 802.11g radio profile and a spectrum load balancing domain isalso defined, AP radios belonging to the same spectrum load balancing domain will be considered part of the same RF neighborhood for load balancing, and will not recognize RF neighborhoods defined by the ARM feature.
RX Sensitivity Tuning Based Channel Reuse
Shows if the channel reuse feature's current operating mode, static, dynamic or disable.
l Static: This mode of operation is a coverage-based adaptation of the
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf dot11g-radio-profile | 1850
Parameter
Description
Clear Channel Assessment (CCA) thresholds. In the static mode of operation, the CCA is adjusted according to the configured transmission power level on the AP, so as the AP transmit power decreases as the CCA threshold increases, and vice versa.
l Dynamic: In this mode, the Clear Channel Assessment (CCA) thresholds are based on channel loads, and take into account the location of the associated clients. When you set the Channel Reuse This feature is automatically enabled when the wireless medium around the AP is busy greater than half the time. When this mode is enabled, the CCA threshold adjusts to accommodate transmissions between the AP its most distant associated client.
l Disable: This mode does not support the tuning of the CCA Detect Threshold.
RX Sensitivity Threshold
Non 802.11 Interference Immunity
Enable CSA CSA Count Management Frame Throttle Interval
If the Rx Sensitivity Tuning Based Channel reuse feature is set to static mode, this parameter manually sets the AP's Rx sensitivity threshold (dBm). The AP will filter out and ignore weak signals that are below the channel threshold signal strength. For example, if the RX sensitivity threshold was set to -65 dBm, the AP would ignore signals with a strength from -1 dBM to -64 dBm. If the value is set to zero, the feature will automatically determine an appropriate threshold.
Show the current value for 802.11 Interference Immunity on the 2.4 Ghz band.
The default setting for this parameter is level 2. When performance drops due to interference from non-802.11 interferers (such as DECT or Bluetooth devices), the level can be increased up to level 5 for improved performance. However, increasing the level makes the AP slightly "deaf" to its surroundings, causing the AP to lose a small amount of range.
The levels for this parameter are:
l Level-0: no ANI adaptation.
l Level-1: noise immunity only.
l Level-2: noise and spur immunity.
l Level-3: level 2 and weak OFDM immunity.
l Level-4: level 3 and FIR immunity.
l Level-5: disable PHY reporting.
Shows if Channel Switch Announcements (CSAs) are enabled or disabled. CSAs, as defined by IEEE 802.11h, enable an AP to announce that it is switching to a new channel before it begins transmitting on that channel. This allows clients that support CSA to transition to the new channel with minimal downtime.
Number of channel switch announcements that must be sent prior to switching to a new channel. The default CSA count is 4 announcements.
Averaging interval for rate limiting mgmt frames from this radio, in seconds. A management frame throttle interval of 0 seconds disables rate limiting.
1851 | show rf dot11g-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Management Frame Throttle Limit
Description
Maximum number of management frames that can come in from this radio in each throttle interval.
ARM/WIDS Override
If enabled, this option disables Adaptive Radio Management (ARM) and Wireless IDS functions and slightly increases packet processing performance. If a radio is configured to operate in Air Monitor mode, then the ARM/WIDS override functions are always enabled, regardless of whether or not this check box is selected.
Reduce Cell Size (Rx Sensitivity)
Protection for 802.11b Clients
The cell size reduction feature allows you manage dense deployments and to increase overall system performance and capacity by shrinking an AP's receive coverage area, thereby minimizing co-channel interference and optimizing channel reuse. The possible range of values for this feature is 0-55 dB. The default 0 dB reduction allows the radio to retain its current default Rx sensitivity value.
Shows if the profile has enabled or disabled protection for 802.11b clients.
Adaptive Radio Management (ARM) Profile
Name of an Adaptive Radio Management profile associated with this 802.11a profile.
High-throughput Radio Profile
Name of a High Throughput Radio profile associated with this 802.11a profile.
Maximum Distance
Maximum distance between a client and an AP or between a mesh point and a mesh portal, in meters. This value is used to derive ACK and CTS timeout times. A value of 0 specifies default settings for this parameter, where timeouts are only modified for outdoor mesh radios which use a distance of 16km.
Spectrum Monitoring
If enabled, the AP operates as a hybrid AP that can simultaneously serve clients and monitor a single channel for spectrum analysis data.
Spectrum Monitoring Profile
The spectrum monitoring profile referenced by APs using this 802.11g radio profile. For details, see rf spectrum-profile on page 784
AM Scanning Profile
The AM scanning profile referenced by APs using this 802.11g radio profile. For details, seerf am-scan-profile on page 734
Command History
Release ArubaOS 3.0 ArubaOS 3.3.2
ArubaOS 3.4
Modification Command introduced
Introduced protection for 802.11b clients and support for the highthroughput IEEE 802.11n standard
Support for the following parameters:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf dot11g-radio-profile | 1852
Release
ArubaOS 3.4.2 ArubaOS 6.0
ArubaOS 6.1 ArubaOS 6.2.1.0
Modification
l Spectrum load balancing l RX Sensitivity Tuning Based Channel Reuse l RX Sensitivity Threshold l ARM/WIDS Override
Support for the Beacon Regulate parameter
Support for the following parameters: l AM Scanning Profile l Advertised regulatory max EIRP l Spectrum Load balancing mode l Spectrum load balancing update interval (sec)
Support for the following parameters: l Spectrum Monitoring l Spectrum load balancing threshold (%)
The Reduce Cell Size (Rx Sensitivity) parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
1853 | show rf dot11g-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf event-thresholds-profile
show rf event-thresholds-profile [<profile>]
Description
Show an Event Thresholds profile.
Syntax
Parameter <profile>
Description name of an Event Thresholds profile
Usage Guidelines
Issue this command without the <profile>parameter to display the entire Event Thresholds profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has two configured Event Thresholds profiles. The References column lists the number of other profiles with references to the Event Thresholds profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column
(host) # show rf event-thresholds-profile
RF Event Thresholds Profile List
--------------------------------
Name
References Profile Status
----
---------- --------------
default 6
event1
2
Total: 2.
This example displays the configuration settings for the profile default.
(host) # show rf event-thresholds-profile default
RF Event Thresholds Profile "default"
-------------------------------------
Parameter
Value
---------
-----
Detect Frame Rate Anomalies
Disabled
Bandwidth Rate High Watermark
0%
Bandwidth Rate Low Watermark
0%
Frame Error Rate High Watermark
0%
Frame Error Rate Low Watermark
0%
Frame Fragmentation Rate High Watermark 16 %
Frame Fragmentation Rate Low Watermark 8 %
Frame Low Speed Rate High Watermark
16 %
Frame Low Speed Rate Low Watermark
8%
Frame Non Unicast Rate High Watermark 0 %
Frame Non Unicast Rate Low Watermark
0%
Frame Receive Error Rate High Watermark 16 %
Frame Receive Error Rate Low Watermark 8 %
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf event-thresholds-profile | 1854
Frame Retry Rate High Watermark Frame Retry Rate Low Watermark
16 % 8%
The output of this command includes the following parameters:
Parameter
Detect Frame Rate Anomalies
Description Shows of the profile enables or disables detection of frame rate anomalies.
Bandwidth Rate High Watermark
If bandwidth in an AP exceeds this value, it triggers a bandwidth exceeded condition. The value represents the percentage of maximum for a given radio. (For 802.11b, the maximum bandwidth is 7 Mbps. For 802.11 a and g, the maximum is 30 Mbps.) The recommended value is 85%.
Bandwidth Rate Low Watermark
If an AP triggers a bandwidth exceeded condition, the condition persists until bandwidth drops below this value.
Frame Error Rate High Watermark
If the frame error rate (as a percentage of total frames in an AP) exceeds this value, it triggers a frame error rate exceeded condition.
Frame Error Rate Low Watermark
If an AP triggers a frame error rate exceeded condition, the condition persists until the frame error rate drops below this value.
Frame Fragmentation Rate High Watermark
If the frame fragmentation rate (as a percentage of total frames in an AP) exceeds this value, it triggers a frame fragmentation rate exceeded condition.
Frame Fragmentation Rate Low Watermark
If an AP triggers a frame fragmentation rate exceeded condition, the condition persists until the frame fragmentation rate drops below this value.
Frame Low Speed Rate High Watermark
If the rate of low-speed frames (as a percentage of total frames in an AP) exceeds this value, it triggers a low-speed rate exceeded condition.
Frame Low Speed Rate Low Watermark
After a low-speed rate exceeded condition exists, the condition persists until the percentage of low-speed frames drops below this value.
Frame Non Unicast Rate High Watermark
If the non-unicast rate (as a percentage of total frames in an AP) exceeds this value, it triggers a non-unicast rate exceeded condition. This value depends upon the applications used on the network.
Frame Non Unicast Rate Low Watermark
If an AP triggers a non-unicast rate exceeded condition, the condition persists until the non-unicast rate drops below this value.
Frame Receive Error Rate High Watermark
If the frame receive error rate (as a percentage of total frames in an AP) exceeds this value, it triggers a frame receive error rate exceeded condition.
Frame Receive Error Rate Low Watermark
If an AP triggers a frame receive error rate exceeded condition, the condition persists until the frame receive error rate drops below this value.
1855 | show rf event-thresholds-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Frame Retry Rate High Watermark
Frame Retry Rate Low Watermark
Description
If the frame retry rate (as a percentage of total frames in an AP) exceeds this value, it triggers a frame retry rate exceeded condition.
If an AP triggers a frame retry rate exceeded condition exists, the condition persists until the frame retry rate drops below this value.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf event-thresholds-profile | 1856
show rf ht-radio-profile
show rf ht-radio-profile [<profile>]
Description
Show a High-throughput Radio profile.
Syntax
Parameter <profile>
Description Name of a High-throughput Radio profile.
Usage Guidelines
Issue this command without the <profile>parameter to display the entire High-throughput Radio profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has five configured High-throughput Radio profiles. The References column lists the number of other profiles with references to the High-throughput Radio profile, and the Profile Status column indicates whether the profile is predefined and editable, and if that predefined profile has been changed from its default settings. User-defined profiles will not have an entry in the Profile Status column.
(host) # show rf ht-radio-profile
High-throughput radio profile List
----------------------------------
Name
References Profile Status
----
---------- --------------
default
0
default-a
8
Predefined (editable)
default-g
3
Predefined (changed)
legacystation 1
test
1
Total:5
This example displays the configuration settings for the predefined profile default-a.
(host) #show rf ht-radio-profile default-a
High-throughput radio profile "default-a" (Predefined (editable))
-----------------------------------------------------------------
Parameter
Value
---------
-----
40 MHz intolerance
Disabled
Honor 40 MHz intolerance
Enabled
Diversity spreading workaround Disabled
CSD Override
Disabled
The output of this command includes the following parameters:
1857 | show rf ht-radio-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter 40 MHz intolerance
Description
Shows whether or not APs using this radio profile will advertise intolerance of 40 MHz operation. By default, 40 MHz operation is allowed.
Honor 40 MHz intolerance
If this parameter is enabled, the radio will stop using the 40 MHz channels if the 40 MHz intolerance indication is received from another AP or station.
CSD Override
Diversity Spreading Workaround
When this feature is enabled, all legacy transmissions will be sent using a single antenna. This enables interoperability for legacy or high-throughput stations that cannot decode 802.11n cyclic shift diversity (CSD) data.
This feature is disabled by default and should be kept disabled unless necessary.
Command History
Release ArubaOS 3.0 ArubaOS 3.3.2 ArubaOS 3.4 ArubaOS 6.2
Modification Command introduced
Support for the dsss-cck-40mhz parameter was removed
Introduced the single-chain-legacy parameter.
The CSD Override parameter was renamed to diversity spreading workaround.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf ht-radio-profile | 1858
show rf optimization-profile
show rf optimization-profile [<profile>]
Description
Show an Optimization profile.
Syntax
Parameter <profile>
Description name of an ARM profile
Usage Guidelines
Issue this command without the <profile>parameter to display the entire Optimization profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has two configured Optimization profiles. The References column lists the number of other profiles with references to the Optimization profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) # show rf optimization-profile
RF Optimization Profile List
----------------------------
Name
References Profile Status
----
---------- --------------
default 6
profile2 1
Total:2
This example displays the configuration settings for the profile profile2.
(host) #show rf optimization-profile profile2
RF Optimization Profile "profile2"
---------------------------------
Parameter
Value
---------
-----
Station Handoff Assist
Disabled
Detect Association Failure
Disabled
Coverage Hole Detection
Disabled
Hole Good RSSI Threshold
20
Hole Good Station Ageout
30 sec
Hole Detection Interval
180 sec
Hole Idle Station Ageout
90 sec
Hole Poor RSSI Threshold
10
Detect interference
Disabled
Interference Threshold
90 %
Interference Threshold Exceed Time
25 sec
Interference Baseline Time
25 sec
RSSI Falloff Wait Time
4
Low RSSI Threshold
10
1859 | show rf optimization-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
RSSI Check Frequency
3 sec
The output of this command includes the following parameters:
Parameter
Description
Station Handoff Assist
If enabled, this parameter allows the controller to force a client off an AP when the RSSI drops below a defined minimum threshold.
Detect Association Failure
Shows if the profile enables or disables STA association failure detection.
Coverage Hole Detection
Shows if the profile enables or disables coverage hole detection.
Hole Good RSSI Threshold
Time, in seconds, after a coverage hole is detected until a coverage hole event notification is generated.
This parameter requires the RF Protect license.
Hole Good Station Ageout
Stations with signal strength above this value are considered to have good coverage.
This parameter requires the RF Protect license.
Hole Detection Interval
Time, in seconds, after which a station with good coverage is aged out. This parameter requires the RF Protect license.
Hole Idle Station Ageout
Time, in seconds, after which a station in a poor coverage area is aged out. This parameter requires the RF Protect license.
Hole Poor RSSI Threshold
Stations with signal strength below this value will trigger detection of a coverage hole.
This parameter requires the RF Protect license.
Detect interference
Enables or disables interference detection.
Interference Threshold
Percentage increase in the frame retry rate (FRR) or frame receive error rate (FRER) before interference monitoring begins on a given channel.
Interference Threshold Exceed Time
Time, in seconds, the FRR or FRER exceeds the threshold before interference is reported.
Interference Baseline Time
Time, in seconds, the air monitor should learn the state of the link between the AP and client to create frame retry rate (FRR) and frame receive error rate (FRER) baselines.
RSSI Falloff Wait Time
Number of times the detected client RSSI level must fall below the minimum RSSI threshold the before the AP sends a deauthorization message to the client. The maximum value is 8 times.
Low RSSI Threshold
Minimum RSSI above which deauthorization messages should never be sent.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf optimization-profile | 1860
Parameter
Description
RSSI Check Frequency Interval, in seconds, to sample RSSI.
Command History
Version ArubaOS 3.0 ArubaOS 3.4
Modification
Base operating system
Output parameters displaying load balancing status were removed. You can now view the status of the load balancing feature via the commands show rf dot11a-radio-profile and show rf dot11g-radio-profile.
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
1861 | show rf optimization-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf spectrum-profile
rf spectrum-profile <profile-name>
Description
Show a spectrum profile used by the spectrum analysis feature.
Syntax
Parameter <profile>
Description Name of a spectrum profile.
Usage Guidelines
Issue this command without the <profile>parameter to display the entire spectrum profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has three configured spectrum profiles. The References column lists the number of other profiles with references to the spectrum profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) #show rf spectrum-profile
Spectrum profile List
---------------------
Name
References
----
----------
spectrum1 1
default-a 2
default-g 2
Profile Status --------------
Predefined (editable) Predefined (editable)
This example displays the configuration settings for the profile spectrum1.
(host) #show rf spectrum-profile default
Spectrum profile "default" -------------------------Parameter --------Age Out: WIFI Age Out: Generic Interferer Age Out: Microwave Age Out: Microwave (Inverter type) Age Out: Video Device Age Out: Audio Device Age Out: Cordless Phone Fixed Frequency Age Out: Generic Fixed Frequency Age Out: Bluetooth Age Out: Xbox Age Out: Cordless Network Frequency Hopper Age Out: Cordless Base Frequency Hopper Age Out: Generic Frequency Hopper
Value ----600 sec 30 sec 15 sec 15 sec 60 sec 10 sec 10 sec 10 sec 25 sec 25 sec 60 sec 240 sec 25 sec
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf spectrum-profile | 1862
The output of this command includes the following information:
Parameter Age Out: WIFI Age Out: Generic Interferer Age Out: Microwave
Age Out: Microwave (inverter type)
Age Out: Video Device Age Out: Audio Device Age Out: Cordless Phone Fixed Frequency Age Out: Generic Fixed Frequency
Description
The number of seconds for which a wifi device must stop sending a signal before the spectrum monitor considers that device no longer active on the network. The default value is 600 seconds.
The number of seconds for which an unknown device must stop sending a signal before the spectrum monitor considers that device no longer active on the network. The default value is 30 seconds.
The number of seconds for which a microwave device must stop sending a signal before the spectrum monitor considers that device no longer active on the network. The default value is 15 seconds.
Note that this parameter is applicable to 2.4GHz spectrum monitor radios only.
The number of seconds for which an inverter microwave must stop sending a signal before the spectrum monitor considers that device no longer active on the network. The default value is 15 seconds.
Note that this parameter is applicable to 2.4GHz spectrum monitor radios only.
The number of seconds for which a video device must stop sending a signal before the spectrum monitor considers that device no longer active on the network. The default value is 60 seconds.
The number of seconds for which an audio device must stop sending a signal before the spectrum monitor considers that device no longer active on the network. The default value is 10 seconds.
The number of seconds for which a fixed frequency cordless phone must stop sending a signal before the spectrum monitor considers that device no longer active on the network. The default value is 10 seconds.
The number of seconds for which a generic fixed frequency device must stop sending a signal before the spectrum monitor considers that device no longer active on the network. The default value is 10 seconds.
1863 | show rf spectrum-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Age Out: Xbox
Description
The number of seconds for which an Xbox device must stop sending a signal before the spectrum monitor considers that device no longer active on the network. The default value is 25 seconds.
Note that this parameter is applicable to 2.4GHz spectrum monitor radios only.
Age Out: Bluetooth
The number of seconds for which a bluetooth device must stop sending a signal before the spectrum monitor considers that device no longer active on the network. The default value is 25 seconds.
Note that this parameter is applicable to 2.4GHz spectrum monitor radios only.
Age Out: Cordless Network Frequency Hopper
The number of seconds for which a frequencyhopping cordless network device must stop sending a signal before the spectrum monitor considers that device no longer active on the network. The default value is 60 seconds.
Age Out: Cordless Base Frequency Hopper
The number of seconds for which a frequencyhopping cordless phone base must stop sending a signal before the spectrum monitor considers that device no longer active on the network. The default value is 240 seconds.
Age Out: Generic Frequency Hopper
The number of seconds for which a generic frequency-hopping device must stop sending a signal before the spectrum monitor considers that device no longer active on the network. The default value is 25 seconds.
Related Commands
rf spectrum-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rf spectrum-profile | 1864
Command History
Release
Modification
ArubaOS 6.0 Command introduced
ArubaOS 6.2
The spectrum-band parameter was deprecated.
The following default ageout times were changed:
l cordless-fh-base default timeout is 240 seconds (was 25 seconds in previous releases).
l cordless-fh-network default timeout is 60 seconds (was 10 seconds in previous releases).
l generic-interferer default timeout is 30 seconds (was 25 seconds in previous releases).
l video default timeout is 60 seconds (was 10 seconds in previous releases).
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Config mode on master and local controllers
1865 | show rf spectrum-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rft profile
show rft profile {all|antenna-connectivity|link-quality|raw}
Description
Show parameters for the predefined RF test profiles.
Syntax
Parameter all
Description Show all predefined profiles.
antenna-connectivity
Show configured parameters for the predefined Antenna Connectivity test profile.
link-quality
Show configured parameters for the predefined Link Quality test profile.
raw
Show configured parameters for the predefined RAW test profile.
Usage guidelines
The rft command is used for RF troubleshooting, and should only be used under the supervision of Dell technical support. Issue the show rft profile command to view the profiles used for these RF tests.
Example
The following example shows the testing parameters for the predefined link-quality RF test profile.
(host) #show rft profile link-quality
Profile LinkQuality: Built-in profile
--------------------------------------
Parameter Value
--------- -----
Antenna
1 and/or 2
Frame Type Null Data
Num Packets 100 for each data-rate
Packet Size 1500
Num Retries 0
Data Rate All rates are tried
Related Commands
To view the results of an RF test, use the command show rft result.
Command History
This command was available in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rft profile | 1866
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
1867 | show rft profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rft result
show rft result all|{trans-id <trans-id>}
Description
Show the results of an RF test.
Syntax
Parameter all
Description
Show the most recent test result for each test type (antenna-connectivity, linkquality or raw).
trans-id <trans-id>
Each RF test is assigned a transaction ID. Include the trans-id <trans-id> parameters to show the test result for a specific transaction ID.
Usage guidelines
The rft command is used for RF troubleshooting, and should only be used under the supervision of Dell technical support.
Related Commands
To view a list of the most recent transaction IDs for each test type, use the command show rft transactions.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rft result | 1868
show rft transactions
show rft transactions
Description
Show transaction IDs of RF tests.
Syntax
No parameters.
Usage guidelines
The rft command is used for RF troubleshooting, and should only be used under the supervision of Dell technical support. Issue the show rft transaction command to view the transaction IDs for the most recent test of each test type.
Example
The following example shows the transaction IDs for the latest RAW, link-quality and antenna-connectivity tests. (host) #show rft transactions
RF troubleshooting transactions
-------------------------------
Profile
Transaction ID
-------
--------------
RAW
2001
LinkQuality
2101
AntennaConnectivity 1801
Related Commands
Use transaction IDs with the command show rft result to view results for individual RF tests.
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
1869 | show rft transactions
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rights
show rights [<name-of-a-role>]
Description
Displays the list of user roles in the roles table with high level details of role policies. To view role policies of a specific role specify the role name.
Syntax
Parameter name-of-a-role
Description Enter the role name to view its policy details.
Example
The output of this command shows the list of roles in the role table. (host) # show rights
RoleTable
---------
Name
ACL Bandwidth
ACL List
----
--- ---------
--------
ap-role
4 Up: No Limit,Dn: No Limit control/,ap-acl/
authenticated
39 Up: No Limit,Dn: No Limit allowall/,v6-allowall/
default-vpn-role 37 Up: No Limit,Dn: No Limit allowall/,v6-allowall/
guest
3 Up: No Limit,Dn: No Limit http-acl/,https-acl/,dhcp-acl/
guest-logon
6 Up: No Limit,Dn: No Limit logon-control/,captiveportal/
logon
1 Up: No Limit,Dn: No Limit logon-control/,captiveportal/
stateful-dot1x 5 Up: No Limit,Dn: No Limit
voice
38 Up: No Limit,Dn: No Limit sip-acl/,noe-acl/,svp-acl/,vocera-acl/
Command History
This command was available in ArubaOS 3.0
Command Information
Type ---System User User User User User System User
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rights | 1870
show roleinfo
show roleinfo
Description
Displays the role of the controller.
Syntax
No parameters.
Example
The output of this command shows the role of the controller. (host) # show roleinfo switchrole:master
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1871 | show roleinfo
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show route-access-list
show route-access-list
Description
This command displays information about access control lists (ACLs) for policy-based routing (PBR).
Syntax
No Parameters
Usage Guidelines
Policy-based routing is an optional feature that allows allows packets to be routed based on access control lists (ACLs) configured by the administrator. By default, when a controller receives a packet for routing, it looks up the destination IP in the routing table and forwards the packet to the nexthop router. If policy-based routing is configured, the nexthop device can be chosen based on a defined access control list.
In a typical deployment scenario with multiple uplinks, the default route only uses one of the uplink next-hops for forwarding packets. If a nexthop becomes unreachable, the packets will not reach their destination. If your deployment uses policy-based routing based on a nexthop list, any of the uplink nexthops could be used for forwarding traffic. This requires a valid ARP entry (Route-cache) in the system for all the policy-based routing nexthops.
Example
The following command displays a list of configured routing access lists.
(host)(config)# (host) #show route-access-list
Router Access list table
------------------------
Name
Use Count Roles
----
--------- -----
attempt1 0
pbr
0
name
1
test
Tuesday 0
The output of this command includes the following parameters:
Parameter Name
Use Count Roles
Description Name of the access list Number of VLANs associated with this routing access list. User role associated with the routing access list.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show route-access-list | 1872
Related Commands
Command ip access-list route
ip nexthop-list
Description This command configures an access control list (ACL) for policy-based routing (PBR).
Use this command to define a next-hop list for a routing policy
routing-policy-map
This command associates a routing access control list (ACL) with a user role.
Command History
Release ArubaOS 6.4.3
Modification Command introduced.
Command Information
Platform All platforms
License Requires the PEFNG license
Command Mode Config or Enable mode
1873 | show route-access-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rrm dot11k admission-capacity
show rrm dot11k admission-capacity
Description
Displays the available admission capacity for voice traffic on an AP.
Syntax
No parameters.
Example
The output of this command shows the available admission capacity for voice traffic on all APs. (host) # show rrm dot11k admission-capacity
802.11K Available Admission Capacity for Voice ----------------------------------------------
Flags: B: Bandwidth based CAC, C: Call-count based CAC
D: CAC Disabled,
E: CAC Enabled
AP Name ------r-wing-94 r-wing-94
IP Address ---------10.16.12.247 10.16.12.247
Freq Band --------5 GHz 2.4 GHz
Chan ---40 11
Total ----31250 31250
Available --------0 0
Flags ----EC EC
Num APs:2
Command History
This command was available in ArubaOS 3.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rrm dot11k admission-capacity | 1874
show rrm dot11k ap-channel-report
show rrm dot11k ap-channel-report [ap-name <name-of-an-ap> | bssid <bssid-of-an-ap> | ip-addr <ip-address-of-an-ap> | ip6-addr <ip-addr> | essid <essid>]
Description
Displays the channel information gathered by the AP. You can either specify an ap-name, bssid or ip-address of an AP to see more details.
Syntax
Parameter ap-name bssid ip-addr ip6-addr essid
Description Enter the name of the AP.
Enter the BSSID address of the AP.
Enter the IP address of the AP. Enter the IPv6 address of the AP Entries in the IPv4 user-table that are associated to the specified ESSID. If the ESSID includes spaces, you must enclose it in quotation marks.
Example
The output of this command shows the channel information for r-wing-94:94. (host) # show rrm dot11k ap-channel-report ap-name r-wing-94
802.11K AP Channel Report Details
----------------------------------
Freq Band Channel List
--------- ------------
2.4 GHz 11,
5 GHz
36, 40, 157, 161, 165,
Num Entries:2
Command History
This command was available in ArubaOS 3.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1875 | show rrm dot11k ap-channel-report
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rrm dot11k beacon-report
show rrm dot11k beacon-report
Description
Displays the beacon report information sent by a client to its AP.
Syntax
No parameters.
Example
The output of this command shows the beacon report for the client 00:1f:6c:7a:d4:fd. (host) # show rrm dot11k beacon-report station-mac 00:1f:6c:7a:d4:fd
802.11K Beacon Report Details
--------------------------------------------------
Channel
BSSID
---------- -------
1
00:0b:86:6d:3e:40
Reg Class
Antenna ID
------------ -------------
0
1
Meas. Mode ---------------Bcn Table
Num Elements:1
Command History
This command was available in ArubaOS 3.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rrm dot11k beacon-report | 1876
show rrm dot11k neighbor-report
show rrm dot11k neighbor-report [ap-name | bssid <bssid-of-an-ap> | ip-addr <ip-address-of-an-ap>]
Description
Displays the neighbor information for a particular AP. If the AP name or the AP's IP address is specified, the user should specify the ESSID to get the neighbor information. If the ESSID is not specified, the command will display the neighbor information for all the Virtual AP's configured on the AP.
Syntax
Parameter ap-name
<name-of-an-ap> <essid>
bssid ip-addr
Description Identify the AP for which you want to view information. Name of an AP. ESSID of the AP. If the ESSID includes spaces, you must enclose it in quotation marks. Enter the BSSID address of the AP. Enter the IP address of the AP.
Example
The output of this command shows the neighbor information for r-wing-94.
(host) # show rrm dot11k neighbor-report ap-name r-wing-94
802.11K Neighbor Report Details -------------------------------
Flags: S: Spectrum Management, Q: QoS, A: APSD, R: Radio Measurement
ESSID
BSSID
Channel Reachability Security Authenticator Preference
Flags
-----
-----
------- ------------ -------- ------------- ---------- -
----
r-wing-voice 00:0b:86:6d:3e:30 165
Reachable
Same
Same
1
SR
r-wing-voice 00:0b:86:6d:3e:20 1
Reachable
Same
Same
1
SR
r-wing-data 00:0b:86:6d:3e:40 6
Reachable
Same
Same
1
SR
r-wing-data 00:0b:86:6d:4e:41 153
Reachable
Same
Same
1
SR
Num Entries:4
Command History
This command was available in ArubaOS 3.4
1877 | show rrm dot11k neighbor-report
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show rrm dot11k neighbor-report | 1878
show rrm dot11k transmit-stream-report station-mac
show rrm dot11k transmit-stream-report station-mac <mac-addr>
Description
This is a diagnostic option for quick verification of received transmit stream measurement reports. Displays the contents of the transmit stream measurement reports received from a client.
Syntax
Parameter mac-addr
Description MAC address of the client.
Command History
This command is introduced in ArubaOS 5.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1879 | show rrm dot11k transmit-stream-report station-mac
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show running-config
show running-config
Description
Displays the current controller configuration, including all pending changes which are yet to be saved.
Syntax
No parameters.
Example
The output of this command shows the running configuration on the controller.
(host) # show running-config
version 5.0 enable secret "******" telnet soe loginsession timeout 0 hostname "vjoshi-2400" clock timezone PST -8 location "Building1.floor1" mms config 0 controller config 986 ip access-list eth validuserethacl
permit any ! netservice svc-netbios-dgm udp 138 netservice svc-snmp-trap udp 162 netservice svc-https tcp 443 netservice svc-dhcp udp 67 68 alg dhcp netservice svc-smb-tcp tcp 445 netservice svc-ike udp 500 netservice svc-l2tp udp 1701 ... ... ... netservice svc-bootp udp 67 69 netservice svc-snmp udp 161 netservice svc-v6-dhcp udp 546 547 netservice svc-icmp 1 --More-- (q) quit (u) pageup (/) search (n) repeat
Command History
Version ArubaOS 3.0
Description Command introduced.
ArubaOS 6.4.2.5
The default dot1x high-watermark and dot1x low-watermark values were removed from the show running-config command.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show running-config | 1880
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1881 | show running-config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show session-acl-list
show session-acl-list
Description
Displays the list of configured session ACLs in the controller.
Syntax
No parameters.
Example
The output of this command shows the session ACLs in the controller.
(host) # show session-access-list v6-icmp-acl allow-diskservices control validuser v6-https-acl vocera-acl icmp-acl v6-dhcp-acl captiveportal v6-dns-acl allowall test sip-acl https-acl ... ... ... v6-http-acl dhcp-acl http-acl stateful-dot1x ap-acl svp-acl noe-acl stateful-kerberos v6-logon-control h323-acl
Command History
This command was available in ArubaOS 3.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show session-acl-list | 1882
show slots
show slots
Description
Displays the list of slots in the controller, including the status and card type.
Syntax
No parameters.
Example
The output of this command shows slot details on the controller. (host) # show slots
Slots
------
Slot Status
---- ------
1
Present
Card Type --------A2400
Command History
This command was available in ArubaOS 3.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1883 | show slots
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show snmp community
show snmp community
Description
Displays the SNMP community string details.
Syntax
No parameters.
Example
The output of this command shows slot details on the controller.
(host) # show snmp community
SNMP COMMUNITIES ---------------COMMUNITY ACCESS --------- ------
public READ_ONLY
VERSION ------V1, V2c
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show snmp community | 1884
show snmp inform
show snmp inform
Description
Displays the length of SNMP inform queue.
Syntax
No parameters.
Example
The output of this command shows slot details on the controller. (host) # show snmp inform stats
Inform queue size is 100
SNMP INFORM STATS ----------------HOST PORT INFORMS-INQUEUE ---- ---- ---------------
OVERFLOW --------
TOTAL INFORMS -------------
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1885 | show snmp inform
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show snmp trap-hosts
show snmp trap-hosts
Description
Displays the configured SNMP trap hosts.
Syntax
No parameters.
Example
The output of this command shows details of a SNMP trap host. (host) # show snmp trap-hosts
SNMP TRAP HOSTS
---------------
HOST
VERSION
----
-------
10.16.14.1 SNMPv2c
SECURITY NAME PORT
------------- ----
public
162
TYPE TIMEOUT RETRY
---- ------- -----
Trap N/A
N/A
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show snmp trap-hosts | 1886
show snmp trap-list
show snmp trap-list
Description
Displays the list of SNMP traps.
Syntax
No parameters.
Example
The output of this command shows the list of SNMP traps and the status. (host) # show snmp trap-list
SNMP TRAP LIST
--------------
TRAP-NAME
CONFIGURABLE
---------
------------
authenticationFailure
Yes
coldStart
Yes
linkDown
Yes
linkUp
Yes
warmStart
Yes
wlsxAPBssidEntryChanged
Yes
wlsxAPEntryChanged
Yes
wlsxAPImpersonation
Yes
wlsxAPInterferenceCleared
Yes
wlsxAPInterferenceDetected
Yes
wlsxAPRadioAttributesChanged
Yes
wlsxAPRadioEntryChanged
Yes
wlsxAccessPointIsDown
Yes
wlsxAccessPointIsUp
Yes
wlsxAdhocNetwork
Yes
wlsxAdhocNetworkBridgeDetected
Yes
wlsxAdhocNetworkBridgeDetectedAP
Yes
...
...
...
...
wlsxFanOK
Yes
wlsxFanTrayInserted
Yes
--More-- (q) quit (u) pageup (/) search (n) repeat
ENABLE-STATE -----------Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled
Enabled Enabled
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1887 | show snmp trap-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show snmp trap-queue
show snmp trap-queue
Description
Displays the list of SNMP traps in queue.
Syntax
No parameters.
Example
The output of this command shows the list of SNMP traps sent to host.
(host) # show snmp trap-queue
a)wlsxMgmtUserAuthenticationFailed The trap indicates that a management user authentication failed. 2013-10-29 08:08:10 Management user authentication failed for user commonuser1 with IP address 10.20.102.79 usermac 00:00:00:00:00:00 server name CiscoACS-2 serverip 10.15.28.41 b)wlsxNUserAuthenticationFailed : The trap indicates that a user authentication has failed. 2013-10-29 07:47:07 User Authentication failed for user commonuser1 userip 0.0.0.0 usermac 00:5f:12:00:00:00 servername CiscoACS-1 serverip 10.15.28.40 bssid 00:d2:5d:80:00:08 apname v5rapsim_000_000 c)wlsxNAuthServerReqTimeOut: The trap indicates that the authentication server req timeout 2013-10-29 07:44:58 Authentication request timed out for server CiscoACS-1 serveip 10.15.28.4 username commonuser1 userip 0.0.0.0 usermac 00:5f:12:00:00:00 bssid 00:d2:5d:80:00:08 apname v5rapsim_000_000 d)wlsxNAuthServerTimeOut : The trap indicates the server taken out of service. 2013-10-29 07:45:48 Authentication server CiscoACS-1 serverip 10.15.28.4 timed out. Time out value is 1383012948 for user commonuser1 ip 0.0.0.0 mac 00:5f:12:00:00:00 bssid 00:d2:5d:80:00:08 apname v5rapsim_000_000 e)wlsNAuthServerIsDown The trap indicates that an authentication server is down. 2013-10-29 07:44:11 Authentication Server CiscoACS-1 with ip 10.15.28.4 is down. f)wlsNAuthServerUp The trap indicates that an authentication server is up. 2013-10-29 07:45:48 Authentication server CiscoACS-1 with ip 10.15.28.4 is up
Command History
Release ArubaOS 3.0 ArubaOS 6.4
Modification
Command introduced.
Added more information to the output: Server IP address, user MAC, AP name, authentication failure details, authentication request time out, auth server down and up traps messages sending to the host .
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show snmp trap-queue | 1888
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1889 | show snmp trap-queue
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show snmp user-table
show snmp user-table [user <username> auth-prot [sha | md5] <value> priv-prot [aes | des] <value>]
Description
Displays the list of SNMP user profile for a specified username.
Syntax
Parameter Description
auth-prot
Authentication protocol for the user, either HMAC-MD5-98 Digest Authentication Protocol (MD5) or HMAC-SHA-98 Digest Authentication Protocol (SHA), and the password for use with the
designated protocol.
priv-prot
Privacy protocol for the user, either Advanced Encryption Standard (AES) or CBC-DES Symmetric Encryption Protocol (DES), and the password for use with the designated protocol.
Example
The output of this command shows the list of SNMP traps sent to host. (host) # show snmp user-table
SNMP USER TABLE --------------USER AUTHPROTOCOL ---- ------------
Sam SHA fire SHA
PRIVACYPROTOCOL --------------AES AES
FLAGS -----
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show snmp user-table | 1890
show spanning-tree
show spanning-tree <interface [fastethernet slot/port | gigabitethernet slot/port | port-channel id] <vlan vlan-id>
Description
View the RSTP and PVST+ configuration.
Syntax
Parameter interface
vlan
Description
Enter the keyword interface followed by the interface and slot/port or port-channel id: l for Fast Ethernet enter the keyword fastethernet followed by the
slot/port l For Gigabit Ethernet enter the keyword gigabitethernet followed by
the slot/port l For Port Channel enter the keyword port-channel followed by an id
number Range: 0 to 7
Enter the keyword vlan follow by the VLAN ID. Range: 1 to 4094 Default: 1
Example--show spanning-tree
(host) # show spanning-tree
Spanning tree instance for vlan 10 Spanning Tree is executing the IEEE compatible Rapid Spanning Tree protocol Bridge Identifier has priority 32768, address 00:0b:86:f0:20:00 Configured hello time 2, max age 20, forward delay 15 We are the root of the spanning tree Topology change flag is not set, detected flag not set, changes 1 Times: hold 1, topology change 35 hello 2, max age 20, forward delay 15 Timers: hello 0, notification 0 Last topology change: 2 days, 0 hours, 31 mins, 21 secs
Spanning tree instance for vlan 20 Spanning Tree is executing the IEEE compatible Rapid Spanning Tree protocol Bridge Identifier has priority 32768, address 00:0b:86:f0:20:00 Configured hello time 2, max age 20, forward delay 15 We are the root of the spanning tree Topology change flag is not set, detected flag not set, changes 1 Times: hold 1, topology change 3 hello 2, max age 20, forward delay 15 Timers: hello 0, notification 0 Last topology change: 1 days, 0 hours, 3 mins, 2 secs
Example--show spanning-tree vlan
(host) # show spanning-tree vlan 2
1891 | show spanning-tree
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Spanning Tree is executing the IEEE compatible Rapid Spanning Tree protocol Bridge Identifier has priority 32768, address 00:0b:86:f0:20:00 Configured hello time 2, max age 20, forward delay 15 We are the root of the spanning tree Topology change flag is not set, detected flag not set, changes 1 Times: hold 1, topology change 35 hello 2, max age 20, forward delay 15 Timers: hello 0, notification 0 Last topology change: 2 days, 0 hours, 31 mins, 21 secs
Example--show spanning-tree interface fastethernet
(host) (config-if)#show spanning-tree interface fastethernet 1/1
Interface FE 1/1 (port 2) in Spanning tree is FORWARDING Port path cost 19, Port priority 128 Role DISNIGNATED PortFast DISABLED P-to-P ENABLED Designated root has priority 0 address 00:01:e8:d5:a3:6d Designated bridge has priority 32768 address 00:0b:86:50:58:30 Designated port is 2, path cost 0 Timers: message age 0, forward delay 20, hold 0 Counts: BPDUs received 0, sent 0
Command History
Release ArubaOS 6.0
Modification PVST+ added
ArubaOS 3.4
Upgraded STP to RSTP with full backward compatibility.
Command Information
Platform All platforms
Licensing Base operating system
Command Mode
Enable mode and Configuration mode (config) on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show spanning-tree | 1892
show spantree
show spantree <blocking> | <enable> | <forwarding> | <off> | <vlan>
Description
View the global RSTP and PVST+ topology.
Syntax
Parameter blocking
Description View the spanning tree ports in the Blocking state.
enable
View the spanning tree ports in the Enable state.
forwarding
View the spanning tree ports in the Forwarding state.
off
View the ports with spanning tree disabled
vlan
View the spanning tree instance for the VLAN.
Example
(host) # show spantree
Spanning tree instance vlan 1
Designated Root MAC
00:0b:86:6b:57:80
Designated Root Priority 32768
Root Cost
20000
Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
Bridge MAC
00:1a:1e:00:89:b8
Bridge Priority
32768
Configured Max Age 20 sec Hello Time 2 sec
Forward Delay 15 sec
Rapid Spanning Tree port configuration
--------------------------------------
Port
State
Cost
Prio PortFast
----
-----
----
---- --------
GE 0/0/0 Forwarding 20000 128 Disable
GE 0/0/1 Discarding 20000 128 Disable
GE 0/0/2 Discarding 2000
128 Disable
GE 0/0/3 Discarding 2000
128 Disable
GE 0/0/4 Discarding 2000
128 Disable
GE 0/0/5 Discarding 2000
128 Disable
Pc 0
Discarding 2000000 128 Disable
Pc 1
Discarding 2000000 128 Disable
Pc 2
Discarding 2000000 128 Disable
Pc 3
Discarding 2000000 128 Disable
BpduGuard --------Disable Disable Disable Disable Enable Disable Disable Disable Disable Disable
P-to-P -----Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable
Role ---Root Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled
1893 | show spantree
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 3.0 ArubaOS 6.0 ArubaOS 6.3 ArubaOS 6.4.3.0
Modification Command introduced. The PVST+ parameter added. Upgraded STP to RSTP with full backward compatibility. The BpduGuard field was introduced as part of this command output.
Command Information
Platform All platforms
Licensing Base operating system
Command Mode
Enable mode and Configuration mode (config) on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show spantree | 1894
show ssh
show ssh
Description
Displays the SSH configuration details.
Syntax
No parameters.
Example
The output of this command shows SSH configuration details. (host) # show ssh
SSH Settings: ------------DSA Mgmt User Authentication Method
Enabled username/password
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1895 | show ssh
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show sso idp-profile
show sso idp-profile
Description
Displays all SSO IDP profiles.
Syntax
No parameters.
Example
The output of this command lists all SSO IDP profiles on the controller.
((host) (config) #show sso idp-profile
SSO Profile List
----------------
Name
References Profile Status
----
---------- --------------
sso-example 0
Command History
This command was available in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show sso idp-profile | 1896
show startup-config
show startup-config
Description
Displays the configuration which will be used the next time the controller is rebooted. It contains all the options last saved using the write memory command. Any unsaved changes are not included.
Syntax
No parameters.
Example
The output of this command shows slot details on the controller.
(host) # show startup-config
version 3.4 enable secret "608265290155fb924578f15b12670a75a37045cbdf62fb0d3a" telnet cli telnet soe loginsession timeout 30 hostname "FirstFloor2400" clock timezone PST -8 location "Building1.floor1" mms config 0 controller config 22
ip access-list eth validuserethacl permit any
! netservice svc-snmp-trap udp 162 netservice svc-dhcp udp 67 68 netservice svc-smb-tcp tcp 445 netservice svc-https tcp 443 netservice svc-ike udp 500 netservice svc-l2tp udp 1701 netservice svc-syslog udp 514 ... ... ... netservice svc-msrpc-udp udp 135 139 netservice svc-ssh tcp 22 netservice svc-http-proxy1 tcp 3128 --More-- (q) quit (u) pageup (/) search (n) repeat
Command History
This command was available in ArubaOS 3.0
1897 | show startup-config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show startup-config | 1898
show station-table
show station-table [mac <mac_address> | verbose ]
Description
Displays the internal station table entries and also details of a station table entry.
Syntax
Parameter mac <mac_address> verbose
Description Displays the details of the AP that matches the specified MAC address. Displays the details of all the APs in a table format.
Example
The output of this command shows details of an entry in the station table. (host) # show station-table mac 00:1f:6c:7a:d4:fd
Association Table
-----------------
BSSID
IP
Essid AP name Phy Age
--------------- ----------- ------- ------- --- ---
00:0b:86:6d:3e:30 10.15.20.252 sam
-
a 01:03:41
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1899 | show station-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show storage
show storage
Description
Displays the storage information on the controller.
Syntax
No parameters.
Example
The output of this command shows the storage details on the controller.
(host) # show storage Filesystem /dev/root none /dev/hda3 /dev/usb/flash3 /dev/usbdisk/2 /dev/usbdisk/1
Size 57.0M 70.0M 149.7M
1.5G 3.5G 3.9G
Used Available Use% Mounted on
54.6M
2.3M 96% /
2.0M
68.0M 3% /tmp
9.3M 132.6M 7% /flash
168.6M
1.3G 12% /flash
71.4M
3.2G 2% /mnt/usbdisk/2
131.0M
3.8G 3% /mnt/usbdisk/1
The number at the end of the USB device's name is the partition. Unlike the controller's flash, the USB device has more than two partitions; not just 0 and 1. When copying a file from a USB device, you must know which partition the target file is on.
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show storage | 1900
show switch ip
show switch ip
Description
Displays the IP address of the controller and VLAN ID.
Syntax
No parameters.
Example
The output of this command shows the IP address and VLAN ID of the controller.
(host) # show switch ip Switch IP Address: 10.16.15.1 Switch IP is from Vlan Interface: 1
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1901 | show switch ip
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show switch software
show switch software
Description
Displays the details of the software running in the controller.
Syntax
No parameters.
Example
The output of this command shows the details of software running in the controller.
(host) # show switch software
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show switch software | 1902
show switches
show switches [all | regulatory | state {complete | incomplete | inprogress | required} | summary ]
Description
Displays the details of controllers connected to the master controller, including the master controller itself.
Syntax
Parameter all regulatory state summary
Description List of all controllers. Displays information about the currently active regulatory file. Configuration status of all controllers. Status of all controllers connected to the master.
Example
The output of this command shows that there is a single local controller connected to the master controller. (host) # show switches all
All Switches -----------IP Address Name Config Sync Time (sec) ---------- ------------------------10.16.12.1 r-wing-94 0192.0.2.12 CorpA2400
0
Location
Type Version
Status Configuration State
--------
---- -------
------ -------------------
Building1.floor1 master 6.0.0.0_13782 up Building1.floor1 master 6.0.0.0_13782 up
UPDATE SUCCESSFUL UPDATE SUCCESSFUL
The following command displays information about branch controllers defined using a branch config group on a master controller. In the example below, the table in the command output has been divided into two sections to better fit on this document. In the ArubaOS command-line interface, this output appears in a single, wide table.
(host) (config) #show switches branch
All Branch Controllers
----------------------
IP Address MAC
Hostname
---------- ---
--------
172.16.0.254 00:1a:1e:00:56:68 host
Model
Version
Status
-----
-------
------
DellW-7210 6.4.3.0_48786 up
Branch Group Configuration State Branch Config ID Uptime
------------ ------------------- ---------------- ------
branch1
UPDATE SUCCESSFUL 3
7d 21h 20m
The output of the previous command includes the following parameters:
1903 | show switches
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
IP address
IP address of the controller
MAC
MAC address of the controller
Hostname
hostname of the master controller
Model
Controller model type.
Version
Software version running on the controller
Status
A status of up indicates that the controller is active on the network. A status of down indicates that the controller is inactive or unreachable by the master controller
Branch Group
Name of the branch config group assigned to the branch controller.
Configuration State Status of the configuration assigned to the branch controller,
Branch Config ID
The branch config ID increments every time the branch config group settings are updated. All branch controllers assigned to the same branch config group should display the same branch config ID, indicating that they are all running the same configuration version.
Uptime
Amount of time the controller has been active on the network.
The output of the following command shows the regulatory file active on the controller. (host) #show switches regulatory
All Switches -----------IP Address ---------172.16.0.254
Name ---host
Location -------Building1.floor1
Type ---master
Model ----W-7210
File Version ------------
1.0_43859
File Build ----------
21/4/2014
Command History
Version ArubaOS 3.0 ArubaOS 6.0
ArubaOS 6.4.1 ArubaOS 6.4.3
Description
Command introduced.
The version column in the output of this command was expanded to include both the version and the build number for controllers running ArubaOS 6.0 and later releases.
The regulatory parameter was added.
The branch parameter was added to display settings for branch office controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show switches | 1904
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master controllers
1905 | show switches
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show switchinfo
show switchinfo
Description
Displays the latest and complete summary of controller details including role, last configuration change, hostname, reason for last reboot.
Syntax
No parameters.
Example
The output of this command lists all controllers connected to the master controller including the master controller. (host) # show switchinfo Hostname is Techpubs Console Baudrate: 115200 Location not configured System Time:Tue Nov 27 16:22:14 PST 2012 Compiled on 2012-11-26 at 17:06:31 PST (build 36290) by p4build ROM: System Bootstrap, Version CPBoot 1.2.0.9 (build 35873) Built: 2012-10-24 13:51:09 Built by: p4build@re_client_35873 Switch uptime is 9 hours 34 minutes 3 seconds Reboot Cause: User reboot. Built: 2012-10-24 13:51:0 Built by: p4build@re_client_35873
Internet address is 172.16.0.254 255.255.255.0 Routing interface is enable, Forwarding mode is enable Directed broadcast is disabled Encapsulation 802, loopback not set Last clearing of "show interface" counters 0 day 9 hr 34 min 3 sec link status last changed 0 day 9 hr 34 min 3 sec Proxy Arp is disabled for the Interface switchrole:master Configuration unchanged since last save Crash information available.
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show switchinfo | 1906
show syscontact
show syscontact
Description
Displays the contact information for support.
Syntax
No parameters.
Example
The output of this command shows the contact information for technical support. (host) # show syscontact admin@mycompany.com
Command History
This command was available in ArubaOS 3.1
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1907 | show syscontact
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show syslocation
show syslocation
Description
Displays the location details of the controller.
Syntax
No parameters.
Example
The output of this command location of the controller. (host) # show syslocation Building 1, Floor 1
Command History
This command was available in ArubaOS 3.1
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show syslocation | 1908
show tech-support
show tech-support <filename> user
Description
Displays all information about the controller required for technical support purposes.
Syntax
Parameter <filename>
user
Description
Stores the output in specified file name. Maximum length of the file name is 127 characters
Run a user specific tech-support command.
Command History
Release ArubaOS 3.1 ArubaOS 6.2
Modification Command available. User and <filename> parameters added.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1909 | show tech-support
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show telnet
show telnet
Description
Displays the status of telnet access using the command line interface (CLI) or Serial over Ethernet (SOE) to the controller.
Syntax
No parameters.
Example
The output of this command shows the status of CLI and SOE access to the controller. (host) # show telnet
telnet cli is enabled telnet soe is enabled
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show telnet | 1910
show threshold
show threshold all|controlpath-cpu|controlpath-memory|datapath-cpu| no-of-aps|no-of-locals|total-tunnel-capacity|user-capacity|
Description
This command shows controller capacity thresholds which, when exceeded, will trigger alerts.
Syntax
Parameter all
Description Display all alert thresholds.
controlpath-cpu
Display the alert threshold for controlpath CPU capacity. The output of this command shows the percentage of the total controlpath CPU capacity that must be exceeded before the alert is sent.
The default threshold for this parameter is 80%.
controlpath-memory
Display the alert threshold for controlpath memory consumption. The output of this command shows the percentage of the total memory capacity that must be exceeded before the alert is sent.
The default threshold for this parameter is 85%.
datapath-cpu
Display the alert threshold for datapath CPU capacity. The output of this command shows the percentage of the total datapath CPU capacity that must be exceeded before the alert is sent.
The default threshold for this parameter is 30%.
no-of-APs
The maximum number of APs that can be connected to a controller is determined by that controller's model type and installed licenses. This threshold triggers an alert when the number of APs currently connected to the controller exceeds a specific percentage of its total AP capacity.
The default threshold for this parameter is 80%.
no-of-locals
Display the alert threshold for the master controller's capacity to support branch and local controllers.
A master controller can support a combined total of 256 branch and local controllers. The output of this command shows the percentage of the total master controller capacity that must be exceeded before the alert is sent. The default threshold for this parameter is 80%.
total-tunnel-capacity
Display the alert threshold for the controller's tunnel capacity. The output of this command shows the percentage of the controller's total tunnel capacity that must be exceeded before the alert is sent.
The default threshold for this parameter is 80%
1911 | show threshold
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter user-capacity
Description
Display the alert threshold for the controller's user capacity. The output of this command shows the percentage of the total resource capacity that must be exceeded before the alert is sent. The default threshold for this parameter is 80%.
Usage Guidelines
The controller will send a wlsxThresholdAbove SNMP trap and a syslog error message when the controller has exceeded a set percentage of the total capacity for that resource. A wlsxThresholdBelow SNMP trap and error message will be triggered if the resource usage drops below the threshold once again.
Example
(host) (config) #show threshold all
Controller Capacity Threshold Values
------------------------------------
RESOURCE
THRESHOLD(%)
--------
------------
Datapath-Cpu
30 %
Controlpath-Cpu
80 %
Controlpath-Memory
85 %
Total-Tunnel-Capacity 80 %
Ap-Tunnel-Capacity
80 %
User-Capacity
80 %
No-of-APs
80 %
No-of-locals
80 %
Command History
The command was introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show threshold | 1912
show threshold-limits
show threshold-limits controlpath-memory|fan-speed|no-of-aps|no-of-locals|total-tunnel-capacity|user-capacity
Description
This command shows current values of the different resources monitored by the controller.
Syntax
Parameter controlpath-memory
Description
The output of this command displays the default memory threshold which, when exceeded, will trigger an alert, the current configured threshold, the total memory (in MB) and the currently available memory (in MB).
fan-speed
The output of this command displays the fan alert threshold. This parameter is only available for controllers with fans, such as the W-6000M3 and W-7200 series.
no-of-aps
The output of this command displays the following values:
l The default threshold for the number of APs, which, when exceeded, will trigger an alert
l The current configured threshold.
l The maximum number of APs supported by the controller,
l The number of available licenses for campus and remote APs,
l The total number of APs, and the current number of campus, remote and virtual APs.
no-of-locals
The output of this command displays the default threshold for the number of local controllers which, when exceeded, will trigger an alert, and the current configured threshold. The output also displays the maximum number of local controllers that can be connected to this master controller, and the number of local controllers currently connected.
total-tunnel-capacity
The output of this command displays the default tunnel capacity threshold which, when exceeded, will trigger an alert, as well as the current configured tunnel threshold. The output also includes the maximum number of tunnels supported by the controller, as well as the number of tunnels currently used by the controller.
user-capacity
The output of this command displays the default user capacity threshold which, when exceeded, will trigger an alert, as well as the current configured user threshold. The output also includes the maximum number of users supported by the controller, as well as the number of users currently associated with the controller.
Usage Guidelines
The controller will send a wlsxThresholdAbove SNMP trap and a syslog error message when the controller has exceeded a set percentage of the total capacity for that resource. A wlsxThresholdBelow SNMP trap and error message will be triggered if the resource usage drops below the threshold once again.
1913 | show threshold-limits
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Example
The following command shows the current alert thresholds for controlpath memory resources: (host) (config) #show threshold-limits controlpath-memory
Threshold Values For Controlpath Memory
----------------------------------------
Default(%) Current(%) Total Memory (MB) Available Memory (MB)
---------- ---------- ----------------- ---------------------
85
77
679
225
The following command shows the current alert thresholds for all monitored controller resources:
Command History
The command was introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show threshold-limits | 1914
show time-range
show time-range [<name>|summary]
Description
Displays the list of time range configured in the system and rules affected by the time range.
Syntax
No parameters.
Example
The output of this command shows the absolute time range details. (host) # show time-range
Time-Range monitoring, Absolute
-------------------------------
StartDate Start-time EndDate
--------- ---------- -------
4/29/2009 23:00
4/30/2009
End-time -------12:00
Applied ------No
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1915 | show time-range
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show timer debug statistics app-name
show ipc statistics app-name <name>
Description
Displaytimer debugging statistics for a specific application.
Syntax
Parameter
Description
<name>
One of the following application names: l aaa: Administrator Authentication l ads: Anomaly Detection l authmgr: User Authentication l certmgr: Certificate Manager l cfgm: Config Manager l cpsec: Control-Plane Security
Manager l cts: Transport Service l dbsync: Database Synchronization l dhcp: DHCP Server l esi: Server Load Balancing l fpapps: Layer 2,3 control l ha_mgr: HA manager l httpd: HTTPD l ike: IKE Daemon l l2tp: L2TP l licensemgr: License Manager l mdns: AirGroup mdns l mobileip: Mobile IP
l ntp: NTP Daemon l ospf: OSPF l pim: Protocol Independent
Multicast l pktfilter: Packet Filter l pptp: PPTP l profmgr: Profile Manager l publisher: Publish subscribe
service l resolver: Resolver l snmp: SNMP agent l stm: Station Management l syslogd: Syslog Manager l userdb: User Database Server l wms: Wireless Management
Example
The following example shows IPC statistics for the STM process. (host) #show timer debug statistics app-name stm
Granularity=100 Wheel Size=512 Tick Count=5744522 Spoke Index=394 Active timers=21 Expired timers=886374 Hiwater mark=49 Started timers=109893
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show timer debug statistics app-name | 1916
Cancelled timers=4425
Timer info
SI
TV
RC
Recurring
RT
Callback
0
3600000 30
Yes
1575400 0x2ad41c84
0
3600000 30
Yes
1575400 0x2ad4a200
0
3600000 30
Yes
1575400 0x2ad41c84
0
3600000 30
Yes
1575400 0x2ad4a200
0
3600000 30
Yes
1575400 0x2ad41c84
0
3600000 30
Yes
1575400 0x2ad4a200
0
3600000 30
Yes
1575400 0x2ad41c84
0
3600000 30
Yes
1575400 0x2ad4a200
0
3600000 30
Yes
1575400 0x2ad41c84
0
3600000 30
Yes
1575400 0x2ad4a200
360 300000 0
Yes
3400 0x57d564
360 60000 0
Yes
3400 0x46942c
360 60000 0
Yes
3400 0x2b230730
360 60000 0
Yes
3400 0x54e8a4
380 60000 0
No
1400 0x646fb8
402 1000 0
Yes
800
0x42a068
410 300000 1
Yes
52800 0x5b599c
422 5000 0
Yes
2800 0x2b2544a0
447 8085 0
No
5300 0x478660
472 10000 0
Yes
7800 0x41ce70
492 60000 0
No
9800 0x42a820
SI: Spoke Index TV: Timer Value RC: Rotation Count
RT: Remaining Time
FN: Function:Line Number
FN PAPI_Init_Prio:1245 PAPI_Init_Prio:1249 PAPI_Init_Prio:1245 PAPI_Init_Prio:1249 PAPI_Init_Prio:1245 PAPI_Init_Prio:1249 PAPI_Init_Prio:1245 PAPI_Init_Prio:1249 PAPI_Init_Prio:1245 PAPI_Init_Prio:1249 sapm_ap_mgmt_init:831 addservicetomonitor:169 Nanny_Start_Processing:98 voip_ucm_init:255 mon_mgr_set_coll_stats_timer:48 main:1104 sapm_gap_read_db:3409 boc_licusage_init:115 mux_heartbeat:1017 wifi_auth_reg_timer_init:7539 stm_set_net_stats_update_timer:
Command History
This command was available in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1917 | show timer debug statistics app-name
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show tpm cert-info
show tpm cert-info
Description
Displays the TPM and Factory Certificate information on MIPS controllers (W-6000M3, W-3000 Series, and W600 Series).
Syntax
No parameters.
Usage Guidelines
Use this command to verify that TPM and factory certificates are installed as expected. This command should be executed before enabling CPSec on MIPS controllers (W-6000M3, W-3000 Series, and W-600 Series).
Example
In the example below, the TPM and certificates are installed. (host)#show tpm cert-info
subject= /CN=AF0000168::00:0b:86:f0:33:e0 issuer= /DC=com/DC=arubanetworks/DC=ca/CN=DEVICE-CA2 serial=1F023F05000000015087 notBefore=Jan 30 01:38:57 2009 GMT notAfter=Jan 25 01:38:57 2029 GMT In the example below, the controller is not able to verify the TPM or Factory Certificate information. (host)#show tpm cert-info
Cannot get TPM and Factory Certificate Info TPM and/or Factory Certificates might be missing.
Command History
Release ArubaOS 5.0
Modification Command introduced
Command Information
Platforms
MIPS controllers (W-6000M3, W-3000 Series, and W-600 Series)
Licensing Base operating system
Command Mode Enable Mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show tpm cert-info | 1918
show trunk
show trunk
Description
Displays the list of trunk ports on the controller.
Syntax
No parameters.
Example
The output of this command shows details of a trunk port. (host) # show trunk
Trunk Port Table ----------------Port Vlans Allowed Vlan ---- --------------FE2/12 1,613,615-617,632-633,636-640,667-668
Vlans Active -----------1,613,615-617,632-633,636-640,667-668
Native -------1
Command History
This command was available in ArubaOS 3.0
Command Information
Pslatforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1919 | show trunk
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show tunnel-group
show tunnel-group <tunnel-group-name>
Description
Displays the operational status of the tunnel-groups configured on the controller.
Syntax
Parameter <tunnel-group-name>
Description Displays the operational status of the specified tunnel-group.
Example
The output of this command shows the status of the configured tunnel-groups: (host) #show tunnel-group
Tunnel-Group Table Entries
--------------------------
Tunnel Group Type Tunnel Group Id Preemptive Failover Active Tunnel Id Tunnel Members
------------ ---- --------------- -------------------- ---------------- --------------
tgroup1
L3 16385
enabled
10
10 20
tgroup2
L2 16387
enabled
10
10 20 40
The output of the following command shows the status of the specified tunnel-group:
(host) #show tunnel-group tgroup1
Tunnel-Group Table Entries
--------------------------
Tunnel Group Type Tunnel Group Id Preemptive Failover Active Tunnel Id Tunnel Members
------------ ---- --------------- -------------------- ---------------- --------------
tgroup1
L3 16385
enabled
10
10 20
The output of the following command shows the datapath Tunnel-Group table entries:
(host) #show datapath tunnel-group
Datapath Tunnel-Group Table Entries
-----------------------------------
Tunnel-Group Active Tunnel Members
------------ ------------- ---------
16385
10
10 20
Command History
Release ArubaOS 6.3
Modification Command introduced.
ArubaOS 6.4.2.3
The Type parameter was introduced as part of this command output.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show tunnel-group | 1920
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
1921 | show tunnel-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show tunneled-node
show tunneled-node [state|database]
Description
Displays the state of the tunneled node and lists all tunneled nodes connected to the controller.
Syntax
No parameters.
Example
The output of this command shows the tunneled node state. (host) # show tunneled-node state
Tunneled Node State --------IP MAC s/p state vlan tunnel inactive-time -- --- --- ----- ---- ------ ------------192.168.123.14 00:0b:86:40:32:40 1/23 complete 10 9 1 192.168.123.14 00:0b:86:40:32:40 1/22 complete 10 10 1 192.168.123.14 00:0b:86:40:32:40 1/20 complete 10 11 1
On the tunneled node client:
(host) #show tunneled-node state
Tunneled Node State
-------------------
IP
MAC
--
---
192.168.123.16 00:0b:86:40:32:40
192.168.123.16 00:0b:86:40:32:40
192.168.123.16 00:0b:86:40:32:40
s/p --1/23 1/22 1/20
state ----complete complete complete
vlan ---10 10 10
tunnel -----21 9 13
inactive-time ------------0 0 0
Command History
Release ArubaOS 3.0 ArubaOS 6.1
Modification Command introduced.
The command name was changed to tunneled-node. The database parameter was added.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show tunneled-node | 1922
show ucc call-info cdrs
show ucc call-info cdrs ap <ap_name> [app [h323 | lync | noe | sccp | sip | svp | vocera]] app {h323 [detail] | lync [detail] | noe [detail] | sccp [detail] | sip [detail] | svp [detail] | vocera [detail]} cid <cid> detail <cr>
Description
This command displays the Call Detailed Records (CDR) statistics for Unified Communication and Collaboration (UCC).
When VoIP calls are prioritized using media classification, the UCC Call ID, Client Name, Called to, Dir (direction of the call), End-to-End Delay(ms)/Jitter(ms)/PktLoss(%), Codec, MOS, and MOS-Band values are not available.
Syntax
Parameter
Description
ap <ap_name> [app [h323 | lync | noe | sccp | sip | svp | vocera]]
Displays the CDR statistics of an AP for a specific Application Layer Gateway (ALG).
app {h323 [detail] | lync [detail] | noe [detail] | sccp [detail] | sip [detail] | svp [detail] | vocera [detail]}
Displays the CDR statistics based on a specific ALG.
cid <cid>
Displays CDR statistics for a specific CDR-ID.
detail
Displays detailed CDR statistics.
Example
The following command displays the CDR statistics:
(host) #show ucc call-info cdrs
CDRS:
-----
CDR ID UCC Call ID Client IP
(sec)
------ ----------- ---------
---
43
12
192.0.2.22
42
12
192.0.2.26
41
11
192.0.2.29
Client MAC
Client Name ALG Dir Called to Dur
----------
----------- --- --- --------- -----
00:23:33:41:c8:b8 Alex 24:77:03:9a:6c:dc John 00:22:90:ea:9e:f1 Steve
Lync IC Joe
50
Lync OG Mike
50
Lync IC Ken
50
Orig Time
Status Reason
Call Type
Client Health
---------
------ ------
---------
-------------
Jan 8 06:18:27 SUCC Terminated Video/Conf Call 81
UCC Score UCC-Band
--------- --------
81.52
Good
1923 | show ucc call-info cdrs
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Jan 8 06:18:27 SUCC Jan 8 06:16:49 SUCC
Terminated Voice
82
Terminated Voice/Conf Call 86
MOS --4.17 4.15 4.19
MOS-Band -------Good Good Good
The output of this command includes the following information:
79.53 86.34
Good Good
Column CDR ID UCC Call ID Client IP Client MAC Client Name ALG Dir
Called to Dur(sec) Orig Time Status
Reason
Description Displays the Call Detail Record ID of a particular voice and video calls, desktop sharing, or file transfer session.
Displays the unique identifier for all call legs of a particular voice and video calls, desktop sharing, or file transfer session.
Displays the IP address of the VoIP client.
Displays the MAC address of the VoIP client.
Displays the username of the VoIP client.
Displays the VoIP protocol used by the VoIP client.
Displays the direction of the call. Possible values are: l OG--Outgoing l IG--Incoming
Displays the username of the VoIP client being called.
Displays the duration of the VoIP call in seconds.
Displays the time at which the VoIP call originated.
Displays the status of the VoIP call. Possible values are: l SUCCESS l FAILED l ABORTED l BLOCKED l FORWARDED l ALERTING l HOLD l ACTIVE
Displays the reason code for call termination. Possible values are:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc call-info cdrs | 1924
Column
Call Type 1925 | show ucc call-info cdrs
Description
l NA l Capacity Reached l 401 unauthorized l 487 request timeout l Request timeout l Request canceled l Request terminated l Session timeout l Session timer expired l Session expired - request timeout l Aborted l Terminated l Forwarded l Transferred l Inactivity l Wrong number l Peer reset l Client reset l No answer l Missed l Parked l Invalid number l Tunnel down l Moved temporarily l 4xx error l 5xx error l Call leg does not exist l DELTS request l TCLAS flow deleted l No reason
Displays the type of VoIP call or session. Possible values are: l Not Available l Voice l Video l Desktop Sharing l File Transfer l Voice/Conf Call
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column
Client Health
UCC Score UCC-Band MOS MOS-Band
Description
l Video/Conf Call l Desktop-Sharing/Conf Call l File-Transfer/Conf Call
Displays the ratio of ideal air time required for transmitting a packet from an AP to a client to the actual air time taken for the packet transmission in percentage. Ideal air time assumes highest data rate without any retransmission.
Displays the UCC score based on the quality of the voice call or desktop sharing session. This is an AP-to-client score (wireless) of the VoIP call.
Displays the quality band of the VoIP call based on the UCC score.
Displays the Mean Opinion Score of the VoIP call.
Displays the Mean Opinion Score of the VoIP call. This is an end-to-end score (wired and wireless) of the VoIP call. MOS-Band is the quality band of the VoIP call based on the MOS of the voice call.
The following command displays the CDR statistics for an AP. (host) #show ucc call-info cdrs ap AP225-1
CDR-AP:
-------
CDR ID UCC Call ID
(msec)
------ -----------
----
18
7
17
7
16
6
AP Name
-------
AP225-1 AP225-1 AP225-1
Re-Assoc
--------
0 0 1
CAC-Denied
----------
No No No
Utilization(%)
--------------
37 37 34
Codec
-----
G711 G711 NA
Jitter(msec) -----------0.21 0.37 0.05
Packet Loss(%) -------------0.00 14.93 0.00
Orig WMM-AC ----------NA 0 0
Max Concurrent Calls: 2 At Jan 14 03:54:15 The output of this command includes the following information:
Quality Delay
------- -------
Good Fair Good
0.74 19.00 0.55
Column CDR ID
UCC Call ID
Description
Displays the Call Detail Record ID of a particular voice and video calls, desktop sharing, or file transfer session.
Displays the unique identifier for all call legs of a particular voice and video calls, desktop sharing, or file transfer session.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc call-info cdrs | 1926
Column AP Name Re-Assoc CAC-Denied
Utilization(%) Codec Quality
Delay(msec) Jitter(msec) Packet Loss(%) Orig WMM-AC
Description
Displays the name that uniquely identifies the AP.
Displays the number of times the client re-associated while on an active call.
Displays the status of the Call Admission Control (CAC). Possible values are: l Yes--CAC denied l No--CAC allowed
Displays the channel utilization of the AP during the call.
Displays the compression protocol used for voice and video calls, desktop sharing, or file transfer session.
Displays the quality of the VoIP call based on the UCC score. Possible values are: l Good l Fair l Poor l NA
Displays the average delay in milliseconds.
Displays the average jitter in milliseconds.
Displays the loss of packet in percentage.
Displays the original client value of the Wi-Fi Multimedia Access Category.
The following command displays detailed CDR statistics. (host) #show ucc call-info cdrs detail
CDRS-Detail:
------------
CDR ID UCC Call ID
(%)
------ -----------
---
29
11
22
9
AP Name
-------
AP135-1 AP135-1
Re-Assoc
--------
0 0
UCC Score
---------
82.70 83.93
UCC-Band
--------
Good Good
WLAN Delay(ms)/Jitter(ms)/PktLoss
---------------------------------
0.57/0.01/0.42 0.30/0.00/0.00
21
9
AP135-1 0
85.07
Good
0.33/0.00/0.64
SNR Avg Tx Rate(Mbps) Tx Drop(%) Tx Retry(%) Avg Rx Rate(Mbps) Rx Retry(%)
--- ----------------- ---------- ----------- ----------------- -----------
48 45.19
0.27
23.99
53.70
46 532.39
0.00
1.42
355.00
0.01
53 58.79
57.52
10.30
107.92
0.01
1927 | show ucc call-info cdrs
Dell Networking W-Series ArubaOS 6.4.x | User Guide
MOS --3.50 2.64 4.07
MOS-Band -------Good Fair Good
End-to-End Delay(ms)/Jitter(ms)/PktLoss(%) -----------------------------------------11.00/11.00/0.24 5.00/4.00/NA 5.00/2.00/0.46
The output of this command includes the following information:
Column CDR ID
Description
Displays the Call Detail Record ID of a particular voice and video calls, desktop sharing, or file transfer session.
UCC Call ID
Displays the unique identifier for all call legs of a particular voice and video calls, desktop sharing, or file transfer session.
AP Name
Displays the name that uniquely identifies the AP.
Re-Assoc
Displays the number of times the client re-associated while on an active call.
UCC Score
Displays the UCC score based on the quality of the voice call or desktop sharing.
UCC-Band
Displays the quality band of the VoIP call based on the UCC score.
WLAN Delay(ms)/Jitter (ms)/PktLoss(%)
SNR
Displays the WLAN delay (in milliseconds), jitter (in milliseconds), and packet loss (in percentage). NOTE: This field takes only the wireless network QoS parameters into consideration.
Displays the Signal-to-noise (SNR) ratio. SNR is the power ratio between an information signal and the level of background noise.
Avg Tx Rate(Mbps)
Displays the average transmission rate in Mbps.
Tx Drop(%)
Displays the transmission packet drop in percentage.
Tx Retry(%)
Displays the transmission retry in percentage.
Avg Rx Rate(Mbps)
Displays the average receive rate in Mbps.
Rx Retry(%)
Displays the receive retry in percentage.
MOS
Displays the Mean Opinion Score of the VoIP call. This is an end-to-end
score (wired and wireless) of the VoIP call.
MOS-Band
Displays the quality band of the VoIP call based on the Mean Opinion Score.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc call-info cdrs | 1928
Column
End-to-End Delay(ms) /Jitter(ms)/PktLoss(%)
Description
Displays the end-to-end delay (in milliseconds), jitter (in milliseconds), and packet loss (in percentage). NOTE: This field takes the wired and wireless network QoS parameters into consideration.
Command History
Version ArubaOS 6.4 ArubaOS 6.4.3.0
Description
Command introduced.
The UCC-Band, MOS, and MOS-Band fields were introduced as part of the show ucc call-info cdrs command output.
Following changes were made as part of the show ucc call-info cdrs cid <cid> command output:
l Moved the UCC Score, Client Health, MOS parameters from the CDRBasic section to the Call Samples section heading.
l Added a new Call Sample(per 60 secs) section heading. This section displays the properties of media session like IP, port, codec, DSCP, and WMM values.
l Renamed the CDRS-Detail section heading to WLAN Quality-Details.
l Added a new End-to-End Quality-Details section heading. This section displays the MOS, MOS band, delay, jitter, packet loss values.
l Under the Call Samples section heading, added the MOS, MOS-Band, End-to-End Delay(ms/Jitter(ms)/PktLoss(%) fields.
Following changes were made as part of the show ucc call-info cdrs detail command output:
l Removed the Src Port, Dest Port, Codec, DSCP, Orig DSCP, WMM-AC, Orig WMM-AC fields.
l Merged the Delay(msec), Jitter(msec), and Packet Loss (%) fields to WLAN Delay(ms)/Jitter(ms)/PktLoss(%).
l Added the MOS, MOS-Band, End-to-End Delay(ms)/Jitter(ms) /PktLoss(%) fields.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license.
Command Mode
Config or Enable mode on master or local controllers.
1929 | show ucc call-info cdrs
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc client-info
show ucc client-info app {h323 [detail] | lync [detail] | noe [detail] | sccp [detail] | sip [detail] | svp [detail] | vocera [detail]} detail sta <mac> <cr>
Description
This command displays the UCC client status and CDR statistics.
When VoIP calls are prioritized using media classification, the Client Name value is not available.
Syntax
Parameter
Description
app {h323 [detail] | lync [detail] | noe [detail] | sccp [detail] | sip [detail] | svp [detail] | vocera [detail]}
Displays the UCC client status and CDR statistics based on a specific ALG.
detail
Displays UCC client status details.
sta <mac>
Displays the detailed record for a specific client based on its MAC address.
Example
The following command displays the UCC client status and record:
(host) # show ucc client-info
Client Status:
--------------
Client IP
Client MAC
Status
---------
----------
-
192.0.2.22 00:23:33:41:c8:b8
Client Name ----------Alex
ALG --Lync
Server(IP) ---------192.0.2.1
Registration State -----------------REGISTERED
Call ---------Idle
192.0.2.26 24:77:03:9a:6c:dc John
Lync 192.0.2.1 REGISTERED
Idle
AP Name ------W-AP105 W-AP135
Flags -----
Device Type -----------
Windows Win 7
Flags: V - Visitor, A - Away, W - Wired, R - Remote, B - Blocked, E - External The output of this command includes the following information:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc client-info | 1930
Column Client IP Client MAC Client Name ALG Server(IP) Registration State
Call Status
AP Name Flags Device Type
Description Displays the IP address of the VoIP client.
Displays the MAC address of the VoIP client.
Displays the username of the VoIP client.
Displays the Application Layer Gateway protocol used by the VoIP client.
Displays the IP address of call server the client is registered to.
Displays the registration status of the VoIP call. Possible values are: l Registered l Registering l Unregistered l Rejected l Unknown
Displays the VoIP call status of the client. Possible values are: l Idle l In-Call
Displays the name of the AP to which the VoIP client is associated.
Displays if the client is a visitor, away, wired, remote, blocked, or external.
Displays the device type identification of the client.
The following command displays the UCC client status details: (host) #show ucc client-info detail
Client Status Details(Average):
-------------------------------
Client IP
Client MAC
---------
----------
192.0.2.22 00:23:33:41:c8:b8
192.0.2.26 24:77:03:9a:6c:dc
Client Name ----------Alex John
WLAN Delay(ms)/Jitter(ms)/PktLoss(%) -----------------------------------1.33/0.15/1.99 0.82/0.17/0.05
End-to-End Delay(ms)/Jitter(ms)/PktLoss(%) -----------------------------------------79.00/3.23/1.72 10.36/3.55/0.07
Call-Dur(sec) ------------1114 584
TxRate(Mbps) -----------84.42 27.02
RxRate(Mbps) -----------130.56 30.12
BW(kbps) -------1007 795
CAC Denied ---------0 0
ALG --Lync Lync
The output of this command includes the following information:
1931 | show ucc client-info
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column Client IP
Description Displays the IP address of the VoIP client.
Client MAC
Displays the MAC address of the VoIP client.
Client Name
Displays the username of the VoIP client.
WLAN Delay(ms)/Jitter(ms)/PktLoss(%)
Displays the WLAN delay (in milliseconds), jitter (in milliseconds), and packet loss (in percentage).
NOTE: This field takes only the wireless network QoS parameters into consideration.
End-to-End Delay(ms)/Jitter(ms)/PktLoss(%)
Displays the end-to-end delay (in milliseconds), jitter (in milliseconds), and packet loss (in percentage).
NOTE: This field takes the wired and wireless network QoS parameters into consideration.
Call-Dur(sec)
Displays the average call duration in seconds.
TxRate(Mbps)
Displays the average transmission rate in Mbps.
RxRate(Mbps)
Displays the average receive rate in Mbps.
BW(kbps)
Displays the bandwidth required (in kbps) for the VoIP call.
CAC Denied
Displays the number of times a call admission control is denied to a VoIP client.
ALG
Displays the Application Layer Gateway protocol
used by the VoIP client.
The following command displays a detailed record for a specific client MAC address: (host) #show ucc client-info sta 00:21:6a:b9:5f:34
Station Report:
---------------
Client IP
Client MAC
---------
----------
10.15.88.245 00:21:6a:b9:5f:34
Client Name ----------Alex
AP-Name SNR Avg Tx Rate(Mbps) ------- --- ----------------W-AP135-1 45 54.56
Tx Drop(%) Tx Retry(%) Avg Rx Rate(Mbps) Rx Retry(%) Un-steerable (reason)
---------- ----------- ----------------- ----------- ---------------------
1.06
24.06
43.16
0.41
NA
Active Calls:
-------------
CDR ID UCC Call ID Client IP
Client Name ALG Dir Called To Dur(sec) Orig-Time
------ ----------- ---------
----------- --- --- --------- -------- ---------
116
12
10.15.88.245 Alex
Lync OG Joe
421
Jan 20
01:36:08
Status Call Type Client Health UCC Score UCC-Band MOS MOS-Band
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc client-info | 1932
------ --------- ------------- --------- -------- --- --------
ACTIVE Voice
62
81.52
Good
4.17 Good
Call History:
-------------
CDR ID UCC Call ID Client IP
Client Name ALG Dir Called To Dur(sec) Orig-Time
------ ----------- ---------
----------- --- --- --------- -------- ---------
54
23
10.15.88.245 Alex
Lync OG Mike
847
Jan 16
02:45:22
53
22
10.15.88.245 Alex
Lync OG Ken
789
Jan 14
06:53:41
Status -----SUCC SUCC
Reason -----Terminated Terminated
Call Type --------Voice Voice/Conf Call
Client Health ------------49 44
UCC Score --------71.72 68.22
UCC-Band -------Good Fair
MOS --3.85 4.13
MOS-Band -------Good Good
The output of this command includes the following information:
Column Station Report Client IP Client MAC Client Name AP-Name SNR
Avg Tx Rate(Mbps) Tx Drop(%) Tx Retry(%) Avg Rx Rate(Mbps) Rx Retry(%) Un-steerable (reason)
Description
Displays the IP address of the VoIP client. Displays the MAC address of the VoIP client. Displays the username of the VoIP client. Displays the name of the AP handling the VoIP call. Displays the Signal-to-noise (SNR) ratio. SNR is the power ratio between an information signal and the level of background noise. Displays the average transmission rate in Mbps. Displays the transmission packet drop in percentage. Displays the transmission retry in percentage. Displays the average receive rate in Mbps. Displays the receive retry in percentage. Displays the reason for steering/not steering the client to another band. Possible values are: l Sticky l Load Balance l Band Steer l Band Balance l Administrator Added
1933 | show ucc client-info
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column
Active Calls CDR ID UCC Call ID Client IP Client Name ALG Dir
Called To Dur(sec) Orig-Time Status
Call Type
Description l (IOS) l NA
Displays the Call Detail Record ID of a particular voice and video calls, desktop sharing, or file transfer session.
Displays the unique identifier for all call legs of a particular voice and video calls, desktop sharing, or file transfer session.
Displays the IP address of the VoIP client.
Displays the username of the VoIP client.
Displays the Application Layer Gateway protocol used by the VoIP client.
Displays the direction of the call. Possible values are: l OG--Outgoing l IG--Incoming
Displays the username of the VoIP client being called.
Displays the duration of the VoIP call in seconds.
Displays the time at which the VoIP call originated.
Displays the status of the VoIP call. Possible values are: l SUCCESS l FAILED l ABORTED l BLOCKED l FORWARDED l ALERTING l HOLD l ACTIVE
Displays the type of VoIP call or session. Possible values are: l Not Available l Voice l Video l Desktop Sharing
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc client-info | 1934
Column
Client Health UCC Score UCC-Band MOS MOS-Band Call History Reason
1935 | show ucc client-info
Description
l File Transfer l Voice/Conf Call l Video/Conf Call l Desktop-Sharing/Conf Call l File-Transfer/Conf Call
Displays the ratio of ideal air time required for transmitting a packet from an AP to a client to the actual air time taken for the packet transmission in percentage. Ideal air time assumes highest data rate without any retransmission.
Displays the UCC score based on the quality of the voice call or desktop sharing session. This is an AP-to-client score (wireless) of the VoIP call.
Displays the quality band of the VoIP call based on the UCC score.
Displays the Mean Opinion Score of the VoIP call.
Displays the Mean Opinion Score of the VoIP call. This is an end-to-end score (wired and wireless) of the VoIP call. MOS-Band is the quality band of the VoIP call based on the MOS of the voice call.
Displays the reason code for call termination. Possible values are: l NA l Capacity Reached l 401 unauthorized l 487 request timeout l Request timeout l Request canceled l Request terminated l Session timeout l Session timer expired l Session expired - request timeout l Aborted l Terminated l Forwarded l Transferred l Inactivity l Wrong number l Peer reset
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column
Description
l Client reset l No answer l Missed l Parked l Invalid number l Tunnel down l Moved temporarily l 4xx error l 5xx error l Call leg does not exist l DELTS request l TCLAS flow deleted l No reason
NOTE: For information on additional field descriptions, refer the field descriptions under the Active Calls heading.
Command History
Version ArubaOS 6.4 ArubaOS 6.4.3.0
Description
Command introduced.
Following changes were made as part of the show ucc client-info details command output: l Renamed the Client Status Details section heading to Client Status
Details(Average) and removed the Avg word from all field headings. l Added the Client Name field. l Merged the Avg Delay(msec), Avg Jitter(msec), and Avg Packet Loss
(%) fields to WLAN Delay(ms)/Jitter(ms)/PktLoss(%). l Added the End-to-End Delay(ms)/Jitter(ms)/PktLoss(%) field. l Renamed the Num CAC Denied field to CAC Denied. Following changes were made as part of the show ucc client-info sta <mac> command output: l Under the Station Report section heading, added the Client Name
field. Removed the UCC-Score and Client Health fields. l Under the Active Calls section heading, added the UCC-Band, MOS,
and MOS-Band fields. l Under the Call History section heading, added the UCC-Band, MOS,
and MOS-Band fields.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc client-info | 1936
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license.
Command Mode
Config or Enable mode on master or local controllers.
1937 | show ucc client-info
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc configuration
show ucc configuration cac-alg dialplan-profile [<profile-name>] logging midcall-timeout realtime-analysis rtcp-inactivity sip traffic-control lync [<profile-name>] <cr>
Description
This command displays the UCC configuration in the controller.
Syntax
Parameter cac-alg dialplan-profile [<profile-name>] logging midcall-timeout
realtime-analysis rtcp-inactivity sip traffic-control lync [<profile-name>]
Description Displays the CAC profiles configured in the controller. Displays the dialplan profile configured in the controller.
Displays the MAC address of the voice client that has logging enabled. Displays the status of the SIP mid-call request timeout configuration on the controller. Displays the status of real-time call quality analysis configuration. Displays the Real Time Control Protocol (RTCP) inactivity timer status. Displays the Session Initiation Protocol (SIP) settings in the controller. Displays the Lync traffic control profile configuration in the controller.
Example
The following command displays the overall UCC configuration in the controller: (host) #show ucc configuration
Voice firewall policies ----------------------Policy -----Stateful SIP Processing WMM content enforcement Session VOIP Timeout Stateful H.323 Processing Stateful SIPS Processing Stateful SCCP Processing Stateful VOCERA Processing Stateful UA Processing
Action -----Enabled Disabled Enabled Enabled Enabled Enabled Enabled Enabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc configuration | 1938
SSID Profiles ------------Profile Name -----------AP01-SSID-PROFILE-WPA2 default
WMM --Disabled Disabled
WMM-UAPSD --------Enabled Enabled
TSPEC Min Inactivity(msec) -------------------------0 0
DSCP-vo ------56 56
DSCP-vi ------40 34
DSCP-be ------24 24
DSCP-bk ------8 8
Battery Boost ------------Disabled Disabled
EDCA STA prof ------------N/A N/A
EDCA AP prof -----------N/A N/A
Strict SVP ---------Disabled Disabled
AP Group Profiles ----------------Profile Name -----------default employee
VoIP CAC Profile ---------------default default
Virtual AP Group Profiles ------------------------Profile Name -----------default VoIP-net
802.11K Profile --------------default default
HA Discovery on-assoc. ---------------------Enabled Enabled
VoIP Call Admission Control Profiles
------------------------------------
Profile Name VoIP CAC
------------ --------
default
Disabled
voip_cac
Disabled
802.11K Profiles
----------------
Profile Name Advertise 802.11K Capability
------------ ----------------------------
default
Disabled
SIP settings -----------Parameter --------Session Timer Session Expiry Dialplan Profile
Value ----Disabled 300 sec N/A
Voice rtcp-inactivity:disable Voice sip-midcall-req-timeout:disable
The following command displays the Lync traffic control profile configuration in the controller: (host) #show ucc configuration traffic-control lync default
Traffic Control Prioritization Profile "default"
------------------------------------------------
Parameter
Value
---------
-----
prioritize voice
Enabled
prioritize video
Enabled
prioritize desktop-sharing Enabled
prioritize file-transfer Enabled
1939 | show ucc configuration
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 6.4
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license.
Command Mode
Config or Enable mode on master or local controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc configuration | 1940
show ucc statistics
show ucc statistics counter cac | call {client [app {h323 | lync | noe | sccp | sip | svp | vocera}]| global [app {h323 | lync | noe | sccp | sip | svp | vocera}]} dialplan-hits remote wmm-flow {ap-name <ap-name> | bssid <bssid> | ip-addr <ip-addr>} tspec-enforcement wmm-flow
Description
This command displays the UCC call statistics in the controller.
Syntax
Parameter
Description
counter cac | call {client [app {h323 | lync | noe | sccp | sip | svp | vocera}]| global [app {h323 | lync | noe | sccp | sip | svp | vocera}]}
Displays CAC, global, and client call counters.
dialplan-hits
Displays dialplan hits for UDP-based SIP calls.
remote wmm-flow {ap-name <ap-name> | bssid <bssid> | ip-addr <ipaddr>}
tspec-enforcement
Displays Wi-Fi Multimedia (WMM) flows active on the AP based on the AP name, BSSID, or IP address.
Displays the number of TSPEC requests accepted, rejected, or denied.
wmm-flow
Displays Wi-Fi Multimedia (WMM) flows active on the AP.
Example
The following command displays the global call counters: (host) # show ucc statistics counter call global
System-wide Call Counters:
--------------------------
Call Originated Call Terminated
AC-VI
--------------- ---------------
---
33
21
Active -----0
Success ------53
Failed -----0
Blocked ------0
Aborted ------1
Forwarded --------0
WMM -----37
WMM AC-VO WMM-BK WMM-BE
--------- ------ ------
0
0
8
Device Type Allocations: -----------------------Device Type WMM AC-VI WMM AC-VO WMM-BK WMM-BE
1941 | show ucc statistics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
----------- --------- --------- ------ ------
Windows
19
0
0
4
Win 7
18
0
0
4
WMM (VI, VO, BK, BE):total calls with received priority The following command displays the client call counters: (host) #show ucc statistics counter call client
Per Client Call Counters:
-------------------------
Client IP
Client MAC
---------
----------
192.0.2.22 00:23:33:41:c8:b8
192.0.2.26 24:77:03:9a:6c:dc
192.0.2.29 00:22:90:ea:9e:f1
Call Originated --------------1 0 6
Call Terminated --------------2 2 5
Active -----0 0 0
Success ------0 2 8
Failed -----0 0 0
Blocked ------0 0 0
Aborted ------3 0 3
Forwarded --------0 0 0
WMM AC-VI --------0 0 11
WMM AC-VO --------0 2 0
WMM-BK -----0 0 0
WMM-BE -----3 0 0
WMM (VI, VO, BK, BE):total calls with received priority The output of this command includes the following information:
Column Client IP Client MAC Call Originated Call Terminated Active Success Failed Blocked Aborted Forwarded WMM AC-VI
Description Displays the IP address of the VoIP client. Displays the MAC address of the VoIP client. Displays the number of times a call originated from the VoIP client. Displays the number of times a call terminated on the VoIP client. Displays the number of active calls on the VoIP client. Displays the number of successful calls. Displays the number of failed call setup calls. Displays the number of blocked calls due to CAC. Displays the number of terminated calls due to inactivity. Displays the number of times a call is forwarded for a VoIP client. Displays the number of calls where the client sent RTP with WMM AC set to Video (VI).
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc statistics | 1942
Column WMM AC-VO WMM-BK WMM-BE
Description
Displays the number of calls where the client sent RTP with WMM AC set to Voice (VO).
Displays the number of calls where the client sent RTP with WMM AC set to Background (BK).
Displays the number of calls where the client sent RTP with WMM AC set to Best Effort (BE).
Command History
Version ArubaOS 6.4
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license.
Command Mode
Config or Enable mode on master or local controllers.
1943 | show ucc statistics
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc trace-buffer
show ucc trace-buffer lync [count <count>] sccp [count <count>] sip [count <count>]
Description
This command displays the UCC call message trace buffer for Lync, SCCP, and SIP ALGs. Call signaling events such as establishing voice, video, desktop sharing, and file transfer are recorded.
Syntax
Parameter lync [count <count>] sccp [count <count>] sip [count <count>]
Description Displays Lync call message trace buffer. Displays SCCP call message trace buffer. Displays SIP call message trace buffer.
Example
The following command displays Lync call message trace buffer: (host) #show ucc trace-buffer lync
Lync Voice Client(s) Message Trace
----------------------------------
Client IP
Client MAC
Client Name
---------
----------
-----------
192.0.2.22 00:23:33:41:c8:b8 Alex
192.0.2.26 24:77:03:9a:6c:dc John
192.0.2.29 00:22:90:ea:9e:f1 Steve
Direction --------OG OG OG
Event Time ---------Jan 3 11:24:34 Jan 3 11:24:34 Jan 3 11:24:08
BSSID ----9c:1c:12:8a:b5:50 9c:1c:12:8a:b5:50 9c:1c:12:8a:b5:50
Called To --------Joe Mike Ken
CAC-Status ---------PASS PASS NA
Media Type ---------Voice/Video Voice/Video Voice
AP Name ------W-AP225 W-AP225 W-AP225
Src Port
Dest Port Call Status
--------
--------- -----------
50030/58008 50032/58006 Start of call
50032/58006 50030/58008 InCallQuality Update
50026
50038
Call Quality Update
Num of Rows:3 The output of this command includes the following information:
Column Client IP Client MAC Client Name Direction
Description Displays the IP address of the VoIP client. Displays the MAC address of the VoIP client. Displays the user name of the VoIP client. Displays the call direction.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc trace-buffer | 1944
Column
Event Time BSSID Called To CAC-Status
Media Type
AP Name Src Port Dest Port Call Status
Command History
Version ArubaOS 6.4 ArubaOS 6.4.3.0
Description l OG -- Outgoing l IC -- Incoming
Displays the time stamp when the VoIP call originated.
Displays the BSSID of the AP to which the VoIP client is connected.
Displays the user name of the VoIP client being called.
Displays if call admission control limit is reached. The values are: l PASS l FAIL l NA NOTE: The value of the CAC-Status for the Lync client is NA, when the call status is Call Quality Update or In call Quality. Displays the type of Lync call. This can be one of the following: l Desktop-sharing l File-transfer l Video l Voice
Displays the name of the access point receiving calls.
Displays the source port for the media session.
Displays the destination port of the particular media session.
Displays if the Lync client is in any one of the following call status: l Start of call l End of call l Before call update l Call Quality Update l InCallQuality Update l After call update
Description Command introduced.
The InCallQuality Update value was added under the Call Status field.
1945 | show ucc trace-buffer
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license.
Command Mode
Config or Enable mode on master or local controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ucc trace-buffer | 1946
show upgrade configuration
show upgrade configuration
Description
The output of this command shows the current upgrade configuration, including profile settings, image files and targets.
Syntax
No parameters
Usage Guidelines
The centralized image upgrade feature allows a master controller to automatically upgrade its associated local controllers by sending an image from an image server to one or more local controllers. This feature can and supports up to 100 simultaneous image downloads, and is enabled and configured on a master controller only.
Example
(host) #show upgrade configuration
Upgrade configuration
---------------------
Parameter
Value
---------
-----
Protocol
scp
Server IP address
10.1.1.41
Username
tftp
Password
******
File path
/tftpboot
Max downloads
100
Reboot automatically true
Image file
ArubaOS_W-620_6.3.0.0_37916 (verified)
ArubaOS_W-3000 Series_6.3.0.0_37916 (not verified)
ArubaOS_W-7200 Series_6.3.0.0_37916 (verified)
Upgrade target
--------------
IP address Netmask
---------- -------
192.0.2.0 255.255.255.0
The output of this command includes the following information:
Parameter protocol
Server IP Username
Description
Range
Specify the protocol used to send the software
-
upgrade from the image server to the local controller.
l TFTP l FTP l SCP
IP address of the image server.
-
If the protocol parameter is set to FTP or SCP, this
-
parameter displays the username that ArubaOS uses
to connect to the image server
Default TFTP
-
1947 | show upgrade configuration
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Password File path Max downloads
Reboot automatically
Image File
Target
Description
Range
If the protocol parameter is set to FTP or SCP, this
-
parameter displays the password that ArubaOS will
use to connect to the image server
Location on the image server where the image file(s) are located
Maximum number of local controllers that can simultaneously download a file from a file server. The centralized image downloading feature supports up to 100 simultaneous downloads. If this field is left blank, ArubaOS will use its default value of 10 downloads.
1-100
If true, the local controllers reboot after they download their new images.
NOTE: If you enable this option, local controllers will reboot without saving any changes to their current configuration. If you have any unsaved configuration changes on your local controller that you want to retain, do not enable this option
Name of image files available for download by con- trollers using the centralized image upgrade feature. The output of this parameter also shows whether or not these image files have been verified as valid by the controller.
IP address and netmask of controllers that should
-
download the image from the image server.
Default 10
Disabled
-
Command History
Release ArubaOS 6.3
Modification Command introduced
Command Information
Platforms all platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show upgrade configuration | 1948
show upgrade status
show upgrade status[summary]
Description
The output of this command shows the status of controllers using the centralized upgrade feature.
Syntax
Parameter summary
Description
Display a summary of all local controllers using the centralized image upgrade, including the numbers of controllers currently in each upgrade state.
Usage Guidelines
The centralized image upgrade feature allows the master controller to automatically upgrade its associated local controllers by sending an image from an image server to one or more local controllers. The centralized image upgrade feature can be configured on a master controller only, and supports up to 100 simultaneous downloads.
Example
(host) #show upgrade status All Controllers --------------IP Address Hostname Type ---------- -------- ---192.0.2.103 corp-203 master 192.0.2.211 corp-211 local 192.0.2.104 corp-204 standby 192.0.2.108 corp-208 local 192.0.2.109 corp-209 local 192.0.2.110 corp-210 local
Model
Version
Upgrade Status
-----
-------
--------------
DellW-7240 6.3.1.0_39600 N/A
DellW-3400 6.3.1.0_39600 Up-to-date
DellW-7220 6.3.1.0_39600 Up-to-date
DellW-3400 6.3.1.0_39539 Down
DellW-3400 6.3.1.0_39539 Down
DellW-3400 6.3.1.0_39600 Up-to-date
The output of this command includes the following information:
Parameter protocol
Server IP Username Password
Description
Range
Specify the protocol used to send the software
-
upgrade from the image server to the local controller.
l TFTP l FTP l SCP
IP address of the image server.
-
If the protocol parameter is set to FTP or SCP, this
-
parameter displays the user name that ArubaOS uses
to connect to the image server.
If the protocol parameter is set to FTP or SCP, this
-
Default TFTP
-
1949 | show upgrade status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter File path Max downloads
Reboot automatically
Image File
Target
Description
Range
parameter displays the password that ArubaOS will use to connect to the image server.
File path to the location on the image server where
-
the image file(s) reside.
Maximum number of local controllers that can simultaneously download a file from a file server. The centralized image downloading feature supports up to 100 simultaneous downloads. If this field is left blank, ArubaOS will use its default value of 10 downloads.
1-100
If true, the local controllers reboot after they download their new images.
NOTE: If you enable this option, local controllers will reboot without saving any changes to their current configuration. If you have any unsaved configuration changes on your local controller that you want to retain, do not enable this option
Name of image files available for download by con- trollers using the centralized image upgrade feature. The output of this parameter also shows whether or not these image files have been verified as valid by the controller.
IP address and netmask of controllers that should
-
download the image from the image server.
Default 10 Disabled
-
If you include the optional summary parameter, the output of the show upgrade status summary command includes the following information.
Parameter Total Number of Local Switches Up-to-date Upgrade in progress Rebooting Waiting Failed
Failed, waiting
Down Upgraded, reboot
Description Number of local controllers using the centralized image upgrade feature.
Number of local controllers with a current image that does not need to be upgraded. Number of local controllers downloading a new image. Number of local controllers rebooting after downloading a new image. Number of local controllers waiting to download a new image. If a local controller fails to download its new image, it goes into this state momentarily before it waits to retry the download. A local controller has failed to upgrade its image and is waiting 15 minutes before it attempts the download again. The local controller cannot upgrade because it is down or not reachable. The local controller has upgraded its image, and is waiting to reboot. If you did not
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show upgrade status | 1950
Parameter
Description
required
enable the auto-reboot feature in the upgrade profile, you must manually reboot each controller after it downloads its new image.
Not supported
The local controller is running a version of ArubaOS that does not support centralized image downloads.
Waiting, image not veri- The image must be verified as valid before the local controller can download that
fied
image.
Not part of target
The local controller is associated with a master controller using the centralized image upgrade feature, but is not part of the upgrade target.
All target Configured
All local controllers are on the target list defined by the upgrade target command.
Total Number of host tar- Total number of controller IP address added to the upgrade target list. get
Total Number of subnet target
Total number of controller subnets added to the upgrade target list.
Command History
Release ArubaOS 6.3
Modification Command introduced
Command Information
Platforms all platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
1951 | show upgrade status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show upgrade-profile
Description
The settings in this centralized image upgrade profile allow the master controller to automatically upgrade its associated local controllers by sending an image from an image server to one or more local controllers.
Syntax
No parameters
Usage Guidelines
The centralized image upgrade feature is enabled and configured on a master controller only, and supports up to 100 simultaneous image downloads.
Example
(host) (config) # show upgrade-profile
Upgrade Profile
---------------
Parameter
Value
---------
-----
Enable software upgrade false
Max downloads
10
Reboot automatically
true
Protocol
tftp
Server IP address
N/A
Username
N/A
Password
N/A
File path
N/A
The output of this command includes the following information:
Parameter
Description
Range
Enable software If true, the centralized image upgrade feature has
-
upgrade
been enabled. Note that this feature is disabled by
default.
Max downloads
Maximum number of local controllers that can simultaneously download a file from a file server. The centralized image downloading feature supports up to 100 simultaneous downloads. If this field is left blank, ArubaOS will use its default value of 10 downloads.
1-100
Reboot automatically
If true, the local controllers reboot after they download their new images.
NOTE: If you enable this option, local controllers will reboot without saving any changes to their current configuration. If you have any unsaved configuration changes on your local controller that you want to retain, do not enable this option.
Protocol
Specify the protocol used to send the software
-
upgrade from the image server to the local controller.
Default Disabled 10
Disabled
TFTP
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show upgrade-profile | 1952
Parameter
Server IP address Username Password File path
Description
l TFTP l FTP l SCP
IP address of the image server.
Range
Default
-
-
If the protocol parameter is set to FTP or SCP, this
-
-
parameter displays the user name that ArubaOS uses
to connect to the image server.
If the protocol parameter is set to FTP or SCP, this
-
-
parameter displays the password that ArubaOS will
use to connect to the image server.
File path to the location on the image server where
-
-
the image file(s) reside.
Command History
Release ArubaOS 6.3
Modification Command introduced
Command Information
Platforms all platforms
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
1953 | show upgrade-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show uplink
crypto-local show uplink [config|{connection <link_id>}|signal|{stats <link_id}]
Description
Displays uplink manager configuration details.
Syntax
Parameter config
connection
signal stats
Description
Enter the keyword config to display the uplink manager, the default wired priority and default cellular priority
Enter the keyword connection followed by the uplink ID number to display the connection details.
Enter the keyword signal to display the cellular uplink signal strength.
Enter the keyword stats followed by the uplink ID number to display the statistical information on the designated uplink.
Example
The output of this command displays the controller uplink status . (host) #show uplink Uplink Manager: Enabled
Uplink Management Table
-----------------------
Id Uplink Type Properties Priority State
-- ----------- ---------- ------- -----
1 Wired
vlan 1
200
Initializing
2 Cellular
Novatel_U727 100
Standby
Status -----Waiting for link Ready
Command History
Introduced in ArubaOS 3.4.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show uplink | 1954
show usb
crypto-local show usb [cellular|ports|test|verbose]
Description
Display detailed USB device information.
Syntax
Parameter cellular ports test
verbose
Description
Enter the keyword cellular to display cellular devices.
Enter the keyword ports to display detailed TTY port information such as signal strength.
Enter the keyword test to test the USB TTY ports. NOTE: Testing an invalid modem port may cause the controller to "hang". To resolve this, unplug and re-plug the modem.
Enter the keyword verbose to display detailed USB information including serial number and USB type.
Examples
The USB Device table, in the example below, displays the USB port is in the 'Device Ready' state, meaning that the port has passed the diagnostic test and is ready to send and receive data.
(host) (config-cellular new_modem)# show usb
USB Device Table
----------------
Address Product
Vendor ProdID
------- -------
------ ------
18
Novatel Wireless CDMA 1410 4100
ready
Serial -----091087843891000
Type ---Cellular
Profile ------new_modem
State ----Device
Below is an example of the show usb verbose display output (partial).
(host) #show usb verbose ... T: Bus=01 Lev=02 Prnt=02 Port=00 Cnt=01 Dev#= 3 Spd=12 MxCh= 0 D: Ver= 1.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1410 ProdID=4100 Rev= 0.00 S: Manufacturer=Novatel Wireless Inc. S: Product=Novatel Wireless CDMA S: SerialNumber=091087843891000 C:* #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA ...
Command History
Introduced in ArubaOS 3.4.
1955 | show usb
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms
W-600 Series and W-7200 controllers
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show usb | 1956
show user
show user ap-group <ap-group> ap-name <ap-name> authentication-method dot1x|mac|opensystem|psk|stateful-dot1x|via-vpn|vpn|web bssid <A:B:C:D:E:F> devtype <device> essid <STRING> internal ip <A.B.C.D> [log] location b.f.l mac <A:B:C:D:E:F> [log] mobile {[bindings][visitors]} name <STRING> phy-type {[a]|[b]} role <STRING> rows <NUMBER> <NUMBER>
Description
Displays detailed information about user in terms of AP group, authentication method, role and so on.
Syntax
Parameter ap-group <ap-group>
ap-name <ap-name> authentication-method
dot1x mac opensystem psk
stateful-dot1x via-vpn vpn
Description Filter the output of this command by showing users connected to APs that belong to the specified AP group.
Filter the output of this command by showing users connected to an AP with the specified AP name. Filter the output of this command by the authentication method used for the device:
Show data for devices using 802.1X authentication.
Show data for devices using MAC authentication.
Show data for devices using open (no) authentication.
Show data for devices that do not use authentication but use a preshared key for encryption.
Show data for devices using stateful 802.1X authentication.
Show data for devices that authenticate using Dell VIA.
Show data for devices using VPN authentication.
1957 | show user
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter web
bssid <A:B:C:D:E:F> devtype <device>
essid <STRING>
internal
ip <A.B.C.D> log
mac <A:B:C:D:E:F> log
mobile bindings visitors
name <STRING> phy-type
a g role <STRING> rows <NUMBER> <NUMBER>
Description
Show data for devices using captive portal authentication.
Show user data for a specific device BSSID.
Show output for a specified device type, if identified. If the device name includes spaces, you must enclose it in quotation marks.
Show user data for a specific ESSID. If the ESSID includes spaces, you must enclose it in quotation marks.
Display internal user entries only. Include the rows options to filter the output of this command by specifying the number of rows from the end of the output and the total number of rows to display/
Show user data for a specific IP address .
If per-user logging is enabled using the aaa log command, include the optional log parameter to display authentication log files for a user with the specified MAC address.
Show user data for a specific MAC address
If per-user logging is enabled using the aaa log command, include the optional log parameter to display authentication log files for a user with the specified MAC address.
Filter the output of this command to show data for Mobile users.
Show data for users that have moved away from their home network.
Show data for mobility users that are visiting the network.
User's name.
801.11 type
Matches PHY type a.
Matches PHY type b or g.
User role such as employee, visitor and so on.
Filter the output of the show user command by specifying the number of rows from the end of the output and the total number of rows to display/
Usage Guidelines
Use the show user command to show detailed user statistics and roles.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show user | 1958
Example
(host) #show user
Users
-----
IP
MAC
Name Role Age(d:h:m) Auth VPN link AP name Roaming
Essid/Bssid/Phy Profile Forward mode Type Host Name
---------- ------------ ------ ---- ---------- ---- -------- ------- -------
------- ------- ------------ ---- ---------
User Entries: 0/0
Curr/Cum Alloc:0/0 Free:0/0 Dyn:0 AllocErr:0 FreeErr:0
--------
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
The devtype parameter was introduced, and the output of this command expanded to include the Type column.
ArubaOS 6.2 ArubaOS 6.3
Output for the IP address shows if it is derived using DHCP.
The optional log parameter was introduced to display log files for events triggered by a specific user. Only W-6000, W-3600 and W-7200 Series controllers support per-user logging.
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Available in Enable and Config modes.
1959 | show user
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show user_session_count (deprecated)
show user_session_count
Description
Show the number of users using an ESSID for different time intervals.
Syntax
No parameters
Command History
Version ArubaOS 3.0
Modification Command introduced
ArubaOS 6.0
Command deprecated
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show user_session_count (deprecated) | 1960
show user-table
show user-table ap-group <ap-group> ap-name <ap-name> authentication-method dot1x|mac|opensystem|psk|stateful-dot1x|via-vpn|vpn|web bssid <A:B:C:D:E:F> devtype <device> debug essid <STRING> internal ip <A.B.C.D> [log]|[detail] mac <A:B:C:D:E:F> [log] mobile {[bindings][visitors]} name <STRING> phy-type {[a]|[b]} role <STRING> rows <NUMBER> <NUMBER> station summary unique verbose
Description
Displays detailed information about the controller's connection to a user device, in regards to mobility state and statistics, authentication statistics, VLAN assignment method, AP datapath tunnel info, radius accounting statistics, user name, user-role derivation method, datapath session flow entries, and 802.11 association state and statistics. The show user command allows you to filter specific information by parameter.
Syntax
Parameter ap-group <ap-group>
ap-name <ap-name>
authentication-method
dot1x mac opensystem psk
Description
Filter the output of this command by showing users connected to APs that belong to the specified AP group.
Filter the output of this command by showing users connected to an AP with the specified AP name.
Filter the output of this command by the authentication method used for the device:
Show data for devices using 802.1X authentication.
Show data for devices using MAC authentication.
Show data for devices using open (no) authentication.
Show data for devices that do not use authentication but use a preshared key for encryption.
1961 | show user-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter stateful-dot1x via-vpn vpn web
bssid <A:B:C:D:E:F> debug devtype <device> essid <STRING> internal
ip <A.B.C.D> log
detail mac <A:B:C:D:E:F>
log
mobile bindings visitors
name <STRING> phy-type
Description Show data for devices using stateful 802.1X authentication.
Show data for devices that authenticate using Dell VIA.
Show data for devices using VPN authentication.
Show data for devices using captive portal authentication.
Show user data for a specific device BSSID.
Show all user data for debugging purposes. Show output for a specified device type, if identified. If the device name includes spaces, you must enclose it in quotation marks.
Show user data for a specific ESSID. If the ESSID includes spaces, you must enclose it in quotation marks.
Display internal user entries only. Include the rows options to filter the output of this command by specifying the number of rows from the end of the output and the total number of rows to display/
Show user data for a specific IP address .
If per-user logging is enabled using the aaa log command, include the optional log parameter to display authentication log files for a user with the specified MAC address.
Show detailed user data for a specific IP address including rolederivation.
Show user data for a specific MAC address
If per-user logging is enabled using the aaa log command, include the optional log parameter to display authentication log files for a user with the specified MAC address.
Filter the output of this command to show data for Mobile users.
Show data for users that have moved away from their home network.
Show data for mobility users that are visiting the network.
User's name.
801.11 type
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show user-table | 1962
Parameter a g
role <STRING> rows <NUMBER> <NUMBER>
station summary
unique verbose
Description Matches PHY type a.
Matches PHY type b or g.
User role such as employee, visitor and so on.
Filter the output of the show user command by specifying the number of rows from the end of the output and the total number of rows to display/
For internal use only.
Shows the authentication and encryption type used by wired or wireless clients.
Displays only information for users with a valid IP address.
Displays all information about the user table.
Usage Guidelines
Use the show user-table command to show detailed user statistics which includes the entire output of the user-table, mobility state and statics, authentication statistics, VLAN assignment method, AP datapath tunnel information, radius accounting statistics, user-role derivation method, datapath session flow entries and 802.11 association state and statistics.
Examples
This example displays users currently in the employee role. The output of this command is split into two tables in this document, however it appears in one table in the CLI.
(host) (config) show user role employee
Users
-----
IP
MAC
Name
name
----------
------------
------
---
192.168.160.1 00:23:6c:80:3d:bc madisonl
10.100.105.100 00:05:4e:45:5e:c8 CORP1NETWORKS
wlan-qa-cage
10.100.105.102 00:14:a5:30:c2:7f pdedhia
10.100.105.97 00:1b:77:c4:a2:fa CORP1NETWORKS
10.100.105.109 00:21:5c:02:16:bb myao
Role
----
employee employee
employee employee employee
Age(d:h:m) Auth
---------- ----
01:05:50 00:02:22
802.1x 802.1x
01:20:09 00:02:18 00:05:40
802.1x 802.1x 802.1x
VPN link AP -------- ----
1263
2198 2198 1109
Users ----Roaming
------Associated Associated Associated Associated
Essid/Bssid/Phy ---------------
ethersphere-wpa2/00:1a:1e:85:d3:b1/a-HT ethersphere-wpa2/00:1a:1e:6f:e5:51/a ethersphere-wpa2/00:1a:1e:87:ef:f1/a ethersphere-wpa2/00:1a:1e:87:ef:f1/a
Profile -------
default default default default
Forward mode -----------tunnel tunnel tunnel tunnel
Type ----
1963 | show user-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Associated ethersphere-wpa2/00:1a:1e:85:c2:11/a-HT default tunnel
ipad
The output of the show user mac <mac-addr> and show user ip <ip-addr> commands include the following information.
(host) # show user-table ip 5.5.5.2 Name: 98:0c:82:45:d6:7b, IP: 5.5.5.2, MAC: 98:0c:82:45:d6:7b, Role: mac-role, ACL: 54/0/0, Age: 00:00:07 Authentication: Yes, status: started, method: MAC, protocol: PAP, server: Internal Bandwidth = No Limit Bandwidth = No Limit Role Derivation: default for authentication type MAC VLAN Derivation: unknown Idle timeouts: 0, Valid ARP: 0 Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0 Flags: internal=0, trusted_ap=0, l3auth=0, mba=1, vpnflags=0, u_stm_ageout=1 Flags: innerip=0, outerip=0, vpn_outer_ind:0, guest=0, download=1, wispr=0 Auth fails: 0, phy_type: g-HT, reauth: 0, BW Contract: up:0 down:0, user-how: 14 Vlan default: 3, Assigned: 5, Current: 5 vlan-how: 0 DP assigned vlan:0 Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, Flags=0x0 Tunnel=0, SlotPort=0x2000, Port=0x1000d (tunnel 13) Role assigment - L3 assigned role: n/a, VPN role: n/a, Dot1x cached role: n/a Current Role name: mac-role, role-how: 1, L2-role: mac-role, L3-role: mac-role Essid: 1_wlan_135, Bssid: d8:c7:c8:38:f4:a0 AP name/group: d8:c7:c8:cb:8f:4a-135/groupfor135 Phy-type: g-HT RadAcct sessionID:n/a RadAcct Traffic In 4/216 Out 2/420 (0:4/0:0:0:216,0:2/0:0:0:420) Timers: reauth 0 Profiles AAA:1_wlan_135-aaa_prof, dot1x:dot1x_prof-rwv10, mac:pMac CP: def-role:'logon' siprole:'' via-auth-profile:'' ncfg flags udr 0, mac 1, dot1x 1, RADIUS interim accounting 0 IP Born: 1354560806 (Mon Dec 3 10:53:26 2012) Core User Born: 1354560805 (Mon Dec 3 10:53:25 2012) Upstream AP ID: 0, Downstream AP ID: 0 Device Type: Dalvik/1.4.0 (Linux; U; Android 2.3.6; SAMSUNG-SGH-I777 Build/GINGERBREAD) Session Timeout from Radius: No, Session Timeout Value:0 Address is from DHCP: yes
The role-how and vlan-how parameters in the output of this command display a code that corresponds to the following values:
Role Derivation Code 0
Description Default logon role
1
Default user role for authentication type
2
Role derived from server rules
3
Role derived from user rules
4
Predefined Guest role
5
Role inherited from station
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show user-table | 1964
Role Derivation Code 6
Description Forced role
7
Role derived from Dell vendor-specific attribute (VSA)
8
RFC 3576 (Change of Authorization) role
9
Role derived from external captive portal
10
Default role from AAA profile
11
Role assigned by an Extended Service Interface (ESI) server group
VLAN Derivation Code Description
1
VLAN derived from user rule
2
VLAN derived from user role
3
VLAN derived from server rule
4
VLAN derived from Dell vendor-specific attribute (VSA)
5
VLAN derived from Microsoft Tunnel attributes (Tunnel-Type, Tunnel Medium
Type, and Tunnel Private Group ID)
6
VLAN assigned from derived role
Command History
Release ArubaOS 3.0 ArubaOS 6.1 ArubaOS 6.2 ArubaOS 6.3
ArubaOS 6.4.3.0
Modification
Command introduced.
The devtype parameter was introduced, and the output of this command expanded to include the Type column.
Output for the IP address shows if it is derived using DHCP.
The optional log parameter was introduced to display log files for events triggered by a specific user. Only W-6000, W-3600 and W-7200 Series controllers support per-user logging.
The detail sub-parameter was introduced as part of the ip parameter.
1965 | show user-table
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable and Config modes.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show user-table | 1966
show util_proc
show util_proc guest-email counters
Description
Show counters for the guest email process.
Syntax
No parameters.
Usage Guidelines
As part of guest provisioning, the guest access email feature allows you to define the SMTP port and server that processes guest provisioning email. This server sends email to the guest or the sponsor when a guest user manually sends email from the Guest Provisioning page, or when a user creates a guest account.
Example
The output of this command shows the numbers of guest emails received, sent and dropped since the controller was last reset
(host) #show util_proc guest-email counters
Guest Email Counters
--------------------
Name
Value
----
-----
Email Received 14
Email Sent
3
Email Dropped 0.
Related Commands
To configure SMTP servers and server ports for guest email, use the command guest-access-email.
Command History
This command was available in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show util_proc | 1968
show valid-network-oui-profile
show valid-network-oui-profile
Description
This command displays the Valid Equipment OUI Profile table
Syntax
No parameters
Usage Guidelines
If you used the valid-networkoui-profile to add a new OUI to the controller, issue the show valid-network-ouiprofile command to see a list of current OUIs.
Example
(Host) (config) #show valid-network-oui-profile
Valid Equipment OUI profile
---------------------------
Parameter Value
--------- -----
OUI
00:1A:1E
Command History
Release ArubaOS 5.0
Modification Command introduced
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode Config mode on master controllers
1969 | show valid-network-oui-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show version
show version
Description
Show the system software version.
Syntax
No parameters.
Example
(host) #show version Aruba Operating System Software. ArubaOS (MODEL: Dell Networking W-650 Controller-US), Version 6.1.0.0 Website: http://www.dell.com Copyright (c) 2002-2011, Aruba Networks, Inc. Compiled on 2011-04-28 at 00:18:36 PDT (build 28106) by p4build
ROM: System Bootstrap, Version CPBoot 1.0.0.0 (build 23274) Built: 2010-01-19 11:11:41 Built by: p4build@re_client_23274
Switch uptime is 1 days 6 hours 2 minutes 4 seconds Reboot Cause: User reboot. Supervisor Card Processor XLS 408 (revision B1) with 890M bytes of memory. 32K bytes of non-volatile configuration memory. 256M bytes of Supervisor Card System flash (model=NAND 256MB). The output of this command includes the following information
Parameter Model
Description Controller model type.
Version
Version of ArubaOS software.
ROM
System bootstrap version.
Switch Uptime
Switch uptime (time elapsed since the last controller reset.
Reboot Cause
Reason the controller was last rebooted.
Supervisor Card
Details for the controller's internal supervisor card.
Command History
This command was available in ArubaOS 1.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show version | 1970
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on local and master controllers
1971 | show version
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show via
show via version websessions
Description
Displays VIA version and web session details.
Syntax
Parameter version
Description Displays the version of VIA client available on the controller.
Range Default
--
--
websessions Displays the list of users connected to the VIA controller using the
--
--
VIA client.
Example
The following example displays the version of VIA client available on the controller.
(host) # show via version(host) (VIA Client WLAN Profile "example") #show Default VIA Installer: ---------------------<aruba>
<via> <platform>win32</platform> <version>1.0.0.23373</version>
</via> </aruba>
via version
Command History
This command was available in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show via | 1972
show vlan
show vlan <id>
Description
This command shows a configured VLAN interface number, description and associated ports.
Syntax
Parameter <id>
Description Identification number for the VLAN.
Range 1-4094
Default 1
Usage Guidelines
Issue this command to show the selected VLAN configuration. The VLAN column lists the VLAN ID. The Description column provides the VLAN name or number and the Ports column shows the VLAN's associated ports. The AAA Profile column shows if a wired AAA profile has been assigned to a VLAN, enabling role-based access for wired clients connected to an untrusted VLAN or port on the controller.
(host) #show vlan
VLAN CONFIGURATION
------------------
VLAN Description
---- -----------
1
Default
10 VLAN0010
20 RAP_VLAN
25 VLAN0025
30 VLAN0030
56 VLAN0056
57 VLAN0057
58 VLAN0058
Ports ----GE0/3-7 GE0/9 XG0/10-11 Pc0-7 GE0/8
GE0/0
AAA Profile ----------N/A N/A N/A mac-auth-aaa-prof N/A default default default
Related Commands
(host) (config) #vlan (host) (config) #vlan-name
Command History
Release ArubaOS 3.0
Modification Command available.
ArubaOS 6.0
The output of this command was modified to include the AAA Profile column.
1973 | show vlan
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show vlan | 1974
show vlan-assignment
show vlan-assignment
Description
This command shows the number of clients assigned to a VLAN.
Syntax
No parameters.
Usage Guidelines
Issue this command to show the number of clients that are assigned to a VLAN. (host) #show vlan-assignment
VLAN Assignment --------------VLAN #CLIENTS ---- -------10 0
Related Commands
(host) (config) #vlan (host) (config) #vlan-name
Command History
This command was introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master or local controllers
1975 | show vlan-assignment
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show vlan-assignment-auth
show vlan-assignment-auth
Description
This command shows the VLAN usage in the user authentication module.
Syntax
No parameters.
Usage Guidelines
Issue this command to view all the VLAN IDs that are configured along with the current client count that uses that VLAN ID. (host) #show vlan-assignment-auth
Vlan usage in AUTH
------------------
VLAN ID Usage
------- -----
10
0
Related Commands
(host) (config) #vlan
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show vlan-assignment-auth | 1976
show vlan mapping
show vlan mapping
Description
This command shows a configured VLAN name, its pool status, assignment type and the VLAN IDs assigned to the pool.
Syntax
Parameter <id>
Description Identification number for the VLAN.
Range 1-4094
Default 1
Usage Guidelines
Issue this command to show the selected VLAN configuration. The VLAN Name column displays the name of the VLAN pool. The VLAN IDs column lists the VLANs that are part of the pool. (host) #show vlan mapping
Vlan Mapping Table
------------------
VLAN Name
Assignment Type
---------
---------------
mygroup
Hash
newpoolgroup
Even
vlannametest
Even
yourvlan
N/A
VLAN IDs -------62,94
62,1511 62
Related Commands
(host) (config) #vlan (host) (config) #vlan-name
Command History
Release ArubaOS 3.0
Modification Command introduced.
ArubaOS 6.2
The Assignment Type parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master or local controllers
1977 | show vlan mapping
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show vlan status
show vlan status <id>
Description
This command shows the current status of all VLANs on the controller.
Syntax
No parameters.
Usage Guidelines
Issue this command to show the status of VLANs on the controller. The VLANID column displays the VLAN ID name or number. The IP Address column provides the VLAN's IP address. The Adminstate column indicates if the VLAN is enabled or disabled. The Operstate column indicates if the VLAN is currently up and running. The PortCount column shows how many ports are associated with the VLAN. The Nat Inside column displays whether source Nat is enabled for the VLAN interface. If Nat is enabled, all the traffic passing through this VLAN interface is the source natted to the outgoing interface's IP address.
(host) #show vlan status
Vlan Status
-----------
VlanId IPAddress
Adminstate Operstate PortCount Nat Inside Mode
Ports
AAA Profile
------ ---------
---------- --------- --------- ---------- ----
-
----
-----------
1
unassigned/unassigned
Enabled
Up
9
Disabled Regular
GE1/0 GE1/2 GE1/5-9 XG1/10-11 Pc0 Pc2-5 Pc7 N/A
2
N/A
N/A
N/A
3
Disabled Regular
GE1/7-9
N/A
10
172.20.10.202/255.255.255.0 Enabled
Up
4
Disabled Regular
GE1/7-9 Pc6
N/A
21
172.20.21.202/255.255.255.0 Disabled Down
4
Disabled Regular
GE1/7-9
N/A
24
172.20.24.202/255.255.255.0 Disabled Down
3
Disabled Regular
GE1/7-9
N/A
29
172.20.29.202/255.255.255.0 Enabled
Up
4
Disabled Regular
GE1/7-9 Pc6
N/A
101
172.102.1.202/255.255.255.0 Enabled
Down
3
Disabled Regular
GE1/7-9
N/A
102
172.102.2.202/255.255.255.0 Enabled
Down
3
Disabled Regular
GE1/7-9
N/A
Related Commands
(host) (config) #vlan (host) (config) #vlan-name
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show vlan status | 1978
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master or local controllers
1979 | show vlan status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show vlan summary
show vlan summary
Description
This command shows the number of existing VLANs.
Syntax
Parameter Number of existing VLANs
Description The number of existing VLANs on the controller.
Usage Guidelines
Issue this command to show the number of existing VLANs on the controller.
(host) #show vlan summary
Number of existing VLANs
:13
Related Commands
(host) (config) #vlan (host) (config) #vlan-name
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show vlan summary | 1980
show vlan-bwcontract-explist
show vlan-bwcontract-explist [internal]
Description
Show entries in the VLAN bandwidth contracts MAC exception lists.
Syntax
Parameter internal
Description
Include the optional internal parameter to display the MAC addresses in the internal, preconfigured VLAN bandwidth contracts MAC exception list.
Example
The following command displays the MAC addresses in the internal MAC exception list.
(host) (config) #show vlan-bwcontract-explist internal
VLAN BW Contracts Internal MAC Exception List --------------------------------------------MAC address ----------01:80:C2:00:00:00 01:00:0C:CC:CC:CD 01:80:C2:00:00:02 01:00:5E:00:82:11
Command History
Command introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable or Config mode on master or local controllers
1981 | show vlan-bwcontract-explist
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice alg-based-cac
show voice alg-based-cac
Description
Displays the status of the VoIP signaling based Call Admission Control (CAC).
Syntax
No parameters.
Example
The output of this command shows the status of the ALG based CAC. (host) #show voice alg-based-cac WARNING: This command will be deprecated, please use show ucc commands instead. Voice alg-based-cac:enable
Command History
Version ArubaOS 6.2
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice alg-based-cac | 1982
show voice call-cdrs
show voice call-cdrs bssid <bssid_string> cid <cid> count <count> detail essid <essid_string> extn <extn_string> ip <ipaddr> proto <proto_id> rtpa sta <mac>
Description
Displays detailed call records of voice client.
Syntax
Parameter bssid <bssid_string> cid <cid> count <count> detail
essid <essid_string>
Description
Filter records based on BSSID of voice clients.
View the detailed call records for a specific client based on the Call Detail Record (CDR) ID.
Specify the number of records to be displayed by entering a number.
Include this parameter to view the following additional information for each call record. l Reason l Codec l Band l Setup Time (sec) l Re-Assoc l Initial-BSSID l Initial-ESSID l Initial-AP Name l Call Type l Src port l Dest port l DSCP l WMM AC
Filter records based on ESSID of voice clients.
1983 | show voice call-cdrs
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter extn <extn_string> ip <ipaddr> proto <proto_id>
rtpa sta <mac>
Description
Filter records based on the extension of a voice client.
Filter records based on the IP address of a voice client.
View detailed records filtered on protocol including all of the following: l sip l svp l noe l sccp l vocera l h323 l lync
Include this parameter to view the voice call quality reports based on the call quality analysis from the RTP media streams. NOTE: This parameter is applicable only if Real Time Call Quality Analysis is enabled on the voice calls.
Filter records based on the MAC address of a voice client.
Example
The first example shows the breakdown of Lync data transfer sessions into voice, video, desktop-sharing, and file-transfer. For Lync ALG calls, if there are other sessions in addition to voice, details of such sessions are shown in a different row with the same CDR ID.
(host) #show voice call-cdrs proto lync
Voice Client(s) CDRs
--------------------
CDR Id Client IP Client Name ALG Dir Called to Status
------ --------- ----------- --- --- --------- ------
18
10.16.33.62 1000
lync IC 1001
SUCC
17
10.16.33.61 1001
lync OG 1000
SUCC
16
10.16.33.62 1000
lync IC 1001
ABORTED
10.16.33.62 1000
lync IC 1001
ABORTED
15
10.16.33.61 1001
lync OG 1000
ABORTED
10.16.33.61 1001
lync OG 1000
ABORTED
Dur(sec) Orig time
R-value Call Type
------- ---------
------- ---------
249
Feb 19 20:04:09 NA
File-transfer
249
Feb 19 20:04:09 NA
File-transfer
54
Feb 19 20:03:30 93
Voice
54
Feb 19 20:03:30 93
Video
54
Feb 19 20:03:30 93
Voice
54
Feb 19 20:03:30 NA
Video
Num CDRS:0
The second example shows details available for all ALGs when using the detail option.
(host) #show voice call-cdrs detail
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice call-cdrs | 1984
Voice Client(s) CDRs (Detail)
-----------------------------
CDR Id Client IP Client Name ALG Dir Called to Status
Dur(sec) Orig time
R-value Reason
Codec Band
Setup Time(sec) Re-Assoc Initial-BSSID
Initial-ESSID &Initial-AP Name Call Type
Src port Dest port DSCP WMM
------ --------- ----------- --- --- --------- ------
-------- ---------
------- ------
----- ----
--------------- -------- -------------
------------- --------------- ---------
-------- --------- ---- ---
18
10.16.33.62 1000
lync IC 1001
SUCC
249
Feb 19 20:04:09
NA
Terminated x-data NA
0
0
00:24:6c:27:5f:f0 akvoice1
ap_105
File-transfer 9740
22279
24 0
17
10.16.33.61 1001
lync OG 1000
SUCC
249
Feb 19 20:04:09
NA
Terminated x-data NA
0
0
00:24:6c:27:5f:f0 akvoice1
ap_105
File-transfer 22279
9740
24 0
16
10.16.33.62 1000
lync IC 1001
ABORTED 54
Feb 19 20:03:30
93
Inactivity x-msrta GREEN 0
0
00:24:6c:27:5f:f0 akvoice1
ap_105
Voice
11718
19408
46 7
10.16.33.62 1000
lync IC 1001
ABORTED 54
Feb 19 20:03:30 93
Inactivity x-rtvc1 GREEN 0
0
00:24:6c:27:5f:f0 akvoice1
ap_105
Video
4144
25942
40 5
15
10.16.33.61 1001
lync OG 1000
ABORTED 54
Feb 19 20:03:30
93
Inactivity x-msrta GREEN 0
0
00:24:6c:27:5f:f0 akvoice1
ap_105
Voice
19408
11718
46 7
10.16.33.61 1001
lync OG 1000
ABORTED 54
Feb 19 20:03:30 NA
Inactivity x-rtvc1 NA
0
0
00:24:6c:27:5f:f0 akvoice1
ap_105
Video
25942
4144
40 5
14
10.16.33.62 1000
lync IC 1001
SUCC
60
Feb 19 19:39:04
NA
Terminated x-data NA
0
0
00:24:6c:27:5f:f0 akvoice1
ap_105
Desktop-sharing 14017
21351
40 5
--More-- (q) quit (u) pageup (/) search (n) repeat
The third example illustrates details that can be extracted for a given CDR ID which can be a video or file transfer session in addition to voice in the case of Lync.
(host) #show voice call-cdrs cid 1
Voice Client(s) CDRs (Detail)
-----------------------------
CDR Id Client IP Client Name ALG Dir Called to Status Dur(sec) Orig time
------ --------- ----------- --- --- --------- ------ -------- ---------
1
10.16.33.61 1001
lync OG 1000
SUCC 1267
Feb 19 14:55:34
R-value Reason
Codec Band Setup Time(sec) Re-Assoc Initial-BSSID
------- ------
----- ---- --------------- -------- -------------
93
Terminated x-msrta GREEN 0
0
00:24:6c:27:5f:f0
Initial-ESSID Initial-AP Name Call Type Src port Dest port DSCP WMM
------------- --------------- --------- -------- --------- ---- ---
test
W-AP105
Voice
6872
15216
46 7
AP Events ---------
1985 | show voice call-cdrs
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Timestamp
BSS Id
---------
------
Feb 19 14:55:34 00:24:6c:27:5f:f0
Feb 19 15:16:41 00:24:6c:27:5f:f0
AP Station Reports
------------------
Timestamp
BSS Id
Bytes Tx-Data-Time Rx Rx-Retry
---------
------
-- ------------ -- --------
Feb 19 15:16:16 00:24:6c:27:5f:f0
48404876
00
Category -------Call Call
Event ----Call Start Call End
RSSI Tx
Tx-Drop
---- --
-------
58 656418 962
Tx-Data ------656376
Tx-Data-Retry ------------59531
Tx-Data----------119196143
Handoff Notifications
---------------------
Timestamp
AP Name
---------
-------
Feb 19 14:55:34 arun_105
BSS Id -----00:24:6c:27:5f:f0
Category -------Initial Association
Event ----Joining AP
Command History
Version ArubaOS 3.3.1
Description Command introduced.
ArubaOS 6.0
The cid and rtpa parameters were introduced.
ArubaOS 6.3
Using the detail parameter now displays the following additional fields:
l Call Type l Src port l Dest port l DSCP l WMM AC
Under the proto parameter, the lync protocol is introduced. Using the cid parameter now displays Handoff Notification for the Lync client moving from one AP to another for the specific CDR.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice call-cdrs | 1986
show voice call-counters
show voice call-counters
Description
Displays outgoing, incoming and terminated call counter details. The total calls equals the sum of the calls originated and terminated. It also equals the sum of the active, success, failed, blocked, aborted, and forwarded calls.
Syntax
No parameters.
Example
The output of this command shows call counter statitics.
(host) # show voice call-counters
System Wide Voice Call Counters
-------------------------------
Total Call Originated Call Terminated
----- --------------- ---------------
31
16
15
Active -----0
Success ------29
Failed -----0
Blocked ------0
Aborted ------2
Forwarded --------0
Command History
Version ArubaOS 3.3.1
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
1987 | show voice call-counters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice call-density
show voice call-density bssid <bssid_string> essid <essid_string> extn <extn_string> ip <ipaddr> proto <proto_id>
Description
Displays call density report for voice calls.
Syntax
Parameter bssid <bssid_string> essid <essid_string> extn <extn_string> ip <ipaddr> proto <proto_id>
Description
Filter records based on BSSID of voice clients.
Filter records based on ESSID of voice clients.
Filter records based on the extension of a voice client.
Filter records based on the IP address of an AP.
Filter records based on a VOIP protocol. Supported values are: l sip l svp l noe l sccp l vocera l h323 l lync
Example
The output of this command shows call density report for extension 3015. (host) # show voice call-density extn 3015
VoIP Call Density Report for Client '3015'
------------------------------------------
Sample Time
Orig Term Active Succ Fail
-----------
---- ---- ------ ---- ----
Jan 31 16:01:42 0
0
0
0
0
Jan 31 16:00:00 0
0
0
0
0
Jan 31 15:50:00 0
0
0
0
0
Jan 31 15:40:00 0
0
0
0
0
Jan 31 15:30:00 0
0
0
0
0
Jan 31 15:20:00 0
1
1
1
0
Jan 31 15:10:00 0
2
3
2
0
Jan 31 15:00:00 0
1
1
0
0
Blocked ------0 0 0 0 0 0 0 0
Aborted ------0 0 0 0 0 0 0 1
Forwarded --------0 0 0 0 0 0 0 0
R-Value ------NA NA NA NA NA 73.000000 84.000000 80.000000
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice call-density | 1988
Jan 31 14:50:00 0
0
0
0
0
0
0
0
NA
Jan 31 14:40:00 0
0
0
0
0
0
0
0
NA
Jan 31 14:30:00 0
0
0
0
0
0
0
0
NA
Jan 31 14:20:00 0
0
0
0
0
0
0
0
NA
Jan 31 14:10:00 0
0
0
0
0
0
0
0
NA
...
...
...
Command History
Version ArubaOS 3.0
Description Command introduced.
ArubaOS 6.3
Under the proto parameter, the lync protocol is introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
1989 | show voice call-density
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice call-perf
show voice call-perf bssid <bssid_string> essid <essid_string> extn <extn_string> ip <ipaddr> proto <proto_id>
Description
Displays the performance of voice calls of all clients connected to the controller. You can filter the report based on BSSID, ESSID, extension, IP address or the VOIP protocol type.
Syntax
Parameter bssid <bssid_string> essid <essid_string> extn <extn_string> ip <ipaddr> proto <proto_id>
Description
Filter records based on BSSID of voice clients.
Filter records based on ESSID of voice clients.
Filter records based on the extension of a voice client.
Filter records based on the IP address of an AP.
Filter records based on a VOIP protocol. Supported values are: l sip l svp l noe l sccp l vocera l h323 l lync
Example
The output of this command shows call performance report for extension 3015.
(host) # show voice call-perf extn 3015
VoIP Call Performance Report for Client '3015'
----------------------------------------------
Sample Time
Delay(ms) AP-Switch Delay(ms)
-----------
--------- -------------------
Jan 31 15:54:46 0.00
0.00
Jan 31 15:50:00 0.00
0.00
Jan 31 15:40:00 0.00
0.00
Jan 31 15:30:00 0.00
0.00
Jan 31 15:20:00 108.24
0.00
Jan 31 15:10:00 106.67
0.00
Jan 31 15:00:00 0.00
0.00
Jan 31 14:50:00 0.00
0.00
Jitter -----0.000 0.000 0.000 0.000 7.793 12.500 0.000 0.000
Packet Loss ----------0.00 0.00 0.00 0.00 8.81 4.44 0.00 0.00
R-Value ------0.00 0.00 0.00 0.00 73.00 84.00 0.00 0.00
MOS --NA NA NA NA 3.60 4.02 NA NA
Band ---NA NA NA NA YELLOW GREEN NA NA
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice call-perf | 1990
Jan 31 14:40:00 Jan 31 14:30:00 ... ... ...
0.00 0.00
Command History
Version ArubaOS 3.3.1
ArubaOS 6.3
0.00 0.00
0.000 0.00 0.000 0.00
0.00 0.00
NA NA NA NA
Description Command introduced. Under the proto parameter, the lync protocol is introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
1991 | show voice call-perf
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice call-quality
show voice call-quality bssid <bssid_string> essid <essid_string> extn <extn_string> ip <ipaddr> proto <proto_id> rtpa sta <mac>
Description
Displays voice call quality for each call over a period of time.
Syntax
Parameter bssid <bssid_string> essid <essid_string> extn <extn_string> ip <ipaddr> proto <proto_id>
rtpa
sta <mac>
Description
Filter records based on BSSID of voice clients.
Filter records based on ESSID of voice clients.
Filter records based on the extension of a voice client.
Filter records based on the IP address of a voice client.
View detailed records filtered on protocol including all of the following: l sip l svp l noe l sccp l vocera l h323 l lync
Include this parameter to view the voice call quality reports based on the call quality analysis from the RTP media streams. NOTE: This parameter is applicable only if Real Time Call Quality Analysis is enabled on the voice calls.
Filter records based on the MAC address of a voice client.
Example
The output of this command shows call quality report for calls made by extension 3015. (host) # show voice call-quality extn 3015
Voice Client(s) Call Quality Reports ------------------------------------
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice call-quality | 1992
Client(IP) ---------10.100.1.10 10.100.1.10 10.100.1.10 10.100.1.10
Client(MAC) ----------00:11:22:33:bc:bd 00:11:22:33:bc:bd 00:11:22:33:bc:bd 00:11:22:33:bc:bd
Client(Name) ALG
------------ ---
3015
sccp
3015
sccp
3015
sccp
3015
sccp
Orig Time --------Jan 31 15:10:44 Jan 31 15:07:48 Jan 31 15:01:22 Jan 31 14:58:58
Direction --------IC IC IC IC
Called/Calling Party -------------------3042 3042 3042 3042
Duration -------141 119 35 100
Codec -----
G711
Delay ----108.241 115.333 98.000 103.528
Jitter -----7.793 13.000 12.000 6.056
Pkt Loss -------8.809 8.480 0.391 4.622
R-Value ------73 78 90 80
Band ---YELLOW YELLOW GREEN GREEN
BSSID ----00:0b:86:5c:d6:08 00:0b:86:5c:d6:08 00:0b:86:5c:d6:08 00:0b:86:5c:d6:08
ESSID ----nkrtp nkrtp nkrtp nkrtp
AP Name ------voice-a voice-a voice-a voice-a
Num Records:4
Command History
Version ArubaOS 3.3.1
Description Command introduced.
ArubaOS 6.0
The rtpa and sta parameters were introduced.
ArubaOS 6.3
Under the proto parameter, the lync protocol is introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
1993 | show voice call-quality
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice call-stats
show voice call-stats bssid <bssid_string> cip <cipaddr> essid <essid_string> extn <extn_string> ip <ipaddr> proto <proto_id> sta <mac>
Description
Displays voice call statistics for each client.
Syntax
Parameter bssid <bssid_string> cip <cipaddr> essid <essid_string> extn <extn_string> ip <ipaddr> proto <proto_id>
sta <mac>
Description Filter records based on BSSID of a voice client.
Filter records based on a client's IP address.
Filter records based on ESSID of a voice client.
Filter records based on the extension of a voice client.
Filter records based on the IP address of an AP.
View detailed records filtered on protocol including all of the following: l sip l svp l noe l sccp l vocera l h323 l lync
Filter records based on the MAC address of a voice client.
Example
The output of this command shows call quality report for calls made by extension 6210. (host) # show voice call-stats
Voice Client(s) Call Statistics
-------------------------------
Client IP
Client MAC
---------
----------
10.15.86.248 00:1f:6c:7a:d4:fd
Client Name ----------6005
ALG --sccp
Originated ---------3
Terminated ---------2
Active -----0
Failed -----0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice call-stats | 1994
10.15.86.247 00:1f:6c:7a:d5:f8 6002
sccp 2
3
0
0
Success ------5 4
Blocked ------0 0
Aborted ------0 1
Duration -------20489.0/2.0/4173.0 57709.0/2.0/11616.8
R-Value ------93.00/79.00/89.00 93.00/71.00/87.00
Band ---GREEN GREEN
Num Clients:2
Command History
Version ArubaOS 3.3.1
Description Command introduced.
ArubaOS 6.3
Under the proto parameter, the lync protocol is introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
1995 | show voice call-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice client-status
show voice client-status active-only bssid <bssid_string> essid <essid_string> extn <extn_string> ip <ipaddr> proto <proto_id> sta <mac>
Description
Displays list of voice clients and their status. You can also view details of a specific voice client.
Syntax
Parameter active-only bssid <bssid_string> essid <essid_string> extn <extn_string> ip <ipaddr> proto <proto_id>
sta <mac>
Description Filter records based on active voice clients
Filter records based on BSSID of a voice client.
Filter records based on ESSID of a voice client.
Filter records based on the extension of a voice client.
Filter records based on the IP address of a voice client.
Filter records based on a VOIP protocol. Supported values are: l sip l svp l noe l sccp l vocera l h323 l lync
Filter records based on the MAC address of a voice client.
Example and Usage Guidelines
The output of this command shows details about all the voice clients on the controller.
In case of Lync voice clients, before each call leg is created, Call Admission Control (CAC) is performed if enabled. If CAC, which can be either call-count based or bandwidth based, is within limit, then the call leg is created with QoS enabled. If the call leg is not created the traffic for this call goes in best effort mode, signified by a b flag in the output shown in the second example . Note that during a call, if CAC is available, and if any message received from the Lync Network Enlightenment (LNE) senses the availability of CAC, the call leg is created, the media is prioritized, and the b flag is removed.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice client-status | 1996
(host) #show voice client-status
Voice Client(s) Status ---------------------Client(IP) Client(MAC) ---------- ----------10.15.22.32 00:1f:6c:7a:d5:30 10.16.33.62 00:24:d7:40:a8:64
Client Name ----------6001 1000
ALG --sccp lync
Server(IP) ---------10.15.32.20 10.16.10.15
Registration State -----------------REGISTERED REGISTERED
Call Status ----------Idle Idle
BSSID ----00:1a:1e:80:bb:10 00:24:6c:27:5f:f0
ESSID ----test test
AP Name ------local1 local1
Flags ----W b
Num Clients:2 Flags: V - Visitor, W - Wired, R - Remote, B - Blocked, b - Best Effort
Command History
Version ArubaOS 3.3.1
Description Command introduced.
ArubaOS 6.0
The sta para\meter was introduced.
ArubaOS 6.3
l Under the proto parameter, the lync protocol is introduced.
l b -- Best Effort flag is introduced.
l Using the ip or mac parameter now displays Handoff Notification for the Lync client moving from one AP to another.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
1997 | show voice client-status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice configurations
show voice configurations
Description
Displays the details of the voice related configurations on your controller.
Syntax
No parameters.
Example
The output of this command shows details about all voice configurations on a controller.
(host) #show voice configurations
Voice firewall policies
-----------------------
Policy
Action
------
------
Stateful SIP Processing
Enabled
Broadcast-filter ARP
Disabled
SSID Profiles
-------------
Profile Name
WMM
EDCA AP prof Strict SVP
------------
---
----------- ----------
default
Enabled
default
Disabled
qa-ma-vocera
Enabled
default
Disabled
WMM-UAPSD TSPEC Min Inactivity(msec) ... EDCA STA prof
--------- -------------------------- ... ------------- -
Enabled 100000
... default
Enabled 0
default
AP Group Profiles
-----------------
Profile Name VoIP CAC Profile
------------ ----------------
default
default
local
default
Virtual AP Group Profiles
-------------------------
Profile Name
802.11K Profile
Broadcast ARP to Unicast
------------
---------------
------------------
abcd
default
Disabled
HA Discovery on-assoc. ---------------------Disabled
Drop Broadcast/Multicast -----------------------Disabled
----
VoIP Call Admission Control Profiles
------------------------------------
Profile Name VoIP CAC
------------ ---------
default
Disabled
802.11K Profiles
----------------
Profile Name Advertise 802.11K Capability
------------ ----------------------------
default
Disabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice configurations | 1998
SIP settings ------------s Parameter --------Session Timer Session Expiry Dialplan Profile
Value ----Disabled 300 sec N/A
Voice rtcp-inactivity:disable Voice sip-midcall-req-timeout:disable
Command History
Version ArubaOS 6.0
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
1999 | show voice configurations
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice dialplan-profile
show voice dialplan-profile <profile>
Description
Displays list of SIP voice dialplan. You can also specify a dialplan to view configuration.
Syntax
No parameter.
Example
The output of this command shows list of all dialplans and the configuration of long distance dialplan.
(host) (config) #show voice dialplan-profile
Dialplan Profile List
---------------------
Name
References Profile Status
----
---------- --------------
default
1
extenstion 0
local
0
longDistance 0
Total:4
(host) (config) #show voice dialplan-profile longDistance Dialplan Profile "longDistance" ------------------------------Parameter Value --------- ----dialplan 102 +1XXXXXXXXXX 9%e
Command History
Version ArubaOS 5.0
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice dialplan-profile | 2000
show voice logging
show voice logging
Description
Displays the MAC address of the voice client that has logging enabled.
Syntax
No parameters.
Example
The output of this command shows the MAC address of the voice client that has logging enabled. (host) #show voice logging
VoIP Logging -----------Parameter --------Client's MAC Address for Logging
Value ----11:22:33:44:55:67
Command History
Version ArubaOS 6.0
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
2001 | show voice logging
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice msg-stats
show voice msg-stats lync {bssid <bssid_string> | cip <cipaddr> | essid <essid_string> | ip <ipaddr> | sta <mac>} sccp {bssid <bssid_string> | cip <cipaddr> | essid <essid_string> | ip <ipaddr> | sta <mac>} sip {bssid <bssid_string> | cip <cipaddr> | essid <essid_string> | ip <ipaddr> | sta <mac>}
Description
Displays voice client message statistics for each client using either Lync ALG, Signaling Connection Control Part (SCCP), or Session Initiation Protocol (SIP).
Syntax
Parameter bssid <bssid_string> cip <cipaddr> essid <essid_string> ip <ipaddr> sta <mac>
Description Filter records based on BSSID of a voice client. Filter records based on a client's IP address. Filter records based on ESSID of a voice client. Filter records based on the IP address of an AP. Filter records based on the MAC address of a voice client.
Example
The output of the command in the first example below shows voice message statistics for essid 'test' filtered on SCCP protocol. In both examples, the output is divided into multiple sections to better fit on the pages of this document. In the actual command-line interface, it appears in a single, long table.
(host) # show voice msg-stats sccp essid test
SCCP Voice Client(s) Msg Statistics
-----------------------------------
Client Name Client IP
AP Name
----------- ---------
-------
6005
10.15.86.248 AP-68-862
6002
10.15.86.247 AP-68-862
BSSID ----00:0b:86:6d:3e:30 00:0b:86:6d:3e:30
ESSID ----test test
Register -------5 6
Register Ack -----------1 2
Unregister ---------2 2
Unregister Ack -------------5950 5936
Keepalive --------6185 6048
Keepalive Ack ------------7 4
OpenRecvChannel --------------4 4
OpenRecvChannel Ack ------------------6 4
StartMedia ---------7 7
CloseRecvChannel ---------------6 6
StopMedia --------5 4
OffHook ------17 18
OnHook -----2 3
Ringing ------8 4
Connected --------0 0
Busy ---0 0
Hold ---0 0
Transfer Invalid -------- ------0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice msg-stats | 2002
0
Num Clients:2
The output of the command in the second example shows voice message statistics for a Lync client with a MAC address. (host) #show voice msg-stats lync sta 00:24:d7:40:ca:88
LYNC Voice Client(s) Msg Statistics
-----------------------------------
Client Name Client IP AP Name BSSID
----------- --------- -----
-----
1001
10.16.33.61 myap_105 00:24:6c:27:5f:f8
ESSID ----test
startDialog updateDialog endDialog error 200
----------- --------- -----
--- ---
5
0
5
0
10
Num Clients:1
Command History
Version ArubaOS 3.3.1
Description Command introduced.
ArubaOS 6.3
The lync parameter is introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
2003 | show voice msg-stats
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice real-time-analysis
show voice real-time-analysis [sta <client MAC address>]
Description
Displays the call quality parameters based on the call quality analysis on the RTP media streams for voice calls.
Syntax
Parameter sta
Description
View the detailed real time call quality analysis report for a voice client based on the MAC address. You can also view the average call quality values for all the clients without passing the MAC address. NOTE: The real time call quality reports are supported and applicable only for clients in decrypt-tunnel and split-tunnel modes.
Example
The output of this command shows the detailed call quality parameters based on the RTP media stream for a specific voice client.
(host) #show voice real-time-analysis sta 1c:ab:a7:2d:75:6b WARNING: This command will be deprecated, please use show ucc commands instead
Real-Time Analysis Detailed Report
----------------------------------
Time
Jitter(D)(usec) Pkt-loss(D)(%)
---------------- --------------- --------------
Mar 15 17:05:34 2.000
1.000
Mar 15 17:05:32 2.000
5.000
Mar 15 17:05:30 3.000
7.000
Mar 15 17:05:28 2.000
2.000
Delay(D)(usec) -------------255.000 211.000 203.000 271.000
UCC Score(D) --------88.360 78.360 73.360 86.360
Forward mode -----------tunnel tunnel tunnel tunnel
Command History
Version ArubaOS 6.0
Description Command introduced.
ArubaOS 6.3 ArubaOS 6.4
A new column, Forward mode was introduced in the output of the command.
The following parameters were deprecated: l Jitter(U)(msec) l rvalue(U) l Pkt-loss(U)(%) l Delay(U)(usec) l Jitter(D)(msec) l rvalue(D)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice real-time-analysis | 2004
Version
Description
The following new parameters were introduced: l Jitter(D)(usec) l UCC Score
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
2005 | show voice real-time-analysis
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice real-time-analysis-config
show voice real-time-analysis-config
Description
Displays the status of Real Time Call Quality Analysis configuration.
Syntax
No parameters.
Example
The output of this command shows the status of Real Time Call Quality Analysis configuration on a controller. (host) #show voice real-time-config
Configure Real-Time Analysis ---------------------------Parameter --------Real-Time Analysis of voice calls
Value ----Enabled
Command History
Version ArubaOS 6.0
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice real-time-analysis-config | 2006
show voice rtcp-inactivity
show voice rtcp-inactivity
Description
Displays the status of RTCP protocol.
Syntax
No parameters.
Example
The output of this command shows the status of RTCP protocol. (host) #show voice rtcp-inactivity Voice rtcp-inactivity:disable
Command History
Version ArubaOS 3.3.1
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
2007 | show voice rtcp-inactivity
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice sip
show voice sip
Description
Displays the SIP settings on the controller.
Syntax
No parameters.
Example
The output of this command shows the SIP settings on a controller. (host) #show voice sip
SIP settings ------------s Parameter --------Session Timer Session Expiry Dialplan Profile
Value ----Enabled 300 sec N/A
Command History
Version ArubaOS 6.0
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice sip | 2008
show voice sip-midcall-req-timeout
show voice sip-midcall-req-timeout
Description
Displays the status of the SIP mid-call request timeout configuration on the controller.
Syntax
No parameters.
Example
The output of this command shows the status of the SIP mid-call request timeout configuration on a controller.
(host) #show voice sip-midcall-req-timeouts Voice sip-midcall-req-timeout:disable
Command History
Version ArubaOS 6.0
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
2009 | show voice sip-midcall-req-timeout
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice statistics
show voice statistics [ cac | sip-dialplan-hits | tspec-enforcement ]
Description
Displays the CAC, UDP SIP dial plan hits, and TSPEC enforced voice statistics.
Syntax
Parameter cac
sip-dialplan-hits tspec-enforcement
Description
Displays the dropped SIP Invites and SIP Status Code for both server and the client side. Note: This filter supports only the SIP protocol and will work only if CAC is enabled for the parameters.
Displays the statistics of SIP dialplan hits.
Displays the statistics of the number of TSPEC requests accepted, rejected, or denied.
Example
The output of this command shows statistics for TSPEC enforced calls. (host) # show voice statistics tspec-enforcement
TSPEC Enforcement statistics ---------------------------Name ---TSPEC ADDTS Request TSPEC accepted TSPEC denied due to CAC TSPEC enforcement timer events Calls established within enforcement period TSPEC deleted after enforcement period
Value ----16 16 0 2 0 1
Command History
Version ArubaOS 3.3.1
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice statistics | 2010
show voice trace
show voice trace lync [count <num> | ip <ipaddr> | mac <macaddr>] sccp [count <num> | ip <ipaddr> | mac <macaddr>] sip [count <num> | ip <ipaddr> | mac <macaddr>]
Description
Displays the signaling message trace details for either Lync ALG, Signaling Connection Control Part (SCCP), or Session Initiation Protocol (SIP) clients.
Syntax
Parameter count <num> ip <ipaddr> mac <macaddr>
Description
View the specified number of the latest SIP, SCCP, or Lync voice client messages. Specify an integer value.
Specify the IP address of a client to display its SIP, SCCP, or Lync voice client messages.
Specify the IP address of a client to display its SIP, SCCP, or Lync voice client messages.
Example
The output of this command shows signaling message trace. The first example shown is for a SIP client. (host) #show voice trace sip count 4
SIP Voice Client(s) Message Trace
---------------------------------
ALG Client Name Client(MAC)
--- ----------- -----------
SIP 6201
00:24:7d:99:49:01
SIP 6201
00:24:7d:99:49:01
SIP 6201
00:24:7d:99:49:01
SIP 6201
00:24:7d:99:49:01
Client(IP) ---------10.15.20.59 10.15.20.59 10.15.20.59 10.15.20.59
Event Time ---------Aug 17 10:21:22 Aug 17 10:21:22 Aug 17 10:21:22 Aug 17 10:21:22
Direction --------Server-To-Client Client-To-Server Server-To-Client Client-To-Server
Msg --200_OK REGISTER 4XX_REQUEST_FAILURE REGISTER
BSSID ----00:1a:1e:a8:2d:80 00:1a:1e:a8:2d:80 00:1a:1e:a8:2d:80 00:1a:1e:a8:2d:80
Num of Rows:4
The second example shown is for Lync ALG, displaying the exchange between a Lync server and Lync client. The output is divided into multiple sections to better fit on the pages of this document. In the actual command-line interface, it appears in a single, long table.
(host) #show voice trace lync
Lync Voice Client(s) Message Trace ---------------------------------ALG Client Name Client(MAC)
Client(IP) Event Time
2011 | show voice trace
Dell Networking W-Series ArubaOS 6.4.x | User Guide
--Lync Lync Lync Lync
----------1000 1000 1000 1000
----------00:24:d7:40:a8:64 00:24:d7:40:a8:64 00:24:d7:40:a8:64 00:24:d7:40:a8:64
---------10.16.33.61 10.16.33.61 10.16.33.61 10.16.33.61
---------Jan 6 22:34:39 Jan 6 22:34:39 Jan 6 22:31:40 Jan 6 22:31:40
Direction --------Server-To-Client Client-To-Server Server-To-Client Client-To-Server
Msg --200 OK endDialog 200 OK startDialog
BSSID ----00:24:6c:27:5f:f8 00:24:6c:27:5f:f8 00:24:6c:27:5f:f8 00:24:6c:27:5f:f8
Num of Rows:4 The output of this command includes the following parameters:
Column ALG Client Name Client(MAC) Client(IP) Event Time Direction
Msg
BSSID
Description Displays the Application Layer Gateway protocol for Lync clients.
Displays the user name of the Lync client.
Displays the MAC address of the Lync client.
Displays the IP address of the Lync client.
Displays the time stamp when the Lync call originated.
Displays one of the following message exchange directions between the Lync server and client: l Client-To-Server l Server-To-Client
Displays one of the following signaling message types: l startDialog l updateDialog l endDialog l error l 200
Displays the BSSID of the access point to which the Lync client is connected.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show voice trace | 2012
Command History
Version ArubaOS 3.3.1 ArubaOS 6.0 ArubaOS 6.3
Description Command introduced. The trace output included the BSSID parameter. The lync parameter is introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config or Enable mode on master or local controllers
2013 | show voice trace
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show vpdn l2tp configuration
show vpdn l2tp configuration
Description
Displays the VPN L2TP tunnel configuration.
Syntax
No parameters.
Example
The output of this command shows the L2TP tunnel configuration.
(host) # show vpdn l2tp configuration
Enabled Hello timeout: 30 seconds DNS primary server: 10.16.15.1 DNS secondary server: 10.16.14.1 WINS primary server: 0.0.0.0 WINS secondary server: 0.0.0.0 PPP client authentication methods:
PAP IP LOCAL POOLS:
vpnpool: 10.16.15.150 - 10.16.15.160
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show vpdn l2tp configuration | 2014
show vpdn pptp configuration
show vpdn pptp configuration
Description
Displays the PPTP configuration on the controller.
Syntax
No parameters.
Example
The output of this command shows the L2TP tunnel configuration.
(host) # show vpdn pptp configuration
Enabled Hello timeout: 30 seconds DNS primary server: 10.15.1.1 DNS secondary server: 10.15.1.200 WINS primary server: 0.0.0.0 WINS secondary server: 0.0.0.0 PPP client authentication methods:
MSCHAP MSCHAPv2 MPPE Configuration 128 bit encryption enabled IP LOCAL POOLS
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
2015 | show vpdn pptp configuration
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show vpdn pptp local pool
show vpdn pptp local pool <pool_name>
Description
Displays the IP address pool for VPN users using Point-to-Point Tunneling Protocol.
Syntax
No parameters.
Example
The output of this command shows the all IP address pools for VPN users. (host) # show vpdn pptp local pool
IP addresses used in pool localgroup 0 IPs used - 11 IPs free - 11 IPs configured
Command History
This command was available in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show vpdn pptp local pool | 2016
show vpn-dialer
show vpn-dialer <dialer_name>
Description
Displays the VPN dialer configuration for users using VPN dialers.
Syntax
No parameters.
Example
The output of this command shows the VPN dialer configuration for remote Users.
(host) # show vpn-dialer remoteUser
remoteUser ---------Attribute --------PPTP L2TP DNETCLEAR WIREDNOWIFI PAP CHAP MSCHAP MSCHAPV2 CACHE-SECURID IKESECS IKEENC IKEGROUP IKEHASH IKEAUTH IKEPASSWD IPSECSECS IPSECGROUP IPSECENC IPSECAUTH SECURID_NEWPINMODE
Value ----disabled enabled disabled disabled enabled enabled enabled enabled disabled 4000 3DES ONE MD5 PRE-SHARE ******** 4000 GROUP1 ESP-3DES ESP-MD5-HMAC disabled
Command History
This command was introduced in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
2017 | show vpn-dialer
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show vrrp
show vrrp {{<vrid>[statistics]}|ipv6{<vrid>|stats[all]}|stats[all]|summary}
Description
Displays the list of all VRRP configuration on the controller. To view a specific VRRP configuration, specify the VRID number.
Syntax
Parameter Description
<vrid>
Displays the Virtual Router Id.
ipv6
Display VRRP information for IPv6 address.
stats
Displays the operational statistics of the VRRP.
Range Default
1-255 --
--
--
--
--
summary
Displays the number of vrrp instances for IPv4 and IPv6.
--
--
Example
The output of the following command shows the VRRP IPv4 instance with vrid 1.
(host) (config-vrrp)#show vrrp Virtual Router 1: Description Admin State UP, VR State BACKUP IP Address 0.0.0.0, MAC Address 00:00:5e:00:01:01, vlan 99 Priority 100, Advertisement 1 sec, Preemption Disable Delay 0 Hold time 45 sec Auth type NONE ******** tracking is not enabled
The output of the following command shows the statistics for IPv4 vrrp instance with vrid 10.
(host) # show vrrp 10 statistics
Virtual Router 10:
Admin State UP, VR State MASTER
Advertisements:
Sent:
249562 Received:
475
Zero priority sent:
0 Zero priority received:
0
Lower IP address received
475 Lower Priority received
3
Tracking priority overflow:
0
Advertisements received errors:
Interval mismatch
0 Invalid TTL
0
Invalid packet type
0 Authentication failure
0
Invalid auth type
0 Mismatch auth type
0
Invalid VRRP IP address
0 Invalid packet length
0
VRRP Up timestamp:
Fri Aug 23 15:49:27 2013
Master Up timestamp:
Mon Aug 26 11:59:44 2013
Last advertisement sent timestamp:
Mon Aug 26 16:38:55 2013
Last advertisement received timestamp: Mon Aug 26 11:59:44 2013
Current time:
Mon Aug 26 16:38:55 2013
Number times became VRRP Master:
2
The output of the following command provides information about IPv6 VRRP instances.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show vrrp | 2018
(host) (config) # show vrrp ipv6 Virtual Router 1:
Description Admin State DOWN, VR State INIT IPv6 Address :: MAC Address 00:00:5e:00:02:01, vlan 0 Priority 100, Advertisement 1 sec, Preemption Disable Delay 0 tracking is not enabled Virtual Router 23: Description Admin State DOWN, VR State INIT IPv6 Address :: MAC Address 00:00:5e:00:02:17, vlan 0 Priority 100, Advertisement 1 sec, Preemption Disable Delay 0 tracking is not enabled Virtual Router 255: Description Admin State UP, VR State MASTER IPv6 Address 2006::25 MAC Address 00:00:5e:00:02:ff, vlan 521 Priority 100, Advertisement 1 sec, Preemption Disable Delay 0 tracking is not enabled
The output of the following command shows the statistics for IPv6 VRRP instances.
(host) #show vrrp ipv6 stats all
Virtual Router 1:
Admin State DOWN, VR State INIT
Advertisements:
Sent:
0 Received:
0
Zero priority sent:
0 Zero priority received:
0
Lower IP address received
0 Lower Priority received
0
Tracking priority overflow:
0
Advertisements received errors:
Interval mismatch
0 Invalid TTL
0
Invalid packet type
0
Invalid VRRP IP address
0 Invalid packet length
0
VRRP Up timestamp:
N/A, DOWN
Master Up timestamp:
N/A, not MASTER
Last advertisement sent timestamp:
never
Last advertisement received timestamp: never
Current time:
Wed Sep 25 19:40:42 2013
Number times became VRRP Master:
0
Virtual Router 23:
Admin State DOWN, VR State INIT
Advertisements:
Sent:
0 Received:
0
Zero priority sent:
0 Zero priority received:
0
Lower IP address received
0 Lower Priority received
0
Tracking priority overflow:
0
Advertisements received errors:
Interval mismatch
0 Invalid TTL
0
Invalid packet type
0
Invalid VRRP IP address
0 Invalid packet length
0
VRRP Up timestamp:
N/A, DOWN
Master Up timestamp:
N/A, not MASTER
Last advertisement sent timestamp:
never
Last advertisement received timestamp: never
Current time:
Wed Sep 25 19:40:42 2013
Number times became VRRP Master:
0
The output of the following command shows VRRP IPv4 and IPv6 instances.
(host) (config) #show vrrp summary
2019 | show vrrp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Number of exisitng VRRP IPv4 instances : 2 Number of exisitng VRRP IPv6 instances : 3
The output of the following command shows the configuration for all IPv6 VRRP instances.
(host) #show vrrp ipv6 Virtual Router 1:
Description Admin State DOWN, VR State INIT IPv6 Address :: MAC Address 00:00:5e:00:02:01, vlan 0 Priority 100, Advertisement 1 sec, Preemption Disable Delay 0 tracking is not enabled Virtual Router 23: Description Admin State DOWN, VR State INIT IPv6 Address :: MAC Address 00:00:5e:00:02:17, vlan 0 Priority 100, Advertisement 1 sec, Preemption Disable Delay 0 tracking is not enabled Virtual Router 255: Description Admin State UP, VR State MASTER IPv6 Address 2006::25 MAC Address 00:00:5e:00:02:ff, vlan 521 Priority 100, Advertisement 1 sec, Preemption Disable Delay 0 tracking is not enabled
The output of the following command shows the statistics for IPv4 VRRP instances.
(host) #show vrrp stats all
Virtual Router 1:
Admin State DOWN, VR State INIT
Advertisements:
Sent:
0 Received:
0
Zero priority sent:
0 Zero priority received:
0
Lower IP address received
0 Lower Priority received
0
Tracking priority overflow:
0
Advertisements received errors:
Interval mismatch
0 Invalid TTL
0
Invalid packet type
0 Authentication failure
0
Invalid auth type
0 Mismatch auth type
0
Invalid VRRP IP address
0 Invalid packet length
0
VRRP Up timestamp:
N/A, DOWN
Master Up timestamp:
N/A, not MASTER
Last advertisement sent timestamp:
never
Last advertisement received timestamp: never
Current time:
Wed Sep 25 19:55:33 2013
Number times became VRRP Master:
0
Virtual Router 23:
Admin State DOWN, VR State INIT
Advertisements:
Sent:
0 Received:
0
Zero priority sent:
0 Zero priority received:
0
Lower IP address received
0 Lower Priority received
0
Tracking priority overflow:
0
Advertisements received errors:
Interval mismatch
0 Invalid TTL
0
Invalid packet type
0 Authentication failure
0
Invalid auth type
0 Mismatch auth type
0
Invalid VRRP IP address
0 Invalid packet length
0
VRRP Up timestamp:
N/A, DOWN
Master Up timestamp:
N/A, not MASTER
Last advertisement sent timestamp:
never
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show vrrp | 2020
Last advertisement received timestamp: Current time: Number times became VRRP Master:
never Wed Sep 25 19:55:33 2013 0
Command History
Version ArubaOS 1.0
Modification Command introduced
ArubaOS 3.3
The tracking interface and tracking vlan parameters were introduced.
ArubaOS 3.3.2
The add option was removed from the tracking interface and tracking vlan parameters.
ArubaOS 6.4
The ipv6, stats, and summary parameters were introduced.
ArubaOS 6.4.3.0
The holdtime parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
2021 | show vrrp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show web-cc
show web-cc categories reputation stats status global-bandwidth-contract all|{web-cc-category <category>}|{web-cc-reputation <reputation>}
Description
Display information about web content (web-cc) classification settings, category and reputation types, classification statistics and bandwidth contracts.
Syntax
Parameter categories
Description
Display the category index number and the category name for each category type.
reputation
stats
status
global-bandwidth-contract
all web-cc-category <category> web-cc-reputation <reputation>
Display the different reputation levels, and the range of reputation scores associated with each level.
Display counters for web content traffic and web content classification table statistics
Display information about the current operational status of the web content classification feature.
Display settings for global bandwidth contracts assigned to web content classification category types and reputation levels.
Show all bandwidth contracts
Display information for the specified web-cc category bandwidth contract.
Display information for the specified web-cc reputation bandwidth contract.
Usage Guidelines
The web content classification feature classifies all (HTTP) web traffic on the network. The output of the show web-cc command displays information about Webroot classification categories and risk reputation levels, bandwidth contracts, and the web content classification cache and database.
Example
The following command shows the global bandwidth contracts applied to upstream and downstream traffic matching the music content category.
(host)#how web-cc global-bandwidth-contract web-cc-category music Web-cc Global Bandwidth Contract -------------------------------Web-cc Category/Reputation Direction Rate (bits/second) Contract Id -------------------------- --------- ------------------ -------- --
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show web-cc | 2022
web-cc-category music web-cc-category music
Upstream 55000000 Downstream 20000000
music-2126 2 music-745c 1
The output of the show web-cc command varies, depending upon the parameters specified. The following table describes the information displayed in the output of this command when that parameter is included.
Parameter categories
Description
Include this parameter to display the following information categories in the command output: l Name: names of the available web content classification catetories l Web Category ID: ID number associated with a category name.
reputation
Include this parameter to display the following information categories in the command output:
l RiskLevel: names of the available web content classification risk levels
l Score: Range of risk scores associated with a risk level
Stats
Include this parameter to display the following information categories in the command output:
l URL miss from sos: number of times a URL was not found in the internal web content classification cache.
l Database hit: number of times a URL was not found in the interal web content classification cache, but was found by the local web content classification database.
l Cloud lookup: number of times a URL was not found by the local web content classification database, and was sent to the cloud for identification.
l Cloud response: number of times the cloud responded to a cloud lookup request.
l RTU updates: Number of times that the internal web content classification cache was udpated
l DB Entries: Maximum number of entries allowed in the local web content classification database. This value varies by controller type.
Status
Include this parameter to display the following information categories in the command output:
l Web Content Classification enabled: Shows if the web content classification feature is enabled or disabled.
l DNS/Name Server configured: Shows if DNS is configured on the controller. The web content classification feature uses DNS to identify the URL cloud server, so DNS must be configured on the controller for this feature to work.
l URL Cloud lookup server reachable: Indicates if the controller is able to contact the URL cloud server.
global-bandwidth-contract
Include this parameter to display the following information categories in the command output:
l Web-cc Category/Reputation: Name of the web content
2023 | show web-cc
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
classification category or reputation level. l Direction: indicates whether the contract applies to upstream or
downstream traffic. l Rate (bits/second) : bandwidth contract rate, in bits/second. l Contract: unique name assigned to the web-cc global bandwidth
contract. l Id: identification number assigned to the web-cc global bandwidth
contract.
Related Commands
Command web-cc
Description
This command defines global bandwidth contracts for HTTP traffic matching a predefined web content category or reputation type.
Mode Config mode
Command History
Version ArubaOS 6.4.2.0
Modification Command introduced.
Command Information
Platforms All platforms
Licensing PEF-NG license
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show web-cc | 2024
show web-server
show web-server profile statistics
Description
Displays the configuration and statistics of the controller's web server.
Syntax
Parameter profile
Description Displays the web server configuration profile.
statistics
Displays the web server statistics. This command helps to troubleshoot Captive Portal scale issues.
Range Default
--
--
--
--
Example
The output of this command shows the web-server configuration. (host) # show web-server profile
Web Server Configuration -----------------------Parameter --------Cipher Suite Strength SSL/TLS Protocol Config Switch Certificate Captive Portal Certificate Management user's WebUI access method User session timeout <30-3600> (seconds) Maximum supported concurrent clients <25-320> Enable WebUI access on HTTPS port (443) Web Lync Listen Port <1024-65535> Enable bypass captive portal landing page
Value ----high sslv3 tlsv1 default default username/password 900 25 false 0 false
The output of this command displays the web-server statistics.
(host) #show web-server statistics
Web Server Statistics:
----------------------
Current Request Rate:
1 Req/Sec
Current Traffic Rate:
1 KB/Sec
Busy Connection Slots:
7
Available Connection Slots:
68
Total Requests Since Up Time: 284
Total Traffic Since Up Time:
1122 KB
Avg. Request Rate Since Up Time: 1 Req/Sec
Avg. Traffic Rate Since Up Time: 6144 Bytes/Sec
Server Scoreboard:
______________KKKKKK_W_____________
Scoreboard Key: _ - Waiting for Connection, s - Starting up R - Reading Request, W - Sending Reply K - Keepalive, D - DNS Lookup
2025 | show web-server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
C - Closing connection, L - Logging G - Gracefully finishing, I - Idle cleanup of worker . - Open slot with no current process
The output of this command includes the following parameters.
Parameter Current Request Rate
Description
HTTP/HTTPS request rate measured immediately within the last one second.
Current Traffic Rate
HTTP/HTTPS data transfer rate measured immediately within the last one second.
Busy Connection Slots
Number of simultaneous HTTP/HTTPS sessions currently being served. Each session occupy one slot from the total available slot configured under the web-max-clients <web-max-client> parameter.
Available Connection Slots
Number of simultaneous HTTP/HTTPS sessions which can be served more than what is being served currently.
Total Requests Since Up Time
Total number of HTTP/HTTPS requests received by the web server since the server was up.
Total Traffic Since Up Time
Total number of HTTP/HTTPS traffic handled by the web server since the server was up.
Avg. Request Rate Since Up Time
Lifetime average of HTTP/HTTPS request rate. This is calculated by dividing the total number of requests received with the web server up-time.
Avg. Traffic Rate Since Up Time
Lifetime average of HTTP/HTTPS traffic rate. This is calculated by dividing the total of HTTP/HTTPS traffic with the web server uptime.
Server Scoreboard
Displays information of each worker thread of web server.
Command History
Version ArubaOS 3.0 ArubaOS 6.3
ArubaOS 6.4.2.3 ArubaOS 6.4.2.5
Description Command introduced.
The output of this command displays the WebUI access on HTTPS port 443 status and the Web Lync Listen Port.
The profile and statistics parameters were introduced.
The Enable bypass captive portal landing page parameter was introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show web-server | 2026
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config or Enable mode on master or local controllers
2027 | show web-server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show whitelist-db cpsec
show whitelist-db cpsec cert-type {factory-cert|switch-cert} mac-address <name> page <num> start <offset> state {approved-ready-for-cert|certified-factory-cert|unapproved-factory-cert|unapprovedno-cert}
Description
Display the campus AP whitelist for campus APs using the control plane security feature.
Syntax
Parameter
Description
cert-type factory-cert|switch-cert
l factory-cert: Use this parameter if AP is using a factory certificate.
l switch-cert: Use this parameter if AP is using a certificate signed by the switch
mac-address <name>
MAC address of the campus AP you want to enter into the CPsec whitelist database.
page <num>
ArubaOS CLI displays 50 whitelist database entries per page. Filter the output of this command by displaying information starting at the specified page number.
start <offset>
Start displaying the table at the specified record in the database
state approved-ready-for-cert certified-factory-cert unapproved-factory-cert unapproved-no-cert
l approved-ready-for-cert: AP in Approved state and is ready to receive a certificate.
l certified-factory-cert: AP in Certified state and has a factory certificate.
l unapproved-factory-cert: AP in Unapproved state and has a factory certificate.
l unapproved-no-cert: AP in Unapproved state and has no or unknown certificate.
Usage Guidelines
Use this command to display the contents of the control plane security whitelist. To view information for a single AP, use the command show whitelist-db cpsec mac-address <mac-address>. To view a list of all secure APs on your controller, use the command show whitelist-db cpsec. If your deployment includes both master and local controllers, then the campus AP whitelist on every controller contains an entry for every secure AP on the network, regardless of the controller to which it is connected.
Example
The output of the following command shows the campus AP whitelist entry for an AP with the MAC address 00:16:CF:AF:3E:E1: (host) #show whitelist-db cpsec mac-address 00:16:CF:AF:3E:E1
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show whitelist-db cpsec | 2028
Control-Plane Security Whitelist-entry Details
----------------------------------------------
MAC-Address
AP-Group
AP-Name
-----------
--------
-------
00:16:CF:AF:3E:E1 employee
ap-office1
Enable -----Enabled
State ----cert-cont-cert
Cert-Type Description Revoke Text Last Updated
--------- ----------- ----------- ------------
switch-cert
Fri Oct 16 01:21:09 2009
Whitelist Entries: 1 The output of this command includes the following parameters:
Parameter MAC-Address Enable State
Cert-Type Description Revoke Text Last Updated
Description
MAC address of the campus AP.
Shows whether the campus AP has been enabled or disabled.
Shows the current state of the campus AP. l unapproved-no-cert: AP has no certificate and is not approved. l unapproved-factory-cert: AP has a preinstalled certificate that was not
approved. l approved-ready-for-cert: AP is valid, but is waiting to receive a certificate. l certified-factory-cert: AP has an approved factory-installed certificate l certified-controller-cert: AP has an approved certificate from the
controller. l certified-hold-factory-cert: An AP is put in this state when the controller
thinks the AP has been certified with a factory certificate yet the AP requests to be certified again. Since this is not a normal condition, the AP will not be reapproved as a secure AP until a network administrator manually changes the status of the AP to verify that it is not compromised. l certified-hold-controller-cert: An AP is put in this state when the controller thinks the AP has been certified with a controller certificate yet the AP requests to be certified again. Since this is not a normal condition, the AP will not be reapproved as a secure AP until a network administrator manually changes the status of the AP to verify that it is not compromised.
Type of certificate used by the AP. l switch-cert: AP received a certificate from the controller l factory-cert: AP has a factory-installed certificate
If you included an optional description when you added the AP to the campus AP whitelist, that description will appear here.
If you included an optional revoke description when you manually revoked the AP, that description will appear here.
Date and time that the AP record was last updated in the database.
2029 | show whitelist-db cpsec
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands
Command
Description
Mode
whitelist-db cpsec add mac-address <name> Configure the campus AP whitelist for the control plane security feature.
Config mode
Command History
Release ArubaOS 5.0 ArubaOS 6.4.1.0
ArubaOS 6.4.3.0
Modification
Command introduced.
The following new parameters were introduced: l cert-type l page l start l state
The ap-group and ap-name parameters were introduced as part of this command output.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show whitelist-db cpsec | 2030
show whitelist-db cpsec-local-switch-list
show whitelist-db cpsec-local-switch-list [mac-address <mac-address>]
Description
Display the list of local controllers with APs using the control plane security feature.
Syntax
Parameter mac-address <mac-address>
Description MAC address of the local controller whose data you want to view.
Usage Guidelines
When you use the control plane feature on a network with both master and local controllers, the master controller maintains a whitelist of local controllers with APs using control plane security. When you change a campus AP whitelist on any controller, that controller contacts the master controller to check the local switch whitelist, then contacts every other controller on the local switch whitelist to notify it of the change. This allows an AP to move between local controllers and still stay connected to the secure network.
To view information for a single local controller, use the command show whitelist-db cpsec-local-switchlist mac-address <mac-address>. To view a list of all local controllers, use the command show whitelist-db cpsec-local-switch-list.
Example
The following command shows information for all local controllers in the local controller whitelist:
(host) #show whitelist-db cpsec-local-switch-list
Registered Local Switch Details
-----------------------------------
MAC-Address
IP-Address Sequence Number Remote Sequence Number NULL Update Count
-----------
---------- --------------- ---------------------- -----------------
00:0b:86:51:a5:4c 10.3.53.2
31
0
00:A0:C9:14:C8:29 10.3.53.4
30
0
Local Purge Remote Purge Remote Last-Seq Last Update Sent
Last Update Received
----------- ------------ --------------- ----------------
--------------------
0
0
2
Mon May 4 13:33:29 2013 Mon May 4 13:33:18 2013
0
0
2
Mon May 4 13:32:55 2013 Mon May 4 13:32:19 2013
Whitelist Entries: 2 The output of this command includes the following information:
Parameter MAC-Address IP-Address
Description MAC address of the local controller. IP address of the local controller.
2031 | show whitelist-db cpsec-local-switch-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Sequence Number
Description
The number of times the local controller in the whitelist received and acknowledged a campus AP whitelist change from the master controller. In the example above, both local controllers received and acknowledged three campus AP whitelist changes sent from the master controller.
Remote Sequence Number
The number of times that the master controller has received and acknowledged a campus AP whitelist change from the local controller in the whitelist. In the example above, the master controller received and acknowledged a single campus AP whitelist change from the local controller with the MAC address 00:0b:86:51:a5:4c.
Null Update Count
The number of times the controller has checked its control plane security whitelist and found nothing to synchronize with the remote controller. By default, the controller compares its control plane security whitelist against whitelists on other controllers every minute. If the null update count reaches 5, the controller will send an "empty sync" heartbeat to the remote controller to ensure the sequence numbers on both controllers are the same, then reset the null update count to zero.
Related Commands
Command
Description
whitelist-db cpsec-local-switch-list Configure the local controller whitelist for the control plane security feature.
Mode
Config mode
Command History
Version ArubaOS 5.0 ArubaOS 6.0
Modification
Command introduced
The cpsec-local-ctrlr-list parameter was modified to cpsec-localswitch-list
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show whitelist-db cpsec-local-switch-list | 2032
show whitelist-db cpsec-master-switch-list
show cpsec-master-ctlr-list-db cpsec show whitelist-db cpsec-master-switch-list [mac-address <mac-address>]
Description
Display the master switch list whitelist on local controllers with APs using the control plane security feature.
Syntax
Parameter mac-address <mac-address>
Description MAC address of the master controller.
Usage Guidelines
When you use the control plane feature on a network with both master and local controllers, each local controller has a master switch whitelist which contains the IP and MAC addresses of its master controller. If your network has a redundant master controller, then this whitelist will contain more than one entry.
To view information for a single master controller, use the command show whitelist-db cpsec-masterswitch-list mac-address <mac-address>. To view a list of all master controllers, use the command show whitelist-db cpsec-master-switch-list.
Example
The following command shows that the local controllers have a single master controller with the IP address 10.3.53.3:
(host) #show whitelist-db cpsec-master-list
Registered Master Switch Details
--------------------------------
Active MAC-Address
IP-Address Sequence Number Remote Sequence Number NULL Update
Count
------ -----------
---------- --------------- ---------------------- --------------
---
1
00:0b:86:61:ed:6c 10.3.53.11 1
3
1
Local Purge Remote Purge Remote Last-Seq Last Update Sent
Last Update Received
----------- ------------ --------------- ----------------
--------------------
0
0
1
Tue Aug 2 13:33:29 2012 Tue Aug 2 13:33:18 2012
The output of this command includes
Syntax
Parameter MAC-Address IP-Address
Description MAC address of the master controller. IP address of the master controller.
2033 | show whitelist-db cpsec-master-switch-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Sequence Number
Description
The number of times the master controller in the whitelist received and acknowledged a campus AP whitelist change from the local controller. In the example above, the master controller received and acknowledged one campus AP whitelist change from the local controller.
Remote Sequence Number
The number of times that the local controller has received and acknowledged a campus AP whitelist change from the master controller in the whitelist. In the example above, the local controller received and acknowledged three campus AP whitelist updates from the master controller.
Null Update Count
The number of times the controller has checked its control plane security whitelist and found nothing to synchronize with the master controller. By default, the controller compares its control plane security whitelist against whitelists on other controllers every minute. If the null update count reaches 5, the controller will send an "empty sync" heartbeat to the remote controller to ensure the sequence numbers on both controllers are the same, then reset the null update count to zero.
Related Commands
Command
Description
whitelist-db cpsec-master-switch-list Configure the master controller whitelist for the control plane security feature.
Mode
Config mode
Command History
Version ArubaOS 5.0 ArubaOS 6.0
Modification
Command introduced
The cpsec-master-ctrlr-list parameter was modified to cpsec-masterswitch-list
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode Config mode on local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show whitelist-db cpsec-master-switch-list | 2034
show whitelist-db cpsec-seq
show whitelist-db cpsec-seq
Description
Display the current sequence number for the master or local controller whitelists.
Syntax
No Parameters
Usage Guidelines
The current sequence number in the Sequence Number Details table shows the number of changes to the campus AP whitelist made on this controller.
Each controller compares its campus AP whitelist against whitelists on other controllers every two minutes. If a controller detects a difference, it will send its changes to the other controllers on the network. If all other controllers on the network have successfully received and acknowledged all whitelist changes made on this controller, every entry in the sequence number column in the controller whitelist will have the same value as the number displayed in the Sequence Number Details table. If a controller in the master or local controller whitelist has a lower sequence number, that controller may still be waiting to complete its update, or its update acknowledgement may not have yet been received.
Example
The output of the first command below shows that the campus AP whitelist has been updated 3 times on the master controller. The second command shows the local controller list on the master controller, and verifies that both local controllers have received and acknowledged all three of these changes.
(host) #show whitelist-db cpsec-seq
Sequence Number Details
-----------------------
Table Name
Current Seq Number
----------
------------------
cpsec_whitelist 3
Whitelist Entries: 97
(host) # show whitelist-db cpsec-local-list
Registered Local Controller Details
-----------------------------------
MAC-Address
IP-Address Sequence Number
-----------
---------- ---------------
00:0b:86:51:a5:4c 10.3.53.2
3
0
00:A0:C9:14:C8:29 10.3.53.4
3
0
Remote Sequence Number ---------------------1
0
NULL Update Count -----------------
Whitelist Entries: 2
2035 | show whitelist-db cpsec-seq
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands
Command
Description
Mode
whitelist-db cpsec add mac-address <name> Configure the campus AP whitelist for the control plane security feature.
Config mode
Command History
This command was introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show whitelist-db cpsec-seq | 2036
show whitelist-db cpsec-status
show whitelist-db cpsec-status [lms-list]
Description
Display aggregate status information APs in the campus AP whitelist.
Syntax
Parameter lms-list
Description Displays a list of LMS IP addresses.
Example
The output of the following command shows current status information for all APs in the campus AP whitelist: (host) #show whitelist-db cpsec-status
My Mac-Address My IP-Address Master IP-Address Switch-Role Whitelist-sync is enabled
00:1a:1e:00:89:b8 192.0.2.1 192.0.2.1 Master
Entries in Whitelist database
Total entries:
41
Approved entries:
0
Unapproved entries:
0
Certified entries:
40
Certified hold entries:
0
Revoked entries:
1
Marked for deletion entries: 0
Current Sequence Number:
0
The output of this command includes:
Parameter My Mac-Address My IP-Address Master IP-Address Switch-Role Whitelist-sync is enabled
Description The MAC address of the controller. The IP address of the controller. The IP address of the master controller. The role of the controller. The status of the whitelist synchronization with local or cloud services controller.
2037 | show whitelist-db cpsec-status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Total entries
Description Total number of entries in the campus AP whitelist
Approved entries:
Number of APs that are valid, but is waiting to receive a certificate.
Unapproved entries
Number of APs that have certificate that was not not approved.
Certified entries
Number of APs that have an approved certificate.
Certified hold entries
Number of APs in the certified hold state. An AP is put in this state when the controller thinks the AP a certified certificate yet the AP requests to be certified again. Since this is not a normal condition, the AP will not be reapproved as a secure AP until a network administrator manually changes the status of the AP to verify that it is not compromised.
Revoked entries
Number of APs whose entries have been revoked
Marked for deletion entries
Number of APs whose entries have been marked for deletion. An entry will not be permanently deleted until all other controllers on the network acknowledge the deletion.
Related Commands
Command show whitelist-db cpsec
Description
Display the campus AP whitelist for campus APs using the control plane security feature.
Command History
Version ArubaOS 5.0 ArubaOS 6.4.3.0
Description
Command introduced.
The Whitelist-sync is enabled parameter was introduced as part of the command output.
This command was introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show whitelist-db cpsec-status | 2038
show whitelist-db rap
show whitelist-db rap apgroup <ap-group> apname <ap-name> export-css <filename> fullname <full-name> long mac-address <address> page <num> start <offset>
Description
View detailed information for the remote AP whitelist database.
Syntax
Parameter
Description
apgroup <ap-group>
Display specific AP-entries for this AP-group.
apname <ap-name>
Display specific AP-entry for this AP-name.
export-css
Export the remote AP white list to a file in the controller's /flash/config/ folder. This file can be given to a content security provider to manage the remote AP database.
fullname <full-name> Display specific AP-entry for this full-name in the RAP whitelist database.
long
Display additional debugging information about an entry in the RAP whitelist, including when it was last updated, the sequence number for the update, and any flags for the entry.
mac-address <mac-addr> Display a whitelist entry for the specified RAP MAC address.
page
ArubaOS CLI displays 50 whitelist database entries per page. Filter the output of this command by displaying information starting at the specified page number.
start <offset>
Start displaying the table at the specified record in the database
Example
In the example below, the command output has been divided into two tables to fit on a single page of this document. In the command-line interface, this output would appear in a single, wide table.
(host) #show whitelist-db rap
AP-entry Details ----------------
Name ---00:0b:86:c3:58:38 00:0b:86:66:01:aa 00:1a:1e:c0:1b:e0 00:0b:86:66:03:3f
AP-Group -------local default default default
AP-Name ------AP-5B AP-5C AP-99 LAB-AP
Full-Name --------chucks_AP upstairs
addtl_rap
Authen-Username --------------Dev\Sarah Dev Dev\Chris PM\Kumar
Revoke-Text -----------
AP invalid
2039 | show whitelist-db rap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
00:0b:86:66:02:09 default LAB-AP
AP_Authenticated ---------------Authenticated Provisioned Authenticated Authenticated Provisioned
Description -----------
Date-Added ---------Thu Mar 5 21:25:36 2009 Thu Mar 5 21:25:49 2009 Wed Mar 4 20:16:16 2009 Tue May 19 07:53:29 2009 Fri May 8 10:37:40 2009
Enabled ------Yes No Yes Yes Yes
Remote-IP ------192.0.2.3 192.0.2.78 192.0.2.6 192.0.2.12 192.0.2.13
AP Entries: 5
The output of this command includes the following information:
Parameter Name AP-Group AP-name Full-name AuthenUsername
Revoke-Text
AP_ Authenticated
Description
MAC address of the remote AP.
Name of the AP group to which th remotee AP has been assigned.
Name of the remote AP. If no name has been specified, this column will display the remote AP's MAC address
Text string used to identify the remote AP. This field often describes the AP's user, and corresponds to the User Name field in the RAP whitelist in the WebUI.
User name of the user who authenticated the remote AP. This parameter holds the user name of the user who authenticated the remote AP. This is related to the zero touch authentication feature, as a user needs authenticate an AP before it gets its complete configuration. Before the AP is authenticated, it is given a restricted configuration to allow users to perform captive portal authorization via the remote AP's ENET ports to authenticate the remote AP. The username used during captive portal authentication will be stored in this field. This cannot be added manually when creating a local-userdb-ap entry.
The command whitelist-db rap revoke includes an optional revoke-comment parameter that allows network administrators to explain why the remote AP was revoked. If a remote AP is revoked, and a revoke comment entered, this text appears in the revoke-text column in the show whitelist-db rapcommand. When a local DB entry is reenabled via the command whitelist-db rap modify mac-addr mode enable, this field is cleared.
This column indicates the authorization status of the RAP. A RAP can either be Authenticated or Provisioned.
Remote APs that do not support certificated-based provisioning will always display a Provisioned status.
Remote APs that support certificated-based provisioning can display either a Authenticated or Provisioned status, depending on their configuration and authentication status.
l If the remote AP has a defined AP authorization profile, the remote AP will be in a "Provisioned" state with a limited configuration until it is authenticated. After it the remote AP has been authenticated, it will be in an "Authenticated" state.
l If the remote AP does not have a defined AP authorization profile, the remote AP will be in a"Provisioned" state, but will still receive the full configuration assigned to that AP and its AP group.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show whitelist-db rap | 2040
Parameter Description Date-Added Enabled
Description A text string used to further identify the remote AP.
Date and time that the AP was added to the local user database
This column shows if the entry in the database is enabled or disabled. Database entries can be enabled or disabled using the CLI commands:
{enable|disable}
whitelist-db rap {add|modify} mac-address <mac-addr> mode
and
whitelist-db rap revoke mac-address <mac-addr>
Related Commands
Command whitelist-db rap add
Description
Add, delete, modify or revoke remote AP entries in the current emote AP whitelist table.
Command History
Release ArubaOS 5.0 ArubaOS 6.4.1.0
Modification
Command introduced.
The following new parameters were introduced: l apgroup l apname l fullname
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers.
2041 | show whitelist-db rap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show whitelist-db rap-local-switch-list
show whitelist-db rap-local-switch-list [mac-address <mac-address>]
Description
Display the remote AP whitelist local switch list on a master controller.
Syntax
Parameter mac-address <mac-address>
Description MAC address of the local controller whose data you want to view.
Usage Guidelines
When you have remote APs on a network with both master and local controllers, the master controller maintains a whitelist of local controllers with remote APs. When you change a remote AP whitelist on any controller, that controller contacts the master controller to check the local switch whitelist, then contacts every other controller on the local switch whitelist to notify it of the change. This allows a remote AP to move between local controllers and still stay connected to the secure network.
To view information for a single local controller, use the command show whitelist-db rap-local-switch-list mac-address <mac-address>. To view a list of all local controllers, use the command show whitelist-db rap-local-switch-list.
Example
The following command shows information for all local controllers in the local controller whitelist. The output in the example below has been divided into sections to better fit on the pages of this document. In the ArubaOS CLI, the output appears in a single, long table.
(host) #show whitelist-db rap-local-switch-list
Active MAC-Address
IP-Address
------- -----------
----------
1
00:0b:86:51:a5:4c 10.3.53.2 3
1
00:A0:C9:14:C8:29 10.3.53.4 3
Sequence Number ---------------
1 0
Remote Sequence Number ----------------------
NULL Update Count ----------------0 0
Local Purge ----------0 0
Remote Purge -----------0 0
Remote Last-Seq ---------------
2 2
Last Update Sent ----------------
Mon May 4 13:33:29 2013 Mon May 4 13:32:55 2013
Last Update Received -------------------Mon May 4 13:33:18 2013 Mon May 4 13:32:19 2013W
Whitelist Entries: 2
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show whitelist-db rap-local-switch-list | 2042
The output of this command includes the following information:
Parameter
Description
Active
Shows if the controller is active on the network. l 1: Active l 0: Inactive
MAC-Address
MAC address of the local controller.
IP-Address
IP address of the local controller.
Sequence Number
The number of times the local controller in the whitelist received and acknowledged a remote AP whitelist change from the master controller. In the example above, both local controllers received and acknowledged three remote AP whitelist changes sent from the master controller.
Remote Sequence Number
The number of times that the master controller has received and acknowledged a remote AP whitelist change from the local controller in the whitelist. In the example above, the master controller received and acknowledged a single remote AP whitelist change from the local controller with the MAC address 00:0b:86:51:a5:4c.
Null Update Count
The number of times the controller has checked its remote AP whitelist and found nothing to synchronize with the remote controller. By default, the controller compares its remote AP whitelist against whitelists on other controllers every minute. If the null update count reaches 5, the controller will send an "empty sync" heartbeat to the remote controller to ensure the sequence numbers on both controllers are the same, then reset the null update count to zero.
Related Commands
Command
show whitelist-db rap-masterswitch-list
whitelist-db rap del
Description
Delete a master controller from the master switch table used by the remote AP whitelist
Remove an AP entry from the remote AP whitelist.
Mode Config mode
Config mode
Command History
Version ArubaOS 6.3
Modification Command introduced
2043 | show whitelist-db rap-local-switch-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show whitelist-db rap-local-switch-list | 2044
show whitelist-db rap-master-switch-list
show whitelist-db rap-local-switch-list [mac-address <mac-address>]
Description
Display the remote AP whitelist master switch list on local controllers with remote APs
Syntax
Parameter mac-address <mac-address>
Description MAC address of the local controller whose data you want to view.
Usage Guidelines
When your network has with both master and local controllers, each local controllerwith associated remote APs has a master switch whitelist which contains the IP and MAC addresses of its master controller. If your network has a redundant master controller, then this whitelist will contain more than one entry.
To view information for a single master controller, use the command show whitelist-db rap-master-switchlist mac-address <mac-address>. To view a list of all master controllers, use the command show whitelistdb rap-master-switch-list.
Example
The following command shows that the local controllers have a single master controller with the IP address 192.0.2.143. The output in the example below has been divided into sections to better fit on the pages of this document. In the ArubaOS CLI, the output appears in a single, long table.
Active MAC-Address
IP-Address
------- -----------
----------
1
00:0b:86:51:a5:4c 192.0.2.14
Sequence Number
--------------2
Remote Sequence Number --------------2
NULL Update Count ----------------0 0
Local Purge Remote Purge Remote Last-Seq Last Update Sent
----------- ------------ --------------- ----------------
0
0
1
Mon May 4 12:44:24
Last Update Received -------------------Mon May 4 12:44:20
Whitelist Entries: 1 The output of this command includes the following information:
Parameter Active
Description
Shows if the controller is active on the network. l 1: Active l 0: Inactive
2045 | show whitelist-db rap-master-switch-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter MAC-Address
Description MAC address of the mastercontroller.
IP-Address
IP address of the mastercontroller.
Sequence Number
The number of times the mastercontroller in the whitelist received and acknowledged a remote AP whitelist change from the local controller. In the example above, the master controllers received and acknowledged three remote AP whitelist changes sent from a local controller.
Remote Sequence Number
The number of times that the local controller has received and acknowledged a remote AP whitelist change from the mastercontroller in the whitelist.
Null Update Count
The number of times the controller has checked its remote AP whitelist and found nothing to synchronize with the remote controller. By default, the controller compares its remote AP whitelist against whitelists on other controllers every minute. If the null update count reaches 5, the controller will send an "empty sync" heartbeat to the remote controller to ensure the sequence numbers on both controllers are the same, then reset the null update count to zero.
Related Commands
Command
Description
whitelist-db rap-local-switch-list Delete a local controller from the local switch table used by the remote AP whitelist
whitelist-db rap del
Remove an AP entry from the remote AP whitelist.
Mode Config mode
Config mode
Command History
Version ArubaOS 6.3
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show whitelist-db rap-master-switch-list | 2046
show whitelist-db rap-status
show whitelist-db rap-status
Description
Display aggregate status information APs in the remote AP whitelist.
Syntax
No parameters.
Example
The output of the following command shows current status information for all APs in the remote AP whitelist: (host) #show whitelist-db rap-status Entries in Whitelist database
Total entries:
41
Revoked entries:
1
Marked for deletion entries: 0
The output of this command includes
Syntax
Parameter Total entries
Description Total number of entries in the remote AP whitelist
Revoked entries
Number of remote APs whose entries have been revoked
Marked for deletion entries
Number of remote APs whose entries have been marked for deletion. An entry will not be permanently deleted until all other controllers on the network acknowledge the deletion.
Related Commands
Command
Description
Mode
show whitelist-db rap-masterswitch-list
Display the list of master controllers with remote APs managed using the remote AP whitelist
Enable or Config mode
show whitelist-db rap-localswitch-list
Display the list of local controllers with remote APs managed using the remote AP whitelist
Enable or Config mode
show whitelist-db rap
View detailed information for the remote AP whitelist database.
Enable or Config mode
whitelist-db rap add
Add an AP entry to the remote AP whitelist.
Config mode
Command History
This command was introduced in ArubaOS 5.0.
2047 | show whitelist-db rap-status
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show whitelist-db rap-status | 2048
show wlan anyspot-profile
show wlan anyspot-profile [<profile-name>]
Description
The output of this command displays configuration settings for a WLAN anyspot profile.
Syntax
Parameter <profile>
Description Name of an anyspot profile
Usage Guidelines
The anyspot client probe suppression feature decreases network traffic by suppressing probe requests from clients attempting to locate and connect to other known networks. Issue this command without the <profile> parameter to display the entire anyspot profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Example
The following command displays configuration information for an active (enabled) anyspot profile with two excluded ESSIDs, and one preset ESSID.
Anyspot profile "default" ------------------------Parameter --------Enable Anyspot Exclude ESSID(s) (exact match) Exclude ESSID(s) (exact match) Exclude ESSID(s) (containing string(s)) Preset ESSID(s)
Value ----true corp_dev_1 corp_voip_1 N/A corpGuest
Parameter enable-anyspot
Description Indicates if the anyspot feature is enabled or disabled.
exclude-essid <exclude-essid>
An anyspot-enabled radio will not respond to client probe requests using an ESSID in the Exclude ESSID lists. ESSIDs from neighboring APs will automatically appear in this list as long as the anyspot-enabled AP can detect that ESSID.
exclude-wildcard <excludewildcard>
An anyspot-enabled radio will not respond to client probe requests using an ESSID that matches a string in the Exclude ESSID (containing string) list.
preset-essid <preset-essid>
If a client sends a probe request without an ESSID (that is, the probe request is not looking for a specific network) then the anyspot-enabled AP will respond to the probe request with an ESSID from this list.
2049 | show wlan anyspot-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands
Command
Description
wlan anyspot-profile
The anyspot client probe suppression feature decreases network traffic by suppressing probe requests from clients attempting to locate and connect to other known networks.
Command History
Version ArubaOS 6.4.3.0
Description Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan anyspot-profile | 2050
show wlan bcn-rpt-req-profile
show wlan bcn-rpt-req-profile <profile-name>
Description
Shows configuration and other information about the parameters for the Beacon Report Request frames.
Syntax
Parameter <profile>
Description Name of a WLAN beacon report request profile.
Usage Guidelines
Issue this command without the <profile> parameter to display the entire Beacon Report Request profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
For this profile to take effect, the 802.11K feature needs to be enabled.
Examples
(host) #show wlan bcn-rpt-req-profile
Beacon Report Request Profile List
----------------------------------
Name
References Profile Status
----
---------- --------------
default 1
test
0
Total:2
(host) #
(host) #show wlan bcn-rpt-req-profile default
Beacon Report Request Profile "default"
---------------------------------------
Parameter
Value
---------
-----
Interface
1
Regulatory Class
12
Channel
9
Randomization Interval
100
Measurement Duration
100
Measurement Mode for Beacon Reports active-all-ch
Reporting Condition
2
ESSID Name
aruba-ap
Reporting Detail
Disabled
Measurement Duration Mandatory
Disabled
Request Information values
0/21/22
The output of this command includes the following parameters:
2051 | show wlan bcn-rpt-req-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Interface
Description
Specifies the Radio interface for transmitting the Beacon Report Request frame. It can have a value of either 0 or 1.
Regulatory Class
Specifies the Regulatory Class field in the Beacon Report Request frame.
Channel
Specifies the Channel field in the Beacon Report Request frame.
Randomization Interval
Specifies the Randomization Interval field in the Beacon Report Request frame. The Randomization Interval is used to specify the desired maximum random delay in the measurement start time. It is expressed in units of TUs (Time Units).
Measurement Duration
Specifies the Measurement Duration field in the Beacon Report Request frame. The Measurement Duration is set to the duration of the requested measurement. It is expressed in units of TUs.
Measuremement Mode for Beacon Reports
Specifies the mode used for the measurement. The valid measurement modes are: l active-all-ch l active-ch-rpt l beacon-table l passive
Reporting Condition
Specifies the value for the "Reporting Condition" field in the Beacon Reporting Information sub-element present in the Beacon Report Request frame.
ESSID Name
Specifies the value for the "SSID" field in the Beacon Report Request frame.
Reporting Detail
Indicates the value for the "Detail" field in the Reporting Detail sub-element present in the Beacon Report Request frame.
Measurement Duration Mandatory
Specifies the "Duration Mandatory" bit of the Measurement Request Mode field of the Beacon Report Request frame.
Request Information values
Indicates the contents of the Request Information IE that could be present in the Beacon Report Request frame. The Request Information IE is present for all Measurement Modes except the 'Beacon Table' mode. It consists of a list of Element IDs that should be included by the client in the response frame.
Command History
The command is introduced in ArubaOS 6.2.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan bcn-rpt-req-profile | 2052
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
2053 | show wlan bcn-rpt-req-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan dot11k-profile
show wlan dot11k-profile [<profile>]
Description
Show a list of all 802.11k profiles, or display detailed configuration information for a specific 802.11k profile.
Syntax
Parameter <profile>
Description Name of an 802.11k profile.
Usage Guidelines
Issue this command without the <profile> parameter to display the 802.11k profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has two configured 802.11k profiles. The References column lists the number of other profiles with references to the 802.11k profile, and the Profile Status column indicates whether the profile is predefined. (User-defined profiles will not have an entry in the Profile Status column.)
(host) #show wlan dot11k-profile
802.11K Profile List
--------------------
Name
----
default
11kprofile2
1
Total: 2
References Profile Status ---------- -------------8
The following example shows configuration settings defined for the profile default.
(host) #show wlan dot11k-profile default
802.11K Profile "default" ------------------------Parameter --------Advertise 802.11K Capability Forcefully disassociate on-hook voice clients Measurement Mode for Beacon Reports Configure specific channel for Beacon Requests Channel requested for Beacon Reports in 'A' band Channel requested for Beacon Reports in 'BG' band Time duration between consecutive Beacon Requests Time duration between consecutive Link Measurement Requests Time duration between consecutive Transmit Stream Measurement Requests
Value ----Disabled Disabled beacon-table Disabled 36 1 60 sec 60 sec 90 sec
The output of this command includes the following data columns:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan dot11k-profile | 2054
Parameter
Advertise 802.11K Capability
Description Shows if the profile has enabled or disabled the 802.11K feature.
Forcefully disassociate onhook voice clients
If enabled, the AP may forcefully disassociate clients that reach the maximum CAC peak capacity or call handoff reservation.
Measurement Mode for Beacon Reports
Shows the profile's beacon measurement mode:
l active: In this mode, the client sends a probe request to the broadcast destination address on all supported channels, sets a measurement duration timer, and, at the end of the measurement duration, compiles all received beacons or probe response with the requested SSID and BSSID into a measurement report.
l beacon-table: In this mode, the client measures beacons and returns a report with stored beacon information for any supported channel with the requested SSID and BSSID. The client does not perform any additional measurements. This is the default beacon measurement mode.
l passive: In this mode, the client sets a measurement duration timer, and, at the end of the measurement duration, compiles all received beacons or probe response with the requested SSID and BSSID into a measurement report.
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers.
2055 | show wlan dot11k-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan dot11r-profile
show wlan dot11r-profile [<profile>]
Description
Show a list of all 802.11r profiles, or display detailed configuration information for a specific 802.11r profile.
Syntax
Parameter <profile>
Description Name of an 802.11r profile.
Usage Guidelines
Issue this command without the <profile> parameter to display the 802.11r profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has two configured 802.11r profiles. The References column lists the number of other profiles with references to the 802.11r profile, and the Profile Status column indicates whether the profile is predefined. (User-defined profiles will not have an entry in the Profile Status column.)
(host) #show wlan dot11r-profile
802.11r Profile List
--------------------
Name
References
----
----------
default
8
voice-enterprise 1
Profile Status --------------
Total: 2
The following example shows configuration settings defined for the profile default.
(host) #show wlan dot11r-profile default
802.11r Profile "default"
-------------------------
Parameter
Value
---------
-----
Advertise 802.11r Capability Disabled
802.11r Mobility Domain ID 1
802.11r R1 Key Duration
3600
802.11r R1 Key Assignment
dynamic
The output of this command includes the following data columns:
Parameter Advertise 802.11r Capability
Description Shows if the profile has enabled or disabled the 802.11r feature.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan dot11r-profile | 2056
Parameter 802.11r Mobility Domain ID
Description Shows the unique ID that identifies the mobility domain.
802.11r R1 Key Duration
Shows the r1 key timeout value in seconds for decrypt-tunnel or bridge mode.
802.11r R1 Key Assignment Shows if the r1 key assignment is static or dynamic.
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers.
2057 | show wlan dot11r-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan edca-parameters-profile
show wlan edca-parameters-profile ap|station [<profile>]
Description
Display an Enhanced Distributed Channel Access (EDCA) profile for APs or for clients (stations). EDCA profiles are specific either to APs or clients.
Syntax
Parameter <profile>
Description Name of a EDCA Parameters profile.
Usage Guidelines
Issue this command without the <profile> parameter to display a EDCA Parameters profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has three EDCA Parameters profiles configured for stations. The References column lists the number of other profiles with references to the EDCA Parameters profile, and the Profile Status column indicates whether the profile is predefined. (User-defined profiles will not have an entry in the Profile Status column.)
(host) #show wlan edca-parameters-profile station
EDCA Parameters profile (Station) List
---------------------------------
Name
References Profile Status
----
---------- --------------
station-corp1 3
station-corp2 1
testprofile 0
Total:3
The following example shows configuration settings defined for the profile station-corp1.
(host) #show wlan edca-parameters-profile ap station-corp1
EDCA Parameters
---------------
AC
ECWmin ECWmax AIFSN TXOP ACM
--
------ ------ ----- ---- ---
Best-effort 4
6
3
0
0
Background 4
10
7
0
0
Video
3
4
1
94 0
Voice
2
3
1
47 0
The output of this command includes the following data columns:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan edca-parameters-profile | 2058
Parameter AC
ECWmin
ECWmax
AIFSN TXOP ACM
Description Name of an Access channel queue (Best-effort, Background, Video or Voice).
The exponential (n) value of the minimum contention window size, as expressed by 2n-1. A value of 4 computes to 24-1 = 15.
The exponential (n) value of the maximum contention window size, as expressed by 2n-1. A value of 4 computes to 24-1 = 15.
Arbitrary inter-frame space number.
Transmission opportunity, in units of 32 microseconds.
If this column displays a 1, the profile has enabled mandatory admission control. If this column displays a 0, the profile has disabled this feature.
Command History
This command was introduced in ArubaOS 3.1.
Command Information
Platforms All platforms
Licensing
This show command is available in the base operating system, but the controller must have the PEFNG license in order to configure EDCA Parameter Profiles.
Command Mode
Enable and Config mode on master or local controllers
2059 | show wlan edca-parameters-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan handover-trigger-profile
show wlan handover-trigger-profile [<profile-name>]
Description
Displays the current configuration settings for a handover trigger profile.
Usage Guidelines
Issue this command without the <profile> parameter to display a handover trigger profile profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
For this profile to take effect, the 802.11K feature needs to be enabled.
Example
(host) #show wlan handover-trigger-profile default Handover Trigger Profile "default" ---------------------------------Parameter --------Enable Handover Trigger feature Enabled Threshold signal strength value at which Handover Trigger should be sent to the client dBm
Value -----
25 -
The output of this command includes the following information:
Parameter
Description
Enable Handover Trigger feature
Shows if the handoff trigger feature is enabled of disabled. If enabled, the controller will initiate the handover of a voice client (for example: dual mode handsets) roaming at the edge of Wi-Fi coverage to an alternate carrier or connection. The handover trigger is initiated if the Wi-Fi signal strength reported by the voice client (received from all APs) is equal to or less than the threshold value.
Threshold signal strength value at which Handover Trigger should be sent to the client
Shows the threshold RSSI value below which a handover trigger message will be sent to an associated client by the AP.
Command History
This command was introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan handover-trigger-profile | 2060
show wlan hotspot advertisement-profile
show wlan hotspot advertisement-profile [<profile-name>]
Description
The output of this command displays settings for a WLAN ANQP advertisement profile.
Syntax
Parameter <profile>
Description Name of a wlan hotspot advertisement profile.
Usage Guidelines
Access Network Query Protocol (ANQP) profiles and Hotspot 2.0 Query Protocol (H2QP) profiles define the 802.11u Information Elements (IEs) to be broadcast by an 802.11u-capable AP. Use this command to view the ANQP and H2QP profiles to be associated with the advertisement profile.
Issue this command without the <profile> parameter to display the entire ANQP advertisement profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has two configured advertisement profiles. The References column lists the number of other profiles with references to the advertisement profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column
(host) # show wlan hotspot advertisement-profile
Advertisement Profile List
--------------------------
Name
References Profile Status
----
---------- --------------
default
1
Westgate_Mall 2
Total:2.
This example displays the configuration settings for the profile Wireless_rf_profile.
(host) (config) #show wlan hotspot advertisement-profile Wireless_rf_profile
Advertisement Profile "default"
-------------------------------
Parameter
Value
---------
-----
ANQP Venue Name Profile
venue_mall
ANQP Network Authentication Profile
auth1
ANQP Roaming Consortium Profile
default
ANQP NAI Realm Profile
Realm2
ANQP 3GPP Cellular Network Profile
default
ANQP IP Address Availability Profile ipv4_Profile
H2QP WAN Metrics Profile
default
H2QP Operator Friendly Name Profile
default
H2QP Connection Capability Profile
default
H2QP Operating Class Indication Profile default
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot advertisement-profile | 2062
ANQP Domain Name Profile
corp_domain
The output of this command includes the following parameters:
Parameter
Description
ANQP Venue Name Profile
Name of the ANQP Venue Name profile associated with this WLAN advertisement profile.
ANQP Network Authentication Profile
Name of the ANQP Network Authentication profile associated with this WLAN advertisement profile.
ANQP Roaming Consortium Profile
Name of the ANQP Roaming Consortium profile associated with this WLAN advertisement profile.
ANQP NAI Realm Profile
Name of the ANQP NAI Realm profile associated with this WLAN advertisement profile.
ANQP 3GPP Profile
Name of the ANQP 3GPP Cellular Network profile associated with this WLAN advertisement profile.
ANQP IP Address Availability Profile
Name of the ANQP IP Address Availability profile associated with this WLAN advertisement profile.
H2QP WAN Metrics Profile
Name of the H2QPWAN Metrics profile associated with this WLAN advertisement profile.
H2QP Operator Friendly Name Profile
Name of the H2QP Operator Friendly Name profile associated with this WLAN advertisement profile.
H2QP Connection Capability Profile
Name of the H2QP Connection Capability profile associated with this WLAN advertisement profile.
H2QP Operating Class Indication Profile
Name of the H2QP Operating Class Indication profile associated with this WLAN advertisement profile.
ANQP Domain Name Profile
Name of the ANQP domain name profile associated with this WLAN advertisement profile.
Related Commands
wlan hotspot advertisement-profile
.Command History
The command was introduced in ArubaOS 6.4
2063 | show wlan hotspot advertisement-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot advertisement-profile | 2064
show wlan hotspot anqp-3gpp-nwk-profile
show wlan hotspot anqp-3gpp-nwk-profile [<profile-name>]
Description
This profile shows the configuration settings for for a 3rd Generation Partnership Project (3GPP) Cellular Network profile.
Syntax
Parameter <profile>
Description Name of a 3GPP Cellular Network profile.
Usage Guidelines
Access Network Query Protocol (ANQP) profiles define the 802.11u Information Elements (IEs) to be broadcast by an 802.11u-capable AP. Issue this command without the <profile>parameter to display the entire list of 3GPP profiles, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has two configured 3GPP profiles. The References column lists the number of other profiles with references to the advertisement profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column
(host) (config)# show wlan hotspot anqp-3gpp-nwk-profile
ANQP 3GPP Cellular Network Profile List
--------------------------
Name
References Profile Status
----
---------- --------------
default
1
Updated_PLMN 2
Total:2.
This example displays the configuration settings for the profile Updated_PLMN.
(host) (config)# show wlan hotspot anqp-3gpp-nwk-profile Updated_PLMN
ANQP 3GPP Cellular Network Profile "Updated_PLMN"
--------------------------------------------
Parameter
Value
---------
-----
ANQP 3GPP network profile enable Enabled
3GPP PLMN1
310026
3GPP PLMN2
208000
3GPP PLMN3
208001
3GPP PLMN4
N/A
3GPP PLMN5
N/A
3GPP PLMN6
N/A
The output of this command includes the following parameters:
2065 | show wlan hotspot anqp-3gpp-nwk-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
ANQP 3GPP network profile enable Shows if this profile has been enabled ANQP 3GPP Cellular Network profiles are disabled by default.
3gpp PLMN1
The Public Land Mobile Networks (PLMN) value of the highest-priority network.
The PLMN is comprised of a 12-bit Mobile Country Code (MCC) and the 12-bit Mobile Network Code (MNC).
3gpp PLMN2
The Public Land Mobile Networks (PLMN) value of the second-highest priority network.
The PLMN is comprised of a 12-bit Mobile Country Code (MCC) and the 12-bit Mobile Network Code (MNC).
3gpp PLMN3
The Public Land Mobile Networks (PLMN) value of the third-highest priority network.
The PLMN is comprised of a 12-bit Mobile Country Code (MCC) and the 12-bit Mobile Network Code (MNC).
3gpp PLMN4
The Public Land Mobile Networks (PLMN) value of the fourth-highest priority network.
The PLMN is comprised of a 12-bit Mobile Country Code (MCC) and the 12-bit Mobile Network Code (MNC).
3gpp PLMN5
The Public Land Mobile Networks (PLMN) value of the fifth-highest priority network.
The PLMN is comprised of a 12-bit Mobile Country Code (MCC) and the 12-bit Mobile Network Code (MNC).
3gpp PLMN6
The Public Land Mobile Networks (PLMN) value of the sixth-highest priority network.
The PLMN is comprised of a 12-bit Mobile Country Code (MCC) and the 12-bit Mobile Network Code (MNC).
Usage Guidelines
The 3GPP Cellular Network Profile defines an ANQP information element (IE) to be sent in a Generic Advertisement Service (GAS) query response from an AP in a hotspot with a roaming relationship with a cellular operator. The 3GPP Mobile Country Code (MCC) and the 12-bit Mobile Network Code data in the IE can help the client select a 3GPP network.
Values configured in this profile will not be sent to clients unless you:
1. Associate the 3GPP Cellular Network profile with an ANQP advertisement profile. (wlan hotspot advertisement profile <profile-name> anqp-3gpp-nwk-profile <profile-name>)
2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile advertisement-profile <profile-name>)
3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profilename>hotspot-enable)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot anqp-3gpp-nwk-profile | 2066
Related Commands
wlan hotspot anqp-3gpp-nwk-profile
Command History
This command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master or local controllers
2067 | show wlan hotspot anqp-3gpp-nwk-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot anqp-domain-name-profile
show wlan hotspot anqp-domain-name-profile [<profile-name>]
Description
The output of this command displays settings for a WLAN ANQP Domain Name profile.
Syntax
Parameter <profile>
Description Name of a Domain Name profile.
Usage Guidelines
Access Network Query Protocol (ANQP) profiles define the 802.11u Information Elements (IEs) to be broadcast by an 802.11u-capable AP. Use this command to select one of each type of ANQP profile to be associated with the advertisement profile.
Issue this command without the <profile> parameter to display the entire ANQP Domain Name profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Values configured in this profile will not be sent to clients unless you:
1. Associate the ANQP Domain Name profile an ANQP advertisement profile. (wlan hotspot advertisementprofile <profile-name> anqp-domain-name-profile)
2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile advertisementprofile <profile-name>)
3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profile-name>hotspotenable)
Examples
The example below shows that the controller has two configuredDomain Name profiles. The References column lists the number of other profiles with references to the Domain Name profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column
(host) # show wlan hotspot anqp-domain-name
ANQP Domain Name Profile List
-----------------------------
Name
References Profile Status
----
---------- --------------
corp_domain 2
default
1
Total:2.
This example displays the configuration settings for the profile corp_domain.
(host) #show wlan hotspot anqp-domain-name-profile corp_domain ANQP Domain Name Profile "corp_domain" -------------------------------------Parameter Value --------- ----Domain Name example.com
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot anqp-domain-name-profile | 2068
The output of this command includes the following parameters:
Parameter Domain Name
Description Domain name of the hotspot operator.
Related Commands
wlan hotspot anqp-domain-name-profile
.Command History
The command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master or local controllers
2069 | show wlan hotspot anqp-domain-name-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot anqp-ip-addr-avail-profile
show wlan hotspot anqp-ip-addr-avail-profile [<profile-name>]
Description
The output of this command displays settings for a WLAN ANQP IP Address Availability profile.
Syntax
Parameter <profile>
Description Name of an IP Address Availability profile.
Usage Guidelines
Access Network Query Protocol (ANQP) profiles define the 802.11u Information Elements (IEs) to be broadcast by an 802.11u-capable AP. Use this command to select one of each type of ANQP profile to be associated with the advertisement profile.
Issue this command without the <profile> parameter to display the entire ANQP IP Address Availability profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Values configured in this profile will not be sent to clients unless you:
1. Associate the ANQP IP Address Availability profile an ANQP advertisement profile.(wlan hotspot advertisement profile <profile-name> anqp-ip-addr-avail-profile <profile-name>)
2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile advertisement-profile <profile-name>)
3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profilename>hotspot-enable)
Examples
The example below shows that the controller has three configured IP Address Availability profiles. The References column lists the number of other profiles with references to the IP Address Availability profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column
(host) # show wlan hotspot anqp-ip-addr-avail-profile
ANQP IP Address Availability Profile List
-----------------------------------------
Name
References Profile Status
----
---------- --------------
default
0
ipv4_Profile 2
ipv6_profile 1
Total:3.
This example displays the configuration settings for the profile ipv4_Profile.
(host) #show rf anqp-ip-addr-avail-profile ipv4_Profile
ANQP IP Address Availability Profile "ipv4_Profile"
----------------------------------------------
Parameter
Value
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot anqp-ip-addr-avail-profile | 2070
---------
-----
IPv4 Address Availability Type public
IPv6 Address Availability Type not-available
The output of this command includes the following parameters:
Parameter
IPv4 Address Availability Type
Description
Indicates the availability of an IPv4 network. This parameter can display any of the following values:
l availability-unknown: Network availability cannot be determined.
l not-available : Network is not available.
l port-restricted : Network has some ports restricted ( for example, the network blocks port 110 to retrict POP mail).
l port-restricted-double-nated : Network has some ports restricted and multiple routers performing network address translation.
l port-restricted-single-nated : Network has some ports restricted and a single router performing network address translation.
l private-double-nated : Network is a private network with multiple routers doing network address translation.
l private-single-nated : Network is a private network a single router doing network address translation.
l public : Network is a public network
IPv6 Address Availability Type
Indicates the availability of an IPv6 network. This parameter can display any of the following values: l available : An IPv6 network is available. l availability-unknown: Network availability cannot be determined. l not-available : Network is not available.
Related Commands
wlan hotspot anqp-ip-addr-avail-profile
.Command History
The command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master or local controllers
2071 | show wlan hotspot anqp-ip-addr-avail-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot anqp-nai-realm-profile
show wlan hotspot anqp-nai-realm-profile [<profile-name>]
Description
The output of this command displays settings for a WLAN ANQP Network Access Identifier (NAI) Realm profile.
Syntax
Parameter <profile>
Description Name of an NAI Realm profile.
Usage Guidelines
Access Network Query Protocol (ANQP) profiles define the 802.11u Information Elements (IEs) to be broadcast by an 802.11u-capable AP. Use this command to select one of each type of ANQP profile to be associated with the advertisement profile.
Issue this command without the <profile> parameter to display the entire ANQP NAI Realm profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Values configured in this profile will not be sent to clients unless you:
1. Associate the ANQP NAI Realm profile an ANQP advertisement profile. (wlan hotspot advertisement profile <profile-name> anqp-nai-realm-profile <profile-name>)
2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile advertisement-profile <profile-name>)
3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profilename>hotspot-enable)
Examples
The example below shows that the controller has three configured NAI Realm profiles. The References column lists the number of other profiles with references to the NAI Realm profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column
(host) # show wlan hotspot anqp-nai-realm-profile
ANQP NAI Realm Profile List
---------------------------
Name
References Profile Status
----
---------- --------------
default 0
Realm1 2Realm2 2
Total:3.
This example displays the configuration settings for the profile Realm2.
(host) #show wlan hotspot anqp-nai-realm-profile Realm2
ANQP NAI Realm Profile "Realm2"
-------------------------------
Parameter
Value
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot anqp-nai-realm-profile | 2072
--------NAI Realm name NAI Realm EAP Method NAI Realm Authentication Parameter Type
----example.com eap-ttls expanded-eap
The output of this command includes the following parameters:
Parameter NAI Realm name
Description
Name of the NAI realm. The realm name is often the domain name of the service provider.
NAI Realm EAP Method
The NAI Realm Authentication types sent as an ANQP IE in an GAS response
NAI Realm Authentication Parameter Type
The EAP authentication method supported by the hotspot realm.
Related Commands
wlan hotspot anqp-nai-realm-profile
.Command History
The command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master or local controllers
2073 | show wlan hotspot anqp-nai-realm-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot anqp-nwk-auth-profile
show wlan hotspot anqp-nwk-auth-profile [<profile-name>]
Description
The output of this command displays settings for a WLAN ANQP network authentication profile.
Syntax
Parameter <profile>
Description Name of an ANQP Network Authentication profile.
Usage Guidelines
Access Network Query Protocol (ANQP) profiles define the 802.11u Information Elements (IEs) to be broadcast by an 802.11u-capable AP. Use this command to select one of each type of ANQP profile to be associated with the advertisement profile.
Issue this command without the <profile> parameter to display the entire ANQP network authentication profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has two configured network authentication profiles. The References column lists the number of other profiles with references to the network authentication profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) # show wlan hotspot anqp-nwk-auth-profile
ANQP Network Authentication Profile List
----------------------------------------
Name
References Profile Status
----
---------- --------------
auth1
0
default
0
Total:2. The following example displays the configuration settings for the profile default.
(host) #show wlan hotspot anqp-nwk-auth-profile default
ANQP Network Authentication Profile "default"
------------------------------------------------
Parameter
Value
---------
-----
Type of Network Authentication acceptance
Redirect URL
N/A
The output of this command includes the following parameters:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot anqp-nwk-auth-profile | 2074
Parameter Type of Network Authentication
Redirect URL
Description
Network Authentication Type being used by the hotspot network. This parameter can be any of the following values: l acceptance: Network requires the user to accept terms and conditions. l dns-redirection: Additional information on the network is provided through DNS
redirection. l http-https-redirection : Additional information on the network is provided through
HTTP/HTTPS redirection. l online-enroll : Network supports online enrollment.
If information on the network is provided through DNS redirection, this parameter displays the redirection URL.
Related Commands
wlan hotspot anqp-nwk-auth-profile
.Command History
The command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master or local controllers
2075 | show wlan hotspot anqp-nwk-auth-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot anqp-roam-cons-profile
show wlan hotspot anqp-roam-cons-profile [<profile-name>]
Description
The output of this command displays settings for a WLAN ANQP Roaming Consortium profile.
Syntax
Parameter <profile>
Description Name of an ANQP Roaming Consortium profile.
Usage Guidelines
Access Network Query Protocol (ANQP) profiles define the 802.11u Information Elements (IEs) to be broadcast by an 802.11u-capable AP. Use this command to select one of each type of ANQP profile to be associated with the advertisement profile.
Issue this command without the <profile>parameter to display the entire ANQP Roaming Consortiumprofile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Values configured in this profile will not be sent to clients unless you:
1. Associate the ANQP Roaming Consortium profile an ANQP advertisement profile. (wlan hotspot advertisement profile <profile-name> anqp-roam-cons-profile <profile-name>)
2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile advertisement-profile <profile-name>)
3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profilename>hotspot-enable)
Examples
The example below shows that the controller has two configured Roaming Consortium profiles. The References column lists the number of other profiles with references to the Roaming Consortium profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) # show wlan hotspot anqp-roam-cons-profile
ANQP Roaming Consortium Profile List
------------------------------------
Name
References Profile Status
----
---------- --------------
default 1
Roam_OI2 1
Total:2.
This example displays the configuration settings for the profile Roam_OI2.
(host) #show wlan hotspot anqp-roam-cons-profile Roam_OI2
ANQP Roaming Consortium Profile "Roam_OI2"
------------------------------------------
Parameter
Value
---------
-----
Roaming consortium OI Len 3
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot anqp-roam-cons-profile | 2076
Roaming consortium OI Len b32af0 The output of this command includes the following parameters:
Parameter
Description
Roaming consortium OI Len
Length of the OI. The roaming consortium OI length parameter is based upon the number of octets of the Roaming consortium OI. This parameter can have the following values:
l 0: 0 Octets in the OI (Null)
l 3: OI length is 24-bit (3 Octets)
l 5: OI length is 36-bit (5 Octets)
Roaming Consortium OI
The roaming consortium OI sent in a GAS query response.
Related Commands
wlan hotspot anqp-roam-cons-profile
.Command History
The command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master or local controllers
2077 | show wlan hotspot anqp-roam-cons-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot anqp-venue-name-profile
show wlan hotspot anqp-venue-name-profile [<profile-name>]
Description
The output of this command displays settings for a WLAN ANQP Venue Name profile.
Syntax
Parameter <profile>
Description Name of an ANQP Venue Name profile.
Usage Guidelines
Access Network Query Protocol (ANQP) profiles define the 802.11u Information Elements (IEs) to be broadcast by an 802.11u-capable AP. Use this command to select one of each type of ANQP profile to be associated with the advertisement profile.
Issue this command without the <profile>parameter to display the entire ANQP Venue Name profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Values configured in this profile will not be sent to clients unless you:
1. Associate the ANQP Venue Name profile an ANQP advertisement profile. (wlan hotspot advertisement profile <profile-name> anqp-venue-name-profile <profile-name>)
2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile advertisement-profile <profile-name>)
3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profilename>hotspot-enable)
Examples
The example below shows that the controller has two configured Venue Name profiles. The References column lists the number of other profiles with references to the Venue Name profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) # show wlan hotspot anqp-venue-name-profile
ANQP Venue Name Profile List
----------------------------
Name
References Profile Status
----
---------- --------------
default
0
venue_mall 0
Total:2.
This example displays the configuration settings for the profile venue_mall.
(host) #show wlan hotspot anqp-venue-name-profile venue_mall
ANQP Venue Name Profile "venue_mall"
------------------------------------
Parameter
Value
---------
-----
Venue Group mercantile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot anqp-venue-name-profile | 2078
Type of Venue mercantile-shopping-mall
Venue Name
Westfield_Mall
The output of this command includes the following parameters:
Parameter Venue Group
Description
The venue group to be advertised in the ANQP Information Elements (IEs) from APs associated with this profile. This parameter can have any of the following values: l assembly l business l educational l factory-or-industrial l institutional l mercantile l outdoor l reserved l residential l storage l unspecified l Utility-Misc l Vehicular
Type of Venue
The venue type to be advertised in the IEs from APs associated with this hotspot profile. The complete list of supported venue types is described in Venue Types on page 2294.
Venue Name
The venue name to be advertised in the ANQP IEs from APs associated with this profile.
Related Commands
wlan hotspot anqp-venue-name-profile
.Command History
The command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master or local controllers
2079 | show wlan hotspot anqp-venue-name-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot hs2-profile
show wlan hotspot h2-profile [<profile-name>]
Description
The output of this command displays settings for a Hotspot profile.
Syntax
Parameter <profile>
Description Name of a Hotspot profile.
Usage Guidelines
Organization Identifiers (OIs) are assigned to service providers when they register with the IEEE registration authority The Roaming Consortium Information Elements (IEs) contain information identifying the network and service provider, whose security credentials can then be used to authenticate with the AP transmitting this element.
The OI for the service provider is defined in the ANQP Roaming Consortium profile using the wlan hotspot anqp-roam-cons-profile command. This Hotspot profile allows you to define and send up to three additional OIs to a client. The configurable values for each additional OI include the Organization Identifier itself, the OI length, and the venue group and venue type associated with those OIs.
Issue this command without the <profile>parameter to display the entire ANQP advertisement profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has two configured Hotspot profiles. The References column lists the number of other profiles with references to the Hotspot profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) # show wlan hotspot h2-profile
Hotspot Profile List
--------------------------
Name
References Profile Status
----
---------- --------------
default
1
Hotspot_1
2
Total:2.
The following example shows configuration settings defined for the profile Hotspot1.
(host) #show wlan hotspot h2-profile Hotspot1 Hotspot 2.0 Profile "default" ----------------------------Parameter --------Advertise Hotspot 2.0 Capability Additional Steps required for Access Enabled Network Internet Access Length of Query Response Access network Type
Value ----Enabled Enabled Enabled 255 octets public-chargeable
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot hs2-profile | 2080
Roaming Consortium Len Entry 1 Roaming Consortium OI Entry 1 Roaming Consortium Len Entry 2 Roaming Consortium OI Entry 2 Roaming Consortium Len Entry 3 Roaming Consortium OI Entry 3 Additional Roaming Consortium OI's(displayed in Advertisement Profile) Venue Group Type Venue Type mall Type of Hotspot 2.0 Indication Element Advertisement Profile
3 octets C499AA 0 N/A 0 N/A 1 mercantile mercantile-shopping-
31 Westgate_Mall
The output of this command includes the following data columns:
Parameter
Advertise Hotspot 2.0 Capability
Description Shows if this profile has been enabled.
Additional Steps required for Access Enabled
If this parameter is enabled, the AP will send the following Information Elements (IEs) in response to the client's the ANQP query.
l Venue Name
l Domain Name List
l Network Authentication Type
l Roaming Consortium List
l NAI Realm List NOTE: If asra is enabled, the advertisement profile for this hotspot must reference an enabled network authentication type profile. For more information on enabling an network authentication type profile, see wlan hotspot anqp-nwk-auth-profile on page 2289.
Network Internet Access Length of Query Response Access network Type
If enabled, the AP sends an Information Element (IE) indicating that the network allows internet access. By default, a hotspot profile does not advertise network internet access.
The maximum length of the GAS query response, in octets. The supported range is 1-255 octets.
The 802.11u network type. The default setting is public-chargeable. l emergency-services: emergency services only network l personal-device: personal device network l private: private network l private-guest: private network with guest access l public-chargeable: public chargeable network l public-free: free public network l test: test network l wildcard: wildcard network
2081 | show wlan hotspot hs2-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
Roaming Consortium Len Entry 1
Length of the OI. This value is based upon the number of octets in the Roaming Consortium OI Entry 1 field. l 0: Zero Octets in the OI (Null) l 3: OI length is 24-bit (3 Octets) l 5: OI length is 36-bit (5 Octets)
Roaming Consortium OI Entry 1
Roaming consortium OI assigned to one of the service provider's top three roaming partners. This additional OI will only be sent to a client if the Additional Roaming Consortium OI's (displayed in Advertisement Profile) parameter is set to 1 or higher.
Roaming Consortium Len Entry 2
Length of the OI. This value is based upon the number of octets in the Roaming Consortium OI Entry 2 field. l 0: Zero Octets in the OI (Null) l 3: OI length is 24-bit (3 Octets) l 5: OI length is 36-bit (5 Octets)
Roaming Consortium OI Entry 2
Roaming consortium OI assigned to one of the service provider's top three roaming partners. This additional OI will only be sent to a client if the Additional Roaming Consortium OI's (displayed in Advertisement Profile) parameter is set to 2 or higher.
Roaming Consortium Len Entry 3
Length of the OI. This value is based upon the number of octets in the Roaming Consortium OI Entry 3 field. l 0: Zero Octets in the OI (Null) l 3: OI length is 24-bit (3 Octets) l 5: OI length is 36-bit (5 Octets)
Roaming Consortium OI Entry 3
Roaming consortium OI assigned to one of the service provider's top three roaming partners. This additional OI will only be sent to a client if the Additional Roaming Consortium OI's (displayed in Advertisement Profile) parameter is set to 3 or higher.
Additional Roaming Consortium OI's (displayed in Advertisement Profile)
Number of additional roaming consortium Organization Identifiers (OIs) advertised by the AP.
Venue Group Type
The venue groups to be advertised in the IEs from APs associated with this hotspot profile. The default setting is unspecified.
Venue Type
Type of Hotspot 2.0 Indication Element
Venue type to be advertised in the IEs from APs associated with this hotspot profile.
Advertisement protocol types to be used by the AP. l anqp: Access Network Query Protocol (ANQP) l emergency: Emergency Alert System( EAS)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot hs2-profile | 2082
Parameter Advertisement Profile
Description
l mih-cmd-event: Media Independent Handover (MIH) Command and Event Services Capability Discovery
l mih-info: Media Independent Handover (MIH) Information Service. This option allows handovers between differing kinds of wireless access protocols and technologies, allowing access points on different IP subnets to communicate with each other at the link level while maintaining session continuity.
Advertisement profile associated with this hotspot profile.
Command History
This command was introduced in ArubaOS 6.4.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers.
2083 | show wlan hotspot hs2-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot h2qp-conn-capability-profile
show wlan hotspot h2qp-conn-capability-profile [<profile>]
Description
The output of this command displays settings for a WLAN Hotspot 2.0 Query Protocol (H2QP) connection capability profile.
Syntax
Parameter <profile>
Description Name of Hotspot 2.0 Query Protocol (H2QP) connection capability profile
Usage Guidelines
The values configured in this profile can be sent in an ANQP IE to provide hotspot clients information about the IP protocols and associated port numbers that are available and open for communication.
Values configured in this profile will not be sent to clients unless you:
1. Associate the H2QP profile with an ANQP advertisement profile. (wlan hotspot advertisement profile <profile-name> h2qp-conn-cap-profile <profile-name> )
2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile advertisement-profile <profile-name> )
3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profile-name> hotspot-enable )
Examples
Issue this command without the optional <profile> parameter to display a list of all configured connection capability profiles. Include the <profile> parameter to display details for a specific profile.
The example below shows that the controller has four configured connection capability profiles. The References column lists the number of other profiles with references to the connection capability profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
H2QP Connection Capability Profile List
---------------------------------------
Name
References Profile Status
----
---------- --------------
branch-hotspot-1 6
branch-hotspot-2 5
default
1
downtown-hotspot 1
Total:4
The following example displays the current configuration settings for the default H2QP connection capability profile.
(host) (config) #show wlan hotspot h2qp-conn-capability-profile H2QP Connection Capability Profile "default" -------------------------------------------Parameter ---------
default
Value -----
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot h2qp-conn-capability-profile | 2084
H2QP Connection Capability ICMP port H2QP Connection Capability FTP port(TCP Protocol) H2QP Connection Capability SSH port(TCP Protocol) H2QP Connection Capability HTTP port(TCP Protocol) H2QP Connection Capability TLS VPN port(TCP Protocol) H2QP Connection Capability PPTP VPN port(TCP Protocol) H2QP Connection Capability VOIP port(TCP Protocol) H2QP Connection Capability VOIP port(UDP Protocol) H2QP Connection Capability IKEv2 port for IPSec VPN H2QP Connection Capability May be used by IKEv2 port for IPSec VPN H2QP Connection Capability ESP port(Used by IPSec VPN)
Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled
The output of this command includes the following information:
Parameter
Description
H2QP Connection Capability Shows if the ICMP port is enabled and available. (port 0) ICMP port
H2QP Connection Capability Shows if the FTP port is enabled and available. (port 20) FTP port
H2QP Connection Capability Shows if the SSH port is enabled and available. (port 22) SSH port
H2QP Connection Capability Shows if the HTTP port is enabled and available. (port 80) HTTP port
H2QP Connection Capability Shows if the TCP TLS port used VPNs is enabled and available. (port 80) TLS VPN port
H2QP Connection Capability Shows if the PPTP port used by IPSec VPNs is enabled and available.
PPTP VPN port
(port 1723)
H2QP Connection Capability Shows if the UDP VoIP port is enabled and available. (port 5060) VoIP port (UDP)
H2QP Connection Capability Shows if the TCP VoIP port is enabled and available. (port 5060) VoIP port (TCP)
H2QP Connection Capability Shows if the IKEv2 port 4500 is enabled and available IKEv2 port for IPSec VPN
H2QP Connection Capability May be used by IKEv2 port for IPSec VPN
Shows if the IKEv2 port 500 is enabled and available
H2QP Connection Capability ESP port(Used by IPSec VPN)
Shows if the ESP port used by IPsec VPNs is enabled and available. (port 0)
Command History
This command was introduced in ArubaOS 6.4
2085 | show wlan hotspot h2qp-conn-capability-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot h2qp-conn-capability-profile | 2086
show wlan hotspot h2qp-op-cl-profile
show wlan hotspot h2qp-op-cl-profile [<profile>]
Description
The output of this command displays settings for a WLAN Hotspot 2.0 Query Protocol (H2QP) operating class profile.
Syntax
Parameter Description
<profile>
Name of Hotspot 2.0 Query Protocol (H2QP) operating class profile
Usage Guidelines
The values configured in this H2QP Operating Class profile list the channels on which the hotspot is capable of operating. It may be useful where, for instance, a mobile device discovers a hotspot in the 2.4 GHz band but finds it is dual-band and prefers the 5 GHz band.
Examples
Issue this command without the optional <profile> parameter to display a list of all configured connection capability profiles. Include the <profile> parameter to display details for a specific profile.
The example below shows that the controller has two configured operating class profiles. The References column lists the number of other profiles with references to the operating class profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host)(H2QP Connection Capability Profile "default") #show wlan hotspot h2qp-op-cl-profile
H2QP Operating Class Indication Profile List
--------------------------------------------
Name
References Profile Status
----
---------- --------------
default 0
newopcl 1
Total:2
The following example displays the current configuration setting for the default H2QP operating class profile.
(host)(H2QP Connection Capability Profile "default") #show wlan hotspot h2qp-op-cl-profile
default
H2QP Operating Class Indication Profile "default"
-------------------------------------------------
Parameter
Value
---------
-----
H2QP Operating Class(Valid Values 1-255) 1
The output of this command includes the following information:
Parameter
H2QP Operating Class(Valid Values 1-255)
Description
Displays the current operating class for the devices' BSS. The supported range for this field is 1-255, and the default value is 1.
2087 | show wlan hotspot h2qp-op-cl-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands wlan hotspot h2qp-op-cl-profile
Command History
This command was introduced in ArubaOS 6.3
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot h2qp-op-cl-profile | 2088
show wlan hotspot h2qp-operator-friendly-name-profile
show wlan hotspot h2qp-operator-friendly-name-profile [<profile>]
Description
The output of this command displays settings for a Hotspot 2.0 Query Protocol (H2QP) operator-friendly name profile.
Syntax
Parameter <profile>
Description Name of H2QP operator-friendly name profile.
Usage Guidelines
The operator-friendly name defined in this profile is a free-form text field that can identify the operator and also something about the location.Issue this command without the <profile> parameter to display the entire operator-friendly name profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has two configured operator-friendly name profiles. The References column lists the number of other profiles with references to the operator-friendly name profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host)(config)# show wlan hotspot h2qp-operator-friendly-name-profile
H2QP Operator Friendly Name Profile List
----------------------------------------
Name
References Profile Status
----
---------- --------------
default 0
operator1 8
Total:2
The following example displays the configuration settings for the profile operator1.
(host) (H2QP Operator Friendly Name Profile "operator1") #show wlan hotspot h2qp-operator-
friendly-name-profile operator1
H2QP Operator Friendly Name Profile "operator1"
-----------------------------------------------
Parameter
Value
---------
-----
Operator Friendly Name Language Code eng
Operator Friendly Name
CoffeeHouseGuest
The output of this command includes the following parameters:
2089 | show wlan hotspot h2qp-operator-friendly-name-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Operator Friendly Name Language Code
Description
An ISO 639 language code that identifies the language used in the Operator Friendly Name field.
Operator Friendly Name
An operator-friendly name sent by devices using this profile. The name can be up to 64 alphanumeric characters, and can include special characters and spaces. If the name includes quotation marks ("), you must include a backslash character (\) before each quotation mark. (e.g. \"example\")
Command History
This command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot h2qp-operator-friendly-name-profile | 2090
show wlan hotspot h2qp-wan-metrics-profile
show wlan hotspot h2qp-wan-metrics-profile [<profile-name>]
Description
The output of this command displays settings for a Hotspot 2.0 Query Protocol (H2QP) WAN metrics profile.
Syntax
Parameter <profile>
Description Name of H2QP WAN metrics profile.
Usage Guidelines
The values configured in this profile can be sent in an ANQP IE to provide hotspot clients information about access network characteristics such as link status and the capacity and speed of the WAN link to the Internet.Issue this command without the <profile> parameter to display the entire WAN metrics profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has two configured WAN metrics profiles. The References column lists the number of other profiles with references to the WAN metrics profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(Host) (H2QP Connection Capability Profile "default") #show wlan hotspot h2qp-wan-metrics-
profile
H2QP WAN Metrics Profile List
-----------------------------
Name
References Profile Status
----
---------- --------------
default 0
fastwan 6
Total:2
The following example shows the current configuration settings for the profile fastwan.
(host) (config) #show wlan hotspot h2qp-wan-metrics-profile fastwan
H2QP WAN Metrics Profile "fastwan"
--------------------------------
Parameter
Value
---------
-----
H2QP WAN metrics link status
link_up
H2QP WAN metrics symmetric WAN link Disabled
H2QP WAN metrics link at capacity
Disabled
WAN Metrics uplink speed
1000
WAN Metrics downlink speed
1000
WAN Metrics uplink load
100
WAN Metrics downlink load
100
WAN Metrics load measurement duration 100
The output of this command includes the following information:
2091 | show wlan hotspot h2qp-wan-metrics-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter H2QP WAN metrics link status
H2QP WAN metrics symmetric WAN link
Description
Indicates the status of the WAN Link by displaying one of the following values. The default link status is reserved, which indicates that the link status is unknown or unspecified. l link_down l link_test l link_up l reserved
This parameter indicates if the WAN Link has same speed in both the uplink and downlink directions.
H2QP WAN metrics link at capacity
WAN Metrics uplink speed
WAN Metrics down link speed
WAN Metrics uplink load
This parameter indicates if the WAN Link has reached its maximum capacity. If this parameter is enabled, no additional mobile devices will be permitted to associate to the hotspot AP.
This parameter indicates the current WAN backhaul uplink speed in Kbps. If no value is set, this parameter will show a default value of 0 to indicate that the uplink speed is unknown or unspecified.
This parameter indicates the current WAN backhaul downlink speed in Kbps. If no value is set, this parameter will show a default value of 0 to indicate that the downlink speed is unknown or unspecified.
The percentage of the WAN uplink that is currently utilized. If no value is set, this parameter will show a default value of 0 to indicate that the downlink speed is unknown or unspecified.
WAN Metrics downlink load
WAN Metrics load measurement duration
The percentage of the WAN downlink that is currently utilized. If no value is set, this parameter will show a default value of 0 to indicate that the downlink speed is unknown or unspecified.
Duration over which the downlink load is measured, in tenths of a second.
Command History
This command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan hotspot h2qp-wan-metrics-profile | 2092
show wlan ht-ssid-profile
show wlan ht-ssid-profile [<profile>]
Description
Show a list of all High-throughput SSID profiles, or display detailed configuration information for a specific High-throughput SSID profile.
Syntax
Parameter <profile>
Description Name of a High-throughput SSID profile.
Usage Guidelines
Issue this command without the <profile> parameter to display the entire High-throughput SSID profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has two configured High-throughput SSID profiles. The References column lists the number of other profiles with references to the High-throughput SSID profile, and the Profile Status column indicates whether the profile is predefined. (User-defined profiles will not have an entry in the Profile Status column.)
(host) #show wlan ht-ssid-profile
High-throughput SSID profile List
---------------------------------
Name
----
HT-profile1
16default2
References Profile Status ---------- --------------
1
Total:2
The following example shows configuration settings defined for the profile default2.
(host) #show wlan ht-ssid-profile default High-throughput SSID profile "default2" -------------------------------------Parameter --------40 MHz channel usage BA AMSDU Enable Temporal Diversity Enable High throughput enable (SSID) Legacy stations Low-density Parity Check Maximum number of spatial streams usable for STBC reception Maximum number of spatial streams usable for STBC transmission MPDU Aggregation Max received A-MPDU size Max transmitted A-MPDU size Min MPDU start spacing Short guard interval in 20 MHz mode Short guard interval in 40 MHz mode
Value ----Enabled Enabled Disabled Enabled Allowed Enabled 1 1 Enabled 65535 bytes 65535 bytes 8 usec Enabled Enabled
2093 | show wlan ht-ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Supported MCS set . The output of this command includes the following data columns:
0-23
Parameter 40 MHz channel usage BA AMSDU Enable Temporal Diversity Enable
High throughput enable (SSID) Legacy stations Low-density Parity Check Maximum number of spatial streams
usable for STBC reception
Maximum number of spatial streams usable for STBC transmission
MPDU Aggregation Max received A-MPDU size Max transmitted A-MPDU size
Description
Shows if the profile enables or disables the use of 40 MHz channels.
Shows of the AP has enabled or disabled the ability to receive AMSDU in BA negotiation.
Shows if temporal diversity has been enabled or disabled. When this feature is enabled and the client is not responding to 802.11 packets, the AP will launch two hardware retries; if the hardware retries are not successful then it attempts software retries.
Shows if the profile enables or disables high-throughput (802.11n) features.
Allow or disallow associations from legacy (non-HT) stations. By default, this parameter is enabled (legacy stations are allowed).
If enabled, the AP will advertise Low-density Parity Check (LDPC) support. LDPC improves data transmission over radio channels with high levels of background noise.
Shows the maximum number of spatial streams usable for STBC reception. 0 disables STBC reception, 1 uses STBC for MCS 0-7. Higher MCS values are not supported. (Supported on the W-AP90 series, W-AP130 Series, W-AP68, W-AP175 and W-AP105 only. The configured value will be adjusted based on AP capabilities.) NOTE: If transmit beamforming is enabled, STBC will be disabled for disabled for beamformed frames.
Shows the maximum number of spatial streams usable for STBC transmission. 0 disables STBC transmission, 1 uses STBC for MCS 0-7. Higher MCS values are not supported. (Supported on W-AP90 series, W-AP175, W-AP130 Series and W-AP105 only. The configured value will be adjusted based on AP capabilities.) NOTE: If transmit beamforming is enabled, STBC will be disabled for disabled for beamformed frames.
Shows if the profile enables or disables MAC protocol data unit (MPDU) aggregation.
Configured maximum size of a received aggregate MPDU, in bytes.
Configured maximum size of a transmitted aggregate MPDU, in bytes.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan ht-ssid-profile | 2094
Parameter Min MPDU start spacing
Description
Configured minimum time between the start of adjacent MPDUs within an aggregate MPDU, in microseconds.
Supported MCS set
Displays a list of Modulation Coding Scheme (MCS) values or ranges of values to be supported on this SSID. The MCS you choose determines the channel width (20MHz vs. 40MHz) and the number of spatial streams used by the mesh node.
Short guard interval in 20 MHz mode Shows if the profile enables or disables use of short (400ns) guard interval in 20 MHz mode.
Short guard interval in 20 MHz mode Shows if the profile enables or disables use of short (400ns) guard interval in 40 MHz mode.
Command History
Version ArubaOS 3.3 ArubaOS 3.3.1 ArubaOS 3.3.2 ArubaOS 6.1
ArubaOS 6.2
Description
Command introduced
The Legacy Stations parameter was introduced
De-aggregation of MAC Service Data Units (A-MSDUs) was introduced
The following parameters were introduced: l Short guard interval in 20 MHz mode l Low-density Parity Check l Maximum number of spatial streams usable for STBC reception l Maximum number of spatial streams usable for STBC transmission The allow weak encryption parameter was deprecated.
The following parameters were introduced. l Transmit Beamforming Compressed Steering l Transmit Beamforming non Compressed Steering l Transmit Beamforming delayed feedback support l Transmit Beamforming immediate feedback support l Transmit Beamforming Sounding Interval
Command Information
Platforms
All platforms but operates with IEEE 802.11n compliant devices only
Licensing
Command Mode Config mode on master controllers
2095 | show wlan ht-ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan ht-ssid-profile | 2096
show wlan ssid-profile
show wlan ssid-profile [<profile>]
Description
Show a list of all SSID profiles, or display detailed configuration information for a specific SSID profile.
Syntax
Parameter <profile>
Description Name of an SSID profile.
Usage Guidelines
Issue this command without the <profile> parameter to display the entire SSID profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has six configured SSID profiles. The References column lists the number of other profiles with references to the SSIDs profile, and the Profile Status column indicates whether the profile is predefined. (User-defined profiles will not have an entry in the Profile Status column.)
(host) #show wlan ssid-profile SSID Profile List ----------------Name ---coltrane-ssid-profile corp1 -ssid-profile Remote Secure-Profile2 test-ssid-profile wizardtest-ssid-profile
References ---------1
1 0 1 1
Profile Status --------------
3
Total:6 The following example shows configuration settings defined for the SSID Profile Remote. (host) #show wlan ssid-profile remote
(host) #show wlan ssid-profile remote SSID Profile "Remote" (host) #show wlan ssid-profile remote ------------------Parameter --------SSID enable ESSID Encryption Enable Management Frame Protection Require Management Frame Protection DTIM Interval 802.11a Basic Rates 802.11a Transmit Rates
Value ----Enabled aruba-ap opensystem Disabled Disabled 1 beacon periods 6 12 24 6 9 12 18 24 36 48 54
2097 | show wlan ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
802.11g Basic Rates 802.11g Transmit Rates Station Ageout Time Max Transmit Attempts RTS Threshold Short Preamble Max Associations Wireless Multimedia (WMM) Wireless Multimedia U-APSD (WMM-UAPSD) Powersave WMM TSPEC Min Inactivity Interval Override DSCP mappings for WMM clients DSCP mapping for WMM voice AC DSCP mapping for WMM video AC DSCP mapping for WMM best-effort AC DSCP mapping for WMM background AC Multiple Tx Replay Counters Hide SSID Deny_Broadcast Probes Local Probe Request Threshold (dB) Disable Probe Retry Battery Boost WEP Key 1 WEP Key 2 WEP Key 3 WEP Key 4 WEP Transmit Key Index WPA Hexkey WPA Passphrase Maximum Transmit Failures EDCA Parameters Station profile EDCA Parameters AP profile BC/MC Rate Optimization Rate Optimization for delivering EAPOL frames Strict Spectralink Voice Protocol (SVP) High-throughput SSID Profile 802.11g Beacon Rate 802.11a Beacon Rate Advertise QBSS Load IE Advertise Location Info Advertise AP Name 802.11R Profile Enforce user vlan for open stations
12 1 2 5 6 9 11 12 18 24 36 48 54 1000 sec 8 2333 bytes Enabled 64 Disabled Enabled 0 msec Disabled N/A N/A N/A N/A Disabled Disabled Disabled 0 Enabled Disabled N/A N/A N/A N/A 1 N/A N/A 0 N/A N/A Disabled Disabled Disabled default default default Disabled Enabled Disabled N/A Enabled
The output of this command includes the following data columns:
Parameter SSID ESSID
Encryption
Description
Shows of the profile has enabled or disabled this SSID
Name that uniquely identifies a wireless network. If the ESSID includes spaces, you must enclose it in quotation marks.
The layer-2 authentication and encryption type used on this ESSID.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan ssid-profile | 2098
Parameter DTIM Interval
Description
The interval, in milliseconds, between the sending of Delivery Traffic Indication Messages (DTIMs) in the beacon.
802.11a Basic Rates
List of supported 802.11a rates, in Mbps, that are advertised in beacon frames and probe responses.
802.11a Transmit Rates
Set of 802.11a rates at which the AP is allowed to send data.
802.11g Basic Rates
List of supported 802.11b/g rates, in Mbps, that are advertised in beacon frames and probe responses.
802.11g Transmit Rates
Set of 802.11b/g rates at which the AP is allowed to send data.
Station Ageout Time
Time, in seconds, that a client is allowed to remain idle before being aged out.
Max Transmit Attempts
Maximum transmission failures allowed before the client gives up.
RTS Threshold
Wireless clients transmitting frames larger than this defined threshold must issue Request to Send (RTS) and wait for the AP to respond with Clear to Send (CTS).
Short Preamble
Shows if the profile enables or disables short preamble for 802.11b/g radios
Max Associations
Maximum number of wireless clients for the AP
Wireless Multimedia (WMM)
Shows if the profile enables or disables WMM, also known as IEEE 802.11e Enhanced Distribution Coordination Function (EDCF)
Wireless Multimedia U-APSD (WMM-UAPSD) Powersave
Shows if the profile enables or disables Wireless Multimedia (WMM) UAPSD powersave.
WMM TSPEC Min Inactivity Interval
Specifies the minimum inactivity time-out threshold of WMM traffic.
DSCP mapping for WMM voice AC
DSCP value used to map WMM voice traffic.
DSCP mapping for WMM video AC
DSCP value used to map WMM video traffic.
2099 | show wlan ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter DSCP mapping for WMM best-effort AC DSCP mapping for WMM background AC 902il Compatibility Mode
Hide SSID Deny_Broadcast Probes
Local Probe Response
Disable Probe Retry Battery Boost WEP Key 1 WEP Key 2 WEP Key 3 WEP Key 4
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
DSCP value used to map WMM best-effort traffic.
DSCP value used to map WMM background traffic.
(For clients using NTT DoCoMo 902iL phones only) When enabled, the controller does not drop packets from the client if a small or old initialization vector value is received.
Shows if the profile enables or disables hiding of the SSID name in beacon frames.
When a client sends a broadcast probe request frame to search for all available SSIDs, this option controls whether or not the system responds for this SSID. When enabled, no response is sent and clients have to know the SSID in order to associate to the SSID. When disabled, a probe response frame is sent for this SSID
Shows if the profile enables or disables local probe response on the AP. If this option is enabled, the AP is responsible for sending 802.11 probe responses to wireless clients' probe requests. If this option is disabled, then the controller sends the 802.11 probe responses
Shows if the profile enables or disables battery MAC level retries for probe response frames.
If enabled, this feature converts multicast traffic to unicast before delivery to the client, thus allowing you to set a longer DTIM interval.
Displays the Static WEP key associated with this key index.
Displays the Static WEP key associated with this key index.
Displays the Static WEP key associated with this key index.
Displays the Static WEP key associated with this key index.
show wlan ssid-profile | 2100
Parameter WEP Transmit Key Index WPA Hexkey WPA Passphrase Maximum Transmit Failures EDCA Parameters Station profile EDCA Parameters AP profile BC/MC Rate Optimization
Rate Optimization for delivering EAPOL frames Disabled Strict Spectralink Voice Protocol (SVP) High-throughput SSID Profile Advertise Location Info
Enforce user vlan for open stations
Description
Show the key index that specifies which static WEP key is to be used
WPA pre-shared key (PSK).
WPA passphrase used to generate a preshared key (PSK).
Maximum transmission failures allowed before the client gives up.
Name of the enhanced distributed channel access (EDCA) Station profile that applies to this SSID.
Name of the enhanced distributed channel access (EDCA) AP profile that applies to this SSID.
Shows if the profile enables or disables scanning of all active stations currently associated to an AP to select the lowest transmission rate for broadcast and multicast frames. This option only applies to broadcast and multicast data frames; 802.11 management frames are transmitted at the lowest configured rate
If this option is enabled, APs using this profile will use a more conservative rate for more reliable delivery of EAPOL frames.
Shows if the profile enables or disables strict Spectralink Voice Protocol (SVP).
Name of the high-throughput SSID profile associated with this SSID profile.
APs that are part of this VAP will broadcast their GPS coordinates in the beacons and probe response frames as part of a vendor-specific Information Element.
Shows the strict enforcement of data traffic only in user's assigned vlan (Open stations only).
Command History
This command was introduced in ArubaOS 3.0.
2101 | show wlan ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan ssid-profile | 2102
show wlan traffic-management-profile
show wlan traffic-management-profile [<profile>]
Description
Show a list of all traffic management profiles, or display detailed configuration information for a specific traffic management profile.
Syntax
Parameter <profile>
Description Name of a Traffic Management profile.
Usage Guidelines
Issue this command without the <profile> parameter to display the entire Traffic Management profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has three configured Traffic Management profiles. The References column lists the number of other profiles with references to the Traffic Management profile, and the Profile Status column indicates whether the profile is predefined. (User-defined profiles will not have an entry in the Profile Status column.)
(host) #show wlan traffic-management-profile
Traffic management profile List
-------------------------------
Name
References Profile Status
----
---------- --------------
mgmt1 3
mgmt2 2
Total:2
The following example shows configuration settings defined for the profile mgmt1.
(host) #show wlan traffic-management-profile mgmt1
Traffic management profile "default"
------------------------------------
Parameter
Value
---------
-----
Proportional BW Allocation N/A
Report interval
5 min
Station Shaping Policy
default-access
The output of this command includes the following data columns:
Parameter
Description
Proportional BW Allocation
Minimum bandwidth, as a percentage of available bandwidth, allocated to an SSID when there is congestion on the wireless network. An SSID can use all available bandwidth if no other SSIDs are active.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan traffic-management-profile | 2104
Parameter Report interval Station Shaping Policy
Description
Number of minutes between bandwidth usage reports.
Shows which of three possible Station Shaping policies is configured on the profile.
l default-access: Traffic shaping is disabled, and client performance is dependent on MAC contention resolution. This is the default traffic shaping setting.
l fair-access: Each client gets the same airtime, regardless of client capability and capacity. This option is useful in environments like a training facility or exam hall, where a mix of 802.11a/g, 802.11g and 802.11n clients need equal to network resources, regardless of their capabilities. The bw-alloc parameter of a traffic management profile allows you to set a minimum bandwidth to be allocated to a virtual AP profile when there is congestion on the wireless network.You must set traffic shaping to fair-access to use this bandwidth allocation value for an individual virtual AP.
l preferred-access: High-throughput (802.11n) clients do not get penalized because of slower 802.11a/g or 802.11b transmissions that take more air time due to lower rates. Similarly, faster 802.11a/g clients get more access than 802.11b clients.
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers.
2105 | show wlan traffic-management-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan tsm-req-profile
show wlan tsm-req-profile
Description
Shows configuration and other information about the parameters for the Transmit Stream/Category Measurement Request frames.
Syntax
Parameter <profile-name>
Description Name of this instance of the profile. name must be 1-63 characters.
Usage Guidelines
Issue this command without the <profile> parameter to display the entire TSM Request profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
For this profile to take effect, the 802.11K feature needs to be enabled.
Examples
(host) #show wlan tsm-req-profile default
TSM Report Request Profile "default"
------------------------------------
Parameter
Value
---------
-----
Request Mode for TSM Report Request normal
Number of repetitions
65535
Duration Mandatory
Enabled
Randomization Interval
0
Measurement Duration
25
Traffic ID
96
Bin 0 Range
200
The output of this command includes the following information:
Parameter
Description
Request mode for TSM Report Request
Shows the request mode for the Transmit Stream/Category Measurement Request frame.
Number of repetitions
Shows the "Number of Repetitions" field in the TransmitStream/Category Measurement Request frame.
Duration Mandatory
Shows the "Duration Mandatory" bit of the Measurement Request Mode field of the Transmit Stream/Category Measurement Request frame.
Randomization Interval
Shows the Randomization Interval field in the Transmit Stream/Category Measurement Request frame.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan tsm-req-profile | 2106
Parameter
Description
Measurement Duration
Shows the Measurement Duration field in the Transmit Stream/Category Measurement Request frame.
Traffic ID
Shows the Traffic Identifier field in the Transmit Stream/Category Measurement Request frame.
Bin 0 Range
Shows the 'Bin 0 Range' field in the Transmit Stream/Category Measurement Request frame.
Command History
This command is introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
2107 | show wlan tsm-req-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan virtual-ap
show wlan virtual-ap <profile-name>
Description
Show a list of all Virtual AP profiles, or display detailed configuration information for a specific Virtual AP profile.
Syntax
Parameter <profile-name>
Description Name of a Virtual AP profile
Usage Guidelines
Issue this command without the <profile> parameter to display the entire Virtual AP profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has six configured Virtual AP profiles. The References column lists the number of other profiles with references to the Virtual AP profile, and the Profile Status column indicates whether the profile is predefined. (User-defined profiles will not have an entry in the Profile Status column.)
(host) #show wlan virtual-ap
Virtual AP profile List ----------------------Name ---coltrane-vap-profile default MegTest Remote test-vap-profile wizardtest-vap-profile Total: 6
References Profile Status ---------- -------------1
1 1 1
The following example shows configuration settings defined for the profile wizardtest-vap-profile.
(host) #show wlan virtual-ap test-vap-profile Virtual AP profile "wizardtest-vap-profile" ---------------------------Parameter --------AAA Profile 802.11K Profile SSID Profile Virtual AP enable VLAN Forward mode Allowed band Band Steering Steering Mode
Value ----default default default Enabled N/A tunnel all Disabled prefer-5ghz
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan virtual-ap | 2108
Dynamic Multicast Optimization (DMO) Dynamic Multicast Optimization (DMO) Drop Broadcast and Multicast Convert Broadcast ARP requests to unicast Authentication Failure Blacklist Time Blacklist Time Deny inter user traffic Deny time range DoS Prevention HA Discovery on-association Mobile IP Preserve Client VLAN Remote-AP Operation Station Blacklisting Strict Compliance VLAN Mobility FDB Update on Assoc WMM Traffic Management Profile Anyspot Profile
Enabled Threshold 6
Disabled Enabled 3600 sec 3600 sec Disabled N/A Disabled Disabled Enabled Disabled standard Enabled Disabled Disabled Disabled N/A N/A
The output of this command includes the following data columns:
Parameter AAA Profile 802.11K Profile SSID Profile Virtual AP enable VLAN Forward mode
Description
Name of the AAA profile associated with this virtual AP.
Name of an 802.11k profile associated with this virtual AP.
Name of an SSID profile associated with this virtual AP.
Shows if the profile enables or disables the virtual AP.
The VLAN(s) into which users are placed in order to obtain an IP address.
Forwarding mode defined on the profile: l tunnel mode l bridge mode l split-tunnel mode l decrypt-tunnel mode The forwarding mode controls whether data is tunneled to the controller using generic routing encapsulation (GRE), bridged into the local Ethernet LAN (for remote APs), or a combination thereof depending on the destination (corporate traffic goes to the controller, and Internet access remains local).
2109 | show wlan virtual-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Allowed band Band Steering Steering Mode
Dynamic Multicast Optimization (DMO) Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
When an AP is configured to use the decrypttunnel forwarding mode, that AP decrypts and decapsulates all 802.11 frames from a client and sends the 802.3 frames through the GRE tunnel to to the controller, which then applies firewall policies to the user traffic. When the controller sends traffic to a client, the controller sends 802.3 traffic through the GRE tunnel to the AP, which then converts it to encrypted 802.11 and forwards to the client.
The band(s) on which to use the virtual AP:
l a--802.11a band only (5 GHz)
l g--802.11b/g band only (2.4 GHz)
l all--both 802.11a and 802.11b/g bands (5 GHz and 2.4 GHz)
If enabled, ARM's band steering feature encourages dual-band capable clients to stay on the 5GHz band on dual-band APs. This frees up resources on the 2.4GHz band for single band clients like VoIP phones.
Band steering supports three different band steering modes. l Force-5GHz: When the AP is configured in
force-5GHz band steering mode, the AP will try to force 5Ghz-capable APs to use that radio band.
l Prefer-5GHz (Default): If you configure the AP to use prefer-5GHz band steering mode, the AP will try to steer the client to 5G band (if the client is 5G capable) but will let the client connect on the 2.4G band if the client persists in 2.4G association attempts.
l Balance-bands: In this band steering mode, the AP tries to balance the clients across the two radios in order to best utilize the available 2.4G bandwidth. This feature takes into account the fact that the 5Ghz band has more channels than the 2.4 Ghz band, and that the 5Ghz channels operate in 40MHz while the 2.5Ghz band operates in 20MHz.
NOTE: Steering modes do not take effect until the band steering feature has been enabled. The band steering feature in ArubaOS versions 3.3.2-5.0 does not support multiple band-steering modes. The band-steering feature in these versions of ArubaOS functions the same way as the default prefer-5GHz steering mode available in ArubaOS 6.0 and later.
If enabled DMO techniques will be used to reliably transmit video data.
show wlan virtual-ap | 2110
Parameter Dynamic Multicast Optimization (DMO) Threshold
Drop Broadcast and Multicast
Description
Maximum number of high-throughput stations in a multicast group beyond which dynamic multicast optimization stops.
If enabled, the virtual AP will filter out broadcast and multicast traffic in the air.
Convert Broadcast ARP requests to unicast Authentication Failure Blacklist Time Blacklist Time Deny Inter User Traffic
Deny time range DoS Prevention HA Discovery on-association
If enabled, all broadcast ARP requests are converted to unicast and sent directly to the client.
Time, in seconds, a client is blocked if it fails repeated authentication. An authentication failure blacklist time of 0 blocks failed users indefinitely.
Number of seconds that a client is quarantined from the network after being blacklisted.
This option, when enabled, denies traffic between the clients using this virtual AP profile.
The firewall comand includes an option to deny all inter-user traffic, regardless of the Virtual AP profile used by those clients.
If the global setting to deny inter-user traffic is enabled, all inter-user traffic between clients will be denied, regardless of the settings configured in the virtual AP profiles. If the setting to deny interuser traffic is disabled globally but enabled on an individual virtual ap, only the traffic between untrusted users and the clients on that particular virtual AP will be blocked.
Time range for which the AP will deny access.
If enabled, APs ignore deauthentication frames from clients. This prevents a successful deauth attack from being carried out against the AP. This does not affect third-party APs.
If enabled, home agent discovery is triggered on client association instead of home agent discovery based on traffic from client. Mobility on association can speed up roaming and improve connectivity for clients that do not send many uplink packets to trigger mobility (VoIP clients). Best practices is to leave this parameter disabled as it increases IP mobility control traffic between controllers in the same mobility domain. Enable this parameter only when voice issues are observed in VoIP clients. NOTE: ha-disc-onassoc parameter works only when IP mobility is enabled and configured on the controller.
2111 | show wlan virtual-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Mobile IP Preserve Client VLAN Remote-AP Operation
Station Blacklisting Strict Compliance Multi Association Fast Roaming Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description
Shows if the profile has enabled or disabled IP mobility.
This parameter allows clients to retain their previous VLAN assignment if the client disassociates from an AP and then immediately reassociates either with same AP or another AP on same controller.
Shows when the virtual AP operates on a remote AP:
l always--Permanently enables the virtual AP (Bridge Mode only). This option can be used for non-802.1X bridge VAPs.
l backup--Enables the virtual AP if the remote AP cannot connect to the controller (Bridge Mode only). This option can be used for non802.1X bridge VAPs.
l persistent--Permanently enables the virtual AP after the remote AP initially connects to the controller (Bridge Mode only). This option can be used for any (Open/PSK/802.1X) bridge VAPs.
l standard--Enables the virtual AP when the remote AP connects to the controller. This option can be used for any (bridge/splittunnel/tunnel/d-tunnel) VAPs.
Shows if the profile has enabled or disabled detection of denial of service (DoS) attacks, such as ping or SYN floods, that are not spoofed deauth attacks.
If enabled, the AP denies client association requests if the AP and client station have no common rates defined. Some legacy client stations which are not fully 802.11-compliant may not include their configured rates in their association requests. Such non-compliant stations may have difficulty associating with APs unless strict compliance is disabled.
If enabled, this feature allows a station to be associated to multiple APs. If this feature is disabled, when a station moves to new AP it will be de authorized by the AP to which it was previously connected, deleting station context and flushing key caching information
Shows if the AP has enabled or disabled fast roaming.
show wlan virtual-ap | 2112
Parameter VLAN Mobility
WMM Traffic Management Profile Anyspot profile
Description
Shows if the AP has enabled or disabled VLAN (Layer-2) mobility.
WMM Traffic Management Profile associated with this Virtual AP Profile
Anyspot Profile associated with this Virtual AP Profile
Command History
This command was introduced in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers.
2113 | show wlan virtual-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan voip-cac-profile
show wlan voip-cac-profile [<profile>]
Description
Show a list of all VoIP Call Admission Control profiles, or display detailed configuration information for a specific VoIP Call Admission Control profile.
Syntax
Parameter <profile>
Description Name of a VoIP Call Admission Control profile
Usage Guidelines
Issue this command without the <profile> parameter to display the entire VoIP Call Admission Control profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has three configured VoIP Call Admission Control profiles. The References column lists the number of other profiles with references to the VoIP Call Admission Control profile, and the Profile Status column indicates whether the profile is predefined. (User-defined profiles will not have an entry in the Profile Status column.)
(host) #show wlan voip-cac-profile
VoIP Call Admission Control profile List
----------------------------------------
Name
References Profile Status
----
---------- --------------
corp-voip
6
kgtest
0
QAlab-voip
1
Total:3
The following example shows configuration settings defined for the profile QAlab-voip .
(host) #show wlan voip-cac-profile VoIP Call Admission Control profile "QAlab-voip " --------------------------------------------Parameter --------VoIP Call Admission Control VoIP Bandwidth based CAC VoIP Call Capacity VoIP Bandwidth Capacity (kbps) VoIP Call Handoff Reservation VoIP Send SIP 100 Trying VoIP Disconnect Extra Call VOIP TSPEC Enforcement VOIP TSPEC Enforcement Period VoIP Drop SIP Invite and send status code (client) VoIP Drop SIP Invite and send status code (server)
Value ----Disabled Disabled 10 2000 20 % Enabled Disabled Disabled 1 sec 486 486
The output of this command includes the following data columns:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan voip-cac-profile | 2114
Parameter VoIP Call Admission Control
Description
Shows if the profile enables or disables WiFi VoIP Call Admission Control features.
VoIP Bandwidth based CAC
Shows the desired call admission control (CAC) Mechanism:
l Disable - CAC is based on Call Counts
l Enable - CAC should be based on Bandwidth.
VoIP Call Capacity
Number of simultaneous calls that can be handled by one radio.
VoIP Bandwidth Capacity (kbps)
The maximum bandwidth that can be handled by one radio, in kbps.
VoIP Call Handoff Reservation
Percentage of call capacity reserved for mobile VoIP clients on call.
VoIP Send SIP 100 Trying
Shows if the profile enables or disables sending of SIP 100 - trying messages to a call originator to indicate that the call is proceeding.
VoIP Disconnect Extra Call
If enabled, the controller disconnects calls that exceed the high capacity threshold by sending a deauthentication frame.
VOIP TSPEC Enforcement
Shows if the profile enables or disables validation of TSPEC requests for CAC.
VOIP TSPEC Enforcement Period
Maximum time for the station to start the call after the TSPEC request
VoIP Drop SIP Invite and send status code (client)
Display the status code sent back to the client if the profile is configured to drop a SIP Invite:
l 480: Temporary Unavailable
l 486: Busy Here
l 503: Ser vice Unavailable
l none: Don't send SIP status code
VoIP Drop SIP Invite and send status code (server)
Display the status code sent back to the server if the profile is configured to drop a SIP Invite:
l 480: Temporary Unavailable
l 486: Busy Here
2115 | show wlan voip-cac-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
l 503: Ser vice Unavailable l none: Don't send SIP status code
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable and Config mode on master or local controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan voip-cac-profile | 2116
show wlan wmm-traffic-management-profile
show wlan wmm-traffic-management-profile [<profile-name>]
Description
Display a list of all WMM traffic management profiles, or display detailed configuration information for a specific WMM traffic management profile.
Syntax
Parameter
<profilename>
Description Name of the WMM traffic management profile.
Usage Guidelines
Issue this command without the <profile> parameter to display the entire WMM traffic management profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has two configured WMM traffic management profiles. The References column lists the number of other profiles with references to the WMM traffic management profile, and the Profile Status column indicates whether the profile is predefined. (User-defined profiles will not have an entry in the Profile Status column.)
(host) #show wlan wmm-traffic-management-profile
WMM Traffic management profile List
-------------------------------
Name
References Profile Status
----
---------- --------------
default 3
test
2
Total:2 The following example shows configuration settings defined for the profile test. (host) #show wlan traffic-management-profile test
WMM Traffic management profile "test"
------------------------------------
Parameter
Value
---------
-----
Enable Shaping Policy true
Voice Share
40 %
Video Share
43 %
Best-effort Share
10 %
Background Share
7%
The output of this command includes the following data columns:
2117 | show wlan wmm-traffic-management-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter Enable Shaping Policy Voice Share Viceo Share Best-effort Share Background Share
Description
Displays if WMM based traffic shaping is enabled on the controller.
Displays the bandwidth allocation in percentage (%) for voice access traffic category.
Displays the bandwidth allocation in percentage (%) for video access traffic category.
Displays the bandwidth allocation in percentage (%) for best effort access traffic category.
Displays the bandwidth allocation in percentage (%) for background access traffic category.
Related Commands
Command wlan wmm-traffic-management-profile
Description
Configures WMM traffic management profile on the controller.
Command History
Version ArubaOS 5.0
Change Command introduced.
Command Information
Platforms All platforms
Licensing
Command Mode
Base operating system Enable or Config mode on master or local controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wlan wmm-traffic-management-profile | 2118
show wms ap
show wms ap {<bssid>}|list|{stats [mon-mac <mon-mac> bssid <bssid>}
Description
Display information for APs currently monitored by the ArubaOS Wireless Management System (WMS).
Syntax
Parameter <bssid>
Description Enter the AP's BSSID number in hexadecimal format (XX:XX:XX:XX:XX:XX).
list
Show the AP Tree table for all APs.
stats
Show the AP Statistics table for all APs.
mon-mac <mon-mac> Show the AP Tree table for an AP with the specified MAC address.
bssid <bssid>
Show the AP Tree table for an AP with the specified BSSID.
Usage Guidelines
The WMS feature periodically sends statistics that it has collected for APs and Probes to the WMS process. When WMS receives an event message from an AM, it will save the event information along with the BSSID of the AP that generated the event in the WMS database. When WMS receives statistics from the AM, it updates its state, and the database.
Examples
The command show wms ap <bssid> displays a list of AP MAC addresses and the BSSIDs seen by each AP. (host)# show wms ap 00:1a:1e:88:01:e0
AP Info
-------
BSSID
SSID
Type HT-Sec-Chan
-----
----
-- -----------
00:1a:1e:88:01:e0 sw-ad
Channel ------11
Type ---soft-ap
RAP_Type -------valid
Status -----up
Match MAC --------00:00:00:00:00:00
Ageout ------1
HT-----
Probe Info ---------MAC --00:1a:1e:88:02:80 00:1a:1e:88:01:e0 00:1a:1e:81:c6:00 00:0b:86:8a:15:20
IP -10.3.129.94 10.3.129.96 10.3.129.99 10.3.129.93
Name ---ad-ap125-13 mp3 ad-ap124-11 sap61-1-6
Type ---soft-ap soft-ap soft-ap soft-ap
Status -----up up down down
AP Type ------125 125 124 65
The output of this command includes the following information:
2119 | show wms ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column BSSID SSID Channel Type
RAP_Type
Status Match MAC Ageout
HT-type
HT-Sec-Chan MAC IP Name Type
Description
Basic Service Set Identifier for the AP. This is usually the AP's MAC address.
The Service Set Identifier that identifies a wireless network.
Channel used by the AP's radio.
A WMS AP type can be one of the following: l soft-ap: A Dell Access Point (AP). l air-monitor: A Dell Air Monitor (AM).
Indicates one of the following Rogue AP types: l Valid (not a rogue AP) l Interfering l Rogue l Suspected Rogue l Disabled Rogue l Unclassified l Known Interfering
If up, the AP is active. If down (or no information is shown) the AP is inactive.
MAC address of a wired device that helped identify the AP as a rogue. If the AP has not been identified as a rogue, this column will display the MAC address 00:00:00:00:00:00.
An ageout time is the time, in minutes, that the client must remain unseen by any probes before it is eliminated from the database. If this column displays a 1, the client has not yet aged out. Any other number indicates the number of minutes since the client has passed its ageout interval.
The type of high-throughput traffic sent by the AP: l HT-20mhz: The AP radio uses a single 20 mHz channel l HT-40mhz: The AP radio uses a 40 MHz channel pair comprised of two
adjacent 20 MHz channels.
Secondary channel used for 40 MHz high-throughput transmissions.
MAC address of a probe that can see the specified AP.
IP address of a probe that can see the specified AP.
Name of the probe.
Displays the probe type: A WMS probe can be one of the following:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms ap | 2120
Column
Status AP Type
Description l soft-ap: A Dell Access Point (AP). l air-monitor: A Dell Air Monitor (AM). If up, the AP is active. If down (or no information is shown) the AP is inactive. AP model type.
The example below shows received and transmitted data statistics for each BSSID seen by a monitoring AP.
(host)# show wms ap stats
AP Stats Table
----------------
Monitor-MAC
BSSID
-----------
-----
00:0b:86:c1:af:20 00:0b:86:9a:f2:00
00:0b:86:c1:af:20 00:0b:86:9a:f2:08
00:0b:86:c1:be:56 00:0b:86:9b:e5:60
00:0b:86:c1:be:56 00:0b:86:9b:e5:68
00:0b:86:c2:0a:98 00:0b:86:a0:a9:80
00:0b:86:c2:1c:08 00:0b:86:a1:c0:80
00:0b:86:c2:1c:38 00:0b:86:a1:c3:80
00:0b:86:c2:3e:a9 00:0b:86:a3:ea:90
00:0b:86:c4:0f:3c 00:0b:86:c0:f3:d0
00:0b:86:c4:4d:06 00:0b:86:c4:d0:70
00:1a:1e:c0:88:82 00:1a:1e:88:88:30
00:1a:1e:c0:88:82 00:1a:1e:88:88:20
00:1a:1e:c0:88:88 00:1a:1e:88:88:90
RSSI ---12 12 12 12 48 42 42 48 48 48 18 18 36
TxPkt ----1575675 1560559 1683013 1580152 1608023 1587097 1573040 1588204 1571202 1598423 1717310 1092023 1783226
RxPkt ----65 0 4188 105 40596 26236 20511 34179 14258 56198 247532 114722 485620
TxByte -----173239998 162297938 184400159 164216336 166962148 164904668 174536514 165017293 174338376 182267018 394461405 242006054 460219125
RxByte -----9340 0 257583 1470 568386 453196 654024 897431 351148 3805826 14998234 2442917 27781583
HTRates-Rx ---------0 0 0 0 0 0 0 0 0 0 8 10 16
The output of this command includes the following information:
Column Monitor-MAC BSSID RSSI txPkt RxPkt TxByte RxByte HTRates-Rx
Description MAC address of an AP. Basic Service Set Identifier of a station. Received Signal Strength Indicator for the station, as seen by the AP. Number of transmitted packets. Number of received packets. Number of transmitted bytes. Number of received bytes. Number of bytes received at high-throughput rates.
2121 | show wms ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 3.0 ArubaOS 6.1
Modification
Command introduced
The mon-mac <mon-mac> and bssid <bssid> parameters for the list option were deprecated.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms ap | 2122
show wms channel
show wms channel stats
Description
Display per-channel statistics for monitored APs.
Syntax
No parameters.
Example
This example shows per-channel statistics for monitored APs.
(host) #show wms channel stats
Channel Stats Table
---------------------
Monitor-MAC
Channel
-----------
-------
00:0b:86:c1:af:20 1
00:0b:86:c1:af:20 6
00:0b:86:c1:af:20 11
00:0b:86:c1:af:20 36
00:0b:86:c1:af:20 40
00:0b:86:c1:af:20 44
00:0b:86:c1:af:20 48
00:0b:86:c1:af:20 149
00:0b:86:c1:af:20 153
00:0b:86:c1:af:20 165
00:0b:86:c1:be:56 1
00:0b:86:c1:be:56 6
00:0b:86:c1:be:56 11
00:0b:86:c1:be:56 36
00:0b:86:c1:be:56 40
00:0b:86:c1:be:56 44
00:0b:86:c1:be:56 48
00:0b:86:c1:be:56 149
00:0b:86:c1:be:56 153
00:0b:86:c1:be:56 165
00:0b:86:c2:0a:98 40
00:0b:86:c2:0a:98 48
00:0b:86:c2:0a:98 149
00:0b:86:c2:1c:08 40
00:0b:86:c2:1c:08 48
00:0b:86:c2:1c:08 149
NumAP ----1 1 8 0 0 0 0 1 3 1 43 8 72 53 8 3 4 0 1 1 4 5 4 3 4 5
NumSta -----0 0 0 0 0 0 0 0 0 0 4 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0
TotalPkt -------5228276 1355 5880 2 2 50 23 27094 4648662 1655 14446324 14168505 180553 14716 3033 1453 5330 609279 7615369 4238 4247 4052 6548323 4613 6235436 18904
TotalByte --------613640650 168764 1040338 28 112 903 544 557579 544817261 200349 1959058619 1955474600 23987119 1022825 501568 217596 1067660 72205247 779579648 486121 434512 420436 732910481 478188 658263321 803078
Noise ----97 0 0 0 0 0 0 0 99 0 0 96 0 0 0 0 0 105 0 0 0 0 104 0 103 0
Column Monitor-MAC Channel
Description MAC address of an AP. 802.11 radio channel.
2123 | show wms channel
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column NumAP NumSta TotalPkt TotalByte Noise
Description Number of other APs seen on the specified channel. Number stations seen on the specified channel. Number of received packets. Number of received bytes. Current noise level.
The output of this command includes the following information:
Command History
This command was introduced in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms channel | 2124
show wms client
show wms client <mac>|{list}|{probe <mac>}|{stats [mon-mac <mon-mac> mac <mac>]}
Description
Display a list of client information for the clients that can be seen by monitoring APs.
Syntax
Parameter <mac>
Description
Show statistics for a client with the specified MAC address, including the BSSID of the AP to which that client is currently associated, and the MAC addresses of other monitoring APs that can see that client.
list
Show statistics for all monitored clients.
probe <mac>
Specify a client's MAC address to show the BSSIDs of all probes that can see that client.
stats
Show the STA stats table, which displays data for all clients seen by each monitoring AP.
mon-mac <mon-mac> mac <mac>
Enter a monitoring AP's MAC address (<mon-mac>) and the MAC address of a client (<mac>) to show data for traffic received from and sent to a specific client as seen by a specific AP.
Example
The AP Info table in the example below shows that the client is associated to an AP with the BSSID 00:0b:86:cd:86:a0. The Probe info table shows the MAC addresses of three other APs that can see the client.
(host) #show wms client 00:0e:35:29:9b:28
STA Info -------MAC --00:0e:35:29:9b:28
Type ---valid
Status -----up
Ageout ------1
AP Info ------BSSID ----00:0b:86:cd:86:a0
SSID ---MySSiD
Channel ------11
Type ---soft-ap
RAP_Type -------valid
Status -----up
Match MAC --------00:00:00:00:00:00
Ageout ------1
Probe Info ---------MAC --00:0b:86:a2:2b:50 00:0b:86:ad:94:40
IP -192.168.2.10 192.168.2.5
Name ---0 0
Type ---soft-ap soft-ap
Status -----up up
Name ---LeftAP 1.1.1
AP Type ------61 61
2125 | show wms client
Dell Networking W-Series ArubaOS 6.4.x | User Guide
00:0b:86:cd:86:a0 192.168.2.4 0
soft-ap up
CEO
70
Column MAC Type Status ageout
BSSID SSID RAP_Type
Status Match MAC Ageout
MAC IP Type
Description
MAC address of the client
Station type (valid, interfering, or disabled rogue client )
If up, the client is active. If down (or no information is shown) the client is inactive.
An ageout time is the time, in minutes, that the client must remain unseen by any probes before it is eliminated from the database. If this column displays a 1, the client has not yet aged out. Any other number indicates the number of minutes since the client has passed its ageout interval.
BSSID of the AP to which the client is associated.
Extended service set identifier (ESSID) of the BSSID.
Indicates one of the following Rogue AP types: l Valid (not a rogue AP) l Interfering l Rogue l Disabled Rogue l Suspected Rogue l Unclassified l Known Interfering
If up, the AP is active. If down (or no information is shown) the AP is inactive.
MAC address of a wired device that helped identify the AP as a rogue. If the AP has not been identified as a rogue, this column will display the MAC address 00:00:00:00:00:00.
An ageout time is the time, in minutes, that the client must remain unseen by any probes before it is eliminated from the database. If this column displays a 1, the client has not yet aged out. Any other number indicates the number of minutes since the client has passed its ageout interval.
MAC address of a WMS probe.
IP address of a WMS probe.
A WMS AP type can be one of the following: l soft-ap: Dell Access Point (AP). l air-monitor: Dell Air Monitor (AM).
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms client | 2126
Column Status Name AP type
Description
If up, the probe is active. If down (or no information is shown) the probe is inactive.
Name of the probe. If a name has not been defined for the probe, this column may display a zero (0).
Model type of the probe.
The output of this command includes the following information:
Command History
This command was introduced in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
2127 | show wms client
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms counters
show wms counters [debug|event]
Description
Show WMS event and debug counters. If you omit the optional debug and events parameters, the show wms counters command will display wms debug and events counters in a single table.
Syntax
Parameter debug events
Description
Show show debug counters only
Show events counters only. If you omit the debug and events parameters, the show wms counters will display debug and events counters in a single table.
Usage Guidelines
This command displays counters for database entries, messages and data structures. The counters displayed will vary for each controller; if the controller does not have an entry for a particular counter type, it will not appear in the output of this command
Example
This example shows part of the output of the command show wms counters.
(host) #show wms counters
Counters -------Name ---DB Reads DB Writes Probe Table DB Reads Probe Table DB Writes AP Table DB Reads AP Table DB Writes STA Table DB Reads STA Table DB Writes Probe STA Table DB Reads Probe STA Table DB Writes Probe Register Probe State Update Set RAP Type Set RAP Type Conf Level ...
Value ----288268 350870 2477 952 143992 138867 40404 99687 101352 117566 2476 37077 42552 152
Command History
This command was introduced in ArubaOS 3.0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms counters | 2128
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
2129 | show wms counters
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms monitor-summary
show wms channel stats
Description
Display the numbers of different AP and client types monitored over the last 5 minutes, 1 hour, and since the controller was last reset.
Syntax
No parameters.
Usage Guidelines
The WLAN management system (WMS) on the controller monitors wireless traffic to detect any new AP or wireless client station that tries to connect to the network. When an AP or wireless client is detected, it is classified and its classification is used to determine the security policies which should be enforced on the AP or client. Use the show wms monitor-summary command to view a quick summary of each classified AP and client type currently on the network. If AP learning is enabled (with the wms general command), non-Dell APs connected on the same wired network as Dell APs are classified as valid APs. If AP learning is disabled, a non-Dell AP is classified as an unsecure or suspect-unsecure AP.
Example
This example shows that the controller currently has 144 valid APs and 32 active valid clients, and verifies that the controller currently aware of a single disabled rogue AP.
(host) #show wms monitor-summary
WMS Monitor Summary
-------------------
Last 5 Min Last Hour All
-
---------- --------- ---
Valid APs
1
1
1
Interfering APs
57
57
60
Rogue APs
3
3
3
Manually Contained APs
0
0
0
Unclassified APs
0
0
0
Neighbor APs
0
0
0
Suspected Rogue APs
138
138
139
Valid Clients
0
0
0
Interfering Clients
1
1
1
Manually Contained Clients 0
0
0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms monitor-summary | 2130
Command History
Release ArubaOS 3.0. ArubaOS 6.1
Release
Command Introduced
The Disabled Rogue AP, Known Interfering APs and Interfering Clients entries were removed from the show command output, and the suspectedrogue, Manually Contained APs and Manually Contained Clients output entries were introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
2131 | show wms monitor-summary
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms probe
show wms probe
Description
Display detailed information for a list of WMS probes.
Syntax
No parameters.
Example
This example shows the Probe List table for WMS probes. The output below has been split into two tables to better fit in this document. In the actual command-line interface, this information appears in a single, long table.
(host) #show wms monitor-summary
WMS Monitor Summary
-------------------
Last 5 Min Last Hour All
-
---------- --------- ---
Valid APs
1
1
1
Interfering APs
57
57
60
Rogue APs
3
3
3
Manually Contained APs
0
0
0
Unclassified APs
0
0
0
Neighbor APs
0
0
0
Suspected Rogue APs
138
138
139
Valid Clients
0
0
0
Interfering Clients
1
1
1
Manually Contained Clients 0
0
0
Column Monitor Eth MAC BSSID PHY Type
Description
Ethernet MAC address of a probe.
Probe Radio BSSID.
Radio PHY type: l 802.11A l 802.11AHT-40Mbps l 802.11AHT-20Mbps l 802.11G l 802,11GHT-20Mbps
IP
IP address of the AP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms probe | 2132
Column LMS IP Scan Status Updates
Reqs/Fails
Stats Type
Description IP address of the AP's local controller.
Shows if the Air Monitor is performing scanning.
If the scan column displays a status of Up, the AP or AM is active
Number of updates the AP or AM sent to the WMS database since the controller was last reset.
Number of database update requests that have not yet been added into the database. and the number of failed database requests.
Total number of statistics updates sent to the database.
A WMS AP type can be one of the following: l soft-ap: A Dell Access Point (AP). l air-monitor: A Dell Air Monitor (AM).
The output of this command includes the following information:
Command History
Release ArubaOS 3.0.
Release Command Introduced
ArubaOS 6.1
The output of this command was modified to show the number of failed database requests.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
2133 | show wms probe
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms rogue-ap
show wms rogue-ap <mac>
Description
Display statistics for APs classified as rogues APs.
Syntax
Parameter <mac>
Description MAC address of a rogue AP.
Example
The output of this command shows statistics for a suspected Rogue AP, including how it was classified as a suspected rogue.
(host) #show wms rogue-ap 00:0b:86:d4:ca:12
Suspect Rogue AP Info
---------------------
Key
Value
---
-----
BSSID
00:0b:86:89:c6:20
SSID
aruba-ap
Channel
1
Type
generic-ap
RAP Type
suspected-rogue
Confidence Level 30%
Status
up
Match Type
AP-Rule
Match MAC
00:0b:86:61:8a:d0
Match IP
0.0.0.0
Match Rule Name rule2
Match Method
Exact-Match
Match Time
Sun Sep 19 19:11:40 2010
Confidence Level Info
---------------------
Match Type
Match Method
----------
------------
Eth-Wired-Mac OUI-Match
AP-Rule
rule1
AP-Rule
rule2
Conf Level ---------20% 5% 5%
The output of this command includes the following information:
Column BSSID
Description BSSID of the suspected rogue AP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms rogue-ap | 2134
Column SSID
Description The rogue AP's Extended service set identifier.
Channel
Channel used by a radio on the rogue AP.
Type
Indicates if the AP is a Dell AP, a Cisco AP, or an AP from any other manufacturer (generic AP).
RAP Type
Type of rogue AP, l Suspect-unsecure: AP has not been confirmed as a rogue AP. l unsecure: AP has been confirmed as a rogue AP
Status
Shows if the AP is active (up) or inactive (down).
Match Type
Describes how the AP was classified as a rogue.
l Eth-Wired-MAC: A Dell AP or AM detected that a single MAC address was in both the Ethernet Wired-Mac table and a non-valid AP wired-Mac table.
l AP-Wired-MAC: An interfering AP is marked as rogue when the Dell AP finds a MAC address in one of its valid AP wired-mac table and in an interfering AP wired-mac table. You can enable or disable the AP-WiredMAC matching method using the CLI command ids unauthorizeddevice-profile overlay-classification.
l Config-Wired-MAC: This type of classification occurs when a Dell AP or AM detects a match between a wired MAC table and a pre-defined MAC address that has manually defined via the command ids unauthorizeddevice-profile valid-wired-mac.
l External-Wired-MAC: This type of classification occurs when a Dell AP or AM detects a match between a wired MAC table entry and a pre-defined MAC address manually defined in the ids rap-wml-server-profile table.
l Base-BSSID-Override: If a Dell AP is detected as rogue, then all virtual APs on the particular rogue are marked as rogue using Base-BSSID-Override match type.
l Manual: An AP is manually defined as a rogue by via the command wms ap <bssid> mode rogue.
l EMS: An AP is manually defined as a rogue by via the Element Management System
Match MAC
MAC address of a wired device that helped identify the AP as a rogue. If the AP has not been identified as a rogue, this column will display the MAC address 00:00:00:00:00:00.
Match IP
IP address of a wired device that helped identify the AP as a rogue.
Match AM
Dell Air Monitor that reporting seeing the rogue AP.
Match Method
This variable indicates the type of match.
Suspect Match Types
Describes how an AP was classified as a suspected rogue AP.
2135 | show wms rogue-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column Helper Ap BSSID AP name Match Time Confidence Level
Description
BSSID of the AP or AM that helped classify a rogue AP.
Names of APs that are able to see the specified MAC address.
Time the AP was identified as a rogue AP.
Shows the level of confidence that the AP was classified correctly for each match type.The suspected-rogue classification mechanism are: l Each mechanism that causes a suspected-rogue classification is assigned a
confidence level increment of 20%. l AP classification rules have a configured confidence level. l When a mechanism matches a previously unmatched mechanism, the
confidence level increment associated with that mechanism is added to the current confidence level (the confident level starts at zero). l The confidence level is capped at 100%. If your controller reboots, your suspected-rogue APs are not checked against any new rules that were configured after the reboot. Without this restriction, all the mechanisms that classified your APs as suspected-rogue may trigger again causing the confidence level to surpass their cap of 100%. You can explicitly mark an AP as "interfering" to trigger all new rules to match against it.
Command History
Release ArubaOS 3.0 ArubaOS 6.1
Modification Command introduced Confidence level information was added to the output of this command.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms rogue-ap | 2136
show wms routers
show wms routers <mac>
Description
Show Learned Router Mac Information for WMS APs.
Syntax
Parameter <mac>
Description MAC address of a probe that can see the router.
Usage Guidelines
This command displays the MAC addresses of devices that have been determined to be routers by the listed APs. This output of this command will be blank if there is not any broadcast/multicast activity in an AP's subnet.
Example
In the example below, a single WMS AP has learned MAC information for four different routers.
(host) #show wms routers
Router Mac 00:08:00:00:11:12 is Seen by APs ------------------------------------------AP-Name ------AP32 Router Mac 00:08:00:00:11:29 is Seen by APs ------------------------------------------AP-Name ------AP32 Router Mac 00:08:00:00:11:57 is Seen by APs ------------------------------------------AP-Name ------AP32 Router Mac 00:08:00:00:11:6e is Seen by APs ------------------------------------------AP-Name ------AP32
Command History
This command was introduced in ArubaOS 3.0
2137 | show wms routers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms routers | 2138
show wms rules
show wms rules config state summary
Description
Display the internal state and matching information of rules created using the ids ap-classification-rule change command.
Syntax
Parameter config
state summary
Description
Display the following information for each AP classification rule. l name l ids l match-ssid l min-snr l max-snr l min-prcnt l max-prcnt l ssids l enabled l classify l conf-incr l flags l match-cnt
Display the following informatoin for each AP classification rule: l SSID Match Table l SSID Exclude Table l SNR Table l Probe Count Table
Display an AP classification rules summary.
Usage Guidelines
Issue this command to view existing AP classification rules. AP classification rule configuration is performed only on a master controller. If AMP is enabled via the mobility-manager command, then processing of the AP classification rules is disabled on the master controller. A rule is identified by its ASCII character string name (32 characters maximum). The AP classification rules have one of the following specifications:
l SSID of the AP
2139 | show wms rules
Dell Networking W-Series ArubaOS 6.4.x | User Guide
l SNR of the AP l Discovered-AP-Count or the number of APs that can see the AP
Example
The output in the example below shows that although two rules have been defined, neither have been enabled using the ids ap-rule-matching rule-name <name> command. (host) (config) #show wms rules summary
AP Classification Rules Summary
-------------------------------
Parameter
Value
---------
-----
Num Rules
2
Num Active-Rules
0
Num SSID-to-match
0
Num SSID-to-exclude
0
Num SNR-bounds
0
Num Probe-Count-bounds 0
Command History
This command was introduced in ArubaOS 6.1
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms rules | 2140
show wms system
show wms system
Description
Show the WMS system configuration and system state.
Syntax
No parameters.
Example
This example shows the WMS System Configuration and System State tables.
(host) #show wms system
System Configuration -------------------Key --max-threshold max-rbtree-entries max-system-wm system-wm-update-interval
Value ----0 0 1000 8
System State ------------Key --Max Threshold Current Threshold Total AP Count Total STA Count MAX RB-tree Count Total Tree Count Poll Count(Max)
Value ----25000 230 228 5 50000 195 1(2)
Learned OUIs for Deployed APs -----------------------------OUI --00:1a:1e:00:00:00
Column
Description
Max Threshold
The maximum number of table entries allowed. If this table displays a zero (0), there is no configured limit.
NOTE: If a configured maximum limit has reached, the controller will not create new WMS entries for monitored APs and monitored stations. If new APs are deployed after this limit is reached, those APs will not be marked as 'valid', which will impair the effectiveness of the Adaptive Radio Management feature. If there are new Rogue APs in the network, they will not be classified as a rogue.
Current Threshold Current number of table entries.
2141 | show wms system
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column Total AP Count
Description Total number of statistics entries for monitored APs in the AP table.
Total STA Count
Total number of statistics entries for monitored stations in the Station table.
MAX RB-tree Count Maximum number of entries allowed in the statistics.
Total Tree Count
Total number of entries currently in the statistics tree. If this limit has been reached, the controller will not add entries with the RSSI information for APs, monitored APs and monitored clients that are seen by them.
Poll Count (Max)
Current and maximum poll counts.
The output of this command includes the following information:
Command History
This command was introduced in ArubaOS 3.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms system | 2142
show wms wired-mac
show wms wired-mac gw-mac [<mac>] monitored-ap-wm <mac> prop-eth-mac reg-ap-oui summary system-gw-mac system-wired-mac wireless-device}
Description
Display a summary table of Wireless Management System (wms) wired MAC information. This command can display a list of APs aware of a specific gateway MAC address, or list the wired MAC addresses known to a single AP.
Syntax
Column gw-mac <mac>
monitored-ap-wm <mac>
prop-eth-mac <mac>
Description
Show Gateway Wired Mac Information Collected from the APs. If you include the optional <mac> MAC address parameter, the output of this command will show information for that single MAC address only.
Show Monitored AP Wired Mac Information Collected from the APs. If you include the optional <mac> MAC address parameter, the output of this command will show information for that single MAC address only.
Show Wired Mac Information Collected from the APs. If you include the optional <mac> MAC address parameter, the output of this command will show information for that single MAC address only.
reg-ap-oui <mac> summary
Show Registered AP OUI Information Collected from the APs, including each registered OUI, and the time that OUI was last seen. If you include the optional <mac> MAC address parameter, the output of this command will show information for that single MAC address only
Display a wired MAC summary that includes the number of each of the following MAC types: l Registered AP OUIs l Propagated Ethernet MACs. l Potential Wireless Device MACs l Monitored AP Wired MACs l System Wired MACs l System Gateway MACs
2143 | show wms wired-mac
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Column system-gw-mac
system-wired-mac wireless-device
Description
Show system gateway MAC information learned at the controller, including the age of each MAC address. If you include the optional <mac> MAC address parameter, the output of this command will show information for that single MAC address only.
Show system wired MAC information learned at the controller. If you include the optional <mac> MAC address parameter, the output of this command will show information for that single MAC address only.
Show Routers or potential wireless devices information, including the MAC address of the device, and the MAC address of the AP or controller that saw the device.
Example
This example shows the wired MAC summary.
(host) #show wms system
System Configuration -------------------Key --max-threshold max-rbtree-entries max-system-wm system-wm-update-interval
Value ----0 0 1000 8
System State ------------Key --Max Threshold Current Threshold Total AP Count Total STA Count MAX RB-tree Count Total Tree Count Poll Count(Max)
Value ----25000 230 228 5 50000 195 1(2)
Learned OUIs for Deployed APs -----------------------------OUI --00:1a:1e:00:00:00
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show wms wired-mac | 2144
Command History
Version ArubaOS 3.0 ArubaOS 6.1
Modification
Command Introduced
The ap-name <ap-name> parameter was deprecated, and the following parameters were introduced: l gw-mac l monitored-ap-wm l prop-eth-mac l reg-ap-oui l summary l system-gw-mac l system-wired-mac l wireless-device
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2145 | show wms wired-mac
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip interface brief
show ip interface brief
Description
View IP-related information on all interfaces in summary format.
Syntax
No parameters.
Example
(host) #show ip interface brief
Interface vlan 1 vlan 2 loopback mgmt
IP Address / IP Netmask 172.16.0.254 / 255.255.255.0
10.4.62.9 / 255.255.255.0 unassigned / unassigned unassigned / unassigned
Admin up up up down
The following table details the columns and content in the show command.
Protocol up up up down
Column Interface
Description List the interface and interface identification, where applicable.
IP Address /IP Netmask
List the IP address and netmask for the interface, if configured.
Admin
States the administrative status of the interface. Enabled--up Disabled--down
Protocol
Status of the IP on the interface. Enabled--up Disabled--down
Command History
Release ArubaOS 3.4
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Available in Config or Enable mode on master controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
show ip interface brief | 2146
shutdown
shutdown all
Description
This command disables all interfaces on the controller.
Usage Guidelines
This command stops all traffic through the physical ports on the controller. The console port remains active. Use this command only when you have physical access to the controller, so that you can continue to manage using the console port. To shut down an individual interface, tunnel, or VLAN, use the shutdown option within the interface command. To restore the ports, use the no shutdown command.
Example
The following example shuts down all physical interfaces on the controller. (host) (config)#shutdown all
Command History
This command was introduced in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
shutdown | 2148
snmp-server
snmp-server community <string> enable trap engine-id host IPv4/IPv6 Address|version {1 <name> udp-port <port>}|2c|{3 <name>} [inform] [interval <seconds>] [retrycount <number>] [udp-port <port>]} inform queue-length <size> source controller-ip stats trap enable|disable|{source [IPv4/IPv6 Address]} user <name> [auth-prot {md5|sha} <password>] [priv-prot {AES|DES} <password>]
Description
This command configures SNMP parameters.
Syntax
Parameter community enable trap engine-id
host
version inform inform stats
Description Sets the read-only community string.
Range --
Default --
Enables sending of SNMP traps to the configured host.
--
disable d
Sets the SNMP server engine ID as a hexadecimal number.
24
--
character
s
maximum
Configures the IPv4/IPv6 Address address of the host to
--
--
which SNMP traps are sent. This host needs to be running a
trap receiver to receive and interpret the traps sent by the
controller.
Configures the SNMP version and security string for
--
--
notification messages.
Sends SNMP inform messages to the configured host.
--
disable d
Specifies the length for the SNMP inform queue.
100-350
250
Allows file-based statistics collection for MMS. The controller generates a file that contains statistics data used by MMS to display information in chart and graph formats.
File-based statistics collection is transparent to the user and increases the efficiency of transferring information between the controller and MMS.
enable d
2149 | snmp-server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter trap
disable enable source udp-port user auth-prot
priv-prot
Description
Source IP address of SNMP traps.
Disables an SNMP trap. You can get a list of valid trap names using the show snmp trap-list command.
Enables an SNMP trap.
Enter the source IPv4/IPv6 Address address for sending traps.
The port number to which notification messages are sent.
Configures an SNMPv3 user profile for the specified username.
Authentication protocol for the user, either HMAC-MD5-98 Digest Authentication Protocol (MD5) or HMAC-SHA-98 Digest Authentication Protocol (SHA), and the password for use with the designated protocol.
Privacy protocol for the user, either Advanced Encryption Standard (AES) or CBC-DES Symmetric Encryption Protocol (DES), and the password for use with the designated protocol.
Range --
--
Default
disable d
--
--
--
--
--
--
162
--
--
MD5/SHA SHA
AES/DES
DES
Usage Guidelines
This command configures SNMP on the controller only. You configure SNMP-related information for APs in an SNMP profile which you apply to an AP group or to a specific AP. To configure SNMP hostname, contact, and location information for the controller, use the hostname, syscontact, and syslocation commands.
Example
The following command configures an SNMP trap receiver: (host) (config) #snmp-server host 191.168.1.1 version 2c 12345678
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.3.1
The stats parameter was introduced
ArubaOS 6.4
The IPv6 Address parameter was introduced.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
snmp-server | 2150
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2151 | snmp-server
Dell Networking W-Series ArubaOS 6.4.x | User Guide
spanning-tree (Global Configuration)
spanning-tree [forward-time <value> | hello-time <value> | max-age <value> | priority <value> | vlan range <WORD>
RSTP is backward compatible with STP and is enabled by default. For ease of use, this command uses the spanning tree keyword.
Description
This command is the global configuration for the Rapid Spanning Tree Protocol (RSTP) and Per VLAN Spanning Tree (PVST+). See spanning-tree (Configuration Interface) for details on the RSTP (config-if) command.
Syntax
Parameter forward-time hello-time max-age priority
vlan range <WORD>
Description
Specifies the time, in seconds, the port spends in the listening and learning state. During this time, the port waits to forward data packets.
Range 4-30
Specifies the time, in seconds, between each bridge protocol data unit (BPDU) transmitted by the root bridge.
1-10
Specifies the time, in seconds, the root bridge waits to receive a hello packet before changing the STP topology.
6-40
Set the priority of a bridge to make it more or less likely to become the root bridge. The bridge with the lowest value has the highest priority.
When configuring the priority, remember the following:
The highest priority bridge is the root bridge.
The highest priority value is 0 (zero).
0-65535
Enter the keywords vlan range followed by
--
the range of VLAN iID's. Separate the VLAN
IDs with a hyphen, comma or both to
indicate the range.
For example: 2-3 or 2,4,6 or 2-6,11
Default 15 seconds 2 seconds 20 seconds 32768
--
Usage Guidelines
This command configures the global RSTP settings on the controller and is backward compatible with past versions of ArubaOS using STP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
spanning-tree (Global Configuration) | 2152
By default, all interfaces and ports on the controller run RSTP as specified in 802.1w and 802.1D. The default RSTP values can be used for most implementations. Use the no spanning-tree command to disable RSTP.
Examples
The following command sets the time a port spends in the listening and learning state to 3 seconds: spanning-tree forward-time 3
The following command sets the time the root bridge waits to transmit BPDUs to 4 seconds: spanning-tree hello-time 4
The following command sets the time the root bridge waits to receive a hello packet to 30 seconds: spanning-tree max-age 30 The following command sets the bridge priority to 10, making it more likely to become the root bridge:
spanning-tree priority 10 The follow command sets a spanning-tree VLAN range
spanning-tree vlan range 2-8,11
Command History
Release ArubaOS 6.0
Modification Added support for PVST+ and VLAN and VLAN Range
ArubaOS 3.4
Upgraded STP to RSTP with full backward compatibility
ArubaOS 1.0
Introduced the Spanning Tree Protocol (STP)
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Configuration (config)
2153 | spanning-tree (Global Configuration)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
spanning-tree mode
spanning-tree mode <rapid> | <rapid-pvst>
Description
Set the spanning tree mode to either Rapid Spanning Tree (802.1w) or PVST+ (Per VLAN Spanning Tree).
Syntax
Parameter rapid
Description Set the spanning tree mode to RSTP (Rapid Spanning Tree Protocol).
rapid-pvst
Set the spanning tree mode to PVST+ (Per VLAN Spanning Tree protocol)
Usage Guidelines
Once the spanning tree mode is set, you can configure RSTP or PVST+.
Command History
Release ArubaOS 6.0
Modification PVST+ added
ArubaOS 3.4
Upgraded STP to RSTP with full backward compatibility.
Command Information
Platform All platforms
Licensing Base operating system
Command Mode
Configuration mode (config) on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
spanning-tree mode | 2154
spanning-tree (Configuration Interface)
spanning-tree cost <value> point-to-point port-priority <value> portfast vlan <vlan-id> cost <value> port-priority <value> vlan range <WORD>
RSTP is backward compatible with STP and is enabled by default. For clarity, this RSTP command uses the spanning tree keyword.
Description
Dell's RSTP implementation interoperates with both PVST (Per VLAN Spanning Tree 802.1D) and Rapid-PVST (802.1w) implementation on industry-standard router/switches. Syntax
Parameter cost <value>
Description
Enter the spanning tree path cost. Use the cost values to determine the most favorable path to a particular destination: the lower the cost, the better the path
point-to-point port-priority <value> portfast vlan <vlan-id>
Set the interface to a point-topoint
Change the spanning tree priority.
Change from blocking to forwarding
Enter the keyword vlan followed by the VLAN-ID
Range Default
165535
Default: Based on Interface type:
l Fast Ethernet 10Mbs-- 100
l Fast Ethernet 100Mbs-- 19
l 1Gigabit Ethernet--4
l 10 Gigabit Ethernet--2
n/a
Enabled
0 - 255
128
n/a
Disabled
n/a
--
2155 | spanning-tree (Configuration Interface)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter cost <value>
Description
Enter th keyword cost followed by the cost value to change the interface's spanning tree path cost.
port-priority <value> Change the spanning tree priority.
vlan range <WORD>
Enter the keywords vlan range followed by the range of VLAN iID's. Separate the VLAN IDs with a hyphen, comma or both to indicate the range.
For example: 2-3 or 2,4,6 or 2-6,11
Range Default
165535
0 - 255
128
--
--
Usage Guidelines
Dell supports global instances of RSTP and PVST+. Therefore, the ports on industry-standard routers/switches must be on the default or untagged VLAN for interoperability with controllers. ArubaOS supports RSTP on the following interfaces: l FastEthernet IEEE 802.3--fastethernet l Gigabitethernet IEEE 802.3--gigabitethernet l Port Channel ID--port-channel In addition to port state changes, RSTP introduces port roles for all the interfaces.
RSTP (802.1w) Port Role
Description
Root
The port that receives the best BPDU on a bridge.
Designated
The port can send the best BPDU on the segment to which it is connected.
Alternate
The port offers an alternate path, in the direction of root bridge, to that provided by bridge's root port.
Backup
The port acts as a backup for the path provided by a designated port in the direction of the spanning tree.
Example
The RSTP default values are adequate for most implementation. Use caution when making changes to the spanning tree values.
(host) (config-if) #spanning-tree cost 345
(host) (config-if) #spanning-tree point-to-point ?
(host) (config-if) #spanning-tree portfast ?
Dell Networking W-Series ArubaOS 6.4.x | User Guide
spanning-tree (Configuration Interface) | 2156
(host) (config-if) #spanning-tree vlan range 2-8,11
Related Commands
spanning-tree (Global Configuration)
Command History
Release ArubaOS 6.0
Modification Added support for PVST+ and VLAN and VLAN Range
ArubaOS 3.4
Upgraded STP to RSTP with full backward compatibility.
ArubaOS 1.0
Introduced the Spanning Tree Protocol (STP).
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Configuration Interface (config-if)
2157 | spanning-tree (Configuration Interface)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
spanning-tree vlan range (PVST+)
spanning-tree vlan range <WORD> [forward-time <value> | hello-time <value> | max-age <value> | priority <value>]
Description
Configure PVST+ on a range of VLANs.
Syntax
Parameter <WORD> forward-time
hello-time max-age
priority
Description
Range
Enter a string representing the VLAN range --
Specifies the time, in seconds, the VLANs spends in the listening and learning state before transition to the forward state.
4-30
Set the time interval, in seconds, between transmission of BPDUs.
1-10
Set the time interval for the PVST+ bridge to maintain configuration information before refreshing that information.
6-40
Set the priority of a bridge to make it more or less likely to become the root bridge. The bridge with the lowest value has the highest priority.
When configuring the priority, remember the following:
The highest priority bridge is the root bridge.
The highest priority value is 0 (zero).
0-65535
Default -15 seconds
2 seconds 20 seconds
32768
Example
The following command sets the time the VLAN range 2-3 spends in the listening and learning state to 3 seconds: spanning-tree vlan range 2-3 forward-time 3 The following command sets the time the VLAN range 2-3 waits to transmit BPDUs to 4 seconds: spanning-tree vlan range 2-3 hello-time 4 The following command sets the time the VLAN range 2-3 waits to receive a hello packet to 30 seconds: spanning-tree vlan range 2-3 max-age 30 The following command sets the VLAN range 2-3 priority to 10, making it more likely to become the root bridge: spanning-tree vlan range 2-3 priority 10
Dell Networking W-Series ArubaOS 6.4.x | User Guide
spanning-tree vlan range (PVST+) | 2158
Command History
Release ArubaOS 6.0
Modification Command introduced
Command Information
Platforms All Platforms
Licensing Base operating system
Command Mode Configuration Mode (config)
2159 | spanning-tree vlan range (PVST+)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ssh
ssh disable_dsa | mgmt-auth {public-key [username/password] | username/password [public-key]}
Description
This command configures SSH access to the controller.
Syntax
Parameter disable_dsa
mgmt-auth
Description
Default
Disables DSA authentication for SSH. Only RSA authentication -- is used.
Configures authentication method for the management user. You can specify username/password only, public key only, or both username/password and public key.
username/ password
Usage Guidelines
Public key authentication is supported using a X.509 certificate issued to the management client. If you specify public-key authentication, you need to load the client X.509 certificate into the controller and configure certificate authentication for the management user with the mgmt-user ssh-pubkey command.
Example
The following commands configure SSH access using public key authentication only: (host) (config) #ssh mgmt-auth public-key
mgmt-user ssh-pubkey client-cert ssh-pubkey cli-admin root
Command History
Version ArubaOS 3.0
Modification Command introduced
ArubaOS 3.1
The mgmt-auth parameter was introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ssh | 2160
sso idp-profile
sso idp-profile <idp profile name> clone idp <urlname> <url> no
Description
This command configures an SSO Identity Provider (IDP) profile for use with application Single Sign-On (SSO) with L2 Authentication.
Syntax
Parameter clone <profile name> idp <urlname> <url> no
Description Copies the data from another SSO IDP profile Configures the name and URL of the controller's IDP server. Deletes the command.
Usage Guidelines
This command is used to configure an SSO IDP profile, which establishes the name and URL of the IDP server that the controller uses for application
The Dell ClearPass Policy Manager is the only device that can act as an IDP server for application SSO with a Dell controller.
Example
sso idp-profile profile1 idp url1 cppm128.arubanetworks.com/idp.login
Command History
Version ArubaOS 6.4
Modification Command introduced
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode Config mode on master controllers
2161 | sso idp-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
stm
add-blacklist-client <macaddr> kick-off-sta <macaddr> <bssid> purge-blacklist-clients remove-blacklist-client <macaddr>
Description
This command is used to manually disconnect a client from an AP or control the blacklisting of clients.
Syntax
Parameter add-blacklist-client
Description
MAC address of the client to be added to the denial of service list.
kick-off-sta
When you use the kick-off-sta feature specify a client's MAC address and BSSID, the AP sends deauthorization frames to the station to disconnect it.
<macaddr>
MAC address of client to be disconnected.
<bssid>
The associated BSSID of the client to be disconnected.
purge-blacklist-client
Clear the entire client blacklist.
remove-blacklist-client <macaddr> Specify the MAC address of a client to remove it from the denial of service list.
Usage Guidelines
When you blacklist a client, the client is not allowed to associate with any AP in the network. If the client is connected to the network when you blacklist it, a deauthentication message is sent to force the client to disconnect. The blacklisted client is blacklisted for the duration specified in the virtual AP profile. The client blacklist supports up to 4,000 individual client entries.
The controller retains the client blacklist in the user database, so the information is not lost if the controller reboots. When you import or export the controller's user database, the client blacklist will be exported or imported as well.
Example
The following command blacklists a client: (host) #stm add-blacklist-client 00:01:6C:CC:8A:6D
Dell Networking W-Series ArubaOS 6.4.x | User Guide
stm | 2162
Command History
Version ArubaOS 1.0 ArubaOS 6.0
Modification Command introduced.
The purge-client-blacklist parameter was introduced. The start-trace and stop-trace parameters are no longer functional.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable mode on master or local controllers
2163 | stm
Dell Networking W-Series ArubaOS 6.4.x | User Guide
support
support
Description
This command, which should be used only in conjunction with Dell customer support, is for controller debugging purposes only.
Syntax
No parameters.
Usage Guidelines
This command is used by Dell customer support for debugging the controller. Do not use this command without the guidance of Dell customer support.
Example
The following command allows Dell customer support to debug the controller: (host) #support
Command History
Version ArubaOS 2.4
Modification Command introduced as the secret command
ArubaOS 3.1
Command renamed to support
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
support | 2164
syscontact
syscontact <syscontact>
Description
This command configures the name of the system contact for the controller.
Syntax
Parameter syscontact
Description An alphanumeric string that specifies the name of the system contact.
Usage Guidelines
Use this command to enter the name of the person who acts as the system contact or administrator for the controller. You can use a combination of numbers, letters, characters, and spaces to create the name. To include a space in the name, use quotation marks to enclose the alphanumeric string. For example, to create the system contact name Lab Technician 1, enter "Lab Technician 1" at the prompt. To change the existing name, enter the command with a different string. The new name takes affect immediately. To unconfigure the name, enter "" at the prompt.
Example
The following command defines LabTechnician as the system contact name: (host) (config) #syscontact LabTechnician
Command History
This command was introduced in ArubaOS 3.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master controllers
2165 | syscontact
Dell Networking W-Series ArubaOS 6.4.x | User Guide
syslocation
syslocation <syslocation>
Description
This command configures the name of the system location for the controller.
Syntax
Parameter syslocation
Description An alphanumeric string that specifies the name of the system location.
Usage Guidelines
Use this command to indicate the location of the controller. You can use a combination of numbers, letters, characters, and spaces to create the name. To include a space in the name, use quotation marks to enclose the text string. To change the existing name, enter the command with a different string. To unconfigure the location, enter "" at the prompt.
Example
The following command defines SalesLab as the location for the controller: (host) # syslocation "Building 10, second floor, room 21E" syscontact LabTechnician
Command History
This command was introduced in ArubaOS 3.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
syslocation | 2166
tar
tar clean {crash|flash|logs}| crash{kernel} | flash | logs {tech-support|user}}
Description
This command archives a directory.
Syntax
Parameter clean
crash flash logs crash kernel flash logs techsupport user
Description Removes a tar file Removes crash.tar Removes flash.tar.gz Removes logs.tar Archives the crash directory to crash.tar. A crash directory must exist. Archives the kernel crash directory to kernel_crash.tar. Archives and compresses the /flash directory to flash.tar.gz. Archives the logs directory to log.tar. Optionally, technical support information can be included. Runs the user specific tech-support command.
Usage Guidelines
This command creates archive files in Unix tar file format.
Example
The following command creates the log.tar file with technical support information: tar logs tech-support
2167 | tar
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 3.0 ArubaOS 6.4 ArubaOS 6.4.2.5
Description Command introduced.
The kernel parameter was introduced.
The show dot1x watermark history was added as part of the techsupport.log file.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
tar | 2168
telnet
telnet {cli|soe}
Description
Enable telnet to the controller or to an AP through the controller.
Syntax
Parameter cli soe
Description Enable telnet using the CLI. Enable telnet using Serial over Ethernet (SoE).
Default Disabled Disabled
Usage Guidelines
Use the cli option to enable telnet to the controller. Use the soe option to enable telnet using the SoE protocol. This allows you to remotely manage an AP directly connected to the controller.
Example
The following example enables telnet to the controller using the CLI. (host) (config) #telnet cli
Command History
The command was introduced in ArubaOS 1.0
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2169 | telnet
Dell Networking W-Series ArubaOS 6.4.x | User Guide
threshold
threshold controlpath-cpu <percentage> controlpath-memory <percentage> datapath-cpu <percentage> no-of-APs <percentage> no-of-locals <percentage> total-tunnel-capacity <percentage> user-capacity <percentage> no ...
Description
This command configures controller capacity thresholds which, when exceeded, will trigger alerts.
Syntax
Parameter controlpath-cpu <percentage> controlpath-memory <percentage> datapath-cpu <percentage> no-of-APs <percentage>
no-of-locals <percentage>
Description
Set an alert threshold for controlpath CPU capacity. The <percentage> parameter is the percentage of the total controlpath CPU capacity that must be exceeded before the alert is sent.
The default threshold for this parameter is 80%.
Set an alert threshold for controlpath memory consumption. The <percentage> parameter is the percentage of the total memory capacity that must be exceeded before the alert is sent.
The default threshold for this parameter is 85%.
Set an alert threshold for datapath CPU capacity. The <percentage> parameter is the percentage of the total datapath CPU capacity that must be exceeded before the alert is sent.
The default threshold for this parameter is 30%.
The maximum number of APs that can be connected to a controller is determined by that controller's model type and installed licenses. Use this command to trigger an alert when the number of APs currently connected to the controller exceeds a specific percentage of its total AP capacity.
The default threshold for this parameter is 80%.
Set an alert threshold for the master controller's capacity to support branch and local controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
threshold | 2170
Parameter
Description
A master controller can support a combined total of 256 branch and local controllers. The <percentage> parameter is the percentage of the total master controller capacity that must be exceeded before the alert is sent. The default threshold for this parameter is 80%.
total-tunnel-capacity <percentage>
Set an alert threshold for the controller's tunnel capacity. The <percentage> parameter is the percentage of the controller's total tunnel capacity that must be exceeded before the alert is sent.
The default threshold for this parameter is 80%
user-capacity <percentage>
Set an alert threshold for the controller's user capacity. The <percentage> parameter is the percentage of the total resource capacity that must be exceeded before the alert is sent.
The default threshold for this parameter is 80%.
Usage Guidelines
The controller will send a wlsxThresholdExceeded SNMP trap and a syslog error message when the controller has exceeded a set percentage of the total capacity for that resource. A wlsxThresholdCleared SNMP trap and error message will be triggered if the resource usage drops below the threshold once again.
Example
The following command configures a new alert threshold for controlpath memory consumption:
(host) (config) #threshold datapath-cpu 90
If this threshold is exceeded then subsequently drops below the 90% threshold, the controller would send the following two syslog error messages.
Mar 10 13:13:58 nanny[1393]: <399816> <ERRS> |nanny| above 90% threshold, value : 93 Mar 10 13:16:58 nanny[1393]: <399816> <ERRS> |nanny| below 90% threshold, value : 87
Resource 'Control-Path Memory' has gone Resource 'Control-Path Memory' has come
Command History
The command was introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2171 | threshold
Dell Networking W-Series ArubaOS 6.4.x | User Guide
time-range
time-range <name> absolute [end <mm/dd/yyyy> <hh:mm>]|[start <mm/dd/yyyy> <hh:mm>] time-range <name> periodic Daily <hh:mm> to <hh:mm> Friday <hh:mm> to <hh:mm> Monday <hh:mm> to <hh:mm> Saturday <hh:mm> to <hh:mm> Sunday <hh:mm> to <hh:mm> Thursday <hh:mm> to <hh:mm> Tuesday <hh:mm> to <hh:mm> Wednesday <hh:mm> to <hh:mm> Weekday <hh:mm> to <hh:mm> Weekend <hh:mm> to <hh:mm> no ...
Description
This command configures time ranges.
Syntax
Parameter <name> absolute periodic
no
Description Name of this time range. You can reference this name in other commands.
Specifies an absolute time range, with a specific start and/or end time and date.
Specifies a recurring time range. Specify the start and end time and Daily, Weekday, Weekend, or the day of the week.
Negates any configured parameter.
Usage Guidelines
You can use time ranges when configuring session ACLs. Once you configure a time range, you can use it in multiple session ACLs.
Example
The following command configures a time range for daytime working hours: (host) (config) #time-range working-hours periodic
weekday 7:30 to 18:00
Command History
The command was introduced in ArubaOS 3.0.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
time-range | 2172
Command Information
Platforms All platforms
Licensing
Next Generation Policy Enforcement Firewall (PEFNG) license.
Command Mode Config mode on master controllers
2173 | time-range
Dell Networking W-Series ArubaOS 6.4.x | User Guide
tracepath
tracepath <global-address>
Description
Traces the path of an IPv6 host.
Syntax
Parameter
Description
<global-address> The IPv6 global address of the host.
Usage Guidelines
Use this command to identify points of failure in your IPv6 network.
Example
The following command traces the path of the specified IPv6 host. (host) #tracepath 2005:d81f:f9f0:1001::14
Command History
The command was introduced in ArubaOS 6.1.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
User, Enable, and Config modes on local or master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
tracepath | 2174
traceroute
traceroute <ipaddr> source
Description
Trace the route to the specified IP address.
Syntax
Parameter <ipaddr>
Description The destination IP address.
source <ipaddr> Sets the source IP address through which packets are sent for tracing route.
Usage Guidelines
Use this command to identify points of failure in your network.
Example
The following command traces the route to the device identified by the IP address 10.1.2.3. (host) (config) #traceroute 10.1.2.3
Command History
Release ArubaOS 2.0
Modification Command introduced
ArubaOS 6.3
Introduced source parameter.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
User, Enable, and Config modes on local or master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
traceroute | 2176
trusted
trusted all
Description
This command makes all physical interfaces on the controller trusted ports.
Syntax
Parameter all
Description Makes all ports on the controller trusted.
Usage Guidelines
Trusted ports are typically connected to internal controlled networks. Untrusted ports connect to third-party APs, public areas, or any other network to which the controller should provide access control. When APs are attached directly to the controller, set the connecting port to be trusted. By default, all ports on the controller are treated as trusted. You can use the interface fastethernet or interface gigabitethernet commands to make individual ports trusted.
Example
The following command makes all ports trusted: (host) (config) #trusted all
Command History
The command was introduced in ArubaOS 2.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2177 | trusted
Dell Networking W-Series ArubaOS 6.4.x | User Guide
tunnel-group
tunnel-group <tungrpname> mode {l2|l3) no preemptive-failover tunnel <tunnel-id>
Description
This command creates a tunnel-group to group a set of tunnels.
Syntax
Parameter mode {l2|l3} no preemptive-failover
tunnel <tunnel-id>
Description Set the type of tunnel-group.
Default l3
Negates any parameter configured.
--
When enabled, this option automatically redirects the traffic upon detecting an active tunnel with a higher precedence in the tunnel-group. When disabled, the traffic gets redirected to a higher precedence tunnel only when the tunnel carrying the traffic fails.
enabled
Adds the specified tunnel ID to the tunnel group. The
--
range is 1-16777215.
Usage Guidelines
Use this command to provide redundancy for L3 generic routing encapsulation (GRE) tunnels. This feature enables automatic redirection of the user traffic to a standby tunnel when the primary tunnel goes down. To enable L3 GRE tunnel group, you must: l configure a tunnel-group to group a set of tunnels. l enable tunnel keepalives on all the tunnel interfaces assigned to the tunnel-group, and l configure the session ACL with the tunnel-group as the redirect destination. To enable L2 GRE tunnel group, you must: l configure the member tunnel and add them to the appropriate VLAN. l enable tunnel keepalives on the tunnel interface. l configure the tunnel-group and set the group type to L2, and l add the member tunnel to the group
You can configure up to 32 tunnel-groups on a controller with a maximum of 5 tunnels in each tunnel-group.
Example
The following set of commands create a tunnel-group with tunnel IDs 10 and 20 as the members:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
tunnel-group | 2178
(host)(config) #tunnel-group tgroup1 (host)(config-tunnel-group)# mode l3 (host)(config-tunnel-group)# tunnel 10 (host)(config-tunnel-group)# tunnel 20 (host)(config-tunnel-group)#preemptive-failover
Command History
Version ArubaOS 6.3
Modification Command introduced.
ArubaOS 6.4.2.3
The mode parameter was introduced.
ArubaOS 6.4.3.0
The tunnel ID limit was changed from 2147483647 to 16777215.
This command was introduced in ArubaOS 6.3
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config mode on master controllers
2179 | tunnel-group
Dell Networking W-Series ArubaOS 6.4.x | User Guide
tunnel-loop-prevention
tunnel-loop-prevention
Description
This command prevents prevent forwarding loops between tunneled nodes on the controller.
The tunneled node loop prevention function appears on the WebUI as the "Enable Wired Access Concentrator Loop Prevention" option. It is located on the Configuration > Advanced Services > Wired Access > Wired Access Concentration Configuration pane.
Syntax
No parameters.
Usage Guidelines
This command prevents forwarding loops between tunnels from the tunneled nodes on the the controller. To allow a tunneled node-connected machine to communicate with another controller that is a connected client on the same subnet, you must enable broadcast-filter-arp.
Example
The following command prevents tunneled node forwarding: (host) (config) #tunnel-loop-prevention
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
The command name changed from mux-loop-prevention to tunnel-loop-prevention.
Related Commands
(host) (config) #show tunneled-node config (host) (config) #show tunneled-node state
Command Information
Platforms All platforms
Licensing
Requires the Policy Enforcement Firewall Next Generation (PEFNG)license.
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
tunnel-loop-prevention | 2180
tunnel-node-mtu
tunnel-node-mtu <mtu>
Description
This command configures the MTU of a tunneled node.
Syntax
Parameter tnode-mtu
Description
Value of the MTU for the tunneled nodes Range: 1024 to 9216
Usage Guidelines
A Dell controller can operate as a Wi-Fi controller, terminating GRE tunnels from tunneled node switches. As a Wi-Fi controller, the controller does not perform full Wi-Fi switching functions. Instead, it accepts traffic from ports designated as tunneled node ports, packages this traffic inside a GRE tunnel, and forwards the traffic back to a central controller for processing.
Example
The following command configures the MTU of a controller for tunneled nodes: (host) (config) #tunnel-node-mtu 1030
Command History
The command was introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2181 | tunnel-node-mtu
Dell Networking W-Series ArubaOS 6.4.x | User Guide
tunneled-node-address
tunneled-node-address <ipaddr>
Description
This command configures the IP address of a tunneled node server.
Syntax
Parameter
Description
tunneled-node-address IP address of the controller. This is the loopback or IP address of the controller acting as a tunneled node controller.
Usage Guidelines
A Dell controller can operate as a Wi-Fi controller, terminating GRE tunnels from tunneled node switches. As a Wi-Fi controller, the controller does not perform full Wi-Fi switching functions. Instead, it accepts traffic from ports designated as tunneled node ports, packages this traffic inside a GRE tunnel, and forwards the traffic back to a central controller for processing.
Example
The following command configures the address of a controller for tunneled nodes: (host) (config) #tunneled-node-address 192.168.1.245
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 6.1
The command name changed to tunneled-node-port.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
tunneled-node-address | 2182
upgrade
upgrade verify target add|del all|{host <ipaddr>}|{net <subnet>} target purge
Description
Specify which local controllers using the centralized image upgrade feature should download the image from the image server, or verify the validity of an image on the upgrade server.
Syntax
Parameter Description
verify
When you verify the upgrade image, the master controller attempts to connect to the file server, download the different images for each unique local controller and verify the validity of the image. Once controller images are verified as valid images by the master controller, the local controllers that are in the upgrade target list connect to the file server, download the appropriate image, and upgrade their software to the downloaded version
target add|del
Use this parameters to edit the list of controllers to be automatically upgraded with the centralized image upgrade feature.
l all: Add all local controllers to or remove all local controllers from the target list
l host <ipaddr>: IPv4 address of a local controller to be added to or removed from the target list
l net <subnet>: Subnet of local controllers to be added to or removed from the target list
target purge
Clear the entire centralized image upgrade target list.
Usage Guidelines
This feature can be configured on a master controller only, and supports up to 100 simultaneous downloads.
Example
(host)(config)# upgrade target add all
Command History
Release ArubaOS 6.3
Modification Command introduced
Command Information
Platforms all platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2183 | upgrade
Dell Networking W-Series ArubaOS 6.4.x | User Guide
upgrade-profile
auto-reboot filepath <filepath> max-downloads <1-100> no ... password <password> protocol tftp|ftp|scp serverip <ipaddr> upgrade-enable username <username>
Description
The settings in this centralized image upgrade profile allow the master controller to automatically upgrade its associated local controllers by sending an image from an image server to one or more local controllers.
Syntax
Parameter auto-reboot
filepath max downloads
password protocol
Description
Range
Include this parameter to allow the local controllers to reboot after they download their new images.
NOTE: If you enable this option, local controllers will reboot without saving any changes to their current configuration. If you have any unsaved configuration changes on your local controller that you want to retain, do not enable this option.
file path to the location on the image server where the image file(s) reside.
Maximum number of local controllers that can simultaneously download a file from a file server. The centralized image downloading feature supports up to 100 simultaneous downloads. If this field is left blank, ArubaOS will use its default value of 10 downloads.
1-100
If you selected the FTP or SCP protocol for the Protocol type, enter the password that ArubaOS will use to connect to the image server.
Specify the protocol used to send the software upgrade from the image server to the local controller.
l TFTP l FTP l SCP
serverip
IP address of the image server.
-
upgrade-enable
Issue the upgrade-profile upgrade-enable command to enable the centralized image upgrade feature.
username <username> If you specified FTP or SCP for the protocol parameter -
Default Disabled
10
TFTP
Disabled -
Dell Networking W-Series ArubaOS 6.4.x | User Guide
upgrade-profile | 2184
Parameter
Description
field, enter the user name that ArubaOS uses to connect to the image server.
Range
Default
Usage Guidelines
This feature can be configured on a master controller only, and supports up to 100 simultaneous downloads.
Example
(host)(config)# upgrade-profile serverip 192.0.2.15 filepath /tftpboot auto-reboot upgrade-enable
Command History
Release ArubaOS 6.3
Modification Command introduced
Command Information
Platforms all platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2185 | upgrade-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
uplink
crypto-local uplink {cellular priority <prior>}|disable|enable|{wired priority <prior>}|{wired vlan <id>}
Description
Manage and configure the uplink network connection.
Syntax
Parameter cellular priority <prior>
Description
Set the priority of the cellular uplink. By default, the cellular uplink is a lower priority than the wired uplink; making the wired link the primary link and the cellular link the secondary or backup link.
Configuring the cellular link with a higher priority than your wired link priority will set your cellular link as the primary controller link.
enable
Enable the uplink manager.
Range 1-255
--
disable
Disable the uplink manager.
--
wired priority <prior> wired vlan <id>
Set the priority of the wired uplink. Each uplink type has an associated priority; wired ports having the highest priority by default.
Define the VLAN identification (ID) of the uplink VLAN . A maximim of four wired VLANs can be defined
1-255 1-4094
Usage Guidelines
The W-600 Series controllers supports multiple 3G cellular uplinks in addition to its standard wired ports, providing redundancy in the event of a connection failure. If a W-600 Series' wired link cannot access the internet, the controller can fail over to a secondary cellular link and continue routing traffic.
The uplink VLAN manager is enabled by default on branch controller uplinks. Master or local (non-branch) controllers using the PAN portal feature must issue the uplink enable command to enable the uplink manager.
Related Commands
Command pan-options
show uplink
Description
This command configures options to integrate a branch controller with a Palo Alto Networks (PAN) firewall.
Displays uplink configuration details on W-600 Series or W-7000 Series controllers.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
uplink | 2186
Command History
Release ArubaOS 3.4 ArubaOS 6.0
Modification Command introduced The wired priority parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
2187 | uplink
Dell Networking W-Series ArubaOS 6.4.x | User Guide
usb-printer
usb-printer [printer <printer-name> alias <alias-name>]
Description
This command allows you to provide an alias to USB printers connected to W-650 series controllers.
Syntax
Parameter printer
alias
Description
Enter the default printer name. To get the default printer name use the show network-printer status command.
Enter a new alias name for the printer.
Example
The following command creates an alias for a printer: (host) usb-printer printer usblp_HP_Officejet_Pro_L7500_MY872231FX alias HPOJ_L7500 (host) #show network-printer status
Networked Printer Status -----------------------Printer Name -----------usblp_Hewlett-Packard_HP_Color_LaserJet_CP3505_CNBJ8B1003 usblp_HP_Officejet_Pro_L7500_MY872231FX
Printer Alias ------------HPLJ_P3005 HPOJ_L7500
Status -----idle idle
Comment ------enabled enabled
Command History
This command was introduced in ArubaOS 3.4.
Command Information
Platforms W-600 Series controllers
Licensing Base operating system
Command Mode Enable mode.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
usb-printer | 2188
usb reclassify
crypto-local usb reclassify <address>
Description
Disconnect and reclassify an USB device.
Syntax
Parameter <address>
Description USB device address from the show usb command.
Usage Guidelines
There's no way to power off an USB port on the W-600 Series controller, but you can re-initialize the device using the usb reclassify command. This command removes the modem from the USB device list, then detects it via the USB table.
Command History
Introduced in ArubaOS 3.4.
Command Information
Platforms W-600 Series controllers
Licensing Base operating system
Command Mode
Config mode on master and local controllers
2189 | usb reclassify
Dell Networking W-Series ArubaOS 6.4.x | User Guide
user-role
user-role <name> access-list {eth|mac|session} <acl> [ap-group <group>] [position <number>] bw-contract <name>[per-user] {downstream|upstream} bw-contract {app|appcategory}{downstream|upstream}| exclude {app|appcategory} bw-contract web-cc-category|web-cc-reputation <cc-name> <bwc-name> downstream|upstream captive-portal {<STRING>|check-for-accounting} dialer <name> dpi max-sessions <number> no ... policer-profile <profile> pool {l2tp|pptp} <name> qos-profile <profile> reauthentication-interval [<minutes>|<seconds>] registration-role session-acl <string> [ap-group <group>] [position <number>]a sso <profile> stateful-kerberos <profile> stateful-ntlm <ntlm_profile_name> traffic-control-profile <STRING> via <profile> vlan {VLAN ID|VLAN name} voip-profile <profile> web-cc disable wispr <wispr_profile_name>
Description
This command configures a user role.
Syntax
Parameter <name> access-list
Description Name of the user role.
Range --
Type of access control
--
list (ACL) to be applied:
eth: Ethertype ACL, configured with the ip access-list eth command.
mac: MAC ACL, configured with the ip access-list mac command.
session: Session ACL, configured with the ip access-list session command.
Default -- --
Dell Networking W-Series ArubaOS 6.4.x | User Guide
user-role | 2190
Parameter <acl>
Description
Name of the configured ACL.
Range --
Default --
ap-group
(Optional) AP group to
--
--
which this ACL applies.
position
(Optional) Position of
--
this ACL relative to
other ACLs that you can
configure for the user
role. 1 is the top.
(last)
bandwidthcontract
Name of a bandwidth
--
--
contract or rate limiting
policy configured with
the aaa bandwidth-
contract command. The
bandwidth contract
must be applied to
either downstream or
upstream traffic.
app
Name of the application --
--
bandwidth contract
configured for the user
role. The bandwidth
contract must be
applied to either
downstream or
upstream traffic.
NOTE: For a complete list of supported applications, issue the command show dpi application all.
appcategory
Name of the application --
--
category bandwidth
contract configured for
the user role. The
bandwidth contract
must be applied to
either downstream or
upstream traffic.
NOTE: For a complete list of supported applications, issue the command show dpi application category all.
web-cc-category|web-cc-reputation Apply a bandwidth conract Available repu- --
<cc-name> <bwc-name>
to the specified web con- tation cat-
tent category or reputation egories are:
level. Bandwidth contracts
can be applied to user-
l high-risk
defined web content categories created using the web-cc command. The
l low-risk l moderate-
2191 | user-role
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
exclude app|appcategory downstream per-user
upstream captive-portal <STRING>
check-for-accounting
Description
Range
five web content reputation levels are predefined in ArubaOS.
NOTE: bandwidth contracts applied to a web content category or reputation will not be enforced unless web content classification is enabled using the firewall web-contentclassification command.
risk
l suspicious
l
trustworth y
Excludes an application -- or application category from being configured as a bandwidth contract.
Default --
Applies the bandwidth
--
--
contract to traffic from
the controller to the
client.
Specifies that bandwidth -- contract is assigned on a per-user basis instead of a per-role basis. For example, if two users are active on the network and both are part of the same role with a 500 Kbps bandwidth contract, then each user is able to use up to 500 Kbps.
(per role)
Applies the bandwidth
--
--
contract to traffic from
the client to the
controller.
Name of the captive
--
portal profile configured
with the aaa
authentication
captive-portal
command.
If disabled, RADIUS
--
accounting is done for an
authenticated users irre-
spective of the captive-
portal profile in the role of
an authenticated user. If
enabled, accounting is not
done as long as the user's
-- enabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
user-role | 2192
Parameter
dialer
dpi disable
max-sessions no policer-profile pool
2193 | user-role
Description
Range
role has a captive portal profile on it. Accounting will start when Auth/XMLAdd/CoA changes the role of an authenticated user to a role which doesn't have captive portal profile.
If VPN is used as an
--
access method, name of
the VPN dialer
configured with the
vpn-dialer command.
The user can login using
captive portal and
download the dialer.
The dialer is a Windows
application that
configures the VPN
client.
Role specific DPI con-
--
figuration.
Disable role specific DPI -- configuration.
Maximum number of datapath sessions per user in this role.
0-65535
Negates any configured -- parameter.
Applies a policer profile to -- the user role.
If VPN is used as an
--
access method,
specifies the IP address
pool from which the
user's IP address is
assigned:
l2tp: When a user negotiates a Layer-2 Tunneling Protocol (L2TP)/ IPsec session, specifies an address pool configured with the ip local pool command.
Default
--
-- -- 65535 -- -- --
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
<name> qos-profile reauthentica tion-interval registration-role
session-acl <string>
ap-group position
sso statefule-kerberos stateful-ntlm
Description
Range
pptp: When a user negotiates a Point-toPoint Tunneling Protocol (PPTP) session, specifies an address pool configured with the pptp ip local pool command.
Default
Name of the L2TP or
--
PPTP pool to be applied.
Applies a QOS profile to
--
the user role.
Interval, in minutes or seconds, after which the client is required to reauthenticate.
l 0-4096 in minutes
l 0-245760 in seconds
--
--
0 (disabled)
If enabled, a user is
--
forced to do MAC-based
authentication every
time the user connects
to the network.
disabled
Session ACL configured --
--
with the ip access-list
session command. You
can specify both IPv4
and IPv6 ACLs.
(Optional) AP group to
--
--
which this ACL applies.
(Optional) Position of
--
this ACL relative to
other ACLs that you can
configure for the user
role. 1 is the top.
(last)
Applies an SSO profile
--
--
to the user role.
Applies a stateful
--
--
Kerberos profile to the
user role.
Apply stateful NTLM authentication to the specified user role
Dell Networking W-Series ArubaOS 6.4.x | User Guide
user-role | 2194
Parameter traffic-control-profile <STRING> via vlan
voip-profile web-cc disable
wispr
Description
Range
Apply the Lync traffic
--
control priority profile to
the user-role.
NOTE: For the string value, enter the profile name that you created using app lync trafficcontrol command.
Applies a VIA connection -- profile to the user role.
Identifies the VLAN ID or -- VLAN name to which the user role is mapped. This parameters works only when using Layer-2 authentication such as 802.1X or MAC address, ESSID, or encryption type role mapping because these authentications occur before an IP address is assigned. If a user authenticates using a Layer-3 mechanism such as VPN or captive portal this parameter has no effect.
NOTE: VLAN IDs and VLAN names cannot be listed together.
Applies a VOIP profile to -- the user role.
Disable web content
--
classification for this
user role. User role
bandwidth contracts
associated with web
content classification
categories and
reputation types will not
enforced unless web
content classification is
enabled using the
firewall web-content-
classification
command.
Apply WISPr
--
authentication to the
specified user role.
Default -- -- --
-- --
--
2195 | user-role
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Usage Guidelines
Every client in a user-centric network is associated with a user role. All wireless clients start in an initial role. From the initial role, clients can be placed into other user roles as they pass authentication.
Example
The following command configures a user role: (host) (config) #user-role new-user
dialer default-dialer pool pptp-pool-1
Command History
Version ArubaOS 3.0
Modification Command introduced
ArubaOS 3.4.1
The stateful-ntlm and wispr parameters were introduced.
ArubaOS 6.1
The ipv6 session-acl parameter was removed. The session-acl parameter is common for both IPv4 and IPv6 ACLs.
ArubaOS 6.4
ArubaOS 6.4.1.0 ArubaOS 6.4.2.0
The bandwidth-contract app, bandwidth-contract appcategory, bandwidth-contract exclude, traffic-control-profile, and sso parameters were introduced.
The check-for-accounting parameter was introduced.
The web-cc-category, web-cc-reputation and web-cc disable parameters were introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license.
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
user-role | 2196
valid-network-oui-profile
valid-network-oui-profile no oui <oui>
Description
This command allows you to add a new OUI to the controller
Syntax
Parameter no oui <oui>
Description
Negates any configured parameter.
The new OUI to be added. Use the aa:bb:cc format to input the new OUI.
Range -- --
Default -- --
Usage Guidelines
This command adds a new OUI to the controller. The new OUI must be entered in a aa:bb:cc format.
Example
The following command adds a new OUI to the controller.
(host) (config) #valid-network-oui-profile (host) (Valid Equipment OUI profile) # (host) (Valid Equipment OUI profile) #oui 00:11:22 This should only be used when adding equipment with a new OUI. want to proceed? [y/n]: y
Are you sure you
Command History
Release ArubaOS 5.0
Modification Command introduced
Command Information
Platforms Available on all platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2197 | valid-network-oui-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
vlan-bwcontract-explist
vlan-bwcontract-explist mac <mac>
Description
Use this command to add entries to or remove entries from the MAC exception list for bandwidth contracts on broadcast/multicast traffic.
Syntax
Parameter <mac>
Description
MAC address of a protocol that should be added to or removed from the exception list for bandwidth contracts.
Usage Guidelines
Bandwidth contracts on a VLAN can limit broadcast and multicast traffic. ArubaOS version 6.0 and later includes an internal exception list to allow broadcast and multicast traffic using the VRRP, LACP, OSPF, PVST and STP protocols. To remove per-vlan bandwidth contract limits on an additional broadcast or multicast protocol, add the MAC address for that broadcast/multicast protocol to the Vlan Bandwidth Contracts MAC Exception List.
Example
The following command adds the MAC address for CDP (Cisco Discovery Protocol) and VTP (Virtual Trunking Protocol to the list of protocols that are not limited by VLAN bandwidth contracts. (host) (config) #vlan-bwcontract-explist mac 01:00:0C:CC:CC:CC
Command History
Command introduced in ArubaOS 6.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
vlan-bwcontract-explist | 2198
vlan-name
vlan-name <name> [assignment {even|hash}]
Description
This command creates a named VLAN on the controller and given an assignment type.
Syntax
Parameter <name> assignment
even
hash
Description
Name of the VLAN.
Sets the assignment type. This determines how a VLAN assignment is handled by the controller.
Sets the assignment type as even.The Even assignment type is based on an even distribution of VLAN pool assignments.
Sets the assignment type as hash. The hash type means that the VLAN assignment is based on the station MAC address.
Range 132 characters -- --
--
Usage Guidelines
Create a named VLAN so you can set up a VLAN pool. A VLAN pool consists of a set of VLAN IDs which are grouped together to efficiently manage multi-controller networks from a single location.
VLAN pooling should not be used with static IP addresses.
The Even VLAN assignment type maintains a dynamic latest usage level of each VLAN ID. Therefore, as users age out, the number of available addresses increases. This leads to a more even distribution of addresses. The Even type is only supported in tunnel and decrypt tunnel forwarding modes. It is not supported in split or bridge modes and it is not allowed for VLAN pools that are configured directly under a virtual AP. It can only be used under named VLANs. If a VLAN is given an Even assignment in bridge mode, a message displays indicating that the Hash assignment is automatically used instead to retrieve the VLAN ID.
L2 Mobility is not compatible with the existing implementation of the Even VLAN pool assignment type.
Example
The following command creates a VLAN named mygroup with the assignment type "even" on the controller: (host) (config) #vlan-name mygroup assignment even
Related Commands
(host) (config) #show vlan
2199 | vlan-name
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 3.0 ArubaOS 3.4 ArubaOS 6.2
ArubaOS 6.3
Modification Command introduced.
The pool parameter was introduced.
The assignment parameter was introduced along with the even and hash options. The pool parameter was deprecated.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
vlan-name | 2200
vlan
vlan <id> [<description>] |[<name> <vlan-ids>]|[range <range>]|[wired aaa-profile <profile>]
Description
This command creates a VLAN ID or a range of VLAN IDs on the controller.
Syntax
Parameter <id>
Description
Identification number for the VLAN.
Range 2-4094
Default 1
<description>
Description of a VLAN ID.
1-32 characters; cannot begin with a numeric character
VLAN000 x, where x is the ID number.
<name>
(Optional) Identification name of the VLAN. The VLAN name was created using the vlan-name command.
1-32 characters; a name cannot begin with a numeric character
VLAN<id>
<vlan-ids>
(Optional) List of VLAN IDs that
Existing
1
are associated with this VLAN. If
VLAN IDs
two or more IDs are listed, the
VLAN needs to specified first as a
VLAN pool using the vlan-name
command.
range <range>
Create a range of multiple VLAN
2-4094
--
IDs by specifying the beginning
and ending VLAN ID separated by
a hyphen.
For example, 55-58
wired aaa-profile <profile> Assign an AAA profile to a VLAN
--
--
to enable role-based access for
wired clients connected to an
untrusted VLAN or port on the
controller. This parameter applies
to wired clients only.
Note that this profile will only take effect if the VLAN and/or the port on the controller is untrusted. If both the port and the VLAN are trusted, no AAA profile is assigned.
2201 | vlan
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Usage Guidelines
Use the interface vlan command to configure the VLAN interface, including an IP address. Use the vlanname command to create a named VLAN to set up a VLAN pool. A VLAN pool consists of a set of VLAN IDs which are grouped together to efficiently manage multi-controller networks from a single location. To enable role-based access for wired clients connected to an untrusted VLAN and/or port on the controller, you must use the wired aaa-profile parameter to specify the wired AAA profile you would like to apply to that VLAN. If you do not specify a per-VLAN wired AAA profile, traffic from clients connected to an untrusted wired port or VLAN will use the global wired AAA profile, if configured.
Example
The following command creates VLAN ID 27 with the description myvlan on the controller. (host) (config) #vlan 27 myvlan The following command associates the VLAN IDs 5, 12 and 100 with VLAN guestvlan on the controller. vlan guestvlan 5,12,100 The following command creates VLAN IDs 200-300, 302, 303-400. (host) (config) #vlan range 200-300,302, 303-400
Related Commands
Command show vlan
Description
This command shows a configured VLAN interface number, description and associated ports
aaa authentication wired
This command configures authentication for a client device that is directly connected to a port on the controller.
Command History
Release ArubaOS 3.0 ArubaOS 3.4 ArubaOS 3.4.1 ArubaOS 6.0
Modification Command available. vlan-ids parameter introduced. vlan range parameter introduced. wired aaa-profile parameter introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
vlan | 2202
voice alg-based-cac
voice alg-based-cac disable enable
Description
This command is used to enable or disable VoIP signaling based Call Admission Control (CAC).
Syntax
Parameter disable enable
Description Disable VoIP signaling based CAC. Enable VoIP signaling based CAC.
Usage Guidelines
When call admission control in the VoIP CAC profile is enabled along with voice ALG based CAC, the controller does call admission control based on VoIP signaling and Traffic Specification (TSpec) messages (if handset supports TSpec), with precedence given to TSpec messages. When call admission control in the VoIP CAC profile is enabled while the voice ALG based CAC is disabled, the controller does call admission control based on TSpec signaling messages. If the handset does not support TSpec, call admission control is not applied.
Example
The following example disables VoIP signaling based CAC: (host) (config) #voice alg-based-cac disable
Command History
Version ArubaOS 6.2
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode Config mode on master controller
2203 | voice alg-based-cac
Dell Networking W-Series ArubaOS 6.4.x | User Guide
voice dialplan-profile
voice dialplan-profile <profile> clone <source> dialplan {<sequence> <pattern> <action>} no...
Description
This command allows you to create a dial plan profile and configure dial plans to the profile.
Syntax
Parameter <profile> clone dialplan
<sequence> <pattern>
<action>
Description
Name of this instance of the dial plan profile.
Name of the existing dial plan profile from which parameter values are copied.
Configures a dialplan with the sequence, pattern, and action specified for the profile. You can configure upto 20 dialplans for a profile.
A number that positions the dial plan in the list of dial plans configured in the controller. The range is 100 - 65535.
A digit pattern or the number of digits that will be dialed by the user. You can specify the digit pattern using `X', `Z', `N', `[ ]' and `.'. l X is a wild card that represents any character from 0 to 9. l Z is a wild card that represents any character from 1 to 9. l N is a wild card that represents any character from 2 to 9. l [ ] is a wild card that represents the number or the range specified in the
brackets. l . (period) is a wild card that represents any-length digit strings.
A prefix code that is automatically prefixed to the dialed number. This is specified as <prefix-code>%e. Examples of dial plans are: l 9%e: The number 9 is prefixed to the dialed number. l 91%e: The number 91 is prefixed to the dialed number.
Usage Guidelines
You can configure dial plans on the controller that are required by the local EPABX system to provide outgoing PSTN call facility from a SIP device.
Dial plan can be configured only for SIP over UDP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
voice dialplan-profile | 2204
Example
The following command creates a dial plan for the dial plan profile, local: (host) (config) #voice dialplan-profile local (host) (Dialplan Profile "local") #dialplan 300 Z. 91%e
Command History
Version ArubaOS 6.0
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode Config mode on master controller
2205 | voice dialplan-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
voice logging
voice logging client mac <client mac> no ...
Description
This command allows you to enable logging for a voice client.
Syntax
Parameter client mac
Description MAC address of the voice client to be enabled for voice logging.
Usage Guidelines
You can enable voice logging for a specific voice client based on the MAC address of the client to troubleshoot any voice issues.
Example
The following command enables voice logging on the client with the MAC address 11:22:33:44:55:67: (host) (config) #voice logging (host)(VoIP Logging) #client-mac 11:22:33:44:55:67
Command History
Version ArubaOS 6.0
Description Command introduced.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode Config mode on master controller
Dell Networking W-Series ArubaOS 6.4.x | User Guide
voice logging | 2206
voice real-time-config
voice real-time-config config-enable no...
Description
This command enables the controller to analyze the call quality of the voice calls based on the RTP media streams.
Syntax
Parameter config-enable
Description
Enables the controller to analyze the call quality of the voice calls based on the RTP media streams.
Default enabled
Usage Guidelines
You can enable the controller to compute and display the call quality parameters such as Jitter, delay, packet loss, and R-value directly from the RTP media stream of the voice calls. config-enable enables the controller to analyze the call quality of the voice calls based on the RTP media streams.
Example
The following command enables the controller to analyze the RTP media streams for call quality reports: (host) (config) #voice real-time-config (host) (Configure Real-Time Analysis) #config-enable
Command History
Version ArubaOS 6.0
Description Command introduced.
ArubaOS 6.4.3.0
The default value was changed to enabled.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode Config mode on master controller
2207 | voice real-time-config
Dell Networking W-Series ArubaOS 6.4.x | User Guide
voice rtcp-inactivity
voice rtcp-inactivity {enable | disable}
Description
This command enables or diables the RTCP inactivity timer.
Syntax
Parameter enable disable
Description Enables the RTCP inactivity timer. Disables the RTCP inactivity timer.
Usage Guidelines
You can enable the RTCP inactivity timer to clear a voip session if an on-hold client moves out of the coverage area.
Example
The following command enables the RTCP inactivity timer: (host) (config) #voice rtcp-inactivity enable
Command History
Version ArubaOS 5.0
Description The rtcp-inactivity parameter was introduced to the voip command.
ArubaOS 6.0
This was part of the voip command in the earlier version. voip command is now deprecated.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode Config mode on master controller
Dell Networking W-Series ArubaOS 6.4.x | User Guide
voice rtcp-inactivity | 2208
voice sip
voice sip dialplan-profile <dial-plan profile> no... session-expiry <session-expiry> session-timer
Description
This command allows you to enable SIP session timer and associate a dial plan profile to the SIP ALG.
Syntax
Parameter
Description
Default
dial-plan profile Name of the existing Dial plan profile to be associated to the SIP ALG. _
session-expiry
Timeout value in seconds for the session timer. The range is 240 1200 seconds.
300 sec
session-timer
If enabled, the SIP session is terminated when no session refresh request is received within the timeout value.
disabled
Usage Guidelines
You can configure the SIP settings such as enabling the session timer and associating a dial plan profile to the SIP ALG. session-timer acts as a keep alive mechanism for the SIP sessions using the periodic session refresh requests from the user agents. The interval for the session refresh requests is determined through a negotiation mechanism. If a session refresh request is not received within the negotiated interval, the session is terminated. session-expiry is the timeout interval of the session timer configured on the SIP ALG.
Example
The following command enables session timer on the SIP ALG: (host) (config) #voice sip (host)(SIP settings) #session-timer The following command sets the timeout value of the session timer to 400 seconds on the SIP ALG: (host)(SIP settings) #session-expiry 400 The following command associates the dial plan profile, default to the SIP ALG: (host)(SIP settings) #dialplan-profile default
Command History
Version ArubaOS 6.0
Description Command introduced.
2209 | voice sip
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode Config mode on master controller
Dell Networking W-Series ArubaOS 6.4.x | User Guide
voice sip | 2210
voice sip-midcall-req-timeout
voice sip-midcall-req-timeout {enable | disable}
Description
This command enables or diables the SIP mid-call request timer.
Syntax
Parameter enable disable
Description Enables the SIP mid-call request timer. Disables the timer.
Usage Guidelines
You can enable the SIP mid-call request timer on the controller to clear the voip session if there is no response to a SIP mid-call request.
Example
The following command enables the SIP mid-call request timer: (host) (config) #voice sip-mid-call-req-timeout enable
Command History
Version ArubaOS 5.0
Description
The sip-midcall-req-timeout parameter was introduced to the voip command.
ArubaOS 6.0
This was part of the voip command in the earlier version. voip command is now deprecated.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode Config mode on master controller
2211 | voice sip-midcall-req-timeout
Dell Networking W-Series ArubaOS 6.4.x | User Guide
voice test
voice test force_send_delts sta <sta-mac> tid <tid_number>
Description
This command allows a user to manually send Delete Traffic Stream (DELTS) management frames.
Syntax
Parameter <sta-mac> <tid_number>
Description
The MAC address of the client station to which the DELTS are sent
The traffic stream id. The valid range for this parameter is 0 to 7. If the traffic stream ID is not specified and there are multiple live traffic streams, multiple DELTS will be sent out to the station.
Usage Guidelines
Issue this command to send DELTS for a live traffic stream, even if the client is not a voice client.
Example
The following command sends DELTS to a station with the MAC address 08:00:69:02:01:FA. (host) (config) #voice test force_send_delts sta <08:00:69:02:01:FA> tid 6
Command History
This command was introduced in ArubaOS 6.1.
Command Information
Platforms All platforms
Licensing
This command requires the PEFNG license
Command Mode
Config mode on a master or local controller
Dell Networking W-Series ArubaOS 6.4.x | User Guide
voice test | 2212
vpdn group l2tp
vpdn group l2tp client configuration {dns|wins} <ipaddr1> [<ipaddr2>] disable|enable l2tp tunnel hello <seconds> no ... ppp authentication {CACHE-SECURID|CHAP|EAP|MSCHAP|MSCHAPv2|PAP} ppp securid cache <minutes>
Description
This command configures an L2TP/IPsec VPN connection.
Syntax
Parameter
Description
client configuration Configures parameters for the remote clients.
Range Default
--
--
dns
Configures a primary and optional secondary DNS
--
--
server.
wins
Configures a primary and optional secondary WINS --
--
server.
disable|enable
Disables or enables termination of L2TP clients.
--
enabled
l2tp tunnel hello
Configures L2TP tunneling hello timeout, in seconds.
101440
60 seconds
no
Negates any configured parameter.
--
--
ppp authentication
Enables the protocols for PPP authentication. This
--
--
list should match the L2TP configuration configured
with the vpn-dialer command on the controller.
CACHE-SECURID
The controller caches Secure ID tokens so that the
--
--
user does not need to reauthenticate each time a
network connection is lost.
CHAP
Use CHAP with PPP authentication.
--
--
EAP
Use EAP-TLS with PPP authentication. Specify this
--
--
protocol for Windows IPsec VPN clients that use
Common Access Card (CAC) Smart Cards that
contain user information and digital certificates.
MSCHAP
Use MSCHAP with PPP authentication.
--
--
MSCHAPv2
Use MSCHAPv2 with PPP authentication. This is the --
--
default for L2TP
2213 | vpdn group l2tp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter PAP
ppp securid
Description
If CACHE-SECURID is configured for PPP authentication, this specifies the time, in minutes, that the token is cached.
Range Default
--
--
1510080
1440 minutes
Usage Guidelines
L2TP/IPsec relies on the PPP connection process to perform user authentication and protocol configuration. You specify the protocol used for PPP authentication and whether SecureID tokens are cached on the controller. Client addresses are assigned from a pool configured with the ip local pool command.
Example
The following command configures virtual private dial-in networking: (host) (coinfig) #vpdn group l2tp
ppp authentication PAP client configuration dns 10.1.1.2 client configuration wins 10.1.1.2
Command History
The command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
vpdn group l2tp | 2214
vpdn group pptp
vpdn group pptp client configuration {dns|wins} <ipaddr1> [<ipaddr2>] disable|enable no ... ppp authentication {MSCHAP|MSCHAPv2} pptp echo <seconds>
Description
This command configures a PPTP VPN connection.
Syntax
Parameter client configuration
dns wins disable|enable no ppp authentication
MSCHAP MSCHAPv2 pptp echo
Description
Configures parameters for the remote clients.
Range --
Configures a primary and optional secondary -- DNS server.
Configures a primary and optional secondary -- WINS server.
Disables or enables termination of PPTP
--
clients.
Negates any configured parameter.
--
Enables the protocols for PPP authentication. -- This list should match the PPTP configuration configured with the vpn-dialer command on the controller.
Use MSCHAP with PPP authentication.
--
Use MSCHAPv2 with PPP authentication. This -- is the default for L2TP
Time, in seconds, that the controller waits for a PPTP echo response from the client before considering the client to be down. The client is disconnected if it does not respond within this interval.
10-300
Default -- -- -- enabled -- --
-- -- 60 seconds
Usage Guidelines
PPTP connections require user-level authentication through a PPP authentication protocol (MSHCAPv2 is the currently-supported method.) Client addresses are assigned from a pool configured with the pptp command.
2215 | vpdn group pptp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Example
The following command configures virtual private dial-in networking: vpdn group pptp
ppp authentication MSCHAPv2 client configuration dns 10.1.1.2 client configuration wins 10.1.1.2
Command History
The command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
vpdn group pptp | 2216
vpn-dialer
vpn-dialer <name> enable dnetclear|l2tp|pptp|securid_newpinmode|wirednowifi ike {authentication {pre-share <key>|rsa-sig}|encryption {3des|des}| group {1|2}|hash {md5|sha}|lifetime [<seconds>]} ipsec {encryption {esp-3des|esp-des}|hash {esp-md5-hmac|esp-sha-hmac}| lifetime [<seconds>]|pfs {group1|group2}} no {enable...|ipsec...|ppp...} ppp authentication {cache-securid|chap|mschap|mschapv2|pap}
Description
This command configures the VPN dialer.
Syntax
Parameter <name> enable
dnetclear
l2tp pptp securid_newpinmode wirednowifi ike
authentication
Description
Name that identifies this VPN dialer configuration.
Enables dialer operations:
Enables "split tunneling" functionality so that traffic destined for the internal network is tunneled while traffic for the Internet is not. This option is not recommended for security reasons.
Allows the dialer to negotiate a Layer-2 Tunneling Protocol (L2TP)/IPsec tunnel with the controller.
Allows the dialer to negotiate a Point-to-Point Tunneling Protocol (PPTP) with the controller.
Supports SecurID new and next pin mode.
Allows the dialer to detect when a wired network connection is in use, and shuts down the wireless interface.
Configures internet key exchange (IKE) protocol. This configuration must match the IKE policy configured with the crypto isakmp policy command on the controller.
Specifies whether preshared keys or RSA signatures are used for IKE authentication.
Range --
Default --
--
--
--
disabled
--
enabled
--
disabled
--
disabled
--
disabled
--
--
pre-share | rsa-sig
pre-share
2217 | vpn-dialer
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter encryption group hash lifetime
ipsec
encryption hash
lifetime pfs no ppp authentication
cache-securid
chap mschap mschapv2 pap
Description
Specifies the IKE encryption protocol, either DES or 3DES.
Range
3des | des
Default 3des
Specifies the Diffie-Hellman group, either 1 or 1 | 2
2
2.
Specifies the HASH algorithm, ether SHA or
md5 |
sha
MD5.
sha
Specifies how long an IKE security association lasts, in seconds.
30086400
28800 seconds
Configures IPsec. This configuration must
--
--
match the IPsec parameters configured with
the crypto dynamic-map and crypto ipsec
commands on the controller.
Specifies the encryption type for IPsec, either DES or 3DES.
esp-3des | esp-des
esp-3des
Specifies the hash algorithm used by IPsec, either MD5 or SHA.
esp-md5hmac | espshahmac
esp-shahmac
Specifies how long an IPsec security association lasts, in seconds.
30086400
7200 seconds
Specifies the IPsec Perfect Forward Secrecy (PFS) mode, either group 1 or group 2.
group1 | group2
group2
Negates any configured parameter.
--
--
Enables the protocols for PPP authentication.
--
--
This list should match the L2TP or PPTP
configuration configured with the vpdn
command on the controller.
The controller caches Secure ID tokens so that -- the user does not need to reauthenticate each time a network connection is lost.
disabled
Use CHAP with PPP authentication.
--
enabled
Use MSCHAP with PPP authentication.
--
enabled
Use MSCHAPv2 with PPP authentication.
--
enabled
Use PAP with PPP authentication.
--
enabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
vpn-dialer | 2218
Usage Guidelines
A VPN dialer is a Windows application that configures a Windows client for use with the VPN services in the controller. When VPN is used as an access method, a user can login using captive portal and download a VPN dialer. You can customize a VPN dialer for a user role configured with the user-role command. After the user authenticates via captive portal, a link appears to allow download of the VPN dialer if a dialer is configured for the user role.
Example
The following command configures a VPN dialer: (host) (config) #vpn-dialer default-dialer
ike authentication pre-share f00xYz123BcA
Command History
The command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2219 | vpn-dialer
Dell Networking W-Series ArubaOS 6.4.x | User Guide
vrrp
vrrp <id> advertise <interval> authentication <password> description <text> holdtime <secs> ip address <ipaddr> no... preempt priority <level> shutdown tracking interface {fastethernet <slot>/<port>|gigabitethernet <slot>/<port>} {sub <value>} tracking master-up-time <duration> add <value> tracking vlan <vlanid> {sub <value>} tracking vrrp-master-state <vrid> add <value> vlan <vlanid>
vrrp ipv6 <id> advertise <interval> description <text> holdtime <secs> ipv6 address <ipaddr> no... preempt priority <level> shutdown tracking interface {fastethernet <slot>/<port>|gigabitethernet <slot>/<port>} {sub <value>} tracking master-up-time <duration> add <value> tracking vlan <vlanid> {sub <value>} tracking vrrp-master-state <vrid> add <value> vlan <vlanid>
Description
This command configures the Virtual Router Redundancy Protocol (VRRP).
Syntax
Parameter id
Description
Range
Number that uniquely identifies the VRRP instance, also known as the VRID. This number should match the VRID on the other member of the redundant pair.
For ease in administration, you should configure this with the same value as the VLAN ID.
After you configure the VRID, the command platform enters VRRP mode. From here, you can access the remaining VRRP commands.
1-255
Default --
Dell Networking W-Series ArubaOS 6.4.x | User Guide
vrrp | 2220
Parameter advertise authentication
description holdtime <secs> ip address
2221 | vrrp
Description
Specifies the time, in seconds, between successive VRRP advertisements sent by the current master.
Best practices are to use the default value.
Range
1-60 seconds
Default
1 second (1s=1000m s)
Configure an optional password 8
--
of up to eight characters to be
characters
used to authenticate VRRP
peers in their advertisements.
The password must be the same on both members of the redundant pair.
The password is sent in plaintext and therefore should not be treated as a security measure. Rather, the purpose of the password is to guard against misconfigurations in the event that other VRRP devices exist on the same network.
Note: This parameter is supported only for IPv4.
Configure an optional text string 1-80
--
to describe the VRRP instance.
characters
The VRRP virtual router does not begin listening to advertisements until the holdtime expires. If your deployment includes a VRRP master with preemption disabled and an uplink switch is running RSTP, a higher value will prevent the VRRP master from regaining the master state after it reboots.
30-120 seconds.
45 seconds.
Configure the virtual IP address --
--
that will be owned by the
elected VRRP master. Use the
same IP address on each
member of the redundant pair.
This IP address will be redundant - it will be active on the VRRP master, and will become active on the VRRP backup in the event that the VRRP master fails.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter ipv6 address
no preempt
delay
Description
Range
The IP address must be unique; the IP address cannot be the loopback address of the controller. Only IPv4 address formats are supported.
Configure the virtual IPv6
--
address that will be owned by
the elected VRRP master. Use
the same IPv6 address on each
member of the redundant pair.
This IPv6 address will be redundant - it will be active on the VRRP master, and will become active on the VRRP backup in the event that the VRRP master fails.
The IPv6 address must be unique; the IPv6 address cannot be the loopback address of the controller. Only IPv6 address formats are supported.
Negates all configured VRRP
--
parameters.
Preempt mode allows a
--
controller to take over the role
of master if it detects a lower
priority controller currently
acting as master.
Best practices are to use the default value to avoid excessive interruption to users or "flapping" if a problematic controller is cycling up and down.
Delay value in seconds.
Specifying a value enables the delay timer. The timer is triggered when the VRRP state moves out of backup or init state to become a master. This is applicable only if router preemption is enabled.
When the timer is triggered, it delays the router for a specified period of time before taking over the master router. In the mean time, if there is an advertisement from another VRRP master (existing master), the router stops the timer and does not transition to master.
0-60 seconds
Default --
-- disabled 0
Dell Networking W-Series ArubaOS 6.4.x | User Guide
vrrp | 2222
Parameter priority
Description
Range
Defines the priority level of the
100
VRRP instance for the controller.
This value is used in the election
mechanism for the master.
A higher number specifies a higher priority.
The default priority setting is adequate for most networks.
shutdown
Administratively shutdown
--
VRRP. When down, VRRP is not
active, although the controller
maintains the configuration
information.
To start the VRRP instance, use no shutdown.
tracking interface
Configures VRRP tracking based -- on Layer-2 interface state transitions. You can configure this on Fast Ethernet or Gigabit Ethernet interfaces.
You can track a combined maximum of 16 VLAN and Layer-2 interfaces.
<slot>
<slot> is always 1.
--
<port>
Number assigned to the
--
network interface embedded in
the controller. Port numbers
start at 0 from the left-most
position.
sub
Decreases the priority of the
0-255
VRRP instance by the specified
amount. When the interface
comes up again, the value is
restored to the previous priority
level.
The combined priority and tracking vales cannot exceed 255.
If the priority value exceeds 255, the controller displays an error message.
tracking master-up-time duration
Monitors how long the controller has been master for the VRRP instance.
0-1440 minutes
Default 1-255
enabled (VRRP is down) --
-- -- --
--
2223 | vrrp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter tracking master-up-time add
tracking vlan sub
vrrp-masterstate vrrp-masterstate add
vlan
Description
Range
Instructs the controller to add the specified value to the existing priority level.
The combined priority and tracking values cannot exceed 255.
If the priority value exceeds 255, the controller displays an error message similar to the following:
Error: Vrrp 30 priority + tracking value exceeds 255
0-255
Configures VRRP tracking based -- on VLAN state transitions.
You can track a combined maximum of 16 VLAN and Layer-2 interfaces.
Decreases the priority of the VRRP instance by the specified amount. When the VLAN comes up again, the value is restored to the previous priority level.
The combined priority and tracking values cannot exceed 255.
If the priority value exceeds 255, the controller displays an error message.
0-255
Specifies the VRID to use for tracking the state of the VRRP master controller.
1-255
Instructs the controller to add the specified value to the existing priority level.
The combined priority and tracking values cannot exceed 255.
If the priority value exceeds 255, the controller displays an error message similar to the following:
Error: Vrrp 30 priority + tracking value exceeds 255
0-255
Specifies the VLAN ID of the VLAN on which VRRP will run.
1-4094
Default --
-- --
-- --
--
Dell Networking W-Series ArubaOS 6.4.x | User Guide
vrrp | 2224
Usage Guidelines
Use this command to set parameters for VRRP on the controller. The default VRRP parameters can be left for most implementations.
You can use a combination of numbers, letters, and characters to create the authentication password and the VRRP description. To include a space in the password or description, enter quotation marks around the string. For example, to create the password Floor 1, enter "Floor 1" at the prompt.
To change the existing password or description, enter the command with a different string. The new password or description takes affect immediately.
To unconfigure the existing password or description, enter "" at the prompt. If you update the password on one controller, you must update the password on the redundant member pair.
Interface Tracking
You can track multiple VRRP instances to prevent asymmetric routing and dynamically change the VRRP master to adapt to changes in the network. VRRP interface tracking can alter the priority of the VRRP instance based on the state of a particular VLAN or Layer-2 interface. The priority of the VRRP instance can increase or decrease based on the operational state of the specified interface. For example, interface transitions (up/down events) can trigger a recomputation of the VRRP priority, which can change the VRRP master depending on the resulting priority. You can track a combined maximum of 16 interfaces.
You must enable preempt mode to allow a controller to take over the role of master if it detects a lower priority controller currently acting as master
Example
The following command configures a priority of 105 for VRRP ID (VRID) 30: (host) (config) #vrrp 30
priority 105
The following commands configure VLAN interface tracking and assumes the following:
l You have two controllers, a primary and a backup. l The configuration highlights the parameters for interface tracking. You may have other parameters
configured for VRRP.
2225 | vrrp
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Primary Configuration
vrrp 10 vlan 10 ip address 10.200.22.254 priority 105 preempt tracking vlan 20 sub 10
vrrp 20 vlan 20 ip address 10.200.22.254 preempt priority 105 tracking vlan 10 sub 10
vrrp 30 vlan 30 ip address 10.200.22.254 preempt priority 105 tracking vlan 20 sub 10
Backup Configuration
vrrp 10 vlan 10 ip address 10.200.22.254 priority 100 preempt tracking vlan 20 sub 10
vrrp 20 vlan 20 ip address 10.200.22.254 preempt priority 100 tracking vlan 10 sub 10
vrrp 30 vlan 30 ip address 10.200.22.254 preempt priority 100 tracking vlan 20 sub 10
If VLAN 20 goes down, VRRP 20 automatically fails over, VRRP 10 and VRRP 30 would drop their priority to 95, causing a failover to the backup controller. Once VLAN 20 comes back up, the primary controller restores the VRRP priority to 105 for all VRRP IDs and resumes the master VRRP role.
Command History
Version ArubaOS 1.0
Modification Command introduced
ArubaOS 3.3
The tracking interface and tracking vlan parameters were introduced.
ArubaOS 3.3.2
The add option was removed from the tracking interface and tracking vlan parameters.
ArubaOS 6.1
The delay option is added to the preempt parameter.
ArubaOS 6.4
The IPv6 parameter was introduced.
ArubaOS 6.4.3.0
The holdtime parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Config mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
vrrp | 2226
web-cc
web-cc global-bandwidth-contract web-cc-category <category-name> downstream|upstream kbits|mbits <bandwidth> web-cc-reputation high-risk|low-risk|moderate-risk|suspicious|trustworthy downstream|upstream kbits|mbits <1-2000>
Description
This command defines global bandwidth contracts for HTTP traffic matching a predefined web content category or reputation type.
Syntax
Parameter web-cc-category <category-name>
downstream|upstream
Description
Specify a web content category to apply a bandwidth contract to that category type. To see the full list of available web content categories, issue the command show web-cc categories.
Range --
Specify downstream to apply the
--
bandwidth contract to downstream
traffic.from the controller. Specify
upstream to apply the contract to
upstream traffic to the controller
Default --
--
kbits|mbits
bandwidth
web-cc-reputation high-risk|low-risk|
moderate-risk|suspicious|trustworthy
Select kbits to define the contract bandwidth --
--
in kilobits/second. Select mbits to define the
contract in megabits/second.
Define the contract value, If you are
256-
--
defining the bandwith value in
2,000,000
kilobits/second, the supported range is
kbits
256-2,000,000 kbits. If you are defining the
bandwidth value in megabits/second, the
supported range is 1-2000 mbits.
1-2000
mbits
Define a bandwidth contract for traffic asso- --
--
ciated with one of five predefined reputation
types. Session access control lists (ACLs)
can be applied to these risk categories using
the ip access-list session command.
Usage Guidelines
The web content classification feature classifies all (HTTP) web traffic on the network. Dell Inc. uses the Webroot® classification categories and risk reputation levels, URL database and URL cloud look-up service to classify the web traffic. You can create firewall policies and bandwidth contracts based upon these web traffic classification and reputation types.
Example
The following example creates a 100 megabit/second bandwidth contract for a category called music.
2227 | web-cc
Dell Networking W-Series ArubaOS 6.4.x | User Guide
(host) (config) #web-cc global-bandwidth-contract web-cc-category music downstream mbits 100
Command History
Version ArubaOS 6.4.2.0
Modification Command introduced.
Command Information
Platforms All platforms
Licensing PEF-NG license
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
web-cc | 2228
web-server profile
web-server profile bypass-cp-landing-page captive-portal-cert <name> ciphers {high|low|medium} idp-cert <idp-cert> mgmt-auth [certificate] [username/password] no ... session-timeout <session-timeout> ssl-protocol [tlsvl | tlsvl.1 | tlsvl.2] switch-cert <name> web-https-port-443 web-lync-listen-port {http <listen-port>}|{https <listen-port>} web-max-clients <web-max-clients>
Description
This command configures the controller's web server.
Syntax
Parameter bypass-cp-landing-page
captive-portal-cert ciphers
Description
Range
Disables the bypass captive portal
--
landing page. On disabling this
feature, non-browser apps
continue to request Captive Portal
login page from the controller.
NOTE: This increases the load of the httpd process of the controller.
NOTE: The landing page contains the meta-refresh tag to reload the page using real browser applications.
Specifies the name of the server
--
certificate associated with captive
portal. Use the show crypto-local
pki ServerCert command to see
the server certificates installed in
the controller.
Default enabled
default
Configures the strength of the cipher suite:
high: encryption keys larger than 128 bits
low: 56 or 64 bit encryption keys
medium: 128 bit encryption keys
NOTE: This command is not available in FIPS software images because ciphers are preconfigured only to acceptable values.
high, low, medium
high
2229 | web-server profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter idp-cert
mgmt-auth
Description
Range
Specifies the IDP certificate name con- -- figured in the controller
Default --
Specifies the authentication method for the management user; you can choose to use either username/password or certificates, or both username/password and certificates.
usernam e/ passwor d, certificat e
usernam e/ passwor d
no
Negates any configured
--
--
parameter.
session-timeout <session-timeout>
Specifies the amount of time after which the WebUI session times out and requires login for continued access.
30-3600 seconds
900 seconds
ssl-protocol
Specifies the Secure Sockets Layer -- (SSL) or Transport Layer Security (TLS) protocol version used for securing communication with the web server:
l TLS v1
l TLS v1.1
l TLS v1.2
tlsv1 tlsv1.1 tlsv1.2
switch-cert
Specifies the name of the server
--
certificate associated with WebUI
access. Use the show crypto-local
pki ServerCert command to see
the server certificates installed in
the controller.
default
web-https-port-443
web-lync-listen-port {http <listen-port>}| {https <listen-port>}
web-max-clients <web-max-client>
Enables WebUI access on the HTTPS -- port (443) .When you connect to the WebUI using https (tcp port 443), the controller continues using port 443 and no longer redirects to port 4343.
Configures the port number on which Lync Network Diagnostic (LND), a Microsoft® plug-in, sends HTTP/HTTPS messages to Dell controller.
NOTE: Disable the media classification ACL before using this feature. See ip access-list session.
102465535
Configures the web server's maximum number of supported concurrent clients.
25-320
-- 0 (feature disabled)
25
Dell Networking W-Series ArubaOS 6.4.x | User Guide
web-server profile | 2230
Usage Guidelines
There is a default server certificate installed in the controller, However this certificate does not guarantee security in production networks. Best practices are to replace the default certificate with a custom certificate issued for your site by a trusted Certificate Authority (CA). See the Dell Networking W-Series ArubaOS User Guide for more information about how to generate a Certificate Signing Request (CSR) to submit to a CA and how to import the signed certificate received from the CA into the controller. After importing the signed certificate into the controller, use the web-server profile command to specify the certificate for captive portal or WebUI access. If you need to specify a different certificate for captive portal or WebUI access, use the no command to revert back to the default certificate before you specify the new certificate (see the Example section).
You can use client certificates to authenticate management users. If you specify certificate authentication, you need to configure certificate authentication for the management user with the mgmt-user webui-cacert command.
Example
The following commands configure WebUI access with client certificates only, and specify the server certificate for the controller:
(host) (config) #web-server profile (host) (Web Server Configuration) #mgmt-auth certificate (host) (Web Server Configuration) #switch-cert ServerCert1 (host) (Web Server Configuration) #! (host) (config) #mgmt-user webui-cacert test_string serial 1111 admin root
To specify a different server certificate, use the no command to revert back to the default certificate before you specify the new certificate:
(host) (config) #web-server profile (host) (Web Server Configuration) #mgmt-auth certificate (host) (Web Server Configuration) #switch-cert ServerCert1 (host) (Web Server Configuration) #no switch-cert (host) (Web Server Configuration) #switch-cert ServerCert2
Command History
Version ArubaOS 3.0
Modification Command introduced.
ArubaOS 3.1
The mgmt-auth parameter was introduced.
ArubaOS 3.2
The captive-portal-cert parameter was introduced.
ArubaOS 6.3
The following new parameters were introduced: l web-https-port-443 l web-lync-listen-port
ArubaOS 6.3.1.0
Under the web-lync-listen-port, the following two parameters were introduced:
l http
2231 | web-server profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Version ArubaOS 6.4 ArubaOS 6.4.2.3
ArubaOS 6.4.2.5
Modification l https
The idp-cert parameter was introduced.
The web-server command was renamed to web-server profile. The sslv3 sub-parameter was deprecated. The following parameters were introduced: l tlsv1.1 l tlsv1.2
The bypass-cp-landing-page parameter was introduced.
Command Information
Platforms All platforms
Licensing
Command Mode
The web-server ciphers and web-server ssl-protocol commands require the PEFNG license
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
web-server profile | 2232
whitelist-db cpsec add
whitelist-db cpsec add mac-address <name> ap-group <ap_group> ap-name <ap_name> description <description>
Description
Add an AP entry to the campus AP whitelist.
Syntax
Parameter mac-address <name> ap-group <ap_group>
ap-name <ap_name>
description <description>
Description
MAC address of the AP you want to enter into the campus AP whitelist database.
(Optional) Name of the AP group. NOTE: If the AP group is not entered, a campus AP boots with "default" as AP group.
(Optional) Name of the AP. NOTE: If the AP name is not entered, a campus AP boots with its MAC address as AP name.
(Optional) Brief description of the AP. If the description includes spaces, enclose the description in quotation marks.
Usage Guidelines
You can manually add entries to the campus AP whitelist to grant valid APs secure access to the network.
Example
The following command creates a new campus AP whitelist entry for an AP with the MAC address 00:16:CF:AF:3E:E1: (host) #whitelist-db cpsec add mac-address 00:16:CF:AF:3E:E1
ap-group default ap-name W-AP225 description "W-AP225 in lobby"
Related Commands
Command show whitelist-db cpsec
Description
Show the campus AP whitelist for the control plane feature.
Mode Enable mode
2233 | whitelist-db cpsec add
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Version ArubaOS 5.0 ArubaOS 6.4.3.0
Modification Command introduced The ap-group and ap-name parameters were introduced.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db cpsec add | 2234
whitelist-db cpsec delete
whitelist-db cpsec delete mac-address <mac-address>
Description
Remove an individual AP entry to the campus AP whitelist.
Syntax
Parameter mac-address <mac-address>
Description
MAC address of the AP you want to remove from the campus AP whitelist.
Usage Guidelines
Use this command to remove an individual whitelist entries for an AP that has been either removed from the network, or is no longer a candidate for automatic certificate provisioning. If the AP whose entry you deleted is still connected to the network and the control plane security feature is configured to send certificates to all APs (or a range of addresses that include that AP), then the controller will send the AP another certificate, and the AP will reappear in the campus whitelist. To permanently revoke a certificate from an invalid or suspected rogue AP, use the command whitelist-db cpsec revoke.
Example
The following command removes an AP with the MAC address 10:14:CA:AF:3E:E1 from the campus AP whitelist.: (host) (config) #whitelist-db cpsec delete mac-address 10:14:CA:AF:3E:E1
Related Commands
Command show whitelist-db cpsec
Description
Show the campus AP whitelist for the control plane feature.
Mode Enable mode
Command History
This command was introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Config mode on master or local controllers
2235 | whitelist-db cpsec delete
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db cpsec-local-switch-list
whitelist-db cpsec-local-switch-list del mac-address <mac-address> purge
Description
Delete a local controller from the local switch whitelist.
Syntax
Parameter
Description
del mac-address <mac-address> Remove a single controller from the local switch whitelist.
purge
Clear all entries from the local switch whitelist
Usage Guidelines
If your deployment includes both master and local controllers, then the campus AP whitelist on each controller contains an entry for every AP on the network, regardless of the controller to which it is connected. The master controller also maintains a whitelist of local controllers with APs using control plane security. When you change a campus AP whitelist on any controller, that controller contacts the master controller to check the local switch whitelist, then contacts every other controller on the local switch whitelist to notify it of the change.
If you ever remove a local controller from the network, you must also remove the local controller from the local switch whitelist. If the local switch whitelist contains entries for local controllers no longer on the network, then a campus AP whitelist entry can be marked for deletion but will not be physically deleted, as the controller will be waiting for an acknowledgement from another controller no longer on the network. Any unused local controller entries in the local switch whitelist can significantly increase network traffic and reduce controller memory resources.
Example
The following command removes a local controller from the local switch whitelist: (host) (config) #whitelist-db cpsec-local-switch-list del mac-address 00:1E:33:CA:D2:51
Related Commands
Command show whitelist-db cpsec-local-switch-list
Description
Show the local switch whitelist for the control plane feature.
Mode
Enable mode
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db cpsec-local-switch-list | 2236
Command History
Version ArubaOS 5.0 ArubaOS 6.0
Modification
Command introduced
The cpsec-local-ctlr-list parameter was modified to cpsec-local-switchlist
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2237 | whitelist-db cpsec-local-switch-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db cpsec-master-switch-list
whitelist-db cpsec-master-switch-list del mac-address <mac-address> purge
Description
Delete a master controller from the master switch whitelist.
Syntax
Parameter
Description
del mac-address <mac-address>
Remove a single master controller from the master switch whitelist.
purge
Clear all entries from the master switch whitelist
Usage Guidelines
Each local controller using the control plane security feature has a master switch whitelist which contains the IP and MAC addresses of its master controller. If your network has a redundant master controller, then this whitelist will contain more than one entry. The master switch whitelist rarely needs to be purged. Although you can delete an entry from the master switch whitelist, you should do so only if you have removed a master switch from the network. Deleting a valid master controller from the master switch whitelist can cause errors in your network.
Example
The following command removes a master controller from the master switch whitelist (host) (config) #whitelist-db cpsec-master-switch-list del mac-address 00:1E:33:CA:D2:51
Related Commands
Command
Description
show whitelist-db cpsec-master-switch-list
Show the master switch whitelist for the control plane feature.
Mode
Enable mode
Command History
Version ArubaOS 5.0 ArubaOS 6.0
Modification
Command introduced
The cpsec-master-ctrlr-list parameter was modified to cpsec-masterswitch-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db cpsec-master-switch-list | 2238
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode Config mode on local controllers
2239 | whitelist-db cpsec-master-switch-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db cpsec modify
whitelist-db cpsec modify mac-address <name> ap-group <ap_group> ap-name <ap_name> cert-type {factory-cert|switch-cert} description <description> mode {disable|enable} revoke-text <revoke-text> state {approved-ready-for-cert|certified-factory-cert}
Description
Modify an existing entry in the campus AP whitelist.
Syntax
Parameter mac-address <name>
Description MAC address of an AP in the campus AP whitelist database.
ap-group <ap_group>
(Optional) Name of the AP group to which an AP is assigned.
NOTE: If AP group is not entered, a campus AP boots with "default" as the AP group.
ap-name <ap_name>
(Optional) Name of an AP.
NOTE: If AP name is not entered, a campus AP boots with its MAC address as the AP name.
cert-type {factory-cert|switch-cert}
(Optional) Type of certificate used by an AP. l factory-cert: AP uses a factory-installed certificate. l switch-cert: AP uses a controller-signed certificate.
description <description>
(Optional) Brief description of an AP. If the description includes spaces, enclose the description in quotation marks.
mode {disable|enable}
(Optional) Mode of an AP.
l disable: Disables an AP in the campus AP whitelist. A disabled AP cannot contact a controller over a secure connection.
l enable: Enables a disabled AP in the campus AP whitelist.
revoke-text <revoke-text> (Optional) Brief description why an AP was revoked.
state {approved-ready-for-cert| certified-factory-cert}
(Optional) State of an AP.
l approved-ready-for-cert: AP is approved and is ready to receive a certificate.
l certified-factory-cert: AP is certified and has a factory-installed certificate.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db cpsec modify | 2240
Example
The following command changes the AP group, AP name, certificate type, description, mode, revoke text, and state of an AP with MAC address 00:1E:37:CB:D4:52:
(host) #whitelist-db cpsec modify mac-address 00:1E:37:CB:D4:52 ap-group default ap-name ap-225 cert-type factory-cert description "AP-225 in lobby" mode disable revoke-text "Maintenance" state approved-ready-for-cert
Related Commands
Command show whitelist-db cpsec
Description
Show the campus AP whitelist for the control plane feature.
Mode Enable mode
Command History
Version ArubaOS 5.0 ArubaOS 6.0 ArubaOS 6.4.3.0
Modification Command introduced. The controller-cert parameter was modified to switch-cert. The ap-group and ap-name parameters were introduced.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Config mode on master or local controllers
2241 | whitelist-db cpsec modify
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db cpsec purge
whitelist-db cpsec purge
Description
Clear the campus AP whitelist.
Syntax
No parameters.
Usage Guidelines
Use this command to clear all entries in the entire campus AP whitelist. If your network includes both master and local controllers, then each campus AP whitelist is synchronized across all controllers. If you purge the entire campus AP whitelist on one controller, that action will clear the campus AP whitelist on every controller in the network. To delete an individual entry in the campus AP whitelist, use the command whitelist-db cpsec delete.
Example
The following command remove all APs from the campus AP whitelist: (host) (config) #whitelist-db cpsec purge
Related Commands
Command show whitelist-db cpsec
Description
Show the campus AP whitelist for the control plane feature.
Mode Enable mode
Command History
This command was introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db cpsec purge | 2242
whitelist-db cpsec revoke
whitelist-db cpsec revoke mac-address <mac-address> revoke-text <revoke-text>
Description
Revoke a certificate from an AP in the campus AP whitelist.
Syntax
Parameter mac-address <mac-address>
revoke-text <revoke-text>
Description
MAC address of the AP you want to remove from the cpsec whitelist database.
A brief description why the AP's certificate was revoked, up to 64 alphanumeric characters. If this comment includes spaces, you must enclose the comment in quotation marks.
Usage Guidelines
Use this command to revoke a certificate from a invalid or suspected rogue AP.
Example
The following command revokes a certificate from an AP. This command does not delete a whitelist entry for a revoked AP, but marks its entry with the revoked state. (host) (config) #whitelist-db cpsec revoke mac-address 00:1E:37:CA:D4:51
revoke-text "revoking cert from a rogue AP."
Related Commands
Command show whitelist-db cpsec
Description
Show the campus AP whitelist for the control plane feature.
Mode Enable mode
Command History
This command was introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Config mode on master or local controllers
2243 | whitelist-db cpsec revoke
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db rap add
whitelist-db rap add mac-addr <mac-address> ap-group <ap-group> ap-name <ap-name> description <description> full-name <full-name> mode enable|disable remote-ip <ip-addr>
Description
Add an AP entry to the remote AP whitelist.
Syntax
Parameter mac-address <mac-address>
ap-group <ap-group> ap-name <ap-name> description <description>
full-name <full-name> remote-ip <ip-addr>
Description MAC address of the AP you want to enter into the remote AP whitelist database.
AP group of the remote AP.
Name of the Remote AP.
Description of the remote AP. If the description includes spaces, it must be enclosed within quotation marks.
Name of the client using the remote AP.
IP address used to assign a static inner IP address for the remote AP.
Usage Guidelines
You can manually add entries to the remote AP whitelist to grant valid remote APs secure access to the network.
Example
The following command creates a new remote AP whitelist entry for an AP with the MAC address 00:16:CF:AF:3E:E1: (host) (config) #whitelist-db rap add mac-address 00:16:CF:AF:3E:E1
Related Commands
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db rap add | 2244
Command
show whitelist-db rapmaster-switch-list
show whitelist-db raplocal-switch-list
show whitelist-db rap
Description
Display the list of master controllers with remote APs managed using the remote AP whitelist
Mode
Enable or Config mode
Display the list of local controllers with remote APs man- Enable or Config
aged using the remote AP whitelist
mode
View detailed information for the remote AP whitelist database.
Enable or Config mode
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Config mode on master or local controllers
2245 | whitelist-db rap add
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db rap del
whitelist-db rap del mac-addr <mac-address>
Description
Remove an AP entry from the remote AP whitelist.
Syntax
Parameter mac-address <mac-address>
Description
MAC address of the AP you want to remove from the remote AP whitelist database.
Usage Guidelines
You can manually remove entries from the remote AP whitelist to revoke a remote AP's secure access to the network. If you want to temporarily revoke an AP's access without removing the entry from the whitelist, use the command whitelist-db rap revoke.
Example
The following command revokes and deletes a remote AP whitelist entry for an AP with the MAC address 00:16:CF:AF:3E:E1: (host) (config) #whitelist-db rap del mac-address 00:16:CF:AF:3E:E1
Related Commands
Command whitelist-db rap add
Description
Mode
Add an entry into the remote AP whitelist.
Config mode on master or local controllers
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db rap del | 2246
whitelist-db rap modify
whitelist-db rap modify mac-addr <mac-address> ap-group <ap-group> ap-name <ap-name> description <description> full-name <full-name> mode enable|disable remote-ip <ip-addr>
Description
Remove an AP entry from the remote AP whitelist.
Syntax
Parameter mac-address <mac-address>
ap-group <ap-group> ap-name <ap-name> description <description>
full-name <full-name> mode enable|disable remote-ip <ip-addr>
Description MAC address of the remote AP whose whitelist database entry you want to modify.
AP group of the remote AP.
Name of the Remote AP.
Description of the remote AP. If the description includes spaces, it must be enclosed within quotation marks.
Name of the client using the remote AP.
Enable or disable the remote AP without deleting it from the database.
IP address used to assign a static inner IP address for the remote AP.
Usage Guidelines
You can manually remove entries from the remote AP whitelist to revoke a remote AP's secure access to the network.
Example
The following command modifies a remote AP whitelist entry for an AP with the MAC address 00:16:CF:AF:3E:E1: (host) (config) #whitelist-db rap modify mac-address 00:16:CF:AF:3E:E1
description "AP moved to second floor"
2247 | whitelist-db rap modify
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands
Command whitelist-db rap add
Description
Mode
Add an entry into the remote AP whitelist.
Config mode on master or local controllers
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db rap modify | 2248
whitelist-db rap revoke
whitelist-db rap revoke mac-address <mac-address> revoke-comment <comment>
Description
Revoke a certificate from an AP in the remote AP whitelist.
Syntax
Parameter mac-address <mac-address>
revoke-comment <comment>
Description
MAC address of the AP you want to remove from the remote AP whitelist database.
A brief description why the AP's certificate was revoked, up to 64 alphanumeric characters. If this comment includes spaces, you must enclose the comment in quotation marks.
Usage Guidelines
Use this command to revoke a certificate from a invalid or suspected rogue AP.
Example
The following command revokes a certificate from an AP. This command does not delete a whitelist entry for a revoked AP, but marks its entry with the revoked state. (host) (config) #whitelist-db rap revoke mac-address 00:1E:37:CA:D4:51
revoke-comment "revoking cert from a rogue RAP."
Related Commands
Command whitelist-db rap del
Description Delete an entry from the remote AP whitelist
Mode
Config mode on master or local controllers.
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Config mode on master or local controllers
2249 | whitelist-db rap revoke
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db rap-local-switch-list
whitelist-db rap-local-switch-list del mac-addr <mac-address> purge
Description
Delete a local controller from the local switch table used by the remote AP whitelist
Syntax
Parameter
del mac-address <mac-address>
purge
Description Remove a single controller from the local switch table. Clear all controllersfrom the local switch table
Usage Guidelines
If your deployment includes both master and local controllers, then the remote AP whitelist on each controller contains an entry for every remote AP on the network, regardless of the controller to which it is connected. The master controller also maintains a whitelist of local controllers with remote AP. When you change a remote AP whitelist on any controller, that controller contacts the master controller to check the local switch whitelist, then contacts every other controller on the local switch whitelist to notify it of the change.
If you ever remove a local controller from the network, you must also remove the local controller from the local switch whitelist. If the local switch whitelist contains entries for local controllers no longer on the network, then a remote AP whitelist entry can be marked for deletion but will not be physically deleted, as the controller will be waiting for an acknowledgment from another controller no longer on the network. Any unused local controller entries in the local switch whitelist can significantly increase network traffic and reduce controller memory resources.
Example
The following command removes a local controllerfrom the local switch whitelist table: (host) (config) #whitelist-db rap-local-switch-list del mac-address 00:16:CF:AF:3E:E1
Related Commands
Command whitelist-db rap add
Description
Mode
Add an entry into the remote AP whitelist.
Config mode on master or local controllers
Command History
This command was introduced in ArubaOS 6.3.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db rap-local-switch-list | 2250
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Config mode on master or local controllers
2251 | whitelist-db rap-local-switch-list
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db rap-master-switch-list
whitelist-db rap-master-switch-list del mac-addr <mac-address> purge
Description
Delete a master controller from the master switch table used by the remote AP whitelist.
Syntax
Parameter
del mac-address <mac-address>
purge
Description Remove a single master controller from the master switch whitelist. Clear all controllersfrom the Registered Master Switch table.
Usage Guidelines
Each local controller with remote APs managed through a remote AP whitelist has a master switch whitelist which contains the IP and MAC addresses of its master controller. If your network has a redundant master controller, then this whitelist will contain more than one entry. The master switch whitelist rarely needs to be purged. Although you can delete an entry from the master switch whitelist, you should do so only if you have removed a master switch from the network. Deleting a valid master controller from the master switch whitelist can cause errors in your network.
Example
The following command removes a master controllerfrom the master switch whitelist table: (host) (config) #whitelist-db rap-master-switch-list del mac-address 00:16:CF:AF:3E:E1
Related Commands
Command whitelist-db rap add
Description
Mode
Add an entry into the remote AP whitelist.
Config mode on master or local controllers
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode
Config mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
whitelist-db rap-master-switch-list | 2252
whoami
whoami
Description
This command displays information about the current user logged into the controller.
Syntax
No parameters.
Usage Guidelines
Use this command to display the name and role of the user who is logged into the controller for this session.
Example
The following command displays information about the user logged into the controller: (host) #whoami
Command History
This command was available in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Enable and Config modes on master and local controllers
2253 | whoami
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan anyspot-profile
wlan anyspot-profile <profile-name> clone <profile-name> enable-anyspot exclude-essid <exclude-essid> exclude-wildcard <exclude-wildcard> no preset-essid <preset-essid>
Description
The anyspot client probe suppression feature decreases network traffic by suppressing probe requests from clients attempting to locate and connect to other known networks.
Syntax
Parameter clone <profile-name>
Description Make a copy of an existing anyspot profile.
enable-anyspot
Issue this command to enable the anyspot feature. Note that you must associate the anyspot profile with a virtual AP profile for the settings to take effect.
exclude-essid <exclude-essid>
An anyspot-enabled radio will not respond to client probe requests using an ESSID in the Exclude ESSID lists. To add an ESSID to the list, enter the full name of the ESSID, then click Add. To remove an ESSID from the list, select it and click Delete. ESSIDs from neighboring APs will automatically appear in this list as long as the anyspot-enabled AP can detect that ESSID.
exclude-wildcard <exclude-wildcard>
An anyspot-enabled radio will not respond to client probe requests using an ESSID in the Exclude ESSID list. To exclude ESSIDs that partially match a text string, enter that string then click Add. To remove a matching string from the list, select it and click Delete.
no
Remove or negate any configured parameter.
preset-essid <preset-essid>
The anyspot-enabled AP will not send an ESSID in beacons, but if a client sends a probe request without an ESSIDs (that is, the probe request is not looking for a specific network) then the anyspot-enabled AP will respond to the probe request with an ESSID from this list.
Usage Guidelines
When an AP is configured to use this feature, the anyspot AP radio hides its configured ESSID in beacons, and compiles a list of other ESSIDs from detected neighboring APs. If the client sends a probe request without a specified ESSID, the anyspot AP will respond with a preconfigured ESSID.
When a client searches for a preferred network, that client sends the SSID of the preferred network in the probe request. The anyspot AP checks to see if there is a neighboring AP using that ESSID that can respond the
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan anyspot-profile | 2254
client's request. If no matching network is found, the anyspot AP sends a response to the client using the SSID from the client request. If the client is authorized to connect to the anyspot AP, that client associates to AP. Once connected to the anyspot AP, the client recognizes the ESSID to which it is connected as one associated with its preferred network, and does not send out any further probe requests.
Example
The following command defines a ESSID to be returned in probe requests that do not contain an ESSID, as well as two ESSIDs that should be excluded from anyspot responses, in the event that a client is probing for one of these excluded ESSIDs. wlan anyspot-profile anyspot1
preset SSID companyguest exclude-ssid corp_dev_essid exclude-ssid corp_voip_essid
Command History
Version ArubaOS 6.4.3.0
Description Command introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2255 | wlan anyspot-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan bcn-rpt-req-profile
wlan bcn-rpt-req-profile <profile-name> channel <channel> clone <source> interface <interface> measure-dur-mandatory measure-duration <measure-duration> measure-mode no random-interval <random-interval> reg-class {1|12} request-info <request-info> rpt-condition <rpt-condition> rpt-detail ssid <ssid>
Description
Configures a Beacon Report Request Profile to provide the parameters for the Beacon Report Request frames.
Syntax
Parameter <profile-name> channel <channel>
clone <source>
Description
Name of this instance of the profile. The name must be 1-63 characters.
Range --
Default "default"
This option is used to set the Channel field in the Beacon Report Request frame. The Channel value can be set to one of the following:
l The channel of the AP (when Measurement Mode is set to either 'Passive' or 'Active-All channels')
l 0 (when Measurement Mode is set to 'Beacon Table')
l 255 (when Measurement Mode is set to 'ActiveChannel Report')
For
255
802.11b
/g band:
1 to 14
For 802.11a band: 36 to 165
Creates a copy of the Beacon
--
--
Report Request Profile specified
as the <source>.
<source> is the name of an existing Beacon Report Request Profile from which parameter values are copied.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan bcn-rpt-req-profile | 2256
Parameter interface <interface>
Description
This field is used to specify the radio interface for transmitting the Beacon Report Request frame.
Range 0-1
Default 1
measure-dur-mandatory
This value is used to set the
--
"Duration Mandatory" bit of the
Measurement Request Mode
field of the Beacon Report
Request frame.
Disabled
measure-duration <measure-duration> This value is used to set the
0
0
Measurement Duration field in
65535
the Beacon Report Request
frame. The Measurement
Duration is set to the duration of
the requested measurement. It
is expressed in units of TUs.
measure-mode
Indicates the mode used for the -- measurement. The valid measurement modes are:
active-all-ch
active-ch-rpt
beacon-table
passive
beacontable
no
Negates any configured
--
--
parameter.
random-interval <random-interval>
This value is used to set the
0
0
Randomization Interval field in
65535
the Beacon Report Request
frame. The Randomization
Interval is used to specify the
desired maximum random delay
in the measurement start time. It
is expressed in units of TUs
(Time Units). A Randomization
Interval of 0 in a measurement
request indicates that no
random delay is to be used.
reg-class {1|12}
This option is used to specify the Regulatory Class field in the Beacon Report Request frame.
For
--
802.11b
/g
bands,
12. For
802.11a,
use 1
2257 | wlan bcn-rpt-req-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter request-info <request-info>
rpt-condtion <rpt-condition> rpt-detail ssid <ssid>
Description
Range Default
This option is used to indicate
Any
--
the contents of the Request
valid
Information IE that could be
element
present in the Beacon Report
ID in the
Request frame. The Request
x/y/z
Information IE is present for all
format.
Measurement Modes except the For
'Beacon Table' mode. It consists exampl
of a list of Element IDs that
e,
should be included by the client
0/21/22.
in the response frame.
This option is used to indicate
0 - 255
0
the value for the "Reporting
Condition" field in the Beacon
Reporting Information sub-
element present in the Beacon
Report Request frame.
This option is used to indicate
--
the value for the "Detail" field in
the Reporting Detail sub-element
present in the Beacon Report
Request frame.
Disabled
A unique character string
--
--
(sometimes referred to as a
network name), consisting of no
more than 32 characters. The
SSID is case-sensitive (for
example, WLAN- 01).
Usage Guidelines
The Beacon Report Request profile is configured under the 802.11K profile.
Example
The following commands configure the parameters under the bcn-rpt-req-profile.
(host) (config) #wlan bcn-rpt-req-profile default (host) (Beacon Report Request Profile "default") #channel 9 (host) (Beacon Report Request Profile "default") #interface 1 (host) (Beacon Report Request Profile "default") #no measure-dur-mandatory (host) (Beacon Report Request Profile "default") #measure-duration 100 (host) (Beacon Report Request Profile "default") #measure-mode active-all-ch (host) (Beacon Report Request Profile "default") #random-interval 100 (host) (Beacon Report Request Profile "default") #reg-class 12
(host) (Beacon Report Request Profile "default") #rpt-condition 2 (host) (Beacon Report Request Profile "default") #no rpt-detail (host) (Beacon Report Request Profile "default") #request-info 0/21/22 (host) (Beacon Report Request Profile "default") #ssid aruba-ap
Command History
This command is introduced in ArubaOS 6.2.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan bcn-rpt-req-profile | 2258
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Configuration mode on master and local controllers
2259 | wlan bcn-rpt-req-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan client-wlan-profile
wlan client-wlan-profile <profile-name> auth-as-computer auth-as-guest clone eap-cert eap-cert-connect-only-to eap-peap eap-peap-connect-only-to eap-type enable-8021x ieap-cert-connect-only inner-eap inner-eap-type no non-broadcasting-connection range-connect ssid-profile
Description
You can push WLAN profiles to users computers that use the Microsoft Windows Wireless Zero Config (WZC) service to configure and maintain their wireless networks. After the WLAN profiles are pushed to user computers, they are automatically displayed as an ordered list in the preferred networks.
Syntax
Parameter
Description
auth-as-computer Authenticate with domain credentials.
Default
auth-as-guest
Authenticate as a guest user.
clone
Copy settings from another WLAN client profile.
eap-cert
If you select EAP type as certificate, you can use one of the
--
following options:
l mschapv2-use-windows-credentials
l use-smartcard
l simple-certificate-selection
l use-different-name
l validate-server-certificate
eap-cert-connectonly-to
Comma separated list of servers.
eap-peap
Configure EAP-PEAP settings.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan client-wlan-profile | 2260
Parameter
eap-peapconnect-only-to
Description Comma separated list of servers.
Default
eap-type
Enter a EAP type used by client to connect to wireless network.
EAP-PEAP
enable-8021x
Select this option to enable 802.1x authentication for this network. Enabled
ieap-cert-connectonly
Command separated list of servers
inner-eap
Enter the inner EAP type.
EAPMSCHAPv2
inner-eap-type
Specify one of the following:
l mschapv2-use-windows-credentials: Automatically use the Windows logon name and password (and domain if any)
l use-smartcard: Use a smart card
l simple-certificate-selection: Use a certificate on the users computer or use a simple certificate selection method (recommended)
l validate-server-certificate: Validate the server certificate
l use-different-name: Use a different user name for the connection (and not the CN on the certificate)
no
Negate and reset all configuration settings.
non-broadcastingconnection
Connect even if WLAN is not broadcasting.
Disabled
range-connect
Automatically connect to this WLAN if in range.
ssid-profile
Enter the name of the SSID profile.
Command History
This command was introduced in ArubaOS 5.0.
Command Information
Platforms All platforms
Licensing
Base operating system on master controllers
Command Mode Config mode on master controllers
2261 | wlan client-wlan-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan dot11k-profile
wlan dotllk <profile-name> ap-chan-rpt-11a ap-chan-rpt-11bg bcn-measurement-mode {active|beacon-table|passive} bcn-req-chan-11a bcn-req-chan-11bg bcn-req-time clone <profile-name> dot11k-enable force-disassoc handover-trigger-profile lm-req-time no ... rrm-ie-profile tsm-req-profile tsm-req-time
Description
Configure a 802.11k radio profile.
Syntax
Parameter <profile-name> ap-chan-rpt-11a
ap-chan-rpt-11bg
bcn-measurement-mode active
Description
Name of this instance of the profile. The name must be 163 characters.
Default "default"
This value is sent in the 'Channel' field of the AP channel
36
reports on the 'A' radio. You can specify values in the range
34 to 165.
This value is sent in the 'Channel' field of the AP channel
1
reports on the 'BG' radio. You can specify values in the
range 1 to 14.
Configures an active, beacon-table or passive beacon measurement mode for the profile.
beacontable
Enables active beacon measurement mode. In this mode,
--
the client sends a probe request to the broadcast
destination address on all supported channels, sets a
measurement duration timer, and, at the end of the
measurement duration, compiles all received beacons or
probe response with the requested SSID and BSSID into a
measurement report.
NOTE: If the station doesn't support active measurement mode, it returns a Beacon Measurement Report with the Incapable bit set in the Measurement Report Mode field.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan dot11k-profile | 2262
Parameter beacon-table
passive
clone <profile-name> bcn-req-chan-11a bcn-req-chan-11bg bcn-req-time
dot11k-enable force-dissasoc
Description
Enables beacon-table beacon measurement mode.In this mode, the client measures beacons and returns a report with stored beacon information for any supported channel with the requested SSID and BSSID. The client does not perform any additional measurements. This is the default beacon measurement mode.
Default --
NOTE: If a station doesn't support beacon-table able measurement mode, it returns a Beacon Measurement Report with the Incapable bit set in the Measurement Report Mode field.
Enables passive beacon measurement mode. In this mode, -- the client sets a measurement duration timer, and, at the end of the measurement duration, compiles all received beacons or probe response with the requested SSID and BSSID into a measurement report.
NOTE: If a station doesn't support passive measurement mode, it returns a Beacon Measurement Report with the Incapable bit set in the Measurement Report Mode field.
Copy settings from another specified 802.11k profile.
--
This value is sent in the 'Channel' field of the beacon
36
requests on the 'A' radio. You can specify values in the
range 34 to 165.
This value is sent in the 'Channel' field of the Beacon
1
Requests on the 'BG' radio. You can specify values in the
range 1 to 14.
This option configures the time duration between two consecutive beacon requests sent to a dot11K client. By default, the beacon requests are sent to a dot11K client every 60 seconds. However, if a different value is required, the bcn-req-time option can be used.
This permits values in the range from 10 seconds to 200 seconds.
60 seconds
Enables the 802.11K feature. This feature is disabled by default.
Disabled
This feature allows the AP to forcefully disassociate "onhook" voice clients (clients that are not on a call) after period of inactivity.
Without the forced disassociation feature, if an AP has reached its call admission control limits and an on-hook voice client wants to start a new call, that client may be denied. If forced disassociation is enabled, those clients can associate to a neighboring AP that can fulfil their QoS requirements.
Disabled
This feature is disabled by default.
2263 | wlan dot11k-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
handover-trigger-profile
Name of the handover trigger profile associated with this 802.11k profile. If the handover trigger feature is enabled in the handover trigger profile, the controller will initiate the handover of a voice client (for example: dual mode handsets) roaming at the edge of Wi-Fi coverage to an alternate carrier or connection. The handover trigger is initiated if the Wi-Fi signal strength reported by the voice client (received from all APs) is equal to or less than the threshold value.
You must enable dot11k before using this command.
Default
lm-req-time
This option configures the time duration between two consecutive link measurement requests sent to an dot11K client. By default, link measurement requests are sent to a dot11K client every 61 seconds. However, you can use the lm-req-time option to specify different time interval.
This permits values in the range from 10 seconds to 200 seconds.
61 seconds
no
Negates or removes any configured parameter
rrm-ie-profile tsm-req-profile tsm-req-time
RRM IE Settings Profile TSM Report Request Settings Profile
This option configures the time duration between two consecutive transmit stream measurement requests sent to a dot11K client. By default, the transmit stream measurement requests are sent to a dot11K client every 90 seconds. However, you can use the tsm-req time option to specify a different time interval.
This permits values in the range from 10 seconds to 200 seconds.
90 seconds
Usage Guidelines
In a 802.11k network, if the AP with the strongest signal is reaches its maximum capacity, clients may connect to an under utilized AP with a weaker signal. A 802.11k profile can assigned to each virtual AP.
Example
The following command enables the 802.11k feature on the 802.11k profile and configures the beacon measurement mode and specifies the time interval for beacon, link, and transmit stream measurement requests.
(host) (config) #wlan dot11k-profile default (host) (802.11K Profile "default") #dot11k-enable (host) (802.11K Profile "default") #bcn-measurement-mode beacon-table (host) (802.11K Profile "default") #bcn-req-time 60 (host) (802.11K Profile "default") #lm-req-time 60 (host) (802.11K Profile "default") #tsm-req-time 90
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan dot11k-profile | 2264
Related Commands
Command
wlan handover-trigger-profile
wlan rrm-ie-profile
Description Configure a handover trigger profile to ensure QoS for voice calls.
Configure an radio resource management RRM IE profile to define the information elements advertised by an AP with 802.11k support enabled.
Command History
Version ArubaOS 3.4 ArubaOS 6.2
Description
Command introduced
The following parameters were introduced: l bcn-req-chan-11a l bcn-req-chan-11bg l ap-chan-rpt-11a l ap-chan-rpt-11bg l handover-trigger-profile l rrm-ie-profile l bcn-rpt-req-profile l tsm-req-profile The handover trigger threshold parameter was deprecated, as the handover trigger settings are now configured using the handover trigger profile.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2265 | wlan dot11k-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan dot11r-profile
wlan dotllr-profile <profile-name> clone mob-domain-id <1-65535> dot11r no key-duration <60-86400> key-assignment
Description
This command configures an 802.11r radio profile.
Syntax
Parameter <profile-name>
Description
Name of this instance of the profile. The name must be 1-63 characters.
Range --
clone
Name of an existing dot11r-profile from which the
--
parameter values are copied.
mob-domain-id
An ID that uniquely identifies the mobility domain.
1-65535
dot11r
Enables the Fast BSS Transition capability.
--
no
Negates or removes any configured parameter.
key-duration
The r1 key timeout value in seconds for decrypttunnel or bridge mode.
60-86400
key-assignment
The list of neighbor APs for decrypt-tunnel or bridge
--
mode.
l static: Get neighbor AP list from ARM or VBR.
l dynamic: Use all APs from ap-group as the neighbor list.
Default "default" --
1 Disabled -- 3600 --
Usage Guidelines
You can enable and configure Fast BSS Transition on a per Virtual AP basis. You must create an 802.11r profile and associate that with the Virtual AP profile through an SSID profile.
Example
The following set of commands enable the 802.11r capability on the 802.11r profile, configures the Fast BSS mobility domain ID, and specifies the r1 key time-out value. (host) (config) #wlan dot11r-profile default (host) (802.11r Profile "default") #fastbss-transition
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan dot11r-profile | 2266
(host) (802.11r Profile "default") #fastbss-mob-domain-id 25 (host) (802.11r Profile "default") #r1key_validity_duration 2500
Configure a mobility domain ID that uniquely identifies a mobility domain using the following command: (host) (802.11r Profile "default") #mob-domain-id <1-65535> The default value is 1. Configure the r1 key timeout value in seconds for decrypt-tunnel or bridge mode using the following command: (host) (802.11r Profile "default") #key_duration <60-86400> The default value is 3600 seconds. Apply the 802.11r profile to an SSID profile using the following command: (host) (config) #wlan ssid-profile voice dot11r-profile voice-enterprise You can advertise the 802.11r capability on the Virtual AP profile by applying the SSID profile. Use the following command to apply the SSID profile to the Virtual AP profile: (host) (config) #wlan virtual-ap voice-AP ssid-profile voice
Command History
This command was introduced in ArubaOS 6.3.
Command Information
Platforms All platforms
Licensing Base operating system.
Command Mode Config mode on master controllers
2267 | wlan dot11r-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan edca-parameters-profile
wlan
wlan edca-parameters-profile {ap|station} <profile-name> {background | best-effort | video | voice} [acm][aifsn <number>] [ecw-max <exponent> [ecw-min <exponent>] [txop <number>] [clone <profile-name>
Description
This command configures an enhanced distributed channel access (EDCA) profile for APs or for clients (stations).
Syntax
Parameter
Description
Range
<profile-name> Name of this instance of the profile. The name must be 1- -- 63 characters.
background
Configures the background queue.
--
best-effort
Configures the best-effort queue.
--
video
Configures the video queue.
--
voice
Configures the voice queue.
--
acm
Specifies mandatory admission control. The client
0, 1
reserves the access category through traffic specification
(TSPEC) signaling. Enter 1 to enable, 0 to disable.
aifsn
Arbitrary inter-frame space number.
1-15
ecw-max
The exponential (n) value of the maximum contention window size, as expressed by 2n-1. A value of 4 computes to 24-1 = 15.
1-15
ecw-min
The exponential (n) value of the minimum contention window size, as expressed by 2n-1. A value of 4 computes to 24-1 = 15.
0-15
txop
Transmission opportunity, in units of 32 microseconds. Divide the desired transmission duration by 32 to determine the value to configure. For example, for a transmission duration of 3008 microseconds, enter 94 (3008/32).
0-2047
clone
Name of an existing EDCA profile from which parameter
--
values are copied.
Default "default" -- -- -- -- 0 (disabled) 0 0
0
0
--
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan edca-parameters-profile | 2268
Usage Guidelines
EDCA profiles are specific either to APs or clients. You apply an EDCA profile to a specific SSID profile. use this command only under the guidance of your Dell technical support representative.
The following are the default values configured for APs:
Access Category best-effort background video voice
ecw-min 4 4 3 2
ecw-max 6 10 4 3
aifsn 3 7 1 1
The following are the default values configured for clients:
txop 0 0 94 47
acm No No No No
Access Category best-effort background video voice
ecw-min 4 4 3 2
ecw-max 10 10 4 3
aifsn 3 7 2 2
txop 0 0 94 47
acm No No No No
Example
The following command configures an EDCA profile for APs: (host) (config) #wlan edca-parameters-profile ap edca1
best-effort ecw-min 15 ecw-max 15 aifsn 15 txop 100 acm 1
Command History
Version ArubaOS 3.1
Description Command introduced.
ArubaOS 3.4.1
License requirements changed in ArubaOS 3.4.1, so the command requires the PEF license instead of the Voice Services Module license required in earlier versions.
This command was introduced in ArubaOS 3.1.
2269 | wlan edca-parameters-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing PEFNG license
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan edca-parameters-profile | 2270
wlan handover-trigger-profile
wlan handover-trigger-profile <profile-name> clone <source> handover-threshold <handover-threshold> handover-trigger no
Description
Configure a handover trigger profile to ensure QoS for voice calls.
Syntax
Parameter <profile-name>
Description
Name of this instance of the profile. The name must be 1-63 characters.
Range --
clone <source>
Creates a copy of the Handover Trigger Profile
--
specified as the <source>. <source> is the name of
an existing Handover Trigger Profile from which
parameter values are copied.
handover-threshold <handover-threshold>
If the best signal strength (-dbm) of a WiFi signal received by a voice client from all the APs is equal to or lesser than this threshold value, the handover trigger feature initiates the handover process.. Threshold values can be specified in the range 20 to 70.
20 70 -dBM
handover-trigger
Issue this command to enable the handover
--
trigger feature. If enabled, the controller will
initiate the handover of a voice client (for example:
dual mode handsets) roaming at the edge of Wi-Fi
coverage to an alternate carrier or connection.
The handover trigger is initiated if the Wi-Fi signal
strength reported by the voice client (received
from all APs) is equal to or less than the threshold
value.
You must enable dot11k before using this command.
no
Negates any configured parameter.
--
Default "default" -- 50 -dBM Enabled
--
Usage Guidelines
The handover-trigger profile is a part of the 802.11K profile. It is used to configure the parameters for the "WiFi Edge Detection and Handover of Voice Clients" feature. It is mandatory to enable the 802.11K feature before enabling the"Wi-Fi Edge Detection and Handover of Voice Clients" feature.
Example
The following command enables the handover trigger feature and sets the handover threshold at -20dbm. (host) (config) #wlan handover-trigger-profile default (host) (Handover Trigger Profile "default") #handover-trigger
2271 | wlan handover-trigger-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
(host) (Handover Trigger Profile "default") #handover-threshold 20
Command History
This command was introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Configuration mode on master or local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan handover-trigger-profile | 2272
wlan hotspot advertisement-profile
wlan hotspot advertisement profile <profile-name> anqp-3gpp-nwk-profile <profile-name> anqp-domain-name-profile <profile-name> anqp-ip-addr-avail-profile <profile-name> anqp-nai-realm-profile <profile-name> anqp-nwk-auth-profile <profile-name> anqp-roam-cons-profile <profile-name> anqp-venue-name-profile <profile-name> clone <profile-name> h2qp-conn-cap-profile <profile-name> h2qp-op-cl-profile <profile-name> h2qp-operator-friendly-profile <profile-name> h2qp-wan-metrics-profile <profile-name> no ...
Description
This command configures a WLAN advertisement profile for an 802.11u public access service provider.
Syntax
Parameter anqp-3gpp-nwk-profile <profile-name>
anqp-domain-name-profile <profile-name> anqp-ip-addr-avail-profile <profile-name> anqp-nai-realm-profile <profile-name> anqp-nwk-auth-profile <profile-name>
Description
Name of the Access Network Query Protocol (ANQP) 3GPP cellular network profile to be associated with this WLAN advertisement profile. For more information on configuring this profile, refer to wlan hotspot anqp-3gpp-nwkprofile on page 2278.
Name of the ANQP domain name profile to be associated with this WLAN advertisement profile. For more information on configuring this profile, refer to wlan hotspot anqp-domainname-profile on page 2280.
Name of the ANQP IP Address Availability profile to be associated with this WLAN advertisement profile.For more information on configuring this profile, refer to wlan hotspot anqp-ip-addr-availprofile on page 2282.
Name of the ANQP NAI Realm profile to be associated with this WLAN advertisement profile. For more information on configuring this profile, refer to wlan hotspot anqp-nai-realmprofile on page 2284.
Name of the ANQP Network Authentication profile to be associated with this WLAN advertisement profile. For more information on configuring this profile, refer to wlan hotspot anqp-nwk-auth-profile on page 2289.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot advertisement-profile | 2274
Parameter anqp-roam-cons-profile <profile-name>
Description
Name of the ANQP Roaming Consortium profile to be associated with this WLAN advertisement profile. For more information on configuring this profile, refer to wlan hotspot anqp-roam-consprofile on page 2291.
anqp-venue-name-profile <profile-name>
Name of the ANQP Venue Name profile to be associated with this WLAN advertisement profile. For more information on configuring this profile, refer to wlan hotspot anqp-venue-nameprofile on page 2293.
clone <profile-name>
Make a copy of an existing WLAN Advertisement profile.
h2qp-conn-cap-profile <profile-name>
Name of the Hotspot 2.0 Connection Capability profile to be associated with this WLAN advertisement profile. For more information on configuring this profile, refer to wlan hotspot h2qp-conn-capability-profile on page 2296.
h2qp-op-cl-profile <profile-name>
Name of the Hotspot 2.0 Operating Class Indication profile to be associated with this WLAN advertisement profile. For more information on configuring this profile, refer to wlan hotspot h2qp-op-cl-profile on page 2298.
h2qp-operator-friendly-name-profile <profile-name>
Name of the Hotspot 2.0 operator-friendly name profile to be associated with this WLAN advertisement profile. For more information on configuring this profile, refer to wlan hotspot h2qp-operator-friendly-name-profile on page 2300.
h2qp-wan-metrics-profile <profile-name>
Name of the Hotspot 2.0 WAN Metrics profile to be associated with this WLAN advertisement profile. For more information on configuring this profile, refer to wlan hotspot h2qp-wan-metricsprofile on page 2302.
no
Negate or remove any existing parameter,
returning it to its default value.
Usage Guidelines
Hotspot 2.0 is a Wi-Fi Alliance specification based upon the 802.11u protocol that provides wireless clients with a streamlined mechanism to discover and authenticate to suitable networks, and allows mobile users the ability to roam between partner networks without additional authentication.
Access Network Query Protocol (ANQP) and Hotspot 2.0 Query Protocol (H2QP) profiles define the information in the 802.11u Information Elements (IEs) to be broadcast by an 802.11u-capable AP. Use this command to select one of each type of ANQP and H2QP profile to be associated with the advertisement profile.
Values configured in the ANQP profiles will not be sent to clients unless you:
2275 | wlan hotspot advertisement-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
1. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile advertisement-profile <profile-name>)
2. Enable the hotspot feature within that Hotspot profile (wlan hotspot h2-profile <profile-name> hotspot-enable)
Example
The following command associates the ANQP domain name profile anqp-dom-1 to the advertisement profile network1. wlan hotspot advertisement-profile network1
anqp-domain-name-profile anqp-dom-1
Related Commands
Use the following commands to configure the Hotspot feature.
Command
Description
l wlan hotspot anqp-3gpp-nwkprofile
This profile defines information for a 3rd Generation Partnership Project (3GPP) Cellular Network for hotspots that have roaming relationships with cellular operators
l wlan hotspot anqp-domainname-profile
This command defines the domain name to be sent in an Access Network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
l wlan hotspot anqp-ip-addravail-profile
This command defines available IP address types to be sent in an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
l wlan hotspot anqp-nai-realmprofile
This command defines a Network Access Identifier (NAI) realm whose information can be sent as an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response
l wlan hotspot anqp-nwk-authprofile
This command configures an ANQP Network Authentication profile to define authentication type being used by the hotspot network.
l wlan hotspot anqp-roamcons-profile
This command configures the Roaming Consortium OI information to be sent in an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response
l wlan hotspot anqp-venuename-profile
This command defines venue information be sent in an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
l wlan hotspot h2qp-conncapability-profile
This command defines a Hotspot 2.0 Query Protocol (H2QP) profile that advertises hotspot protocol and port capabilities.
l wlan hotspot h2qp-op-clprofile
This command defines a Hotspot 2.0 Query Protocol (H2QP) profile that defines the Operating Class to be sent in the ANQP IE.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot advertisement-profile | 2276
Command
Description
l wlan hotspot h2qp-operatorfriendly-name-profile
This command defines a Hotspot 2.0 Query Protocol (H2QP) operatorfriendly name profile.
l wlan hotspot h2qp-wanmetrics-profile
This command creates a Hotspot 2.0 Query Protocol (H2QP) profile that specifies the hotspot WAN status and link metrics.
l wlan hotspot hs2-profile
This command configures a hotspot profile for an 802.11u public access service provider.
Command History
This command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2277 | wlan hotspot advertisement-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot anqp-3gpp-nwk-profile
wlan hotspot anqp-3gpp-nwk-profile <profile-name> 3gpp_plmn1 <3GPP PLMN1 data> 3gpp_plmn2 <3GPP PLMN2 data> 3gpp_plmn3 <3GPP PLMN3 data> 3gpp_plmn4 <3GPP PLMN4 data> 3gpp_plmn5 <3GPP PLMN5 data> 3gpp_plmn6 <3GPP PLMN6 data> clone <profile-name> enable no ...
Description
This profile defines information for a 3rd Generation Partnership Project (3GPP) Cellular Network for hotspots that have roaming relationships with cellular operators.
Syntax
Parameter 3gpp_plmn1
Description
The Public Land Mobile Networks (PLMN) value of the highest-priority network. The PLMN is comprised of a 12-bit Mobile Country Code (MCC) and the 12-bit Mobile Network Code (MNC).
3gpp_plmn2
The Public Land Mobile Networks (PLMN) value of the second-highest priority network.
The PLMN is comprised of a 12-bit Mobile Country Code (MCC) and the 12-bit Mobile Network Code (MNC).
3gpp_plmn3
The Public Land Mobile Networks (PLMN) value of the third-highest priority network.
The PLMN is comprised of a 12-bit Mobile Country Code (MCC) and the 12-bit Mobile Network Code (MNC).
3gpp_plmn4
The Public Land Mobile Networks (PLMN) value of the fourth-highest priority network.
The PLMN is comprised of a 12-bit Mobile Country Code (MCC) and the 12-bit Mobile Network Code (MNC).
3gpp_plmn5
The Public Land Mobile Networks (PLMN) value of the fifth-highest priority network.
The PLMN is comprised of a 12-bit Mobile Country Code (MCC) and the 12-bit Mobile Network Code (MNC).
3gpp_plmn6
The Public Land Mobile Networks (PLMN) value of the sixth-highest priority network.
The PLMN is comprised of a 12-bit Mobile Country Code (MCC) and the 12-bit Mobile Network Code (MNC).
clone <profile-name> Make a copy of an existing 3GPP profile.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot anqp-3gpp-nwk-profile | 2278
Parameter enable
no
Description
Issue this command to enable this profile. ANQP 3GPP profiles are disabled by default.
Remove an existing parameter.
Usage Guidelines
The 3GPP Cellular Network Profile defines an ANQP information element (IE) to be sent in a Generic Advertisement Service (GAS) query response from an AP in a hotspot with a roaming relationship with a cellular operator. The 3GPP Mobile Country Code (MCC) and the 12-bit Mobile Network Code data in the IE can help the client select a 3GPP network.
Values configured in this profile will not be sent to clients unless you: 1. Associate the 3GPP Cellular Network profile with an ANQP advertisement profile. (wlan hotspot
advertisement profile <profile-name> anqp-3gpp-nwk-profile <profile-name> ) 2. Associate the ANQP advertisement profile with a Hotspot profile. ("wlan hotspot h2-profile
advertisement-profile <profile-name> ) 3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profile-name>
hotspot-enable )
Example
The following command defines 3GPP data for the 3GPP profile cellcorp1.
wlan hotspot anqp-3gpp-nwk-profile cellcorp1 enable 3gpp_plmn1 310026 3gpp_plmn2 208000 3gpp_plmn3 208001
Command History
This command was introduced in ArubaOS 6.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2279 | wlan hotspot anqp-3gpp-nwk-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot anqp-domain-name-profile
wlan hotspot anqp-domain-name-profile <profile-name> clone <profile-name> domain-name <domain-name> no ...
Description
This command defines the domain name to be sent in an Access Network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
Syntax
Parameter clone <profile-name>
Description Make a copy of an existing ANQP domain name profile.
domain-name <domain-name>
Domain name of the hotspot operator. This alphanumeric string must be 32 characters or less.
no
Remove an existing parameter.
Usage Guidelines
Use this command to configure a domain name in the ANQP Domain Name profile. If a client uses the Generic Advertisement Service (GAS) to post an ANQP query to an Access Point, the AP will return an ANQP Information Element with the domain name configured in this profile. Values configured in this profile will not be sent to clients unless you: 1. Associate the ANQP Domain Name profile with an ANQP advertisement profile. (wlan hotspot
advertisement profile <profile-name> anqp-domain-name-profile <profile-name>) 2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile
advertisement-profile <profile-name> ) 3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profile-name>
hotspot-enable )
Example
The following command defines a domain name for the ANQP domain name profile domain1. wlan hotspot anqp-domain-name-profile domain1
domain-name example.com
Command History
This command was introduced in ArubaOS 6.4
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot anqp-domain-name-profile | 2280
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2281 | wlan hotspot anqp-domain-name-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot anqp-ip-addr-avail-profile
wlan hotspot anqp-ip-addr-avail-profile <profile-name> clone <profile-name> ipv4-addr-avail availability-unknown|not-available|port-restricted|port-restricted-oublenated|port-restricted-single-nated|private-double-nated|private-single-nated ipv6-addr-avail available|availability-unknown|not-available no ...
Description
This command defines available IP address types to be sent in an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
Syntax
Parameter clone <profile-name>
Description Make a copy of an existing ANQP IP Address Availability profile.
ipv4-addr-avail
Indicate the availability of an IPv4 network.
availability-unknown
Network availability cannot be determined.
not-available
Network is not available.
port-restricted
Network has some ports restricted ( for example, the network blocks port 110 to restrict POP mail).
port-restricted-double-nated Network has some ports restricted and multiple routers performing network address translation.
port-restricted-single-nated Network has some ports restricted and a single router performing network address translation.
private-double-nated
Network is a private network with multiple routers doing network address translation.
private-single-nated
Network is a private network a single router doing network address translation.
public
Network is a public network.
ipv6-addr-avail
Indicate the availability of an IPv6 network.
available
An IPv6 network is available.
availability-unknown
Network availability cannot be determined.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot anqp-ip-addr-avail-profile | 2282
Parameter not-available
no
Description Network is not available. Remove an existing parameter.
Usage Guidelines
The IP Address Availability information configured using this command provides clients with information about the availability of IP address versions and types which could be allocated to those clients after they associate to the hotspot AP. Values configured in this profile will not be sent to clients unless you: 1. Associate the ANQP IP Address Availability profile with an ANQP advertisement profile. (wlan hotspot
advertisement profile <profile-name> anqp-ip-addr-avail-profile <profile-name> ) 2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile
advertisement-profile <profile-name>) 3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profile-name>
hotspot-enable )
Example
The following command configures an AP using this profile to advertise a public IPv4 network. wlan hotspot anqp-ip-addr-avail-profile default
ipv4-addr-avail public ipv6-addr-avail not-available
Command History
This command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2283 | wlan hotspot anqp-ip-addr-avail-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot anqp-nai-realm-profile
wlan hotspot anqp-nai-realm-profile <profile-name> clone <profile-name> nai-home-realm nai-realm-auth-id-1|nai-realm-auth-id-2 {credential-type|expanded-eap|expanded-innereap|inner-auth-eap|non-eap-inner-auth|tunneled-eap-credential-type} nai-realm-auth-value-1|nai-realm-auth-value-2 {cred-cert|cred-hw-token|cred-nfc|crednone|cred-rsvd|cred-sim|cred-soft-token|cred-user-pass|cred-usim|cred-vendor-spec|eapcrypto-card|eap-generic-token-card|eap-identity|eap-method-aka|eap-method-sim|eap-methodtls|eap-method-ttls|eap-notification|eap-one-time-password|eap-peap|eap-peap-mschapv2|noneap-chap|non-eap-mschap|non-eap-mschapv2|non-eap-pap|non-eap-rsvd|reserved} nai-realm-eap-method crypto-card|eap-aka|eap-sim|eap-tls|eap-ttls|generic-tokencard|identity|notification|one-time-password|peap|peap-mschapv2 nai-realm-encoding nai-realm-name <nai-realm-name> no ...
Description
This command defines a Network Access Identifier (NAI) realm whose information can be sent as an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
Syntax
Parameter clone <profile-name>
Description Make a copy of an existing NAI Realm profile.
nai-home-realm nai-realm-auth-id-1|nai-realm-auth-id-2
credential-type expanded-eap expanded-inner-eap inner-auth-eap
Mark the realm in this profile as the NAI Home Realm.
Use the nai-realm-auth-id-1 command to send the one of the following authentication methods for the primary NAI realm ID. Use the nai-realm-auth-id-2 command to send the one of the following authentication methods for the secondary NAI realm ID.
The specified authentication ID uses credential authentication.
The specified authentication ID uses the expanded EAP authentication method.
The specified authentication ID uses the expanded inner EAP authentication method.
The specified authentication ID uses inner EAP authentication type.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot anqp-nai-realm-profile | 2284
Parameter non-eap-inner-auth
Description
The specified authentication ID uses non-EAP inner authentication type.
tunneled-eap-credential-type
The specified authentication ID uses the tunneled EAP credential type.
nai-realm-auth-value-1|nai-realm-auth-value-2
Use the nai-ream-auth-value-1 command to select an authentication value for the authentication method specified by nai-realmauth-id-1.
Use the nai-ream-auth-value-2 command to select the authentication value for the authentication method specified by nai-realmauth-id-2.
cred-cert
Credential - Certificate
cred-hw-token
Credential - Hardware Token
cred-nfc
Credential - NFC
cred-none
Credential - None
cred-rsvd
Credential - Reserved
cred-sim
Credential - SIM
cred-soft-token
Credential - Soft Token
cred-user-pass
Credential - Username/password
cred-usim
Credential - USIM
cred-vendor-spec
Credential - Vendor-specific
eap-crypto-card
EAP Method - Crypto-card
eap-generic-token-card
EAP Method - Generic-Token-Card
eap-identity
EAP Method - Identity
eap-method-aka
EAP Method - AKA
eap-method-sim
EAP Method - SIM - GSM Subscriber Iden
eap-method-tls
EAP Method - TLS - Transport Layer Sec
2285 | wlan hotspot anqp-nai-realm-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter eap-method-ttls
eap-notification eap-one-time-password eap-peap eap-peap-mschapv2 non-eap-chap non-eap-mschap non-eap-mschapv2 non-eap-pap non-eap-rsvd reserved nai-realm-eap-method
crypto-card eap-aka
eap-sim eap-tls eap-ttls generic-token-card identity notification
one-time-password
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Description EAP Method - TTLS - Tunneled Transport Security EAP Method - Notification EAP Method - One-Time-Password EAP Method - PEAP EAP Method - PEAP MSCHAP V2 Non-EAP Method - CHAP Non-EAP Method - MSCHAP Non-EAP Method - MSCHAPv2 Non-EAP Method - PAP Non-EAP Method - Reserved for future use Reserved for future use. Select one of the options below to identify the EAP authentication method supported by the hotspot realm. Crypto card authentication EAP for UMTS Authentication and Key Agreement EAP for GSM Subscriber Identity Modules EAP-Transport Layer Security EAP-Tunneled Transport Layer Security EAP Generic Token Card (EAP-GTC) EAP Identity type The hotspot realm uses EAP Notification messages for authentication. Authentication with a single-use password.
wlan hotspot anqp-nai-realm-profile | 2286
Parameter peap peap-mschapv2
nai-realm-encoding <0-255>
nai-realm-name <nai-realm-name> no
Description
Protected Extensible Authentication Protocol
Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2
Issue this command if the NAI realm named defined by nai-realm-name <nai-realm-name> is a UTF-8 formatted character string that is not formatted in accordance with IETF RFC 4282.
Name of the NAI realm. The realm name is often the domain name of the service provider.
Negate or remove any existing parameter
Usage Guidelines
An AP's NAI Realm profile identifies and describes a NAI realm accessible using the AP, and the method that this NAI realm uses for authentication. These settings configured in this profile determine the NAI realm elements that are included as part of a GAS Response frame.
Values configured in this profile will not be sent to clients unless you:
1. Associate the ANQP NAI Realm profile with an ANQP advertisement profile. (wlan hotspot advertisement profile <profile-name>anqp-nai-realm-profile <profile-name>)
2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2profileadvertisement-profile <profile-name>)
3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profilename>hotspot-enable)
Example
wlan hotspot anqp-nai-realm-profile home enable nai-realm-name corp-hotspot.com nai-realm-auth-id-1 credential-type nai-realm-auth-value-1 cred-cert nai-home-realm
! wlan hotspot anqp-nai-realm-profile non-home
nai-realm-name corp-hotspot-roam.com nai-realm-eap-method eap-sim nai-realm-auth credential-type
Command History
This command was introduced in ArubaOS 6.4
2287 | wlan hotspot anqp-nai-realm-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot anqp-nai-realm-profile | 2288
wlan hotspot anqp-nwk-auth-profile
wlan hotspot anqp-nwk-auth-profile <profile-name> clone <profile-name> no ... nwk-auth-type acceptance|dns-redirection|http-https-redirection|online-enroll url <url>
Description
This command configures an ANQP Network Authentication profile to define authentication type being used by the hotspot network.
Syntax
Parameter clone <profile-name> no nwk-auth-type
acceptance
dns-redirection
http-https-redirection online-enroll url
Description
Make a copy of an existing ANQP Network Authentication profile.
Negate any existing parameter.
Network Authentication Type being used by the hotspot network.
Network requires the user to accept terms and conditions. NOTE: This option requires you to specify a redirection URL string as an IP address, FQDN or URL.
Additional information on the network is provided through DNS redirection. NOTE: This option requires you to specify a redirection URL string as an IP address, FQDN or URL.
Additional information on the network is provided through HTTP/HTTPS redirection.
Network supports online enrollment.
URL, IP address, or FQDN used by the hotspot network for the acceptance or dns-redirection network authentication types.
Usage Guidelines
When you enable the asra option in the WLAN hotspot profile, the settings you configure in the Network Authentication profile are sent in the GAS response to the client.
Values configured in this profile will not be sent to clients unless you:
1. Associate the ANQP Network Authentication profile an ANQP advertisement profile. (wlan hotspot advertisement profile <profile-name> anqp-nwk-auth-profile <profile-name>)
2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2profile1advertisement-profile <profile-name>)
3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profile-name> hotspot-enable )
2289 | wlan hotspot anqp-nwk-auth-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Example
The following command configures the default Network Authorization profile to use DNS redirection. wlan hotspot anqp-nwk-auth-profile default
nwk-auth-type dns-redirection redirect-url http://www.example.com/redirect.html
Command History
This command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot anqp-nwk-auth-profile | 2290
wlan hotspot anqp-roam-cons-profile
wlan hotspot anqp-roam-cons-profile <profile-name> clone <profile-name> no ... roam-cons-oi <roam-cons-oi> roam-cons-oi-len <roam-cons-oi-len>
Description
This command configures the Roaming Consortium OI information to be sent in an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
Syntax
Parameter clone <profile-name>
Description
Make a copy of an existing ANQP Roaming Consortium profile.
no
Negate any existing parameter.
roam-cons-oi <roam-cons-oi>
Send the specified roaming consortium OI in a GAS query response. The OI must be a hexadecimal number 3-5 octets in length.
roam-cons-oi-len <roam-cons-oi-len>
Length of the OI. The value of the roam-cons-oi-len parameter must equal upon the number of octets of the roam-cons-oi field.
l 0: 0 Octets in the OI (Null)
l 3: OI length is 24-bit (3 Octets)
l 5: OI length is 36-bit (5 Octets)
Usage Guidelines
Organization Identifiers (OIs) are assigned to service providers when they register with the IEEE registration authority. The Roaming Consortium Information Elements (IEs) contain information identifying the network and service provider, whose security credentials can then be used to authenticate with the AP transmitting this element.
Use the wlan hotspot anqp-roam-cons-profile command to define the OI for the hotspot service provider in the ANQP Roaming Consortium profile. Values configured in this profile will not be sent to clients unless you:
1. Associate the ANQP Roaming Consortium profile an ANQP advertisement profile. (wlan hotspot advertisement profile <profile-name> anqp-roam-cons-profile <profile-name> )
2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile advertisement-profile <profile-name> )
3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profile-name> hotspot-enable )
To identify additional Roaming consortium OIs used by the service provider's top three roaming partners, configure the roam-cons-oi-1, roam-cons-oi-2 or roam-cons-oi-3 parameters in the Hotspot Profile.
2291 | wlan hotspot anqp-roam-cons-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Example
The following command defines the roaming consortium OI and OI length in the ANQP roaming consortium profile: wlan hotspot anqp-roam-cons-profile profile1
roam-cons-oi 506F9A roam-cons-oi-len 3
Command History
This command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot anqp-roam-cons-profile | 2292
wlan hotspot anqp-venue-name-profile
wlan hotspot anqp-venue-name-profile <profile-name> clone no venue-group outdoor|reserved|utility-misc|vehicular|assembly|business educational|factoryor-industrial|institutional|mercantile|residential| storage|unspecified venue-language <language> venue-name <venue-name> venue-type <venue-type>
Description
This command defines venue information be sent in an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
Syntax
Parameter clone
Description Make a copy of an existing ANQP Venue Name profile.
no
Negates any existing parameter.
venue-group
Specify one of the following venue groups to be advertised in the ANQP Information Elements (IEs) from APs associated with this profile. The default setting is unspecified. l assembly l business l educational l factory-or-industrial l institutional l mercantile l outdoor l reserved l residential l storage l unspecified l Utility-Misc l Vehicular
venue-language <venue-name> An ISO 639 language code that identifies the language used in the Venue Name field.
venue-name <venue-name>
Venue name to be advertised in the ANQP IEs from APs associated with this profile. If the venue name includes spaces, the name must be enclosed in quotation marks, e.g. "Midtown Shopping Center".
2293 | wlan hotspot anqp-venue-name-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter venue-type <venue-type>
Description
Specify a venue type to be advertised in the IEs from APs associated with this hotspot profile. The complete list of supported venue types is described in Venue Types on page 2294.
Usage Guidelines
Use this command to configure the venue group and venue type in an ANQP Venue Name profile. If a client uses the Generic Advertisement Service (GAS) to post an ANQP query to an Access Point, the AP will return ANQP Information Elements with the values configured in this profile.
Values configured in this profile will not be sent to clients unless you:
1. Associate the ANQP Venue Name profile with an ANQP Advertisement profile. (wlan hotspot advertisement profile <profile-name> anqp-venue-name-profile <profile-name>)
2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile advertisement-profile <profile-name>)
3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profile-name> hotspot-enable)
Venue Types
The following list describes the different venue types that may be configured in a hotspot profile:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot anqp-venue-name-profile | 2294
l assembly-amphitheater l assembly-amusement-
park l assembly-arena l assembly-bar l assembly-coffee-shop l assembly-convention-
center l assembly-emer-coord-
center l assembly-library l assembly-museum l assembly-passenger-
terminal l assembly-restaurant l assembly-stadium l assembly-theater l assembly-unspecified l assembly-worship-place l assembly-zoo l business-attorney l business-bank l business-doctor l business-fire-station
l business-police-station l business-post-office l business-professional-office l business-research-and-
development l business-unspecified l educational-primary-school l educational-secondary-school l educational-university l educational-unspecified l industrial-factory l institutional-alcohol-or-drug-
rehab l institutional-group-home l institutional-hospital l institutional-prison l institutional-terminal-care l institutional-unspecified l mercantile-automotive-service-
station l mercantile-gas-station l mercantile-grocery l mercantile-retail l mercantile-shopping-mall
l merchantile unspecified l outdoor-bus-stop l outdoor-city-park l outdoor-kiosk l outdoor-muni-mesh-nwk l outdoor-rest-area l outdoor-traffic-control l outdoor-unspecified l residential-boarding-
house l residential-dormitory l residential-hotel l residential-private-
residence l residential-unspecified l unspecified l vehicular-airplane l vehicular-automobile l vehicular-bus l vehicular-ferry l vehicular-motor-bike l vehicular-ship l vehicular-train l vehicular-unspecified
Example
The following command defines an ANQP Venue Name profile for a shopping mall.
wlan hotspot anqp-venue-name-profile Mallprofile1 venue-group mercantile venue-name Westgate Shopping Center venue-type mercantile-shopping-mall
Command History
This command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2295 | wlan hotspot anqp-venue-name-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot h2qp-conn-capability-profile
wlan hotspot h2qp-conn-capability-profile <profile> clone esp icmp no tcp-ftp tcp-http tcp-pptp-vpn tcp-ssh tcp-tls-vpn tcp-voip udp-ike2-4500 udp-ike2-500 udp-ipsec-vpn udp-voip
Description
Define a Hotspot 2.0 Query Protocol (H2QP) profile that advertises hotspot protocol and port capabilities.
Syntax
Parameter clone esp
icmp no
Description Make a copy of an existing hotspot connection capability profile.
Include this parameter to enable the Encapsulating Security Payload (ESP) port used by IPSec VPNs. (port 0)
Indicates that the ICMP port is enabled and available. (port 0)
Negates any existing parameter, returning it to its default disabled value.
tcp-ftp
Include this parameter to enable the FTP port. (port 20)
tcp-http
Include this parameter to enable the HTTP port. (port 80)
tcp-pptp-vpn
Include this parameter to enable the PPTP port used by IPSec VPNs. (port 1723)
tcp-ssh
Include this parameter to enable the SSH port. (port 22)
tcp-tls-vpn tcp-voip udp-ike2-4500
Include this parameter to enable the TCP TLS port used by VPNs. (port 80) Include this parameter to enable the TCP VoIP port. (port 5060) Include this parameter to enable the IKEv2. (port 4500)
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot h2qp-conn-capability-profile | 2296
Parameter udp-ike2-500
Description Include this parameter to enable the IKEv2. (port 500)
udp-ipsec-vpn
Include this parameter to enable the IPsec VPN port. (ports 500, 4500 and 0)
no
Negates any existing parameter, returning it to its default disabled value.
udp-voip
Include this parameter to enable the UDP VoIP port. (port 5060)
Usage Guidelines
The values configured in this profile can be sent in an ANQP IE to provide hotspot clients information about the IP protocols and associated port numbers that are available and open for communication. Values configured in this profile will not be sent to clients unless you: 1. Associate the H2QP profile with an ANQP advertisement profile. (wlan hotspot advertisement profile
<profile-name> h2qp-conn-cap-profile <profile-name> ) 2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile
advertisement-profile <profile-name> ) 3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profile-name>
hotspot-enable )
Example
The following example allows the H2QP connection capability profile to advertise the availability of ICMP, HTTP and VOIP ports. (host) (config)# wlan hotspot h2qp-conn-capability-profile Wan1
icmp http voip enable
Command History
This command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2297 | wlan hotspot h2qp-conn-capability-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot h2qp-op-cl-profile
wlan hotspot h2qp-op-cl-profile <profile> clone no op-cl <1-255>
Description
This command defines a Hotspot 2.0 Query Protocol (H2QP) profile that defines the Operating Class to be sent in the ANQP IE.
Syntax
Parameter Description
clone
Makes a copy of an existing hotspot operating class profile.
no
Negates any existing parameter, returning it to its default disabled value.
op-cl
Configures the operating class for the devices' BSS. The supported range for this field is 1255, and the default value is 1.
Usage Guidelines
The values configured in this H2QP Operating Class profile define the channels on which the hotspot is capable of operating. It may be useful where, for instance, a mobile device discovers a hotspot in the 2.4 GHz band but finds it is dual-band and prefers the 5 GHz band. For a definition of these global operating classes, refer to Table E-4 of IEEE Std 802.11-2012, Annex E.
Values configured in this profile will not be sent to clients unless you:
1. Associate the H2QP profile with an ANQP advertisement profile. (wlan hotspot advertisement profile <profile-name> h2qp-op-cl-profile <profile-name> )
2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile advertisement-profile <profile-name> )
3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profile-name> hotspot-enable )
Example
The following example configures and enables a profile with the default operating class value. (host)(config)#wlan hotspot h2qp-op-cl-profile
op-cl 1 enable
Command History
This command was introduced in ArubaOS 6.4
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot h2qp-op-cl-profile | 2298
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2299 | wlan hotspot h2qp-op-cl-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot h2qp-operator-friendly-name-profile
wlan hotspot h2qp-operator-friendly-name-profile <profile> clone no op-fr-name <op-fr-name> op-lang-code <op-lang-code>
Description
This command defines a Hotspot 2.0 Query Protocol (H2QP) operator-friendly name profile.
Syntax
Parameter clone
Description Makes a copy of an existing operator-friendly name profile.
no
Negates any existing parameter.
<op-fr-name>
An operator-friendly name sent by devices using this profile. The name can be up to 64 alphanumeric characters, and can include special characters and spaces. If the name includes quotation marks ("), you must include a backslash character (\) before each quotation mark. (e.g. \"example\")
<op-lang-code> An ISO 639 language code that identifies the language used in the op-fr-name field.
Usage Guidelines
The operator-friendly name configured in this profile is a free-form text field that can identify the operator and also something about the location.
Values configured in this profile will not be sent to clients unless you:
1. Associate the H2QP operator-friendly name profile with an ANQP advertisement profile. (wlan hotspot advertisement profile <profile-name>h2qp-operator-friendly-profile <profile-name>)
2. Associate the ANQP advertisement profile with a Hotspot profile. (wlan hotspot h2-profile advertisement-profile <profile-name>)
3. Enable the hotspot feature within that Hotspot profile. (wlan hotspot h2-profile <profilename>hotspot-enable)
Example
The example below shows that the controller has two configured operator friendly name profiles. The References column lists the number of other profiles with references to the operator friendly name profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host)(config)# wlan hotspot h2qp-operator-friendly-name-profile op-fr-name my_hotspot op-lang-code <op-lang-code>
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot h2qp-operator-friendly-name-profile | 2300
Command History
This command was introduced in ArubaOS 6.4
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2301 | wlan hotspot h2qp-operator-friendly-name-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot h2qp-wan-metrics-profile
wlan hotspot h2qp-wan-metrics-profile <profile-name> at-capacity clone downlink-load downlink-speed load-dur no symm-link uplink-load uplink-speed wan-metrics-link-status link_down|link_test|link_up|reserved
Description
Create a Hotspot 2.0 Query Protocol (H2QP) profile that specifies the hotspot WAN status and link metrics.
Syntax
Parameter at_capacity
clone <profile> downlink_load <load>
downlink_speed <speed>
load_dur <load_dur> no symm_link
Description
Range
Use the at_capacity parameter to indicate that the WAN Link has reached its maximum capacity. If this parameter is enabled, no additional mobile devices will be permitted to associate with the hotspot AP.
enabled disabled
Make a copy of an existing H2QP
-
profile.
Default disabled
-
The percentage of the WAN downlink that is currently utilized. If no value is set, this parameter will show a default value of 0 to indicate that the downlink speed is unknown or unspecified.
1-100
0 (unspecifie d)
Use the downlink_speed <speed> parameter to indicate the current WAN backhaul downlink speed in Kbps. If no value is set, this parameter will show a default value of 0 to indicate that the downlink speed is unknown or unspecified.
Duration over which the downlink load is measured, in tenths of a second.
02,147,483,6 47 Kbps
0 (unspecifie d)
0 and 65535 0 (unspecified)
Negate any existing parameter
-
-
Use the symn_link parameter to indicate that the WAN Link has same speed in both the uplink and downlink directions.
enabled disabled
disabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot h2qp-wan-metrics-profile | 2302
Parameter uplink_load <speed>
uplink_speed <speed>
wan_metrics_link_status
link_down link_test link_up reserved
Description
Range
The percentage of the WAN uplink that is currently utilized. If no value is set, this parameter will show a default value of 0 to indicate that the downlink speed is unknown or unspecified.
1-100
Default
0 (unspecifie d)
Use the uplink <speed> parameter to indicate the current WAN backhaul uplink speed in Kbps. If no value is set, this parameter will show a default value of 0 to indicate that the uplink speed is unknown or unspecified.
02,147,483,6 47 kbps
0 (unspecifie d)
Define the status of the WAN Link by configuring one of the following values. The default link status is reserved, which indicates that the link status is unknown or unspecified.
l link_ down
l link_test l link_up l reserved
reserved
WAN link is down.
-
-
WAN link is currently in a test state.
-
-
WAN link is up.
-
-
This parameter is reserved by the
-
-
Hotspot 2.0 specification, and cannot
be configured. This is the default link
status.
Usage Guidelines
The values configured in this profile can be sent in an ANQP IE to provide hotspot clients information about access network characteristics such as link status and the capacity and speed of the WAN link to the Internet.Issue this command without the <profile> parameter to display the entire WAN metrics profile list, including profile status and the number of references to each profile. Include a profile name to display detailed configuration information for that profile.
Examples
The example below shows that the controller has three configured WAN metrics profiles. The References column lists the number of other profiles with references to the operator-friendly name profile, and the Profile Status column indicates whether the profile is predefined. User-defined profiles will not have an entry in the Profile Status column.
(host) (config) #show wlan hotspot h2qp-wan-metrics-profile
H2QP WAN Metrics Profile List
-----------------------------
Name
References Profile Status
----
---------- --------------
default
0
WanFastlink
2303 | wlan hotspot h2qp-wan-metrics-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Total:1
Command History
This command was introduced in ArubaOS 6.4.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot h2qp-wan-metrics-profile | 2304
wlan hotspot hs2-profile
wlan hotspot hs2-profile <profile-name> access-network-type emergency-services|personal-device|private|private-guest|publicchargeable|public-free|test|wildcard addtl-roam-cons-ois <addtl-roam-cons-ois> advertisement-profile <profile-name> advertisement-protocol anqp|eas|mih-cmd-event|mih-info|rsvd asra clone <profile-name> comeback-mode gas-comeback-delay grp-frame-block hessid <id> hotspot-enable internet no .. p2p-cross-connect p2p-dev-mgmt pame-bi query-response-length-limit <query-response-length-limit> radius_cui radius_loc_data roam-cons-len-1 0|3|5 roam-cons-len-2 0|3|5 roam-cons-len-3 0|3|5 roam-cons-oi-1 <roam-cons-oi-1> roam-cons-oi-2 <roam-cons-oi-1> roam-cons-oi-3 <roam-cons-oi-1> time-advt-cap no-std-ext-timesrc|timestamp-offset-utc |reserved time-error <milliseconds> time-zone <time-zone> venue-group <venue-group> venue-type <venue-type>
Description
This command configures a hotspot profile for an 802.11u public access service provider.
Syntax
Parameter access-network-type
Description
Specify the 802.11u network type. The default setting is publicchargeable. l emergency-services: emergency services only network l personal-device: personal device network l private: private network l private-guest: private network with guest access l public-chargeable: public chargeable network l public-free: free public network l test: test network l wildcard: wildcard network
2305 | wlan hotspot hs2-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter addtl-roam-cons-ois <addtl-roam-cons-ois> advertisement-profile <profile-name> advertisement-protocol
asra
clone <profile-name> comeback-mode gas-comeback-delay <delay>
Description
Number of additional roaming consortium Organization Identifiers (OIs) advertised by the AP. This feature supports up to three additional OIs, which are defined using the roam-cons-oi-1, roamcons-oi-2 and roam-cons-oi-3 parameters.
Advertisement profile associated with this hotspot profile. If this parameter is not changed, the hotspot profile uses with the default advertisement profile.
Select one of the following advertisement protocol types to be used by the AP.
l anqp: Access Network Query Protocol (ANQP)
l emergency: Emergency Alert System( EAS)
l mih-cmd-event: Media Independent Handover (MIH) Command and Event Services Capability Discovery
l mih-info: Media Independent Handover (MIH) Information Service. This option allows handovers between differing kinds of wireless access protocols and technologies, allowing access points on different IP subnets to communicate with each other at the link level while maintaining session continuity.
l rsvd: Reserved for future use.
Issue the asra (Additional Steps Required for Access) subcommand if any additional steps are required for network access. If this parameter is enabled, the AP will send the following Information Elements (IEs) in response to the client's ANQP query.
l Venue Name
l Domain Name List
l Network Authentication Type
l Roaming Consortium List
l NAI Realm List NOTE: If asra is enabled, the advertisement profile for this hotspot must reference an enabled network authentication type profile. For more information on enabling an network authentication type profile, see wlan hotspot anqp-nwk-auth-profile on page 2289.
Makes a copy of an existing hotspot profile.
By default, ANQP information is obtained from a GAS Request and Response. If you enable the comeback-mode option, advertisement information is obtained using a GAS Request and Response. as well as a Comeback-Request and Comeback-Response. This option is disabled by default.
At the end of the GAS comeback delay interval, the client may attempt to retrieve the query response using a Comeback Request Action frame. The supported range is 100-2000 milliseconds, and the default value is 500 milliseconds.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot hs2-profile | 2306
Parameter grp-frame-block
Description
This option configures the Downstream Group Addressed Forwarding (DGAF) Disabled Mode. If this feature is enabled, it ensures that the AP does not forward downstream group-addressed frames. It is disabled by default, allowing the AP to forward downstram group-addressed frames.
hessid
This optional parameter devices an AP's homogenous ESS identifier (HESSSID), which is that device's MAC address in colon-separated hexadecimal format.
hotspot-enable
Enables or disables the hotspot. When this feature is enabled, the Information Elements (IEs) for this hotspot are included in beacons and probe responses from the AP.
This setting is disabled by default.
internet
If you issue the internet parameter, the AP sends an Information Element (IE) indicating that the network allows internet access. By default, a hotspot profile does not advertise network internet access.
no
Negates or removes any configured parameter.
p2p-cross-connect
Issue this command to advertise support for P2P Cross Connections. This setting is disabled by default.
p2p-dev-mgmt
Issue this command to advertise support for P2P device management. This setting is disabled by default.
pame-bi
This option enables the Pre-Association Message Exchange BSSID Independent (PAME-BI) bit, which is used by an AP to indicate whether the AP indicates that the Advertisement Server can return a query response that is independent of the BSSID used for the GAS Frame exchange.
query-response-length-limit <query-response-length-limit>
Generic Advertisement Service (GAS) enables advertisement services that lets clients query multiple 802.11 neworks at once, while also allowing the client to learn more about a network's 802.11 infrastructure before associating.
If a client transmits a GAS Query using a GAS Initial Request frame, the responding AP will provide the query response (or information on how to receive the query response) in a GAS Initial Response frame.
This parameter sets the maximum length of the GAS query response, in octets. The supported range is 1-255 octets.
radius_cui radius_loc_data
Include this parameter to enable the Chargeable-User-Identity RADIUS attribute defined by RFC 4372. Home networks can use this attribute to identify a user for the roaming transactions that take place outside of that home network.
Include this parameter to enable the Location Data RADIUS attribute defined by RFC 5580. Enabling this parameter allows the RADIUS server to use location data.
2307 | wlan hotspot hs2-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter roam-cons-len-1
roam-cons-len-2
roam-cons-len-3
roam-cons-oi-1
roam-cons-oi-2
roam-cons-oi-3
time-advt-cap no-std-ext-timesrc timestamp-offset-utc reserved
Description
Length of the OI. The value of the roam-cons-len-1 parameter is based upon the number of octets of the roam-cons-oi-1 field. l 0: Zero Octets in the OI (Null) l 3: OI length is 24-bit (3 Octets) l 5: OI length is 36-bit (5 Octets)
Length of the OI. The value of the roam-cons-len-2 parameter is based upon the number of octets of the roam-cons-oi-2 field. l 0: Zero Octets in the OI (Null) l 3: OI length is 24-bit (3 Octets) l 5: OI length is 36-bit (5 Octets)
Length of the OI. The value of the roam-cons-len-3 parameter is based upon the number of octets of the roam-cons-oi-3 field. l 0: Zero Octets in the OI (Null) l 3: OI length is 24-bit (3 Octets) l 5: OI length is 36-bit (5 Octets)
Roaming consortium OI assigned to one of the service provider's top three roaming partners. This additional OI will only be sent to a client if the addtl-roam-cons-ois parameter is set to 1 or higher. NOTE: The service provider's own roaming consortium OI is configured using the wlan hotspot anqp-roam-cons-profile command.
Roaming consortium OI assigned to one of the service provider's top three roaming partners. This additional OI will only be sent to a client if the addtl-roam-cons-ois parameter is set to 2 or higher. NOTE: The service provider's own roaming consortium OI is configured using the wlan hotspot anqp-roam-cons-profile command.
Roaming consortium OI assigned to one of the service provider's top three roaming partners. This additional OI will only be sent to a client if the addtl-roam-cons-ois parameter is set to 3. NOTE: The service provider's own roaming consortium OI is configured using the wlan hotspot anqp-roam-cons-profile command.
This parameter specifies the AP's source of external time, and the current condition of its timing estimator. l no-std-ext-time-src: The AP using this profile has no
standardized external time source. l timestamp-offset-utc: The AP has a timestamp offset based on
UTC. l reserved: This setting is reserved for future use, and should not
be used.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot hs2-profile | 2308
Parameter time-error time-zone venue-group <venue-group>
venue-type <venue-type>
Description
The standard deviation of error in time value estimate, in milliseconds. The default value is 0 milliseconds, and the supported range is 0- 2,147,483,647 milliseconds.
The time zone in which the AP is operating, in the format <std><offset>[dst[offset][,start[/time],end[/time]] Where the <std> string specifies the abbreviation of the time zone, <dst> is the abbreviation of the timezone in daylight savings time, and the <offset> string specifies the time value you must add to the local time to arrive at UTC. NOTE: For complete details on configuring the timezone format, refer to section 8.3 of IEEE Std 1003.1, 2004 Edition.
Specify one of the following venue groups to be advertised in the IEs from APs associated with this hotspot profile. The default setting is unspecified.
l assembly
l business
l educational
l factory-or-industrial
l institutional
l mercantile
l outdoor
l reserved
l residential
l storage
l unspecified
l Utility-Misc
l Vehicular NOTE: This parameter only defines the venue group advertised in the IEs from hotspot APs. To define the venue group to be included in ANQP responses, use anqp-venue-name-profile <profile-name>.
Specify a venue type to be advertised in the IEs from APs associated with this hotspot profile. The complete list of supported venue types is described in Venue Types on page 2310 NOTE: This parameter only defines the venue type advertised in the IEs from hotspot APs. To define the venue type to be included in ANQP responses, use anqp-venue-name-profile <profile-name>.
Usage Guidelines
Hotspot 2.0 is a Wi-Fi Alliance specification based upon the 802.11u protocol that provides wireless clients with a streamlined mechanism to discover and authenticate to suitable networks, and allows mobile users the ability to roam between partner networks without additional authentication.
ArubaOS 6.3 supports Hotspot 2.0 with enhanced network discovery and selection.Clients can receive general information about the network identity, venue and type via management frames from the Dell AP. Clients can
2309 | wlan hotspot hs2-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
also query APs for information about the network's available IP address type (IPv4 or IPv6), roaming partners, and supported authentication methods, and receive that information in Information Elements from the AP.
Generic Advertisement Service (GAS) Queries
An Organization Identifier (OI) is a unique identifier assigned to a service provider when it registers with the IEEE registration authority. Starting with ArubaOS 6.3, an AP can include its service provider OI in beacons and probe responses to clients. If a client recognizes an AP's OI, it will attempt to associate to that AP using the security credentials corresponding to that service provider.
If the client does not recognize the AP's OI, that client can send a Generic Advertisement Service (GAS) query to the AP to request more information more about the network before associating.
ANQP Information Elements
ANQP Information Elements (IEs) are additional data that can be sent from the AP to the client to identify the AP's network and service provider. If a client requests this information via a GAS query, the hotspot AP then sends the ANQP Capability list in the GAS Initial Response frame indicating support for the following IEs:
l Venue Name: defined using the wlan hotspot anqp-venue-name-profile command. l Domain Name: defined using the wlan hotspot anqp-domain-name-profile command. l Network Authentication Type: defined using the wlan hotspot anqp-nwk-auth-profile command. l Roaming Consortium List: defined using the wlan hotspot anqp-roam-cons-profile command. l NAI Realm: defined using the wlan hotspot anqp-nai-realm-profile command. l Cellular Network Data: defined using the wlan hotspot anqp-3gpp-nwk-profile command. l Connection Capability: defined using the wlan hotspot h2qp-conn-capability-profile command. l Operator Class: defined using the wlan hotspot h2qp-op-cl-profile command. l Operator Friendly Name: defined using the wlan hotspot h2qp-operator-friendly-name-profile
command. l WAN Metrics: defined using the wlan hotspot h2qp-wan-metrics-profile.
Roaming Consortium OIs
Organization Identifiers (OIs) are assigned to service providers when they register with the IEEE registration authority. You can specify the OI for the hotspot's service provider in the ANQP Roaming Consortium profile using the wlan hotspot anqp-roam-cons-profile command. This Hotspot profile also allows you to define and send up to three additional roaming consortium OIs for the service provider's top three roaming partners. To send this additional data to clients, you must specify the number of roaming consortium elements a client can query using the addtl-roam-cons-ois <1-3> parameter, then define those elements using the following parameters:
l roam-cons-oi-1 and roam-cons-len 1 l roam-cons-oi-2 and roam-cons-len 2 l roam-cons-oi-3 and roam-cons-len 3
The configurable values for each additional OI include the Organization Identifier itself, the OI length, and the venue group and venue type associated with those OIs.
Venue Types
The following list describes the different venue types that may be configured in a hotspot profile:
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot hs2-profile | 2310
l assembly-amphitheatre l assembly-amusement-
park l assembly-arena l assembly-bar l assembly-coffee-shop l assembly-convention-
center l assembly-emer-coord-
center l assembly-library l assembly-musuem l assembly-passenger-
terminal l assembly-restaurant l assembly-stadium l assembly-theater l assembly-worship-place l assembly-zoo l business-attorney l business-bank l business-doctor
l business-fire-station l business-police-station l business-post-office l business-professional-office l business-research-and-
development l educational-primary-school l educational-secondary-school l educational-university l industrial-factory l institutional-alcohol-or-drug-
rehab l institutional-group-home l institutional-hospital l institutional-prison l institutional-terminal-care l mercantile-automotive-service-
station l mercantile-gas-station l mercantile-grocery l mercantile-retail
l mercantile-shopping-mall l outdoor-bus-stop l outdoor-city-park l outdoor-kiosk l outdoor-muni-mesh-nwk l outdoor-rest-area l outdoor-traffic-control l residential-boarding-
house l residential-dormitory l residential-hotel l residential-private-
residence l unspecified l vehicular-airplane l vehicular-automobile l vehicular-bus l vehicular-ferry l vehicular-motor-bike l vehicular-ship l vehicular-train
Example
The following command configures a hotspot profile with one additional roaming consortium OI for the service provider's top roaming partner.
wlan hotspot hs2-profile profile2 venue-group mercantile venue-type mercantile-shopping-mall addtl-roam-cons-ois roam-cons-len 3 roam-cons-oi1 415B8C hotspot-enable
2311 | wlan hotspot hs2-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Related Commands
Use the following commands to configure the Hotspot feature.
Command
Description
l wlan hotspot anqp-3gpp-nwkprofile
This profile defines information for a 3rd Generation Partnership Project (3GPP) Cellular Network for hotspots that have roaming relationships with cellular operators
l wlan hotspot anqp-domainname-profile
This command defines the domain name to be sent in an Access Network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
l wlan hotspot anqp-ip-addravail-profile
This command defines available IP address types to be sent in an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
l wlan hotspot anqp-nai-realmprofile
This command defines a Network Access Identifier (NAI) realm whose information can be sent as an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response
l wlan hotspot anqp-nwk-authprofile
This command configures an ANQP Network Authentication profile to define authentication type being used by the hotspot network.
l wlan hotspot anqp-roamcons-profile
This command configures the Roaming Consortium OI information to be sent in an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response
l wlan hotspot anqp-venuename-profile
This command defines venue information be sent in an Access network Query Protocol (ANQP) information element in a Generic Advertisement Service (GAS) query response.
l wlan hotspot h2qp-conncapability-profile
Define a Hotspot 2.0 Query Protocol (H2QP) profile that advertises hotspot protocol and port capabilities.
l wlan hotspot h2qp-op-clprofile
Define a Hotspot 2.0 Query Protocol (H2QP) profile that defines the Operating Class to be sent in the ANQP IE.
l wlan hotspot h2qp-operatorfriendly-name-profile
Define a Hotspot 2.0 Query Protocol (H2QP) operator-friendly name profile.
l wlan hotspot h2qp-wanmetrics-profile
Create a Hotspot 2.0 Query Protocol (H2QP) profile that specifies the hotspot WAN status and link metrics.
l wlan hotspot hs2-profile
This command configures a hotspot profile for an 802.11u public access service provider.
Command History
This command was introduced in ArubaOS 6.4
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan hotspot hs2-profile | 2312
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2313 | wlan hotspot hs2-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan ht-ssid-profile
wlan ht-ssid-profile <profile-name> 40MHz-enable 80MHz-enable ba-amsdu-enable clone <profile-name> high-throughput-enable ldpc legacy-stations max-rx-a-mpdu-size {8191|16383|32767|65535} max-tx-a-mpdu-size <bytes> max-tx-a-msdu-count-be {0-15} max-tx-a-msdu-count-bk {0-15} max-tx-a-msdu-count-vi {0-15} max-tx-a-msdu-count-vo {0-15} max-vht-mpdu-size min-mpdu-start-spacing {0|.25|.5|1|2|4|8|16} mpdu-agg no... short-guard-intvl-20MHz short-guard-intvl-40MHz short-guard-intvl-80MHz STBC-rx-streams STBC-tx-streams supported-mcs-set <mcs-list> temporal-diversity very-high-throughput-enable vht-supported-mcs-map vht-txbf-explicit-enable vht-txbf-sounding-interval
Description
This command configures a high-throughput SSID profile.
Syntax
Parameter <profile-name> 40MHz-enable 80MHz-enable ba-amsdu-enable clone
Description
Name of this instance of the profile. The name must be 1-63 characters.
Range Default
--
"defaul
t"
Enables or disables the use of this high-throughput -- SSID in 40 MHz mode.
enable d
Enables or disables the use of 80 MHz channels on -- Very High Throughput (VHT) APs.
enable d
Enable/Disable Receive AMSDU in BA negotiation. --
enable d
Name of an existing high-throughput SSID profile
--
--
from which parameter values are copied.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan ht-ssid-profile | 2314
Parameter high-throughput-enable
Description
Determines if this high-throughput SSID allows high-throughput (802.11n) stations to associate.
Enabling high-throughput in an ht-ssid-profile enables Wi-Fi Multimedia (WMM) base features for the associated SSID.
Range Default
--
enable
d
ldpc
If enabled, the AP will advertise Low-density Parity
--
Check (LDPC) support. LDPC improves data
transmission over radio channels with high levels
of background noise.
enable d
legacy-stations
Controls whether or not legacy (non-HT) stations
--
are allowed to associate with this SSID. By default,
legacy stations are allowed to associate.
This setting has no effect on a BSS in which HT support is not available.
enable d
max-rx-a-mpdusize
Controls the maximum size, in bytes, of an Aggregated-MAC Packet Data Unit (A-MPDU) that can be received on this high-throughput SSID.
8191 16383 32767 65535
65535
8191
Maximum size of 8191 bytes.
--
--
16383
Maximum size of 16383 bytes.
--
--
32767
Maximum size of 32767 bytes.
--
--
65535
Maximum size of 65535 bytes.
--
--
max-tx-a-mpdusize
Controls the maximum size, in bytes, of an AMPDU that can be sent on this high-throughput SSID.
157665535
65535
max-tx-a-masdu-count-be Sets the maximum number of MSDUs in a TX A-
0-15
2
MSDU on best effort AC. TX-AMSDU is disabled if set
to 0.
max-tx-a-masdu-count-bk Sets the maximum number of MSDUs in a TX A-
0-15
2
MSDU on background AC. TX-AMSDU is disabled if
set to 0.
max-tx-a-masdu-count-vi Sets the maximum number of MSDUs in a TX A-
0-15
2
MSDU on video AC. TX-AMSDU is disabled if set to
0.
max-tx-a-masdu-count-vo Sets the maximum number of MSDUs in a TX A-
0-15
0
MSDU on voicet AC. TX-AMSDU is disabled if set to
0.
2315 | wlan ht-ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter min-mpdu-start-spacing
0 .25 .5 1 2 4 8 16 mpdu-agg
no short-guardintvl-20MHz short-guardintvl-40MHz short-guardintvl-80MHz stbc-rx-streams
Description
Minimum time between the start of adjacent MDPUs within an aggregate MDPU in microseconds.
Range Default
0, .25,
0
.5, 1,
2,4,
8,16
No restriction on MDPU start spacing. Minimum time of .25 µsec. Minimum time of .5 µsec.
--
--
--
--
--
--
Minimum time of 1 µsec. Minimum time of 2 µsec. Minimum time of 4 µsec.
--
--
--
--
--
--
Minimum time of 8 µsec. Minimum time of 16 µsec.
--
--
--
--
Enables or disables MAC protocol data unit
--
(MDPU) aggregation.
High-throughput APs are able to send aggregated MAC protocol data units (MDPUs), which allow an AP to receive a single block acknowledgment instead of multiple ACK signals. This option, which is enabled by default, reduces network traffic overhead by effectively eliminating the need to initiate a new transfer for every MPDU.
enable d
Negates any configured parameter.
--
--
Enables or disables use of short guard interval in
--
20 MHz mode of operation.
Enables or disables use of short guard interval in
--
40 MHz mode of operation.
Enables or disables use of short guard interval in
--
80 MHz mode of operation.
enable d
enable d
enable d
Controls the maximum number of spatial streams
0-1
1
usable for STBC reception. 0 disables STBC
reception, 1 uses STBC for MCS 0-7. Higher MCS
values are not supported. (Supported on the W-
AP90 series, W-AP130 Series, W-AP68, W-AP175
and W-AP105 only. The configured value will be
adjusted based on AP capabilities.)
NOTE: If transmit beamforming is enabled, STBC
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan ht-ssid-profile | 2316
Parameter stbc-tx-streams
supported-mcsset
Description
will be disabled for disabled for beamformed frames.
Controls the maximum number of spatial streams usable for STBC transmission. 0 disables STBC transmission, 1 uses STBC for MCS 0-7. Higher MCS values are not supported. (Supported on WAP90 series, W-AP175, W-AP130 Series and WAP105 only. The configured value will be adjusted based on AP capabilities.) NOTE: If transmit beamforming is enabled, STBC will be disabled for disabled for beamformed frames.
Comma-separated list of Modulation Coding Scheme (MCS) values or ranges of values to be supported on this high-throughput SSID.
Range Default
0-1
1
0-23
0-23
temporal-diversity
Shows if temporal diversity has been enabled or dis- -- abled. When this feature is enabled and the client is not responding to 802.11 packets, the AP will launch two hardware retries; if the hardware retries are not successful then it attempts software retries.
disabled
very-high-throughputenable
Enable or disable support for Very High Throughput -- (802.11ac ) on the SSID.
enabled
vht-supported-mcs-map
Modulation Coding Scheme (MCS) values or ranges of values for spatial streams 1 through 3. Valid values for the maximum MCS settings are 7, 8, 9 or a dash (-) if a spatial stream is not supported. If a MCS is not valid for a particular combination of bandwidth and number of spatial streams, it will not be used.
7, 8, 9, or -
Default: 9,9,9
vht-txbf-explicit-enable Enable or disable VHT Explicit Transmit Beam-
--
forming for the W-AP220 Series . When this feature is
enabled, the AP requests information about the MIMO
channel and uses that information to transmit data
over multiple transmit streams using a calculated
steering matrix. The result is higher throughput due to
improved signal at the beamformee (the receiving cli-
ent). If this parameter is disabled, all other transmit
beamforming settings will not take effect.
Enabled
vht-txbf-sounding-interval
Time interval in seconds between channel information updates between the AP and the beamformee client. (W-AP220 Series only)
1-1000 25 seconds seconds
Usage Guidelines
The ht-ssid profile configures the high-throughput SSID. Stations are not allowed to use HT with TKIP standalone encryption, although TKIP can be provided in mixed-mode BSSIDs that support HT. HT is disabled on a BSSID if the encryption mode is standalone TKIP or WEP.
You can also use this profile to configure explicit transmit beamforming for W-AP130 Series access points. When this feature is enabled, the AP coordinates the signals sent from each antenna so the signals focus on the receiver, improving radio range and performance. The W-AP130 Series AP can advertise transmit beamforming
2317 | wlan ht-ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
capabilities in beacon, probe response and association responses in the HT capabilities IE, then use the compressed or noncompressed beamforming report from clients to form a steering matrix. The AP ensures that the steering matrix stays current by updating and recalibrating the steering matrix at regular intervals.
By default, W-AP130 Series access points support both compressed and non-compressed steering information from clients. If you have many clients that can send only non-compressed steering reports, best practices are to retain the default settings, allowing the AP to support both types of steering reports. If all (or nearly all) of the AP's clients are capable of sending compressed steering reports, best practices are to disable noncompressed steering in the AP's HT SSID profile.
De-aggregation of MAC Service Data Units (A-MSDUs) is supported on W-3000 Series controllers, W-7200 Series, and the W-6000M3 with a maximum frame transmission size of 4k bytes; however, this feature is always enabled and is not configurable. Aggregation is not currently supported.
Example
The following command configures the maximum size of a received aggregate MDPU to be 8191 bytes for the high-throughput SSID named "htcorpnet:" (host) (config) #wlan ht-ssid-profile htcorpnet
max-rx-a-mpdu-size 8191
Command History
Version ArubaOS 3.3
Description Command introduced
ArubaOS 3.3.1
The legacy-stations parameter was introduced
ArubaOS 3.3.2
De-aggregation of MAC Service Data Units (A-MSDUs) was introduced.
ArubaOS 6.1
The short-guard-intvl-20Mhz, ldpc, stbc-rx-streams and stbc-rxstreams parameters were introduced.
The allow-weak-encryption parameter was deprecated.
ArubaOS 6.3
The following parameters were introduced. l 80-MHz-enable l max-tx-a-msdu-count-be l max-tx-a-msdu-count-bk l max-tx-a-msdu-count-vi l max-tx-a-msdu-count-vo l max-vht-mpdu-size l short-guard-intvl 80MHz l very-high-throughput-enable l vht-supported-mcs-map l vht-txbf-explicit-enable l vht-txbf-sounding-interval
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan ht-ssid-profile | 2318
Command Information
Platforms
Licensing
All platforms, but only operates with 802.11ncompliant devices. The following parameters are supported on 802.11ac compliant devices only:
l 80-MHz-enable
l very-high-throughputenable
l vht-supported-mcs-map
l vht-txbf-explicit-enable
l vht-txbf-soundinginterval
Base operating system.
Command Mode Config mode on master controllers
2319 | wlan ht-ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan rrm-ie-profile
wlan rrm-ie-profile <profile-name> bss-aac-ie clone country-ie enabled-capabilities-ie no pwr-constraint-ie qbss-load-ie quiet-ie tpc-report-ie
Description
Configure an radio resource management RRM IE profile to define the information elements advertised by an AP with 802.11k support enabled.
Syntax
Parameter
Description
bss-aac-ie
The AP will advertise in beacon and probe responses the BSS Available Admission Capacity (ACC) IE, which contains information about the admission capabilities for each User Priority / Access Category
clone
Copy the settings of an existing RRM IE profile.
country-ie
The AP will advertise in beacon and probe responses the device's regulatory domain.
enabled-capabilities-ie The AP will advertise in beacon and probe responses support for radio measurements in a device.
no ...
Disables the transmission of an IE in this profile.
pwr-constraint-ie
The AP will advertise in beacon and probe responses the regulatory maximum transmit power for that current channel.
qbss-load-ie
The AP will advertise in beacon and probe responses the QoS Basic Service Set (QBSS) Load IE, which contains information on the current station count, channel utilization and available admission capacity levels in the QBSS
quiet-ie
The AP will advertise in beacon and probe responses the Quiet IE, which is used to silence the channel for measurement purposes. When an AP uses a quiet IE to schedule a quiet interval, stations may not transmit on that channel during the quiet interval.
tpc-report-ie
The AP will advertise in beacon and probe responses information about its transmit power controls.
Usage Guidelines
ArubaOS supports RRM Information Elements (IEs) for APs with 802.11k support enabled. All IEs are sent by default.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan rrm-ie-profile | 2320
Example
The following command prevents the AP from advertising the country IE. (host) (config) #wlan rrm-ie-profile default (host) (Handover Trigger Profile) #no country-ie
Related commands
wlan dot11k-profile <profile> dot11k-enable
Command History
Version ArubaOS 6.2
Description Command introduced
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2321 | wlan rrm-ie-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan ssid-profile
wlan ssid-profile <profile-name> 902il-compatibility-mode a-basic-rates <mbps> a-beacon-rate a-tx-rates <mbps> advertise-ap-name advertise-location ageout <seconds> battery-boost clone <profile-name> deny-bcast disable-probe-retry dot11r-profile dtim-period <milliseconds> eapol-rate-opt edca-parameters-profile {ap|station} <profile-name> enforce-user-vlan essid <name> g-basic-rates <mbps> g-beacon-rate g-tx-rates <mbps> hide-ssid ht-ssid-profile <profile-name> local-probe-req-thresh max-clients <number> max-retries <number> max-tx-fail <number> mcast-rate-opt mfp-capable mfp-required multicast-rate no ... opmode {bSec-128|bSec-256|dynamic-wep|opensystem|static-wep|wpa-aes|wpa2-aes-gcm-128|wpa2aes-gcm-256| wpa-psk-aes|wpa-psk-tkip|wpa-tkip|wpa2-aes|wpa2-psk-aes|wpa2-psk-tkip|wpa2tkip xSec} qbss-load-enable rts-threshold <number> short-preamble ssid-enable strict-svp wepkey1 <key> wepkey2 <key> wepkey3 <key> wepkey4 <key> weptxkey <index> wmm wmm-be-dscp <best-effort> wmm-bk-dscp <background> wmm-override-dscp-mapping wmm-ts-min-inact-int <milliseconds> wmm-uapsd wmm-vi-dscp <video> wmm-vo-dscp <voice> wpa-hexkey <psk> wpa-passphrase <string>
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan ssid-profile | 2322
Description
This command configures an SSID profile.
2323 | wlan ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Syntax
<profile-name>
Description
Name of this instance of the profile. The name must be 1-63 characters.
Range --
Default "default"
902il-compatibility-mode a-basic-rates
(For clients using NTT DoCoMo 902iL phones only) When enabled, the controller does not drop packets from the client if a small or old initialization vector value is received. (When TKIP or AES is used for encryption and TSPEC is enabled, the phone resets the value of the initialization vector after add/delete TSPEC.)
NOTE: This parameter requires the PEFNG license.
List of supported 802.11a rates, in Mbps, that are advertised in beacon frames and probe responses.
--
disabled
6, 9, 12, 18, 24, 36, 48, 54 Mbps
6, 12, 24 Mbps
a-beacon-rate
Sets the beacon rate for 802.11a (use for Distributed Antenna System (DAS) only). Using this parameter in normal operation may cause connectivity problems.
default, 6, 9, 12, 18,24,36,48, 54 Mbps
minimum valid rate
a-tx-rates
Set of 802.11a rates at which the AP is allowed to send data. The actual transmit rate depends on what the client is able to handle, based on information sent at the time of association and on the current error/loss rate of the client.
6, 9, 12, 18, 24, 36, 48, 54 Mbps
6, 9, 12, 18, 24, 36, 48, 54 Mbps
advertise-ap-name advertise-location ageout
If enabled, APs that are part of this VAP -- willbroadcast the AP Name information in the beacons frames.
If enabled, APs that are part of this VAP -- will broadcast their GPS coordinates in the beacons and probe response frames as part of a vendor-specific Information Element.
Time, in seconds, that a client is allowed to remain idle before being aged out.
-- disabled
1000 seconds
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan ssid-profile | 2324
battery-boost
clone deny-bcast
disable-probe-retry dot11r-profile dtim-period
eapol-rate-opt edca-parameters -profile
Description
Range
Converts multicast traffic to unicast
--
before delivery to the client, thus
allowing you to set a longer DTIM
interval. The longer interval keeps
associated wireless clients from
activating their radios for multicast
indication and delivery, leaving them in
power-save mode longer and thus
lengthening battery life.
NOTE: This parameter requires the PEFNG license. This parameter should not be enabled if you plan on using the Push-To-Talk feature for Polycom SpectraLink devices.
Name of an existing SSID profile from
--
which parameter values are copied.
When a client sends a broadcast probe -- request frame to search for all available SSIDs, this option controls whether or not the system responds for this SSID. When enabled, no response is sent and clients have to know the SSID in order to associate to the SSID. When disabled, a probe response frame is sent for this SSID.
Enable or disable battery MAC level retries for probe response frames. By default this parameter is enabled, which mean that MAC level retries for probe response frames is disabled.
Associates the dot11r-profile with the
--
SSID profile.
Specifies the interval, in milliseconds, between the sending of Delivery Traffic Indication Messages (DTIMs) in the beacon. This is the maximum number of beacon cycles before unacknowledged network broadcasts are flushed. When using wireless clients that employ power management features to sleep, the client must revive at least once during the DTIM period to receive broadcasts.
Use a more conservative rate for more -- reliable delivery of EAPOL frames.
Name of the enhanced distributed
--
channel access (EDCA) profile that
applies to this SSID.
NOTE: This parameter requires the
Default disabled
-- disabled
Enabled -- 1
enabled --
2325 | wlan ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ap|sta enforce-user-vlan essid g-basic-rates g-beacon-rate g-tx-rates
hide-ssid ht-ssid-profile local-probe-req-thresh max-clients
Description
PEFNG license. Configure this parameter only under the guidance of your Dell representative.
Assigns the specified EDCA profile to AP or station (client).
Range --
Default --
Strict enforcement of data traffic only in
--
user's assigned vlan (Open stations
only).
Name that uniquely identifies a
--
wireless network. The ESSID can be up
to 31 characters. If the ESSID includes
spaces, you must enclose it in
quotation marks.
-- aruba-ap
List of supported 802.11b/g rates that are advertised in beacon frames and probe responses.
1, 2, 5, 6, 9, 11, 12, 18, 24, 36, 48, 54 Mbps
1, 2 Mbps
Sets the beacon rate for 802.11g (use for Distributed Antenna System (DAS) only). Using this parameter in normal operation may cause connectivity problems.
default, 1,2,5, 6 9, 11, 12, 18, 24, 36, 48, 54 Mbps
minimum valid rate
Set of 802.11b/g rates at which the AP is allowed to send data. The actual transmit rate depends on what the client is able to handle, based on information sent at the time of association and on the current error/loss rate of the client.
1, 2, 5, 6, 9, 11, 12, 18, 24, 36, 48, 54 Mbps
1, 2, 5, 6, 9, 11, 12, 18, 24, 36, 48, 54 Mbps
Enables or disables hiding of the SSID
--
name in beacon frames. Note that
hiding the SSID does very little to
increase security.
disabled
Name of high-throughput SSID profile
--
to use for configuring high-throughput
support. See wlan ht-ssid-profile on
page 2314.
"default"
APs will not respond to client probe
0-100
0
requests if the SNR value in the probe
request is less than the specified
threshold value.
Maximum number of wireless clients
0-256
64
for the AP.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan ssid-profile | 2326
max-retries max-tx-fail
mcast-rate-opt
mfp-capable mfp-required multicast-rate no opmode
bSec-128 bSec-256 dynamic-wep opensystem static-wep
2327 | wlan ssid-profile
Description
Maximum number of retries allowed for the AP to send a frame.
Range 0-15
Default 4
The AP assumes the client has left and 0 -
0
should be deauthorized when the AP
2,147,483,64
detects this number of consecutive
7
frames were not delivered because
the max-retries threshold was
exceeded.
Enables or disables scanning of all
--
active stations currently associated to
an AP to select the lowest transmission
rate for broadcast and multicast
frames. This option only applies to
broadcast and multicast data frames;
802.11 management frames are
transmitted at the lowest configured
rate.
NOTE: Do not enable this parameter unless instructed to do so by your Dell technical support representative.
disabled
When enabled, the SSID supports man- -- agement frame protection (MFP) capable clients and traditional clients.
disabled
When enabled, the SSID only supports
--
MFP capable clients.
disabled
When configured, chooses the rate for video multicast frames.
default, 6, 9, 12, 18, 24, 36, 48, 54 Mbps
default
Negates any configured parameter.
--
--
The layer-2 authentication and
--
encryption to be used on this ESSID to
protect access and ensure the privacy
of the data transmitted to and from the
network.
opensyste m
WPA2 with AES GCM-128 encryption
--
--
and dynamic keys using 802.1X
WPA2 with AES GCM-256 encryption
--
--
and dynamic keys using 802.1X
WEP with dynamic keys.
--
--
No authentication and encryption.
--
--
WEP with static keys.
--
--
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wpa-aes wpa2-aes-gcm-128
wpa2-aes-gcm-256
wpa-psk-aes wpa-psk-tkip wpa-tkip wpa2-aes wpa2-psk-aes wpa2-psk-tkip wpa2-tkip wpa-psk-aes wpa2-psk-tkip wpa2-tkip xSec
Description
Range
WPA with AES encryption and dynamic -- keys using 802.1x.
WPA2 with AES GCM-128 (Suite-b)
--
encryption and dynamic keys
using 802.1X. This parameter requires the ACR license.
WPA2 with AES GCM-256 (Suite-b)
--
encryption and dynamic keys
using 802.1X. This parameter requires the ACR license.
WPA with AES encryption using a
--
preshared key.
WPA with TKIP encryption using a
--
preshared key.
WPA with TKIP encryption and dynamic -- keys using 802.1x.
WPA2 with AES encryption and
--
dynamic keys using 802.1x.
WPA2 with AES encryption using a
--
preshared key.
WPA2 with TKIP encryption using a
--
preshared key.
WPA2 with TKIP encryption and
--
dynamic keys using 802.1x.
WPA with AES encryption using a
--
preshared key.
WPA2 with TKIP encryption using a
--
preshared key.
WPA2 with TKIP encryption and
--
dynamic keys using 802.1x.
Encryption and tunneling of Layer-2
--
traffic between the controller and
wired or wireless clients, or between
controllers. To use xSec encryption,
you must use a RADIUS authentication
server. For clients, you must install the
Funk Odyssey client software.
Default -- --
--
-- -- -- -- -- -- -- -- -- -- --
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan ssid-profile | 2328
qbss-load-enable
rts-threshold short-preamble
Description
Requires installation of the xSec license. For xSec between controllers, you must install an xSec license in each controller.
Range
Enables the AP to advertise the QBSS
--
load element. The element includes
the following parameters that provide
information on the traffic situation:
l Station count: The total number of stations associated to the QBSS.
l Channel utilization: The percentage of time (normalized to 255) the channel is sensed to be busy. The access point uses either the physical or the virtual carrier sense mechanism to sense a busy channel.
l Available admission capacity: The remaining amount of medium time (measured as number of 32us/s) available for a station via explicit admission control.
The QAP uses these parameters to decide whether to accept an admission control request. A wireless station uses these parameters to choose the appropriate access points.
NOTE: For 802.11n APs, ensure that either wmm or high throughput is enabled.
Wireless clients transmitting frames larger than this threshold must issue Request to Send (RTS) and wait for the AP to respond with Clear to Send (CTS). This helps prevent mid-air collisions for wireless clients that are not within wireless peer range and cannot detect when other wireless clients are transmitting.
Enables or disables short preamble for -- 802.11b/g radios. Network performance may be higher when short preamble is enabled. In mixed radio environments, some 802.11b wireless client stations may experience difficulty associating with the AP using short preamble. To use only long preamble, disable short preamble. Legacy client devices that use only long preamble generally can be updated to support short preamble.
Default disabled
2333 bytes enabled
2329 | wlan ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
ssid-enable
Description Enables/disables this SSID.
Range --
strict-svp
Enable Strict Spectralink Voice Protocol -- (SVP)
wepkey1 - wepkey4
Static WEP key associated with the key -- index. Can be 10 or 26 hex characters in length.
weptxkey
Key index that specifies which static WEP key is to be used. Can be 1, 2, 3, or 4.
1, 2, 3, 4
wmm
Enables or disables WMM, also known --
as IEEE 802.11e Enhanced Distribution
Coordination Function (EDCF). WMM
provides prioritization of specific traffic
relative to other traffic in the network.
wmm-be-dscp
DSCP value used to map WMM besteffort traffic.
0-63
wmm-bk-dscp
DSCP used to map WMM background traffic.
0-63
wmm-override-dscp-mapping Overrides the default DSCP mappings
--
in the SSID profile with the ToS value.
This setting is useful when you want to
set a non-default ToS value for a
specific traffic.
wmm-ts-min-in act-int
Specifies the minimum inactivity timeout threshold of WMM traffic. This setting is useful in environments where low inactivity interval time-outs are advertised, which may cause unwanted timeouts.
0-3,600,000
wmm-uapsd
Enable Wireless Multimedia (WMM)
--
UAPSD powersave.
wmm-vi-dscp
DSCP used to map WMM video traffic. 0-63
wmm-vo-dscp
DSCP used to map WMM voice traffic.
0-63
wpa-hexkey
WPA pre-shared key (PSK).
--
wpa-passphrase
WPA passphrase with which to
--
generate a pre-shared key (PSK).
Default enabled disabled --
1
disabled
-- -- disabled
0 millisecond s
enabled -- -- -- --
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan ssid-profile | 2330
Usage Guidelines
The SSID profile configures the SSID.Default WMM mappings exist for all SSIDs. After you customize an WMM mapping and apply it to the SSID, the controller overwrites the default mapping values and uses the userconfigured values.
Suite-B cryptography
The opmode parameters for Suite-B encryption, wpa2-aes-gcm-128 and wpa2-aes-gcm-256, require the ACR license. Note, however, that not all controllers support Suite-B encryption. The table below describes the controller support for Suite-B encryption in ArubaOS.
Controller W-7200 Series
Serial Number Prefix All serial numbers supported
ACR License Support Yes
W-600 Series
All serial numbers supported
Yes
W-3000 Series
FC
Yes
W-3000 Series
F
No
W-6000M3 card
AK
Yes
W-6000M3 card
A
No
To determine the serial number prefix for your controller, issue the CLI command show inventory and note the prefix before the system serial number. The serial number prefix in the example below appears in bold.
(host) #show inventory
Supervisor Card slot
System Serial#
SC
Assembly#
SC
Serial#
SC
Model#
:0 : AK0093676 : 2010052B (Rev:02.01) : F01629529 (Date:03/29/10) : W-3600-US
Multicast Rate Optimization
The Multicast Rate Optimization feature dynamically selects the rate for sending broadcast/multicast frames on any BSS. This feature determines the optimal rate for sending broadcast and multicast frames based on the lowest of the unicast rates across all associated clients.
When the Multicast Rate Optimization option (mcast-rate-opt) is enabled, the controller scans the list of all associated stations in that BSS and finds the lowest transmission rate as indicated by the rate adaptation state for each station. If there are no associated stations in the BSS, it selects the lowest configured rate as the transmission rate for broadcast and multicast frames.
This feature is disabled by default. Multicast Rate Optimization applies to broadcast and multicast frames only. 802.11 management frames are not affected by this feature and will be transmitted at the lowest configured rate.
The Multicast Rate Optimization feature should only be enabled on a BSS where all associated stations are sending or receiving unicast data. If there is no unicast data to or from a particular station, then the rate adaptation state may not accurately reflect the current sustainable transmission rate for that station. This could result in a higher packet error rate for broadcast/multicast packets at that station.
2331 | wlan ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Example
The following command configures an SSID for WPA2 AES authentication: (host) (config) #wlan ssid-profile corpnet
essid Corpnet opmode wpa2-aes
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.2
The wmm-ts-min-inact-int parameter was introduced. The wpa2preauth parameter was removed,
ArubaOS 3.3
Support for the high-throughput IEEE 802.11n standard was introduced including the ht-ssid-profile parameter and various rate changes.
ArubaOS 3.3.1
Support for configurable WMM AC mapping was introduced including the wmm-be-dscp, wmm-bk-dscp, wmm-vi-dscp, and wmm-vo-dscp parameters.
ArubaOS 3.4
The deny-bcast and disable-probe-retry parameters were introduced. The drop-mcast parameter was deprecated.
ArubaOS 3.4.1
License requirements changed in ArubaOS 3.4.1, so the command required the PEF license instead of the Voice Services Module license required in earlier versions.
ArubaOS 6.1
The opmode options wpa2-aes-gcm-128 and wpa2-aes-gcm-256 were introduced. These parameters require the ACR license.
The qbss-load-enable option is included.
ArubaOS 6.1.4.1 ArubaOS 6.2
The advertise-ap-name parameter was added. The advertise-location and enforce-user-vlan parameters were added.
ArubaOS 6.3
l The dot11r-profile parameter was added. l The opmode bSec 256 parameter was added.
ArubaOS 6.4
l The mfp-capable and mfp-required parameters were added. l The eapol-rate-opt parameter was enabled by default.
ArubaOS 6.4.2.0
The description of the multicast-rate parameter is changed to denote the rate for video multicast frames.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan ssid-profile | 2332
Command Information
Platforms
Licensing
Command Mode
All platforms, except for the noted opmode parameters.
Base operating system, except for the noted parameters
Config mode on master controllers
2333 | wlan ssid-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan traffic-management-profile
wlan traffic-management-profile <profile-name> bw-alloc virtual-ap <virtual-ap> share <percent> clone <profile-name> no ... report-interval <minutes> shaping-policy default-access|fair-access|preferred-access
Description
This command configures a traffic management profile.
Syntax
Parameter <profile-name>
Description
Name of this instance of the profile. The name must be 1-63 characters.
Range --
Default "default"
bw-alloc
Minimum bandwidth, as a percentage of available bandwidth, allocated to a Virtual AP when there is congestion on the wireless network. An virtual AP can use all available bandwidth if no other virtual APs are active.
virtual-ap <virtual-ap> Name of the virtual AP to which you will
--
--
allocate a share of bandwidth.
share <percent>
Percentage of available bandwidth allocated to this virtual AP.
0-100
--
clone <profile-name>
Name of an existing traffic management
--
--
profile from which parameter values are
copied.
no
Negates any configured parameter.
--
--
report-interval <minutes>
Number of minutes between bandwidth usage reports.
1 - 999999 minutes
5 minutes
shaping-policy
Define Station Shaping Policy This feature has the following three options:
l default-access: Traffic shaping is disabled, and client performance is dependent on MAC contention resolution. This is the default traffic shaping setting.
l fair-access: Each client gets the same airtime, regardless of client capability and capacity. This option is useful in
defaultaccess
fair-access
preferredaccess
defaultaccess
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan traffic-management-profile | 2334
Parameter
Description
Range
environments like a training facility or exam hall, where a mix of 802.11a/g, 802.11g and 802.11n clients need equal to network resources, regardless of their capabilities. The bw-alloc parameter of a traffic management profile allows you to set a minimum bandwidth to be allocated to a virtual AP profile when there is congestion on the wireless network.You must set traffic shaping to fair-access to use this bandwidth allocation value for an individual virtual AP.
l preferred-access: High-throughput (802.11n) clients do not get penalized because of slower 802.11a/g or 802.11b transmissions that take more air time due to lower rates. Similarly, faster 802.11a/g clients get more access than 802.11b clients.
Default
Usage Guidelines
The traffic management profile allows you to allocate bandwidth to SSIDs. When you enable the band-steering feature, an AP keeps track of all BSSIDs active on a radio, all clients connected to the BSSID, and 802.11a/g, 802.11b, or 802.11n capabilities of each client. Every sampling period, airtime is allocated to each client, giving it opportunity to get and receive traffic. The specific amount of airtime given to an individual client is determined by;
l Client capabilities (802.11a/g, 802.11b or 802.11n) l Amount of time the client spent receiving data during the last sampling period l Number of active clients in the last sampling period l Activity of the current client in the last sampling period
The bw-alloc parameter of a traffic management profile allows you to set a minimum bandwidth to be allocated to a virtual AP profile when there is congestion on the wireless network.You must set traffic shaping to fair-access to use this bandwidth allocation value for an individual virtual AP.
Example
The following command configures a traffic management profile that allocates bandwidth to the corpnet virtual AP: (host) (config) #wlan traffic-management-profile best
bw-alloc virtual-ap corpnet share 75
2335 | wlan traffic-management-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 3.0
Modification Command introduced
ArubaOS 3.2
The mode parameters were introduced in ArubaOS 3.2.
ArubaOS 6.3
The bw-alloc virtual-ap default share (%) enforcement hard command was introduced to set bandwidth allocation limit for an SSID.
Command Information
Platforms All platforms
Licensing
Base operating system on master controllers
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan traffic-management-profile | 2336
wlan tsm-req-profile
wlan tsm-req-profile <profle-name> bin0-range <bin0-range> clone dur-mandatory measure-duration <measure-duration> no num-repeats <num-repeats> random-interval <random-interval> request-mode {normal | triggered} traffic-id <traffic-id>
Description
This command configures a TSM Report Request Profile.
Syntax
Parameter <profile-name> bin0-range <bin0-range>
clone <source>
dur-mandatory
Description
Name of this instance of the profile. The name must be 1-63 characters.
Range Default
--
"defaul
t"
This value is used to set the 'Bin 0
0- 255 6
Range' field in the Transmit
Stream/Category Measurement
Request frame. Bin 0 Range
indicates the delay range of the first
bin (Bin 0) of the Transmit Delay
Histogram, expressed in units of
TUs.
Creates a copy of the Transmit
--
Stream Measurement Request
Report Request Profile.
<source> is the name of an existing TSM Profile from which parameter values are copied.
This parameter is used to set the
--
"Duration Mandatory" bit of the
Measurement Request Mode field of
the Transmit Stream/Category
Measurement Request frame.
-- Enabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan tsm-req-profile | 2338
Parameter
Description
Range Default
measure-duration <measure-duration>
This parameter is used to set the Measurement Duration field in the Transmit Stream/Category Measurement Request frame. The Measurement Duration is set to the duration of the requested measurement. It is expressed in units of TUs. When the request mode for the Transmit Stream/Category Measurement Request frame is set to "triggered", the Measurement Duration field should be set to 0.
065535
9776
no
Negates any configured parameter
--
--
num-repeats <num-repeats>
This parameter is used to set the "Number of Repetitions" field in the Transmit Stream/Category Measurement Request frame. The Number of Repetitions field contains the requested number of repetitions for all the Measurement Request elements in this frame. A value of zero in the Number of Repetitions field indicates Measurement Request elements are executed once without repetition. A value of 65535 in the Number of Repetitions field indicates Measurement Request elements are repeated until the measurement is cancelled or superseded.
065535
65535
random-interval <random-interval>
This parameter is used to set the
0-
0
Randomization Interval field in the
65535
Transmit Stream/Category
Measurement Request frame. The
Randomization Interval is used to
specify the desired maximum
random delay in the measurement
start time. It is expressed in units of
TUs (Time Units). When the request
mode for the Transmit
Stream/Category Measurement
Request frame is set to "triggered",
the Randomization Interval is not
used and is set to 0. A
Randomization Interval of 0 in a
measurement request indicates that
no random delay is to be used.
request-mode {normal | triggered}
This parameter is used to determine -- the request mode for the Transmit Stream/Category Measurement Request frame. There are two options for this field:
l normal
normal
2339 | wlan tsm-req-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter traffic-id <traffic-id>
Description l triggered
Range Default
The parameter is used to set the
0-255
96
Traffic Identifier field in the Transmit
Stream/Category Measurement
Request frame. The Traffic Identifier
field contains the TID subfield. The
TID subfield indicates the TC or TS
for which traffic is to be measured.
Usage Guidelines
The tsm-req-profile is a part of the 802.11K profile. It is used to configure the parameters for the Transmit Stream/Category Measurement frames. It takes effect only when the 802.11K feature is enabled.
Example
(host) (config) # wlan tsm-req-profile default (host) (TSM Report Request Profile "default") #bin0-range 1 (host) (TSM Report Request Profile "default") #dur-mandatory (host) (TSM Report Request Profile "default") #measure-duration 25 (host) (TSM Report Request Profile "default") #num-repeats 0 (host) (TSM Report Request Profile "default") #random-interval 0 (host) (TSM Report Request Profile "default") #request-mode normal (host) (TSM Report Request Profile "default") #traffic-id 96
Command History
This command is introduced in ArubaOS 6.2.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode
Configuration mode on master and local controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan tsm-req-profile | 2340
wlan virtual-ap
wlan virtual-ap <profile-name> aaa-profile <profile-name> allowed-band <band>... anyspot-profile <profile> auth-failure-blacklist-time <seconds> band-steering blacklist blacklist-time <seconds> broadcast-filter all|arp clone <profile-name> deny-inter-user-traffic deny-time-range <range> dos-prevention dot11k-profile dynamic-mcast-optimization dynamic-mcast-optimization-threshold fdb-update-on-assoc forward-mode {tunnel|bridge|split-tunnel|decrypt-tunnel} ha-disc-onassoc hs2-profile mobile-ip no ... outer-vlan preserve-vlan rap-operation {always|backup|persistent|standard} ssid-profile <profile-name> steering-mode band-balancing|force-5ghz|prefer-5ghz strict-compliance vap-enable vlan <vlan>... vlan-mobility wan-operation wmm-traffic-management-profile
Description
This command configures a virtual AP profile.
Syntax
Parameter <profile-name>
aaa-profile
allowed-band
Description
Range
Name of this instance of
--
the profile. The name must
be 1-63 characters.
Name of the AAA profile
--
that applies to this virtual
AP.
The band(s) on which to use the virtual AP:
a/g/all
Default "default" "default" all
2341 | wlan virtual-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
anyspot-profile
auth-failureblacklist-time band-steering
Description
a--802.11a band only (5 GHz)
g--802.11b/g band only (2.4 GHz)
all--both 802.11a and 802.11b/g bands (5 GHz and 2.4 GHz)
Range
Default
Anyspot Profile associated --
--
with this Virtual AP Profile.
The anyspot client probe
suppression feature
decreases network traffic
by suppressing probe
requests from clients
attempting to locate and
connect to other known
networks.
Time, in seconds, a client is 0-
0
blocked if it fails repeated
2,147,483,6
authentication. A value of 0 47 seconds
blocks a client indefinitely.
ARM's band steering
--
feature can encourage or
require dual-band capable
clients to stay on the 5GHz
band on dual-band APs.
This frees up resources on
the 2.4GHz band for single
band clients like VoIP
phones.
Band steering reduces cochannel interference and increases available bandwidth for dual-band clients, because there are more channels on the 5GHz band than on the 2.4GHz band. Dual-band 802.11ncapable clients may see even greater bandwidth improvements, because the band steering feature will automatically select between 40MHz or 20MHz channels in 802.11n networks. This feature is disabled by default, and must be enabled in a Virtual AP profile.
disabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan virtual-ap | 2342
Parameter
blacklist blacklist-time broadcast-filter all
2343 | wlan virtual-ap
Description
Range
The band steering feature supports three steering modes, which can be configured via the steeringmode parameter:
Band steering can be configured on both campus APs and remote APs that have a virtual AP profile set to tunnel, decrypt-tunnel, split-tunnel or bridge forwarding mode. Note, however, that if a campus or remote APs has virtual AP profiles configured in bridge or split-tunnel forwarding mode but no virtual AP in tunnel mode, those APs will gather information about 5Gcapable clients independently and will not exchange this information with other APs that also have bridge or split-tunnel virtual APs only.
Default
Enables detection of denial -- of service (DoS) attacks, such as ping or SYN floods, that are not spoofed deauth attacks.
enabled
Number of seconds that a client is quarantined from the network after being blacklisted.
02,147,483,6 47 seconds
3600 seconds (1 hour)
Filter out broadcast and
--
multicast traffic in the air.
disabled
Filter out broadcast and
--
multicast traffic in the air.
NOTE: Do not enable this option for virtual APs configured in bridge forwarding mode. This configuration parameter is only intended for use for virtual APs in tunnel mode. In tunnel mode, all packets travel to the controller, so the controller is able to drop all broadcast traffic. When a virtual AP is configured to use bridge forwarding mode, most data traffic stays local
enabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter arp
Description
Range
to the AP, and the controller is not able to filter out that broadcast traffic.
IMPORTANT: If you enable this option, you must also enable the BroadcastFilter ARP parameter in the stateful firewall configuration to prevent ARP requests from being dropped. Note also that although a virtual AP profile can be replicated from a master controller to local controllers, stateful firewall settings do not. If you select the broadcast-filter all option for a Virtual AP Profile on a master controller, you must enable the broadcast-filter arp setting on each individual local controller.
If enabled, all broadcast
--
ARP requests are converted
to unicast and sent directly
to the client. You can check
the status of this option
using the show ap active
and the show datapath
tunnel command. If
enabled, the output will
display the letter a in the
flags column.
Do not enable this option for virtual APs configured in bridge forwarding mode. This configuration parameter is only intended for use for virual APs in tunnel mode. In tunnel mode, all packets travel to the controller, so the controller is able to convert ARP requests directed to the broadcast address into unicast. When a virtual AP is configured to use bridge forwarding mode, most data traffic stays local to the AP, and the controller is not able to convert that broadcast traffic.
Default disabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan virtual-ap | 2344
Parameter clone deny-inter-user-traffic
deny-time-range dos-prevention dot11k-profile dynamic-mcast-optimization 2345 | wlan virtual-ap
Description
Name of an existing traffic management profile from which parameter values are copied.
Range --
Select this checkbox to
--
deny traffic between the
clients using this virtual AP
profile.
The firewall comand includes an option to deny all inter-user traffic, regardless of the Virtual AP profile used by those clients.
If the global setting to deny inter-user traffic is enabled, all inter-user traffic between clients will be denied, regardless of the settings configured in the virtual AP profiles. If the setting to deny inter-user traffic is disabled globally but enabled on an individual virtual ap, only the traffic between untrusted users and the clients on that particular virtual AP will be blocked.
Specify the name of the
--
time range for which the AP
will deny access. Time
ranges can be defined
using the CLI command
time-range.
If enabled, APs ignore
--
deauthentication frames
from clients. This prevents
a successful deauth attack
from being carried out
against the AP. This does
not affect third-party APs.
Name of an 802.11k profile -- to be associated with this VAP.
Enable/Disable dynamic
--
multicast optimization. This
parameter can only be
enabled on a controller with
a PEFNG license.
Default -- disabled
-- disabled default disabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
Description
dynamic-mcast-optimization-threshold
Maximum number of highthroughput stations in a multicast group beyond which dynamic multicast optimization stops.
Range
2-255 stations
fdb-update-on-assoc
This parameter enables
--
seamless failover for silent
clients, allowing them to re-
associate. If you select this
option, the controller will
generate a Layer 2 update
on behalf of client to update
forwarding tables in bridge
devices.
Default: Disabled
forward-mode
Controls whether 802.11 frames are tunneled to the controller using generic routing encapsulation (GRE), bridged into the local Ethernet LAN (for remote APs), or a combination thereof depending on the destination (corporate traffic goes to the controller, and Internet access remains local).
Select one of the following forward modes:
l Tunnel: When an AP is in tunnel forwarding mode, the AP handles all 802.11 association requests and responses. The AP sends all 802.11 data packets, action frames and EAPOL frames over a GRE tunnel to the controller for processing. The controller removes or adds the GRE headers, decrypts or encrypts 802.11 frames and applies firewall rules to the user traffic as usual.
l Bridge: When an AP is in bridge mode, data is bridged onto the local Ethernet LAN. When in bridge mode, the AP handles all 802.11 association requests
tunnel
bridge split-tunnel decrypttunnel
Default 6 stations disabled
tunnel
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan virtual-ap | 2346
Parameter
2347 | wlan virtual-ap
Description
Range
and responses, encryption/decryption processes, and firewall enforcement. 802.11e and 802.11k action frames are also processed by the AP, which then sends out responses as needed. An AP in bridge mode supports only the 802.1x authentication type.
l Split-Tunnel: Data frames are either tunneled or bridged, depending on the destination (corporate traffic goes to the controller, and Internet access remains local). The AP handles all 802.11 association requests and responses, encryption/decryption, and firewall enforcement. 802.11e and 802.11k action frames are also processed by the AP, which then sends out responses as needed. An AP in split-tunnel mode supports only the 802.1x authentication type.
l Decrypt-Tunnel: An AP in decrypt-tunnel forwarding mode decrypts and decapsulates all 802.11 frames from a station and sends the 802.3 frames through the GRE tunnel to the controller, which then applies firewall policies to the user traffic. This mode allows a network to utilize the encryption/decryption capacity the AP while reducing the demand for processing resources on the controller. APs in decrypt-tunnel forwarding mode also manage all 802.11 association requests
Default
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter ha-disc-onassoc
hs2-profile mobile-ip
Description
Range
and responses, and process all 802.11e and 802.11k action frames.
NOTE: Virtual APs in bridge or split-tunnel mode using static WEP should use key slots 2-4 on the controller. Key slot 1 should only be used with Virtual APs in tunnel mode.
If enabled, home agent
--
discovery is triggered on
client association instead of
home agent discovery
based on traffic from client.
Mobility on association can
speed up roaming and
improve connectivity for
clients that do not send
many uplink packets to
trigger mobility (VoIP
clients). Best practices is to
leave this parameter
disabled, as it increases IP
mobility control traffic
between controllers in the
same mobility domain.
Enable this parameter only
when voice issues are
observed in VoIP clients.
NOTE: ha-disc-onassoc parameter works only when IP mobility is enabled and configured on the controller.
Enables or disables a
--
hotspot profile. This is
enabled by default.
Enables or disables IP
--
mobility on a virtual AP.
This is enabled by default.
L3 mobility service is active
on a VAP only if router
mobile is also enabled on
the controller.
Default disabled
enabled enabled
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan virtual-ap | 2348
Parameter multi-association
no outer-vlan preserve-vlan rap-operation
2349 | wlan virtual-ap
Description
Range
Enables or disables multi-
--
association for this virtual
AP. When enabled, this
feature allows a station to
be associated to multiple
APs. If this feature is
disabled, when a station
moves to new AP it will be
de authorized by the AP to
which it was previously
connected, deleting station
context and flushing key
caching information.
Negates any configured
--
parameter.
List of VLANs that can be
--
used for QinQ outer vlan in
this virtual AP.
This parameter allows clients to retain their previous VLAN assignment if the client disassociates from an AP and then immediately re-associates either with same AP or another AP on same controller.
Configures when the virtual AP operates on a remote AP:
l always--Permanently enables the virtual AP (Bridge Mode only). This option can be used for non-802.1X bridge VAPs.
l backup--Enables the virtual AP if the remote AP cannot connect to the controller (Bridge Mode only). This option can be used for non802.1X bridge VAPs.
l persistent-- Permanently enables the virtual AP after the remote AP initially connects to the controller (Bridge Mode only). This option can be used for any (Open/PSK/802.1X) bridge VAPs.
always/ backup/ persistent/ standard
Default disabled
-- --
standard
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter
ssid-profile steering-mode
Description
Range
l standard--Enables the virtual AP when the remote AP connects to the controller. This option can be used for any (bridge/splittunnel/tunnel/d-tunnel) VAPs.
Default
Name of the SSID profile
--
that applies to this virtual
AP.
"default"
Band steering supports three different band steering modes.
l Force-5GHz: When the AP is configured in force-5GHz band steering mode, the AP will try to force 5Ghzcapable APs to use that radio band.
l Prefer-5GHz (Default): If you configure the AP to use prefer-5GHz band steering mode, the AP will try to steer the client to 5G band (if the client is 5G capable) but will let the client connect on the 2.4G band if the client persists in 2.4G association attempts.
l Balance-bands: In this band steering mode, the AP tries to balance the clients across the two radios in order to best utilize the available 2.4G bandwidth. This feature takes into account the fact that the 5Ghz band has more channels than the 2.4 Ghz band, and that the 5Ghz channels operate in 40MHz while the 2.5Ghz band operates in 20MHz.
NOTE: Steering modes do not take effect until the band steering feature has been enabled. The band steering feature in ArubaOS versions 3.3.2-5.0 does not support multiple band-steering modes. The band-steering
Force-5GHz
prefer-5ghz
balancebands
prefer5ghz
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan virtual-ap | 2350
Parameter strict-compli ance
vap-enable vlan
vlan-mobility
wan-operation 2351 | wlan virtual-ap
Description
Range
feature in these versions of ArubaOS functions the same way as the default prefer5GHz steering mode available in ArubaOS 6.0 and later.
If enabled, the AP denies
--
client association requests
if the AP and client station
have no common rates
defined. Some legacy client
stations which are not fully
802.11-compliant may not
include their configured
rates in their association
requests. Such non-
compliant stations may
have difficulty associating
with APs unless strict
compliance is disabled.
Enable or disable the virtual -- AP.
The VLAN(s) into which users are placed in order to obtain an IP address. Enter VLANs as a commaseparated list of existing VLAN IDs or VLAN names. A mixture of names and numeric IDs are not allowed.
NOTE: You must add an existing VLAN ID to the Virtual AP profile.
VLAN mobility retains the
--
client VLAN on roaming
irrespective of the VAP
VLAN, provided the user
VLANs are extended.
VLAN mobility and mobile IP are mutually exclusive.
VLAN mobility does not reuse user firewall sessions on roaming as the sessions will have to be recreated locally on the roamed controller.
Specify the wan-operation to enable Virtual AP depending on the state of the WAN link.
always/ backup/ primary
Default disabled
enabled 1 disabled
always
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Parameter wmm-traffic-management-profile
Description
Specify the WMM Traffic Management Profile to be associated with this Virtual AP Profile.
Range --
Default __
Usage Guidelines
Wireless LAN profiles configure WLANs in the form of virtual AP profiles. A virtual AP profile contains an SSID profile which defines the WLAN and an AAA profile which defines the authentication for the WLAN. You can configure and apply multiple instances of virtual AP profiles to an AP group or to an individual AP.
A named VLAN can be deleted although it is configured in a virtual AP profile. If this occurs the virtual AP profiles becomes invalid. If the named VLAN is added back later the virtual AP becomes valid again.
Beginning with ArubaOS 6.1.3.2, the broadcast-filter arp parameter is enabled by default. Behaviors associated with these settings are enabled upon upgrade to ArubaOS 6.1.3.2. If your controller supports clients behind a wireless bridge or virtual clients on VMware devices, you must disable the broadcast-filter arp setting to allow those clients to obtain an IP address. In previous releases of ArubaOS, the virtual AP profile included two unique broadcast filter parameters; the broadcast-filter all parameter, which filtered out all broadcast and multicast traffic in the air except DHCP response frames (these were converted to unicast frames and sent to the corresponding client) and the broadcast-filter arp parameter, which converted broadcast ARP requests to unicast messages sent directly to the client.
Starting with ArubaOS 6.1.3.2, the broadcast-filter arp setting includes the additional functionality of broadcast-filter all parameter, where DHCP response frames are sent as unicast to the corresponding client. This can impact DHCP discover/requested packets for clients behind a wireless bridge and virtual clients on VMware devices. Disable the broadcast-filter arp setting using the wlan virtual-ap <profile> no broadcastfilter arp command to resolve this issue and allow clients behind a wireless bridge or VMware devices to receive an IP address.
In ArubaOS 6.2 and later, if there is only one VLAN defined, then the controller will send IPv6 router advertisements (RAs) as usual. If, however, there are multiple VLANs, then the controller will automatically convert 802.11 multicast frames to unicast. This conversion prevents RA frames from being sent with a multicast key to all clients on the BSSID, which could lead to clients having multiple IPv6 addresses.
Example
The following command configures a virtual AP:
wlan virtual-ap corpnet vlan 1 aaa-profile corpnet
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan virtual-ap | 2352
Command History
Release ArubaOS 3.0 ArubaOS 3.2 ArubaOS 3.3 ArubaOS 3.3.2
ArubaOS 3.4
ArubaOS 5.0 ArubaOS 6.0 ArubaOS 6.1
ArubaOS 6.2 ArubaOS 6.3 ArubaOS 6.4.3.0
Modification
Command introduced.
Support for the split tunneling option and the rap-operation parameter was introduced.
In support of the IEEE 802.11n standard, a change to the allowed-band parameter was introduced.
l Support for the ha-disc-onassoc parameter was introduced. l The band-steering parameter was introduced but is not a released
feature in ArubaOS 3.3.2. Do not use band-steering without proper guidance from Dell technical support. l Support for the voip-proxy-arp parameter was introduced.
l The voip-proxy-arp parameter was renamed to broadcast-filter-arp and it does not require a Voice license.
l The fast-roaming parameter was renamed to multi-association.
The decrypt-tunnel forwarding mode was introduced.
The steering-mode balance-bands|force-5ghz| prefer-5ghz parameters were introduced.
l The deny inter user traffic and Disable conversion multicast RA packets to unicast parameters were introduced.
l The multi-association parameter was deprecated. l The Multicast Optimization for Video and Multicast Optimization
Threshold parameter were renamed to Dynamic Multicast Optimization (DMO) and Dynamic Multicast Optimization (DMO) Threshold.
The outer-vlan and fdb-update-on-assoc parameters were introduced, and the disable-ra-mcast-to-ucast parameter was deprecated.
The hs2-profile and outer-vlan parameters were introduced.
The wan-operation parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Config mode on master controllers
2353 | wlan virtual-ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan voip-cac-profile
wlan voip-cac-profile <profile-name> bandwidth-cac bandwidth-capacity <bandwidth-capacity> call-admission-control call-capacity call-handoff-reservation <percent> clone <profile-name> disconnect-extra-call no ... send-sip-100-trying send-sip-status-code client|server <code> wmm_tspec_enforcement wmm_tspec_enforcement_period <seconds>
Description
This command configures a Voice over IP (VoIP) call admission control (CAC) profile.
Syntax
Parameter <profile-name>
Description
Range Default
Name of this instance of the -- profile. The name must be 1-63 characters.
"default"
bandwidth-cac
Select the desired call
--
admission control (CAC)
Mechanism:
l Disable - CAC is based on Call Counts
l Enable - CAC should be based on Bandwidth.
disabled
bandwidth-capacity
Define the maximum
--
--
bandwidth that can be
handled by one radio, in
kbps. The default value is
2000 kbps (2 Mbps)
<bandwidth-capacity>
Maximum bandwidth that can be handled by one radio, in kbps. The default value is 2000 kbps (2 Mbps)
160000 0
2000
call-admissioncontrol
Enables or disables WiFi
--
VoIP Call Admission Control
features.
disabled
call-capacity
Number of simultaneous calls that can be handled by one radio.
2-8000 10
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan voip-cac-profile | 2354
Parameter call-handoff-reservation
Description
Percentage of call capacity reserved for mobile VoIP clients on call.
Range Default
0-100
20%
clone
Name of an existing VoIP
--
--
CAC profile from which
parameter values are
copied.
disconnect-ex tra-call
Disconnects calls that
--
exceed the high capacity
threshold by sending a
deauthentication frame.
disabled
no
Negates any configured
--
--
parameter.
send-sip-100trying
Enables sending of SIP 100 - -- trying messages to a call originator to indicate that the call is proceeding. This is useful when the SIP invite may be redirected through a number of servers before reaching the controller.
enabled
send-sip-status-code client|server <code> Use this parameter with the --
486
client or server options to
drop a SIP Invite and send
status code back to the
client or server. You must
also include one of the
following codes:
l 480: Temporary Unavailable
l 486: Busy Here
l 503: Ser vice Unavailable
l none: Don't send SIP status code
wmm_tspec_en forcement
Enables validation of TSPEC -- requests for CAC.
disabled
wmm_tspec_en forcement_ period
Maximum time for the station to start the call after the TSPEC request.
1-100
1 second
Usage Guidelines
The VoIP CAC profile prevents any single AP from becoming congested with voice calls.
Example
The following command enables VoIP CAC:
2355 | wlan voip-cac-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
(host) (config) #wlan voip-cac-profile cac1 call-admission-control disconnect-extra-call
Command History
Version ArubaOS 3.0
Change Command introduced
ArubaOS 3.4
The following parameters were deprecated: l active-load-balancing l high-threshold-capacity l noe-call-capacity l sccp-call-capacity l svp-call-capacity l vocera-call-capacity
ArubaOS 3.4.1 ArubaOS 5.1
The following parameters were introduced: l bandwidth-cac l bandwidth-capacity l call-capacity
License requirements changed in ArubaOS 3.4.1, so the command required the PEF license instead of the Voice Services Module license required in earlier versions.
The supported range for the call-capacity parameter changed from 0-8000 to 2-8000.
Command Information
Platforms All platforms
Licensing PEFNG license
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan voip-cac-profile | 2356
wlan wmm-traffic-management-profile
wlan wmm-traffic-management-profile <profile-name> background <share> best-effort <share> clone <source> enable-shaping no video <share> voice <share>
Description
This command configures bandwidth shaping for WMM access categories.
The bandwidth shaping is applied on down-link traffic only.
Syntax
Parameter background <share> best-effort <share> clone <source> enable-shaping no video <share> voice <share>
Description
Range
Bandwidth allocation in percentage (%) for WMM background access traffic category.
1-99
Bandwidth allocation in percentage (%) for WMM best effort access traffic category.
1-99
Copy configuration from another WMM Traffic man- -- agement profile.
Enable a bandwidth shaping policy so that the
--
allocated bandwidth share is appropriately used.
Negate any configured parameter.
--
Bandwidth allocation in percentage (%) for video access traffic category.
1-99
Bandwidth allocation in percentage (%) for voice access traffic category.
1-99
Default 5 5 -- disabled -- 55 35
Usage Guidelines
After you configure the WMM traffic management profile, apply it to the virtual AP profile. For WMM traffic management to take effect, you must enable fair-access or preferred-access parameter under wlan traffic-management-profile.
Example
The following command configures a WMM traffic management profile: (host) (config) #wlan wmm-traffic-management-profile test (host) (WMM Traffic management profile "test") #enable-shaping (host) (WMM Traffic management profile "test") #background 7 (host) (WMM Traffic management profile "test") #best-effort 10
2357 | wlan wmm-traffic-management-profile
Dell Networking W-Series ArubaOS 6.4.x | User Guide
(host) (WMM Traffic management profile "test") #voice 40 (host) (WMM Traffic management profile "test") #video 43
Apply the WMM traffic management profile to the virtual AP profile.
(host) (config) #wlan virtual-ap employee (host) (Virtual AP profile "employee") #wmm-traffic-management-profile test
Enable the fair-access or preferred access parameter under wlan traffic-management-profile.
(host) (config) #wlan traffic-management-profile test (host) (Traffic management profile "test") #shaping-policy fair-access OR (host) (Traffic management profile "test") #shaping-policy preferred-access
Apply the traffic management profile to an ap group.
(host) (config) #ap-group default (host) (AP group "default") #dot11a-traffic-mgmt-profile test
Related Commands
Command show wlan wmm-traffic-management-profile
wlan traffic-management-profile
Description
Displays the WMM traffic management profile(s) configured on the controller.
Configures a traffic management profile.
Command History
Version ArubaOS 5.0
Change Command introduced.
Command Information
Platforms All platforms
Licensing PEFNG license
Command Mode Config mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wlan wmm-traffic-management-profile | 2358
wms ap
wms ap <bssid> mode {interfering|manually-contained|neighbor|rogue|suspected-rogue|valid}
Description
This command allows you to classify an AP into one of several categories.
Syntax
Parameter <bssid>
Description BSSID of the AP.
mode
Classify the AP into one of the following categories.
interfering
An AP seen in the RF environment but is not connected to the wired network.
manually-contained Manually enable denial of service from this AP
neighbor
An neighboring AP whose BSSID is known.
suspected-rogue
A suspected rogue AP that is plugged into the wired side of the network but may not be an unauthorized device. Automatic shutdown of rogue APs does not apply to these devices.
rogue
A rogue AP that is unauthorized and is plugged into the wired side of the network. You can configure automatic shutdown of rogue APs in the IDS unauthorized device detection profile.
valid
An AP that is part of the enterprise providing WLAN service.
Usage Guidelines
If AP learning is enabled (with the wms general learn-ap enable command), non-Dell APs connected on the same wired network as Dell APs are classified as valid APs. If AP learning is disabled, a non-Dell AP is classified as an unsecure or suspect-unsecure AP.
Example
The following command classifies an interfering AP as a known-interfering AP: (host) #wms ap 01:00:00:00:00:00 mode known-interfering
2359 | wms ap
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Command History
Release ArubaOS 3.0 ArubaOS 6.0 ArubaOS 6.1
Modification Introduced Renamed the modes and deprecated the DoS mode. The suspected-rogue parameter was introduced.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wms ap | 2360
wms clean-db
wms clean-db
Description
This command deletes the WMS database.
Syntax
Parameter clean-db
Description Cleans the WMS database.
Usage Guidelines
This command deletes all entries from the WMS database. Do not use this command unless instructed to do so by a Dell representative.
Example
The following command cleans the WMS database: (host) #wms clean-db
WMS Database will be deleted. Do you want to proceed with this action [y/n]:
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
2361 | wms clean-db
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wms client
wms client <macaddr> mode {manually-contain|interfering|valid}
Description
This command allows you to classify a wireless client into one of several categories.
Syntax
Parameter client
Description MAC address of the client.
mode
Classify the client into one of the following categories:
manually-contain
Manualy enable denial of service to this client.
interfering
Setting the client mode to interfering makes it part of clients outside the enterprise
valid
A client that is part of the enterprise.
Usage Guidelines
ArubaOS can automatically determine client classification based on client behavior, but this command allows you to explicitly classify a client. The classification of a client is used in certain policy enforcement features. For example, if protect-valid-sta is enabled in the IDS Unauthorized Device Profile, then clients that are classified as valid cannot connect to non-valid APs.
Example
The following command classifies a client as valid: (host) #wms client 00:00:A4:34:C9:B3 mode valid
Command History
Release ArubaOS 3.0 ArubaOS 6.1
Modification
Command introduced
The following parameters were deprecated dos neighbor
The following parameters were introduced: manually-contain interfering
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wms client | 2362
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
2363 | wms client
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wms export-class
wms export-class <filename>
Description
This command exports classification information into a file.
Syntax
Parameter <filename>
Description Name of the file into which you want to export classification information
Usage Guidelines
This command writes classification data into comma separated values (CSV) files--one for APs and one for clients. You can import these files into the Dell Mobility Manager system.
Example
The following command exports classification data into an AP and a client file: (host) #wms export-class class
Exported data to class_ap.csv and class_sta.csv
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wms export-class | 2364
wms export-db
wms export-db <filename>
Description
This command exports the WMS database to a specified file.
Syntax
Parameter <filename>
Description
Name of the file into which you want to export the database. The filename plus any extensions must be no longer than 32 characters and may contain only keyboard characters.
Usage Guidelines
The file is exported as an ASCII text file. If you have configured the controller for operation with DellMMS, this command will fail and an error will be returned.
Example
The following command exports the WMS database to a file: (host) #wms export-db database
Exported WMS DB to database
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
2365 | wms export-db
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wms import-db
wms import-db <filename>
Description
This command imports the specified file into the WMS database.
Syntax
Parameter <filename>
Description
Name of the file into which you want to import into the database. The filename plus any extensions must be no longer than 32 characters and may contain only keyboard characters.
Usage Guidelines
The imported file replaces the WMS database. The imported file must be a valid WMS database file that you previously exported using the wms export-db command.
Example
The following command imports the WMS database from a file: (host) #wms import-db database
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
Dell Networking W-Series ArubaOS 6.4.x | User Guide
wms import-db | 2366
wms reinit-db
wms reinit-db
Description
This command reinitializes the WMS database to its factory defaults.
Syntax
No parameters.
Usage Guidelines
When you use this command, there is no automatic backup of the current database. If an MMS server is configured on the controller (See mobility-manager on page 650), this command will fail and return an error.
Example
The following command reinitializes the WMS database: (host) #wms reinit-db WMS Database will be re-initialized. Do you want to proceed with this action [y/n ]:
Command History
This command was introduced in ArubaOS 3.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable mode on master controllers
2367 | wms reinit-db
Dell Networking W-Series ArubaOS 6.4.x | User Guide
write
write {erase [all] | memory | terminal}
Description
This command saves the running configuration to memory or displays the running configuration on the screen. This command can also be used to erase the running configuration and return the controller to factory defaults.
Syntax
Parameter erase
memory terminal
Description
Erases the running system configuration file. Rebooting the controller resets it to the factory default configuration. If you specify all, the configuration and all data in the controller databases (including the license, WMS, and internal databases) are erased.
Saves the current system configuration to memory. Any configuration changes made during this session will be made permanent.
Displays the current system configuration.
Usage Guidelines
Configuration changes made using the CLI affect only the current session. You must save your changes for them to be retained across system reboots. Changes are lost if the system reboots before saving the changes. To save your configuration changes, use the write memory command.
If you use the write erase command, the license key management database on the controller is not affected. If you use the write erase all command, all databases on the controller are deleted, including the license key management database. If you reset the controller to the factory default configuration, perform the Initial Setup as described in the Dell Networking W-Series ArubaOSQuick Start Guide.
If you use the write terminal command, all of the commands used to configure the controller appear on the terminal. If paging is enabled, there is a pause mechanism that stops the output from printing continuously to the terminal. To navigate through the output, use any of the commands displayed at the bottom of the output, as described in below. If paging is disabled, the output prints continuously to the terminal. For more information about the paging command, see paging on page 673.
Key Q U spacebar
Description Exit the display. Page up through the output. Page down through the output.
Dell Networking W-Series ArubaOS 6.4.x | User Guide
write | 2368
Key / N
Description Enter a text string to search for. Repeat the text string to search for.
Example
The following command saves your changes so they are retained after a reboot: (host) #write memory The following command deletes the running configuration and databases and returns the controller to the factory default settings: (host) #write erase
Command History
This command was introduced in ArubaOS 1.0.
Command Information
Platforms All platforms
Licensing Base operating system
Command Mode Enable and Config modes
2369 | write
Dell Networking W-Series ArubaOS 6.4.x | User Guide
Appendix A: Command Modes
The Dell Networking W-Series ArubaOS command-line interface offers different levels of user access by differentiating between different command modes.
When you first log in to the CLI, you start your session in User mode, which provides only limited access for basic operational testing. You must enter an additional password to access Enable mode, which allows you to issue show commands run certain management functions. Configuration commands can only be issued in Configuration mode. You can access Config mode by entering configure terminal at the command prompt. You can exit your current command mode and return to a lower-level command mode at any time by entering exit at the command prompt.
The following sections describes how to access each command mode, the command prompt for each mode, and links to its available commands.
User mode
You always begin a CLI session in user mode, the command mode with the lowest level of user access. The command prompt for a user mode session is a greater-than (>) symbol:
(host) >
The following commands are available in user mode.
l enable l exit l help l logout l ping l tracepath l traceroute
Enable Mode
To move from user mode to enable mode, you must enter the command enable, press Enter, then enter config mode password that was defined during the controller's initial setup process. (The default password is enable.) Users in enable mode may return to user mode at any time by entering the command exit.
The command prompt for a CLI session in enable mode is a pound (#) symbol:
(host) #
To view a list of commands available in enable mode, access the CLI in enable mode and enter a question mark (?):
(host) #?
Some top-level commands have different sets of subcommands available in Enable or Config mode. To view a list of available subcommands in Enable mode, access the CLI in Enable mode, enter the top level command, then enter a question mark (?). For example, the following example shows which aaa commands are available in Enable mode:
Dell Networking W-Series ArubaOS 6.4.x| User Guide
Appendix A: Command Modes | 2370
(host) #aaa ? authentication inservice ipv6 query-user test-server user
Authentication Bring authentication server into service Internet Protocol Version 6 Query User Test authentication server User commands
Config Mode
To move from enable mode to config mode, enter the command config terminal. Users in config mode may return to enable mode at any time by entering the command exit.
When you are in config mode, (config) appears before the # prompt:
(host) (config) #
Some top-level commands have different sets of subcommands available in Enable or Config mode. To view a list of available subcommands in Config mode, access the CLI in Config mode, enter the top level command, then enter a question mark (?). For example, the following example shows which aaa commands are available in Config mode:
(host) (config) #aaa ? alias-group authentication authentication-server bandwidth-contract derivation-rules dns-query-interval password-policy profile radius-attributes server-group tacacs-accounting timers user
Configure an Alias Group Authentication Authentication Servers Configure bandwidth contract (256 Kbps - 2 Gbps) Configure rules to derive user role or vlan Set DNS query interval Password policy for locally configured management users Configure an AAA Profile Configure RADIUS attribute Configure a Server Group Configure accounting Configure authentication timers User commands
Configuration Sub-modes
Some Config mode commands can enter you into a sub-mode with a limited number of available commands specific to that mode. When you are in a configuration sub-mode, the (config) that appears before the command prompt will change to indicate your current mode; e.g (config-if) for config-interface mode, and (config-tunnel) for config-tunnel mode.
You can exit a sub-command mode and return to the basic configuration mode at any time by entering the exit command.
2371 | Appendix A: Command Modes
Dell Networking W-Series ArubaOS 6.4.x | User Guide
MadCap Flare V10; modified using iTextSharp 5.1.3 (c) 1T3XT BVBA