Aerohive CLI Guide for HiveOS 6.0r2 (BR100)

The following is a complete list of commands available in the HiveOS 6.0r2 release for the BR100 along with explanations of every keyword. Click a command to see its keyword explanations. Then click the Back Arrow in your browser to return to the list of commands. For an introduction to the Aerohive CLI, explaining different ways to access it, some keyboard shortcuts, and usage tips, click here.

802.1x-mac-table expire-time <number>
802.1x-mac-table Set parameters for the client MAC address table that is used to track the status of authenticated clients and those attempting authentication through 802.1X/EAP
expire-time Set the interval of idle time after which the status of an authenticated client elapses
<number> Enter an expiration time interval in seconds (Range: 60-86400; Default: 300)
802.1x-mac-table suppress-interval <number>
802.1x-mac-table Set parameters for the client MAC address table that is used to track the status of authenticated clients and those attempting authentication through 802.1X/EAP
suppress-interval Set a length of time to ignore further authentication requests after a client fails an authentication check
<number> Enter a suppress interval in seconds (Range: 0-3600; Default: 0; Note: 0 means that no suppression is applied after an authentication failure.)
aaa attribute NAS-Identifier <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
NAS-Identifier Set the RADIUS Access-Request and Accounting-Request packets NAS-Identifier parameter (Note: The NAS identifier contains a string that identifies the NAS that is originating the access or accounting request.)
<string> Enter the custom NAS-Identifier (Default: HiveAP host name; 1-64 chars)
aaa attribute Operator-Name namespace-id <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
namespace-id Set the namespace ID parameter of the Operator-Name (Default: realm)
<number> Enter a number used for namespace ID (Range: 4-206; Note: These namespace ID values anticipate future additions to the list of namespaces as defined by IANA and reference in RFC 5580.)
aaa attribute Operator-Name namespace-id {TADIG|REALM|E212|ICC}
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
namespace-id Set the namespace ID parameter of the Operator-Name (Default: realm)
TADIG Set the Namespace-ID parameter to TADIG (Transferred Account Data Interchange Group; Note: TADIG namespaces include a country code and a company code, and are used in cellular telephone networks.)
REALM Set the Namespace-ID parameter to REALM (Note: Realm namespaces must be globally unique, so administrators commonly use device fully qualified domain name.)
E212 Set the Namespace-ID parameter to E212 (Note: The E.212 standard is defined in the ITU (International Telecommunication Union) standard. E.212 namespaces include a mobile country code and a mobile network code, and are used in cellular telephone networks.)
ICC Set the Namespace-ID parameter to ICC (ITU carrier code; Note: ICC namespaces consist of a country code and the carrier code, and are used in cellular telephone networks.)
aaa attribute Operator-Name value <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
value Set the value for the operator name attribute
<string> Enter a string for Operator-Name(1-64 chars)
aaa attribute user-profile-attribute vendor-id <number> attribute-id <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
user-profile-attribute Map a RADIUS attribute to the user profile
vendor-id Set a vendor ID RADIUS attribute
<number> Enter the vendor ID number (Range: 1-65535; Note: Aerohive recommends a vendor ID of 26928, which identifies Aerohive as the vendor.)
attribute-id Set an ID for a private RADIUS attribute
<number> Enter the private RADIUS attribute ID number to be combined with the vendor ID number(Range: 1-255; Note: Aerohive recommends an attribute ID of 6, which corresponds to the user profile attribute.)
aaa mac-format case-sensitivity {lower-case|upper-case}
aaa Set parameters for AAA (authentication, authorization, accounting)
mac-format Set the MAC address format to use when sending client MAC addresses to an external authentication server
case-sensitivity Set the letter case to use when formatting MAC addresses
lower-case Use lowercase formatting (Example: 01ab23cd45ef; Default: lower-case)
upper-case Use uppercase formatting (Example: 01AB23CD45EF; Default: lower-case)
aaa mac-format delimiter {dash|dot|colon}
aaa Set parameters for AAA (authentication, authorization, accounting)
mac-format Set the MAC address format to use when sending client MAC addresses to an external authentication server
delimiter Set the type of delimiter to use when formatting MAC addresses
dash Set a dash ( - ) as the MAC address delimiter (Default: colon)
dot Set a dot ( . ) as the MAC address delimiter (Default: colon)
colon Set a colon ( : ) as the MAC address delimiter (Default: colon)
aaa mac-format style {two-delimiter|five-delimiter|no-delimiter}
aaa Set parameters for AAA (authentication, authorization, accounting)
mac-format Set the MAC address format to use when sending client MAC addresses to an external authentication server
style Set the number of delimiters to use when grouping the hexadecimal digits in a MAC address
two-delimiter Set the number of delimiters in a MAC address as two (Example: 0123.4567.89ab; Default: no-delimiter)
five-delimiter Set the number of delimiters in a MAC address as five (Example: 01-23-45-67-89-ab; Default: no-delimiter)
no-delimiter Set the number of delimiters in a MAC address as none (Example: 0123456789ab; Default: no-delimiter)
aaa ppsk-server auto-save-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
ppsk-server Set parameters for the local HiveAP when it is acting as a private PSK server
auto-save-interval Set the length of time to save the list of private PSK-to-client MAC address bindings to flash memory
<number> Enter the interval in seconds(Default: 600 sec; Range: 60-3600)
aaa ppsk-server radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ via-vpn-tunnel ]
aaa Set parameters for AAA (authentication, authorization, accounting)
ppsk-server Set parameters for the local HiveAP when it is acting as a private PSK server
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
primary Set the RADIUS server that is first queried when authenticating users
backup1 Set the RADIUS server that is queried if the primary server stops responding
backup2 Set the RADIUS server that is queried if the backup1 server stops responding
backup3 Set the RADIUS server that is queried if the backup2 server stops responding
<ip_addr> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
<string> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
auth-port Set the RADIUS authentication port number
<number> Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
aaa radius-server account-interim-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
account-interim-interval Set the interval in seconds for sending RADIUS accounting updates
<number> Enter the interval in seconds for sending RADIUS accounting updates (Default: 20; Range: 10-100000000)
aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
accounting Set parameters for a RADIUS accounting server
primary Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets first
backup1 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the primary server does not respond
backup2 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup1 server does not respond
backup3 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup2 server does not respond
<ip_addr> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
<string> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
shared-secret Set the shared secret for securing communications with RADIUS accounting servers
<string> Enter the shared secret (1-64 chars; Note: The RADIUS shared secret is case sensitive and can contain spaces.)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
aaa radius-server dynamic-auth-extension
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
dynamic-auth-extension Enable the HiveAP acting as a NAS to accept unsolicited messages from the RADIUS authentication server (Default: Disabled)
aaa radius-server inject Operator-Name
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
inject Set injection parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
aaa radius-server keepalive enable
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
enable Set parameters for periodically checking network connectivity to RADIUS servers
aaa radius-server keepalive interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
interval Set the interval between periodic connectivity status checks
<number> Enter the interval in seconds (Default: 60; Range: 60-86400)
aaa radius-server keepalive retry <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
retry Set the number of times to retry sending an Access-Request or Accounting-Request that does not elicit a response from a RADIUS authentication or accounting server
<number> Enter the retry value (Default: 3; Range: 1-10)
aaa radius-server keepalive retry-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
retry-interval Set the interval between retries if no response is received from the RADIUS server
<number> Enter the retry interval value in seconds (Default: 10; Range: 1-60)
aaa radius-server keepalive username <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
username Set the user name to submit in Access-Request messages when checking the connectivity to RADIUS authentication servers
<string> Enter the user name (1-32 chars)
password Set the password to submit in Access-Request messages
<string> Enter the password (1-64 chars)
aaa radius-server local user-group <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
user-group Add a user group on the local RADIUS server
<string> Enter the user group name (1-32 chars)
aaa radius-server retry-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
retry-interval Set RADIUS server retry interval
<number> Enter RADIUS server retry interval (Default: 600 secs; Range: 60-100000000)
aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
primary Set the RADIUS server that is first queried when authenticating users
backup1 Set the RADIUS server that is queried if the primary server stops responding
backup2 Set the RADIUS server that is queried if the backup1 server stops responding
backup3 Set the RADIUS server that is queried if the backup2 server stops responding
<ip_addr> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
<string> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
auth-port Set the RADIUS authentication port number
<number> Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
access-console custom-ssid <string>
access-console Set access console parameters
custom-ssid Set custom SSID profile name for the access console
<string> Enter an SSID profile name (1-32 chars)
access-console hide-ssid
access-console Set access console parameters
hide-ssid Hide the SSID in beacons and ignore broadcast probe requests(Default: disabled)
access-console max-client <number>
access-console Set access console parameters
max-client Set the maximum number of clients that can associate with the access console SSID
<number> Enter the maximum number of clients that can associate (Default: 2; Range: 1-64)
access-console mode {auto|disable|enable}
access-console Set access console parameters
mode Set the mode for the access console (Note: 'auto' enables the access console only when there is no Ethernet or wireless backhaul connection. 'enable' and 'disable' set the mode manually.)
auto Set the mode as auto (Default: auto)
disable Set the mode as disable (Default: auto)
enable Set the mode as enable (Default: auto)
access-console security mac-filter <string>
access-console Set access console parameters
security Set the security parameters for the access console
mac-filter Assign a MAC filter to the access console to restrict access only to those MAC addresses and OUIs (organizational unique identifiers) specified in the filter
<string> Enter the filter name (1-32 chars)
access-console security protocol-suite open
access-console Set access console parameters
security Set the security parameters for the access console
protocol-suite Set the security protocol suite for the access console
open Set the security protocol suite as open
access-console security protocol-suite {wpa-aes-psk|wpa-tkip-psk|wpa2-aes-psk|wpa2-tkip-psk|wpa-auto-psk} ascii-key <string>
access-console Set access console parameters
security Set the security parameters for the access console
protocol-suite Set the security protocol suite for the access console
wpa-aes-psk Set the security protocol suite as wpa-aes-psk
wpa-tkip-psk Set the security protocol suite as wpa-tkip-psk
wpa2-aes-psk Set the security protocol suite as wpa2-aes-psk
wpa2-tkip-psk Set the security protocol suite as wpa2-tkip-psk
wpa-auto-psk Set the security protocol suite as wpa-auto-psk
ascii-key Set key type as an ASCII string
<string> Enter the ASCII key value (8-63 chars)
access-console telnet
access-console Set access console parameters
telnet Enable Telnet manageability of the access console (Default: enabled)
admin auth radius-method [ {pap|chap|ms-chap-v2} ]
admin Set the administrator parameters
auth Set the administrators authentication method
radius-method Authenticate admins by checking accounts stored on an external RADIUS server
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the AP and RADIUS server (Default: PAP)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the AP and RADIUS server (Default: PAP)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the AP and RADIUS server (Default: PAP)
admin auth {local|radius|both}
admin Set the administrator parameters
auth Set the administrators authentication method
local Authenticate admins by checking accounts stored on the local database (Default: local)
radius Authenticate admins by checking accounts stored on an external RADIUS server
both Authenticate admins by checking accounts on an external RADIUS server first and the local database second
admin manager-ip <ip_addr/netmask>
admin Set the administrator parameters
manager-ip Allow administrative access from a host or subnet (By default, access from all addresses are allowed.)
<ip_addr/netmask> Enter an IP address and netmask
admin min-password-length <number>
admin Set the administrator parameters
min-password-length Set the minimum password length
<number> Enter the minimum password length (Default: 5; Range: 5-32)
admin root-admin <string> password <string>
admin Set the administrator parameters
root-admin The root-admin has complete privileges, including the ability to add, modify, and delete other admins
<string> Enter root-admin name (3-20 chars)
password Set password for the root-admin
<string> Set password for the root-admin (5-32 chars)
admin {read-write|read-only} <string> password <string>
admin Set the administrator parameters
read-write The read-write admin has the ability to view, set commands and modify his or her own password, but not the ability to reset the configuration or add, modify, and delete other admins
read-only The read-only admin has the ability to view settings
<string> Enter an admin user's name (3-20 chars)
password Set password for the user
<string> Set password for the user (5-32 chars)
alg {ftp|tftp|sip|dns|http} enable
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
dns Set a DNS (Domain Name System) ALG
http Set an HTTP ALG
enable Enable ALG functionality
alg {ftp|tftp|sip|dns} qos <number>
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
dns Set a DNS (Domain Name System) ALG
qos Set an Aerohive QoS class for ALG data traffic
<number> Enter an Aerohive QoS class (Default: 0 for FTP, 0 for TFTP, 6 for SIP, 0 for DNS; Range: 0-7)
alg {ftp|tftp|sip} inactive-data-timeout <number>
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
inactive-data-timeout Set a timeout to close an inactive gate
<number> Enter an inactive gateway timeout value in seconds (Default: 30 for FTP, 30 for TFTP, 60 for SIP; Range: 1-1800s)
alg {ftp|tftp|sip} max-duration <number>
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
max-duration Set the maximum duration for the ALG
<number> Enter the maximum duration in minutes (Default: 60 for FTP, 60 for TFTP, 720 for SIP; Range: 1-7200(min))
amrp interface <ethx> priority <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
interface Set AMRP parameters per interface
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
priority Set a priority for the AP to be elected as a DA (designated AP) on the Ethernet link to which the interface connects
<number> Enter the priority value (Range: 0-255; Default: 0; Note: The greater the number is, the higher its priority, and the more preferred the AP will be during the DA election process. For example, 100 has a higher priority than 50.)
amrp metric poll-interval <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
metric Set route metric parameters for the backhaul link (Ethernet and wireless)
poll-interval Set the interval for polling neighbors to determine current route metrics
<number> Enter the poll-interval value (Default: 60 secs; Range: 10-300)
amrp metric type {aggressive|conservative|normal}
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
metric Set route metric parameters for the backhaul link (Ethernet and wireless)
type Set the type of behavior governing dynamic changes to route metrics
aggressive Change route metrics to aggressive (Default: normal)
conservative Change route metrics to conservative (Default: normal)
normal Change route metrics to normal (Default: normal)
amrp neighbor <mac_addr> metric min <number> max <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
neighbor Specify the neighbor to which you want to set AMRP parameters
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
metric Set route metric parameters for the backhaul link (Ethernet and wireless) to the neighbor
min Set the minimum metric value
<number> Enter the minimum metric value (Default: 67; Range: 8-1200)
max Set the maximum metric value equal to or greater than the minimum value
<number> Enter the maximum metric value (Default: 67; Range: 8-1200)
amrp vpn-tunnel heartbeat interval <number> retry <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
vpn-tunnel Set parameters for VPN tunneling
heartbeat Set AMRP (Advanced Mobility Routing Protocol) heartbeat parameters for VPN tunnel
interval Set the interval for sending AMRP heartbeats through the tunnel
<number> Enter the heartbeat interval in seconds (Range: 0-65535; Default: 10; Note: 0 disables AMRP heartbeats.)
retry Set the number of times to retry sending a heartbeat when it does not elicit a response
<number> Enter the number of heartbeats to retry sending (Range: 1-255; Default: 10)
boot-param boot-file <string>
boot-param Set parameters for the boot loader
boot-file Set the file name of the HiveOS image that you want to load on the local HiveAP through a network connection to a TFTP server
<string> Enter the file name (1-127 chars)
boot-param boot-password <string>
boot-param Set parameters for the boot loader
boot-password Set the password that a root admin must enter to interrupt the auto-boot sequence
<string> Enter the password (8-32 chars)
boot-param country-code <number>
boot-param Set parameters for the boot loader
country-code Set the country code used to control radio channel and power selections
<number> Enter a country code value (Default: 0; Range: 1-10000)
boot-param device <ip_addr/netmask>
boot-param Set parameters for the boot loader
device Set the IP address and netmask of the local HiveAP device
<ip_addr/netmask> Enter the IP address and netmask
boot-param device <ip_addr> <netmask>
boot-param Set parameters for the boot loader
device Set the IP address and netmask of the local HiveAP device
<ip_addr> Enter the IP address
<netmask> Enter the IP netmask
boot-param gateway <ip_addr>
boot-param Set parameters for the boot loader
gateway Set the IP address of the gateway so that the local HiveAP can reach the TFTP server with the HiveOS image that you want to load
<ip_addr> Enter the IP address
boot-param image-download enable
boot-param Set parameters for the boot loader
image-download Set the ability of the local HiveAP to download a HiveOS image from an external TFTP server during the bootup process (Default: Enabled; Note: Only a root-admin can enable and disable image loading from an external source during bootup.)
enable Enable the ability to download a HiveOS image from a TFTP server to the local HiveAP
boot-param native-vlan <number>
boot-param Set parameters for the boot loader
native-vlan Set the native VLAN ID of the local HiveAP
<number> Enter the VLAN ID (Default: 0; Range: 0-4094)
boot-param netboot enable
boot-param Set parameters for the boot loader
netboot Set the HiveAP to boot up automatically from an external TFTP server after an application crash occurs
enable Enable the ability to boot up automatically from an external TFTP server after an application crash occurs
boot-param netdump dump-file [ <string> ]
boot-param Set parameters for the boot loader
netdump Set parameters for saving a core dump to the TFTP server specified in the "boot-param server" command (Note: If the HiveAP crashes, it saves a core dump file to the TFTP server in its next rebooting phase)
dump-file Set the name of the core dump file to be saved to the TFTP server
<string> Enter the name of the core dump file (Default name: .netdump; 1-32 chars)
boot-param netdump enable
boot-param Set parameters for the boot loader
netdump Set parameters for saving a core dump to the TFTP server specified in the "boot-param server" command (Note: If the HiveAP crashes, it saves a core dump file to the TFTP server in its next rebooting phase)
enable Enable the netdump feature (Default: Disabled)
boot-param server <ip_addr>
boot-param Set parameters for the boot loader
server Set the IP address of the TFTP server that has the HiveOS image file that you want to load
<ip_addr> Enter the IP address
boot-param vlan <number>
boot-param Set parameters for the boot loader
vlan Set the VLAN that the local HiveAP must use to reach the TFTP server
<number> Enter the VLAN ID (Default: 0; Range: 0-4094)
cac airtime-per-second <number>
cac Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP calls
airtime-per-second Set airtime reserved for VoIP calls
<number> Enter the airtime for VoIP calls (Default: 500ms; Range: 100ms-1000ms)
cac enable
cac Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP calls
enable Enable CAC protection of VoIP traffic
cac roaming airtime-percentage <number>
cac Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP calls
roaming Set parameters for VoIP calls when a client roams
airtime-percentage Set the percentage of airtime reserved for VoIP calls during roaming
<number> Enter the percentage of reserved airtime (Default: 20; Range: 0-100)
capture interface <wifix> [ count <number> ] [ filter <number> ] [ promiscuous ]
capture Set packet capture parameters
interface Enable packet capturing on a radio interface
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
count Set the number of frames to capture
<number> Enter the number of frames to capture (Default: 2000; Range: 1-100000)
filter Set the packet capture filter
<number> Enter a filter ID (Range: 1-64)
promiscuous Enable the wifi interfaces to operate in promiscuous mode during packet capturing (Default: Disabled)
capture save interface <wifix> <string>
capture Set packet capture parameters
save Set the packet capture tool to save captured packets to a file
interface Set the packet capture tool to save captured packets to a file on a radio interface
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
<string> Enter a local file name or the remote location, path, and file name (Format: filename or tftp://server:/path/filename; Default: wifix.dmp)
capwap client HTTP proxy name <string> port <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
HTTP Set HTTP as the application-level protocol using TCP as the transport mode
proxy Set parameters for the HTTP proxy server
name Set the HTTP proxy server name
<string> Enter the IP address or domain name of the HTTP proxy server (1-32 chars)
port Set the HTTP proxy server port number
<number> Enter the port number (Range: 1-65535)
capwap client HTTP proxy user <string> password <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
HTTP Set HTTP as the application-level protocol using TCP as the transport mode
proxy Set parameters for the HTTP proxy server
user Set the user name for authenticating the HiveAP with the HTTP proxy server
<string> Enter the authentication user name (1-32 chars)
password Set the user password for authenticating the HiveAP with the HTTP proxy server
<string> Enter the password (1-32 chars)
capwap client default-server-name <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
default-server-name Set the default IP address or domain name for the CAPWAP server
<string> Enter IP address or name for CAPWAP server (1-32 chars)
capwap client discovery interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
discovery Set CAPWAP client discovery parameters
interval Set CAPWAP discovery interval
<number> Enter the CAPWAP discovery interval (Default: 5 secs; Range:1-999)
capwap client discovery maximum interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
discovery Set CAPWAP client discovery parameters
maximum Set the max time in seconds to wait for a response to a Discovery Request message
interval Set the max time in seconds to wait for a response to a Discovery Request message
<number> Enter the max time to wait for a response to a Discovery Request message (Default: 10 secs; Range: 2-180)
capwap client dtls accept-bootstrap-passphrase
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
accept-bootstrap-passphrase Always accept the bootstrap passphrase proposed by HiveManager
capwap client dtls bootstrap-passphrase <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
bootstrap-passphrase Set a passphrase for initial and recovery CAPWAP connections
<string> Enter the bootstrap passphrase (16-32 chars)
capwap client dtls enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
enable Enable CAPWAP client dtls feature
capwap client dtls handshake-wait-time <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
handshake-wait-time Set the maximum time to wait for a DTLS handshake message from the CAPWAP server
<number> Enter the maximum wait time in seconds (Default: 60; Range: 30-120)
capwap client dtls hm-defined-passphrase <string> key-id <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
hm-defined-passphrase Use the HiveManager-defined passphrase to secure CAPWAP communications
<string> Enter a passphrase for the HiveAP to use when making a secure CAPWAP connection (16-32 chars)
key-id Set the key ID for the passphrase
<number> Enter the key ID (Range: 1-255)
capwap client dtls max-retries <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
max-retries Set the maximum number of times to retry making a DTLS connection
<number> Enter the maximum number of retries (Default: 3; Range: 1-65535)
capwap client dtls negotiation enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
negotiation Set the HiveAP to auto-negotiate the use of DTLS with HiveManager
enable Enable DTLS auto-negotiation
capwap client dtls psk <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
psk Set the DTLS preshared key manually (instead of deriving it from a passphrase)
<string> Enter the DTLS preshared key in ASCII hex format (1-64 chars)
capwap client dtls session-delete-wait-time <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
session-delete-wait-time Set the minimum time to wait for DTLS session deletion
<number> Enter the wait time in seconds (Default: 5; Range: 1-65535)
capwap client enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
enable Enable CAPWAP client
capwap client event enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
event CAPWAP report event information
enable Enable CAPWAP send event information
capwap client join timeout <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
join Set the interval that the HiveAP waits for a CAPWAP Join Response message
timeout Set the interval that the HiveAP waits for a CAPWAP Join Response message
<number> Enter join interval in seconds to wait for Join Response message (Default: 60 secs; Range: 30-999)
capwap client neighbor dead interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
neighbor Set CAPWAP client neighbor parameters
dead Set the dead interval for CAPWAP neighbors
interval Set the interval in seconds to wait for ping responses before considering a CAPWAP neighbor dead
<number> Enter interval to wait for responses before considering a neighbor dead (Default: 105 secs; Range: 60-240)
capwap client neighbor heartbeat interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
neighbor Set CAPWAP client neighbor parameters
heartbeat Set the heartbeat parameters for a CAPWAP neighbor
interval Set the heartbeat interval for a CAPWAP neighbor
<number> Enter the heartbeat interval for a CAPWAP neighbor (Default: 30; Range: 30-120)
capwap client pci-alert enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
pci-alert Report PCI (Payment Card Infrastructure) compliance information to HiveManager
enable Enable the reporting of PCI compliance information
capwap client server [ {backup} ] name <string> [ connect-delay <number> ] [ via-vpn-tunnel ]
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
server Set parameters for communicating with the CAPWAP server
backup Set the backup CAPWAP server
name Set the IP address or domain name of the CAPWAP server
<string> Enter IP address or name for CAPWAP server (1-32 chars)
connect-delay Schedule a connection to the specified CAPWAP server at a time relative to the moment the HiveAP receives the command
<number> Enter the interval in seconds after which the CAPWAP client connects (Range: 0-65535)
via-vpn-tunnel Send all CAPWAP traffic through a VPN tunnel (Note: Set this option on VPN clients when the CAPWAP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
capwap client server port <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
server Set parameters for communicating with the CAPWAP server
port Set the destination port number for communicating with the CAPWAP server
<number> Enter the port number (Default: 12222; Range: 1-65535)
capwap client silent interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
silent Set an interval to wait after failing to receive Discovery Request responses before sending more requests
interval Set an interval to wait after failing to receive Discovery Request responses before sending more requests
<number> Enter an interval to wait after failing to receive Discovery Request responses (Default: 15 secs; Range: 1-999)
capwap client transport HTTP
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
transport Set the packet transport mode for CAPWAP communications
HTTP Set HTTP as the application-level protocol using TCP as the transport mode
capwap client vhm-name <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
vhm-name Set the name of the virtual HiveManager system
<string> Enter the name of the virtual HiveManager system (1-64 chars)
capwap max-discoveries counter <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
max-discoveries Set the max number of CAPWAP Discovery Request messages
counter Set the max number of CAPWAP Discovery Request messages
<number> Enter the max number of CAPWAP Discovery Request messages (Default: 3; Range: 1-999)
capwap ping <string> [ port <number> ] [ count <number> ] [ size <number> ] [ timeout <number> ]
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
ping Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
<string> Enter the IP address or domain name of the CAPWAP server (1-32 chars)
port Set the destination UDP port number for communicating with the CAPWAP server
<number> Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
count Set the number of CAPWAP UDP packets to send
<number> Enter the number of packets to send (Default: 5; Range: 1-65535)
size Set the size of the UDP packets
<number> Enter the packet size in bytes (Default: 56; Range:1-1300)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 5; Range: 1-60)
capwap ping <string> [ port <number> ] flood <number> [ size <number> ] [ timeout <number> ]
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
ping Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
<string> Enter the IP address or domain name of the CAPWAP server (1-32 chars)
port Set the destination UDP port number for communicating with the CAPWAP server
<number> Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
flood Set the number of batches, each consisting of 100 CAPWAP UDP packets, to send at one time
<number> Enter the number of batches of packets(Default: 5; Range: 1-65535)
size Set the size of the UDP packets
<number> Enter the packet size in bytes (Default: 56; Range:1-1300)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 5; Range: 1-60)
clear arp-cache
clear Clear dynamic system information or remove all web directories
arp-cache Clear the ARP cache
clear auth roaming-cache mac <mac_addr> hive-neighbors
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
mac Set the MAC address of the station whose cached authentication information you want to clear
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
hive-neighbors Clear the MAC address from the local roaming cache and from the roaming caches of neighboring hive members
clear auth roaming-cache {hive-neighbors}
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
hive-neighbors Clear all entries from the local roaming cache and from the roaming caches of all neighboring hive members
clear auth username <string>
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
username Clear dynamic authentication information by user name
<string> Enter a user name (1-32 chars)
clear auth {local-cache|roaming-cache|station} [ mac <mac_addr> ]
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
local-cache Clear all entries from the local cache, which contains authentication information for stations currently connected to the local HiveAP
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
station Clear authentication information for a specific station
mac Set the MAC address of the station whose cached authentication information you want to clear
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear auth {local-cache|roaming-cache|station} ssid <string>
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
local-cache Clear all entries from the local cache, which contains authentication information for stations currently connected to the local HiveAP
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
station Clear authentication information for a specific station
ssid Clear cached authentication information based on the SSID with which stations associated
<string> Enter a user name (1-32 chars)
clear cac station-airtime [ mac <mac_addr> ]
clear Clear dynamic system information or remove all web directories
cac Clear CAC (Call Admission Control) statistics
station-airtime Clear airtime statistics for a specific station
mac Set the specific destination MAC
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear capture local [ <string> ]
clear Clear dynamic system information or remove all web directories
capture Clear packet capture parameters
local Clear one or all locally stored packet capture files
<string> Enter the file name to clear
clear capwap client counter
clear Clear dynamic system information or remove all web directories
capwap Clear CAPWAP (Control and Provisioning of Wireless Access Points) statistics
client Clear CAPWAP client statistics
counter Clear CAPWAP client keepalive packet counters
clear config rollback
clear Clear dynamic system information or remove all web directories
config Clear the configuration rollback settings
rollback Clear the current configuration rollback point and related settings
clear forwarding-engine counters [ interface <wifix|wifix.y|ethx|mgtx> ] [ station <mac_addr> ] [ drop ] [ tunnel ] [ policy ]
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
counters Clear forwarding engine counter statistics
interface Clear forwarding engine counter by interface
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0; y: 1-16)
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
<mgtx> Enter the name of the management interface, where x = 0
station Clear forwarding engine counter by station MAC
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
drop Clear the drop packet counter
tunnel Clear the counter on tunnels
policy Clear the counter on policies
clear forwarding-engine ip-sessions [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ src-port <number> ] [ dst-port <number> ] [ protocol <number> ]
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
ip-sessions Clear IP sessions
src-ip Clear IP sessions by source IP address
<ip_addr> Source IP address
dst-ip Clear IP sessions by destination IP address
<ip_addr> Destination IP address
src-port Clear IP essions by source port number
<number> source IP port (Range: 1-65535)
dst-port Clear IP sessions by destination port number
<number> destination IP port (Range: 1-65535)
protocol Clear IP sessions by protocol type
<number> source IP port (Range: 1-255)
clear forwarding-engine ip-sessions id <number>
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
ip-sessions Clear IP sessions
id Clear IP sessions by session ID number
<number> Enter the IP session ID (Range: 1-9999)
clear forwarding-engine mac-sessions [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ]
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
mac-sessions Clear MAC sessions
src-mac Clear MAC sessions by source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Clear MAC sessions by destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear forwarding-engine mac-sessions id <number>
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
mac-sessions Clear MAC sessions
id Clear MAC sessions by session ID number
<number> Enter the MAC session ID (Range: 1-9999)
clear gre-tunnel counters tunnel
clear Clear dynamic system information or remove all web directories
gre-tunnel Clear GRE (Generic Routing Encapsulation) tunnel information
counters Clear GRE tunnel counter statistics
tunnel Clear the counter on tunnels
clear hive <string> counter neighbor [ <mac_addr> ]
clear Clear dynamic system information or remove all web directories
hive Clear hive info
<string> Enter a hive profile name (1-32 chars)
counter Clear counters for neighboring hive members
neighbor Clear counters for all neighbors or a specific neighbor in this hive
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear interface <ethx> mac-learning dynamic <mac_addr>
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
mac-learning Clear entries in the MAC address learning table
dynamic Clear dynamically learned MAC address entries
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear interface <ethx> mac-learning dynamic all
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
mac-learning Clear entries in the MAC address learning table
dynamic Clear dynamically learned MAC address entries
all Clear all dynamically learned MAC address entries
clear interface <ethx|wifix|wifix.y> counter
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0; y: 1-16)
counter Clear all counters for the interface
clear interface <mgtx|mgtx.y> dhcp-server lease all
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Clear the DHCP server lease
lease Clear a specific DHCP lease or all leases
all Clear all DHCP leases
clear interface <mgtx|mgtx.y> dhcp-server lease ip <ip_addr>
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Clear the DHCP server lease
lease Clear a specific DHCP lease or all leases
ip Clear the DHCP lease that uses a specific IP address
<ip_addr> Enter the IP address
clear interface <mgtx|mgtx.y> dhcp-server lease mac <mac_addr>
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Clear the DHCP server lease
lease Clear a specific DHCP lease or all leases
mac Clear the DHCP lease assigned to a client with a specific MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear log [ {buffered|debug|flash|all} ]
clear Clear dynamic system information or remove all web directories
log Clear logging messages
buffered Clear buffered log messages
debug Clear debug log messages
flash Clear flash log messages
all Clear all log messages
clear network-firewall session all
clear Clear dynamic system information or remove all web directories
network-firewall Clear Layer 3 firewall information
session Clear Layer 3 firewall sessions
all Clear all sessions (Note: You must clear all existing sessions for new or changed firewall policy rules to take effect. Once the new rules are in effect, the HiveAP applies them to new sessions.)
clear qos counter
clear Clear dynamic system information or remove all web directories
qos Clear dynamic QoS information
counter Clear dynamic QoS statistics counters
clear service [ <string> ] counter
clear Clear dynamic system information or remove all web directories
service Clear dynamically generated information for all services or for a specific service
<string> Enter the name of the service whose counters you want to clear
counter Clear the counter statistics for all services or for a specific service
clear ssid <string> counter station [ <mac_addr> ]
clear Clear dynamic system information or remove all web directories
ssid Clear SSID info
<string> Enter an SSID profile name (1-32 chars)
counter Clear counters for stations (wireless clients) associated with the SSID
station Clear counters for all stations or a specific station associated with the SSID
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear user-and-group all
clear Clear dynamic system information or remove all web directories
user-and-group Clear all users and user-groups
all Clear all users and user-groups
clear vpn certificate-key
clear Clear dynamic system information or remove all web directories
vpn Clear VPN information
certificate-key Clear all certificates that the local HiveAP uses when authenticating its identity to a VPN peer and when verifying the identity of a VPN peer
clear vpn {ike|ipsec} sa
clear Clear dynamic system information or remove all web directories
vpn Clear VPN information
ike Clear IKE SA information established during IKE phase 1 negotiations
ipsec Clear IPsec SA information established during IKE phase 2 negotiations
sa Clear SA (security association) information
clear web-directory [ {ppsk-self-reg} ]
clear Clear dynamic system information or remove all web directories
web-directory Remove all web directories
ppsk-self-reg Remove all self-registration web directories from the private PSK server
client-tracing <mac_addr>
client-tracing Test client tracing
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clock date-time <date> <time>
clock Set the internal clock
date-time Set the date and time for the internal clock
<date> Enter the date for the internal clock, (Format: YYYY-MM-DD, Range: 1970-01-01 to 2035-12-31)
<time> Enter the time for the internal clock, (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
clock time-zone <number> [ {30|45} ]
clock Set the internal clock
time-zone Set the time zone for the internal clock
<number> Enter the time zone for the internal clock (Default: 0; Range: from -12 to 12)
30 Add 30 minutes to the specified time zone
45 Add 45 minutes to the specified time zone
clock time-zone daylight-saving-time <date> <time> <date> <time>
clock Set the internal clock
time-zone Set the time zone for the internal clock
daylight-saving-time Set the daylight saving time parameters
<date> Enter the start date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
<time> Enter the start time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
<date> Enter the end date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
<time> Enter the end time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
config rollback enable
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
enable Enable the configuration rollback feature
config rollback manual [ wait-time <number> ]
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
manual Perform the configuration rollback after the defined length of time elapses regardless of its CAPWAP connectivity (Note: This option is useful when accessing the CLI remotely and you are concerned that some commands might cause the AP to lose its network connection.)
wait-time Set the length of time that the AP must be disconnected from the CAPWAP server before rolling back the configuration
<number> Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 0-60000: Note: 0 means that the rollback point persists indefinitely until the 'config rollback now' command is entered.)
config rollback now
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
now Return the configuration to a previously set rollback point immediately
config rollback {capwap-disconnect|next-reboot} [ wait-time <number> ]
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
capwap-disconnect Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time (Note: This is useful when uploading a delta configuration, which does not require the AP to reboot, and you are concerned that some changes might disrupt network connectivity for the AP.)
next-reboot Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time after the AP reboots (Note: This is useful when uploading a full configuration, which requires the AP to reboot, and you are concerned that the new config might disrupt network connectivity for the AP.)
wait-time Set the length of time that the AP must be disconnected from the CAPWAP server before rolling back the configuration
<number> Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 2-60000)
config version <number>
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
version Set the version number for the current configuration file
<number> Enter the version number (Range: 1-4294967295)
console echo obscure-passwords
console Set console parameters
echo Set parameters for the display of data in the terminal window
obscure-passwords Display passwords and sensitive networking keys as asterisks (***) in the CLI (Default: Passwords and keys are replaced by asterisks instead of displaying original text)
console page <number>
console Set console parameters
page Set the maximum number of lines of data displayed as a batch when retrieved from a device (Note: If the number of retrieved lines exceeds the maximum, press TAB to return the next batch or ENTER to retrieve the next single line. Press the Q key to cancel the display of all further requested data and return to the command prompt.)
<number> Set the maximum number of lines to display at a time (Default: 22, Range: 10-100, Disable: 0, which means that there is no maximum limit)
console serial-port enable
console Set console parameters
serial-port Set administrative access to the serial port
enable Enable access to the console serial port
console timeout <number>
console Set console parameters
timeout Set the amount of time required to close a console connection due to inactivity
<number> Set the console timeout value in minutes (Default: 10, Range: 0-60, Disable: 0)
data-collection collect interval <number>
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
collect Set parameters for collecting data
interval Set the interval for collecting data about devices and their network usage
<number> Enter the amount of time in hours during which the HiveAP collects data (Default: 1; Range: 1-48)
data-collection enable
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
enable Enable the local HiveAP to collect data about types and capabilities of devices on the network and their network usage (Default: Disabled)
data-collection report interval <number>
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
report Set parameters for reporting data to HiveManager
interval Set the interval for reporting data to HiveManager
<number> Enter the amount of time in hours between data reports to HiveManager (Default: 6; Range: 0-48; Note: 0 disables sending reports to HiveManager.)
data-collection {max-collect} <number>
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
max-collect Set the maximum number of collection times that must elapse before clearing data that cannot be reported to HiveManager (Note: The default collection interval is 1 hour and the default report interval is 6 hours.)
<number> Enter the maximum number of times to collect data before clearing it if it cannot be reported to HiveManager (Default: 24; Range: Range:1-48)
debug console [ {all} ]
debug Enable debug messages
console Show debug messages on the console
all Show all messages on the console
debug console level {emergency|alert|critical|error|warning|notification|info|debug}
debug Enable debug messages
console Show debug messages on the console
level Specify a logging level
emergency Show emergency-level log entries (Default: debug)
alert Show log entries from alert to emergency levels (Default: debug)
critical Show log entries from critical to emergency levels (Default: debug)
error Show log entries from error to emergency levels (Default: debug)
warning Show log entries from warning to emergency levels (Default: debug)
notification Show log entries from notification to emergency levels (Default: debug)
info Show log entries from info to emergency levels (Default: debug)
debug Show log entries for all severity levels (Default: debug)
debug console timestamp
debug Enable debug messages
console Show debug messages on the console
timestamp Show debug messages timestamp
designated-server idm-proxy dynamic
designated-server Set parameters for a dynamic server
idm-proxy Set parameters for a dynamic proxy server to forward RADIUS requests over a secure TLS tunnel between the local device and ID Manager
dynamic Enable the Aerohive device acting as a NAS to send RADIUS requests to the designated proxy server (Default: Disabled)
device-group <string> [ mac-object <string> ] [ domain-object <string> ] [ os-object <string> ]
device-group Set a device group containing various objects that the HiveAP can use to classify client devices (Max: 64 groups)
<string> Enter a device group name (1-32 chars)
mac-object Add a MAC object to the device group
<string> Enter the MAC object name (1-32 chars)
domain-object Add a domain object to the device group
<string> Enter the domain object name (1-32 chars)
os-object Add an OS object to the device group
<string> Enter the OS object name (1-32 chars)
dns domain-name <string>
dns Set DNS (Domain Name System) parameters
domain-name Set the domain name suffix for the local AP
<string> Enter the domain name suffix for the local AP (1-32 chars)
dns server-ip <ip_addr> [ {second|third} ]
dns Set DNS (Domain Name System) parameters
server-ip Set the IP address of the primary, secondary, or tertiary DNS server
<ip_addr> Enter the IP address of the primary, secondary, or tertiary DNS server
second Assign the IP address to a secondary DNS server
third Assign the IP address to a tertiary DNS server
domain-object <string> domain <string>
domain-object Set parameters for a domain object that the HiveAP can use to assign a client that belongs to a matching device domain to a user profile (Max: 64 domain objects per HiveAP)
<string> Enter a domain object name (1-32 chars; Note: The object name is an admin-defined name and does not have to be the name of a device domain.)
domain Add a device domain to the domain object (Note: Specify the domain to which devices in an LDAP-structured database belong.)
<string> Enter an domain name (1-64 chars)
exec aaa radius-test <string> accounting
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-test Send a RADIUS Access-Request message from the HiveAP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
<string> Enter the IP address or domain name of the RADIUS server (1-32 chars)
accounting Check the network connectivity status of a RADIUS accounting server (Default: Check the status of a RADIUS authentication server.)
exec aaa radius-test <string> username <string> password <string> [ {pap|chap|ms-chap-v2} ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-test Send a RADIUS Access-Request message from the HiveAP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
<string> Enter the IP address or domain name of the RADIUS server (1-32 chars)
username Set the user name belonging to an account on the RADIUS server
<string> Enter the user name (1-32 chars)
password Set the password that belongs to the same account as the user name on the RADIUS server
<string> Enter the password (1-64 chars)
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
exec antenna-alignment interface <wifix> peer <mac_addr> [ count <number> ] [ interval <number> ] [ text-size <number> ]
exec Execute a command to initiate a task immediately
antenna-alignment Set parameters for aligning a directional or sectional antenna connected to a radio in backhaul or dual (access and backhaul) mode with a specified peer
interface Set the interface bound to the radio whose antenna you want to align with that of a peer
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
peer Set the MAC address of the peer to which the HiveAP sends antenna alignment request frames
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
count Set the total number of request frames to send to the peer
<number> Enter the total number of request frames (Default: 60; Range: 1-1000)
interval Set the interval between each request frame transmission
<number> Enter the interval in seconds (Default: 1; Range: 1-30)
text-size Set the amount of filler text in each request frame
<number> Enter the amount of filler text in bytes (Default: 16; Range: 16-2048)
exec bypass-wan-hardening
exec Execute a command to initiate a task immediately
bypass-wan-hardening Disable WAN hardening to allow SSH, Telnet, and the remote sniffer tool to access the device over the WAN interface (Note: Execute this command to allow remote access for troubleshooting. To restore WAN hardening, enter "no exec bypass-wan-hardening" or reboot the device.)
exec capture remote-sniffer [ user <string> <string> ] [ host-allowed <string> ] [ local-port <number> ] [ promiscuous ]
exec Execute a command to initiate a task immediately
capture Initiate packet capturing
remote-sniffer Set parameters for a remote packet sniffer
user Set user name and password that the remote sniffer uses when authenticating itself to the HiveAP
<string> Enter the user name (1-32 chars)
<string> Enter the password (1-32 chars)
host-allowed Set the IP address or domain name of the remote packet sniffer that is allowed to connect to the HiveAP
<string> Enter the IP address or domain name (1-32 chars)
local-port Set the port number on which the HiveAP listens for connection requests from the remote sniffer
<number> Enter the port number (Default: 2002; Range: 1024-65535)
promiscuous Enable the wifi interfaces to operate in promiscuous mode during packet capturing (Default: Disabled)
exec client-monitor <mac_addr>
exec Execute a command to initiate a task immediately
client-monitor Monitor the activities of a client
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
exec data-collection {push|clear}
exec Execute a command to initiate a task immediately
data-collection Perform an action on the data collected about the types and capabilities of devices on the network and the types of applications and IP protocols they use
push Push all collected data to HiveManager
clear Clear all collected data that is currently stored in the local HiveAP
exec delay-execute [ <number> ]
exec Execute a command to initiate a task immediately
delay-execute Delay the execution of commands for a period of time (Note: The delay period starts the moment you enter this command and ends when you enter the "no exec delay-execute" command. This does not affect "show" commands.)
<number> Enter an interval in seconds to wait after the delay period ends before executing the submitted commands (Default: 5; Range: 1-60)
exec user-group <string> psk-to-pmk
exec Execute a command to initiate a task immediately
user-group Execute a user-group command
<string> Enter the user group name (1-32 chars)
psk-to-pmk Regenerate all users' PMKs (pairwise master keys) based on their PSKs (preshared keys)
exit
exit Exit from the current mode
filter <number> l2 [ {data|ctl|mgmt} ] [ subtype <hex> ] [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ] [ bssid <mac_addr> ] [ tx-mac <mac_addr> ] [ rx-mac <mac_addr> ] [ error {crc|decrypt|mic|all|no} ] [ etype <hex> ]
filter Set packet capture filter parameters
<number> Enter a filter ID (Range: 1-64)
l2 Set packet capture filter for layer 2 parameters
data Filter by data traffic
ctl Filter by ctl traffic
mgmt Filter by mgmt traffic
subtype Filter by frame subtype
<hex> Enter frame subtype value
src-mac Filter by source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Filter by destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
bssid Filter by BSSID
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Filter by transmitter MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
rx-mac Filter by receiver MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
error Filter by error condition
crc Filter by crc error
decrypt Filter by decrypt error
mic Filter by mic error
all Filter by all error
no Filter by no error
etype Filter by Ethernet value
<hex> Enter the value indicating an ethernet type (ARP:0806; IP:0800; IPX:8137; RARP:8035)
filter <number> l3 [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ protocol <number> ] [ src-port <number> ] [ dst-port <number> ]
filter Set packet capture filter parameters
<number> Enter a filter ID (Range: 1-64)
l3 Set packet capture filter for layer 3 parameters
src-ip Filter by source IP address
<ip_addr> Enter a source IP address
dst-ip Filter by destination IP address
<ip_addr> Enter a destination IP address
protocol Filter by protocol number in IP header
<number> Enter a protocol value (UDP:17; TCP:6 ICMP:1)
src-port Filter by source port filter
<number> Enter a source port number
dst-port Filter by destination port
<number> Enter a destination port number (HTTP:80; FTP:21; TELNET:23; DHCP:67; TFTP:79)
filter [ <number> ] [ direction bidirectional ]
filter Set packet capture filter parameters
<number> Enter a filter ID (Range: 1-64)
direction Set filter traffic flowing direction
bidirectional Filter traffic flowing in both directions
forwarding-engine drop {ip-fragmented-packets|to-self-non-management-traffic}
forwarding-engine Set parameters to shape the behavior of the forwarding engine
drop Set parameters for dropping packets
ip-fragmented-packets Drop fragmented IP packets
to-self-non-management-traffic Drop all non-management traffic destined to the HiveAP itself
forwarding-engine inter-ssid-flood enable
forwarding-engine Set parameters to shape the behavior of the forwarding engine
inter-ssid-flood Forward multicast and broadcast traffic between access interfaces to protect SSIDs from flooding (Default: Enabled)
enable Enable the protection of SSIDs from multicast and broadcast flooding
forwarding-engine log {firewall-dropped-packets|to-self-sessions}
forwarding-engine Set parameters to shape the behavior of the forwarding engine
log Set logging parameters for packets
firewall-dropped-packets Log dropped packets that are denied by IP or MAC firewall policies (Default: Do not log dropped packets)
to-self-sessions Log the first packets of sessions destined for the HiveAP itself (Default: Do not log first packets)
forwarding-engine mac-sessions sync-vlan
forwarding-engine Set parameters to shape the behavior of the forwarding engine
mac-sessions Set MAC session parameters
sync-vlan Enable the local AP to inform its neighbors of the VLAN ID assigned to a client that initially connected it (Default: Disabled; Note: Enabling this option allows neighbors to do a Layer 2 default route lookup based on VLAN.)
forwarding-engine max-ip-sessions-per-station <number>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
max-ip-sessions-per-station Set the maximum number of IP sessions that can be created to or from a station
<number> Enter the maximum IP sessions number per station (Range: 1-8000; Note: By default, IP session limiting is disabled.)
forwarding-engine max-mac-sessions-per-station <number>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
max-mac-sessions-per-station Set the maximum number of MAC sessions that can be created to or from a station
<number> Enter the maximum MAC sessions number per station (Range: 1-8000; Note: By default, MAC session limiting is disabled.)
forwarding-engine proxy-arp enable
forwarding-engine Set parameters to shape the behavior of the forwarding engine
proxy-arp Set ARP proxying parameters
enable Enable learning MAC addresses and proxy replies to ARP requests
forwarding-engine tunnel selective-multicast-forward allow-all except <ip_addr|ip_addr/mask>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
selective-multicast-forward Selective multicast forwarding through GRE tunnels
allow-all Allow the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
except Block specific IP multicast traffic through tunnels
<ip_addr> Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
<ip_addr/netmask> Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
forwarding-engine tunnel selective-multicast-forward block-all
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
selective-multicast-forward Selective multicast forwarding through GRE tunnels
block-all Block the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
forwarding-engine tunnel selective-multicast-forward block-all except <ip_addr|ip_addr/mask>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
selective-multicast-forward Selective multicast forwarding through GRE tunnels
block-all Block the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
except Allow specific IP multicast traffic through tunnels
<ip_addr> Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
<ip_addr/netmask> Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
forwarding-engine tunnel tcp-mss-threshold enable
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
tcp-mss-threshold Set TCP MSS (Maximum Segment Size) parameters
enable Enable the TCP MSS threshold feature
forwarding-engine tunnel tcp-mss-threshold threshold-size <number>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
tcp-mss-threshold Set TCP MSS (Maximum Segment Size) parameters
threshold-size Set the TCP MSS threshold size
<number> Enter the TCP MSS size in bytes(GRE Tunnel Range: 64-1414; GRE-over-IPSec Tunnel Range: 64-1336)
history <number>
history Set the capacity for command history
<number> Enter the max number of commands to store in command history (Default: 20; Range: 1-50)
hive <string>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
hive <string> frag-threshold <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
frag-threshold Set fragment threshold parameters for the hive
<number> Enter the fragment threshold in bytes for the hive (Default: 2346; Range: 256-2346)
hive <string> manage all
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
manage Set management service parameters
all Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through wireless backhaul interfaces in this hive (Defaults: ping enabled, SNMP disabled, SSH enabled, Telnet disabled)
hive <string> manage {Telnet|SSH|SNMP|ping}
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
manage Set management service parameters
Telnet Enable Telnet manageability of mgt0 through wireless backhaul interfaces in this hive (Default: Disabled)
SSH nable SSH manageability of mgt0 through wireless backhaul interfaces in this hive (Default: Enabled)
SNMP Enable SNMP manageability of mgt0 through wireless backhaul interfaces in this hive (Default: Disabled)
ping Enable mgt0 to respond to pings through subinterfaces bound to this SSID (Default: Enabled)
hive <string> neighbor connecting-threshold <number> polling-interval <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
neighbor Set the threshold parameters for connecting wirelessly with neighboring hive members
connecting-threshold Set the minimum signal strength threshold required for connecting with a neighboring hive member
<number> Enter a minimum signal strength value in dBm (Default: -80; Range: -90~-55)
polling-interval Set the time interval in minutes for polling the signal strength of neighboring hive members
<number> Enter the polling time interval (Default: 1 minute; range: 1-60)
hive <string> neighbor connecting-threshold {low|medium|high} polling-interval <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
neighbor Set the threshold parameters for connecting wirelessly with neighboring hive members
connecting-threshold Set the minimum signal strength threshold required for connecting with a neighboring hive member
low Set a relatively low minimum signal strength threshold (-85dBm)
medium Set a relatively moderate minimum signal strength threshold (-80dBm)
high Set a relatively high minimum signal strength threshold (-75dBm)
polling-interval Set the time interval in minutes for polling the signal strength of neighboring hive members
<number> Enter the polling time interval (Default: 1 minute; range: 1-60)
hive <string> password <string>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
password Set a key for hive member authentication
<string> Enter a string (8-63 chars) for hive member authentication (Default: a default password is derived from the hive name)
hive <string> rts-threshold <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
rts-threshold Set the RTS (request to send) threshold for the hive
<number> Enter the packet size for the RTS threshold for the hive (Default: 2346 bytes; Range: 1-2346)
hive <string> security mac-filter <string>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
security Set hive security parameters
mac-filter Assign a filter for MAC addresses or OUIs (organizational unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (organizational unique identifiers)
hostname <string>
hostname Set the hostname of the AP
<string> Enter the hostname of the AP (1-32 chars)
interface <ethx> allowed-vlan <number> [ - <number> ]
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
allowed-vlan Set a list of VLAN IDs by which traffic allowed to cross the interface can be filtered
<number> Enter the VLAN ID to be allowed (Range: 1-4094)
- Set a range of allowed VLAN IDs
<number> Enter the last VLAN ID in the range (Range: 1-4094)
interface <ethx> allowed-vlan {all|auto}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
allowed-vlan Set a list of VLAN IDs by which traffic allowed to cross the interface can be filtered
all Allow traffic tagged with any VLAN ID
auto Allow traffic whose VLAN ID matches that of mgt0, the native vlan, or the default VLAN configured in user profiles
interface <ethx> duplex {full|half|auto}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
duplex Set the duplex for the interface
full Set the duplex of ethernet interface to full (Default: auto)
half Set the duplex of ethernet interface to half (Default: auto)
auto Set the duplex of ethernet interface to auto (Default: auto)
interface <ethx> inter-station-traffic
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
inter-station-traffic Set the HiveAP to permit traffic between stations connected to one or more of its access interfaces (Default: Enabled)
interface <ethx> ip <ip_addr/netmask>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
ip Set an IP address and netmask for the interface
<ip_addr/netmask> Enter the interface IP address and netmask
interface <ethx> mac-learning enable
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
mac-learning Set parameters for MAC address learning
enable Enable MAC address learning on the Ethernet interface
interface <ethx> mac-learning idle-timeout <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
mac-learning Set parameters for MAC address learning
idle-timeout Set the timeout for automatically clearing an inactive dynamically learned MAC address from the MAC learning table
<number> Enter the timeout value in seconds (Default: 180; Range: 10-3600)
interface <ethx> mac-learning static <mac_addr>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
mac-learning Set parameters for MAC address learning
static Set statically defined MAC address entries
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
interface <ethx> manage {Telnet|SSH|SNMP|ping|all}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
manage Set management service parameters
Telnet Enable Telnet manageability of mgt0 through this interface (Default: Disabled)
SSH Enable SSH manageability of mgt0 through this interface (Default: Enabled)
SNMP Enable SNMP manageability of mgt0 through this interface (Default: Disabled)
ping Enable mgt0 to respond to pings through this interface (Default: Enabled)
all Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through this interface
interface <ethx> mode bridge-802.1q user-profile-attribute <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
mode Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
bridge-802.1q Set the interface in bridge-802.1Q mode, making it a VLAN-aware layer 2 interface to enable the bridging of traffic between 802.1Q VLAN-capable devices in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
user-profile-attribute Map a RADIUS attribute to the user profile
<number> Enter a numeric value for a single RADIUS attribute (Default:0; Range: 0-4095)
interface <ethx> mode bridge-access [ user-profile-attribute <number> ]
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
mode Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
bridge-access Set the interface in bridge-access mode, making it a layer 2 interface to enable the bridging of traffic between devices in a single VLAN in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
user-profile-attribute Map a RADIUS attribute to the user profile
<number> Enter a numeric value for a single RADIUS attribute (Default:0; Range: 0-4095)
interface <ethx> mode wan
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
mode Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
wan Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
interface <ethx> mode {bridge-802.1q|backhaul}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
mode Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
bridge-802.1q Set the interface in bridge-802.1Q mode, making it a VLAN-aware layer 2 interface to enable the bridging of traffic between 802.1Q VLAN-capable devices in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
backhaul Set the interface in backhaul mode, making it a VLAN-aware layer 2 interface through which the default MAC route for traffic to and from the main LAN passes
interface <ethx> native-vlan <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
native-vlan Set the native (untagged) VLAN used by the switch infrastructure in the surrounding Ethernet network
<number> Enter the native (untagged) VLAN (Range: 1-4094)
interface <ethx> pppoe auth-method {pap|chap|any}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
pppoe Set PPPoE (Point-to-Point Protocol over Ethernet) parameters for the WAN interface (Note: This command only applies to a device functioning as a router.)
auth-method Set the type of authentication protocol that the ISP requires clients to use (Default: any)
pap Use PAP (Password Authentication Protocol) as the method for sending authentication requests between the device and ISP
chap Use CHAP (Challenge Handshake Authentication Protocol) as the method for sending authentication requests between the device and ISP
any Use either PAP or CHAP
interface <ethx> pppoe enable
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
pppoe Set PPPoE (Point-to-Point Protocol over Ethernet) parameters for the WAN interface (Note: This command only applies to a device functioning as a router.)
enable Enable PPPoE
interface <ethx> pppoe username <string> password <string>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
pppoe Set PPPoE (Point-to-Point Protocol over Ethernet) parameters for the WAN interface (Note: This command only applies to a device functioning as a router.)
username Set the user name that the device sends to the ISP to authenticate itself when establishing a PPPoE session with the access concentrator
<string> Enter the user name (1-32 chars)
password Set the password that the device uses to authenticate itself to the ISP
<string> Enter the password (1-32 chars)
interface <ethx> qos-classifier <string>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
qos-classifier Assign a QoS classification profile (classifier) to the interface
<string> Enter the QoS classifier profile name (1 to 32 chars)
interface <ethx> qos-marker <string>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
qos-marker Assign a QoS marker profile to the interface
<string> Enter the QoS marker profile name (1 to 32 chars)
interface <ethx> rate-limit broadcast <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
rate-limit Set parameter for interface-based rate limiting
broadcast Set broadcast traffic rate limiting
<number> Enter the maximum rate for incoming broadcast traffic for the interface (Default: 2000 Kbps; Range: 0-20000)
interface <ethx> rate-limit multicast <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
rate-limit Set parameter for interface-based rate limiting
multicast Set multicast traffic rate limiting
<number> Enter the maximum rate for incoming multicast traffic for the interface (Default: 4000 Kbps; Range: 0-20000)
interface <ethx> rate-limit unicast <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
rate-limit Set parameter for interface-based rate limiting
unicast Set unicast traffic rate limiting
<number> Enter the maximum rate for incoming unicast traffic for the interface (Default: 100000 Kbps; Range: 0-1000000)
interface <ethx> rate-limit {multicast|broadcast|unicast} enable
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
rate-limit Set parameter for interface-based rate limiting
multicast Set multicast traffic rate limiting
broadcast Set broadcast traffic rate limiting
unicast Set unicast traffic rate limiting
enable Enable rate limiting on the interface for this type of traffic (Default: multicast/broadcast Enable,unicast Disable)
interface <ethx> security-object <string>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
security-object Assign a security object to control network access through this interface
<string> Enter the security object name (1-32 chars)
interface <ethx> shutdown
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
shutdown Disable the interface
interface <ethx> speed {10|100|1000|auto}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
speed Set the speed for the interface
10 Set the speed of ethernet interface to 10 Mbps (Default: auto)
100 Set the speed of ethernet interface to 100 Mbps (Default: auto)
1000 Set the speed of ethernet interface to 1000 Mbps (Default: auto)
auto Set the speed of ethernet interface to auto Mbps (Default: auto)
interface <ethx|usbnetx> mode wan nat
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
<usbnetx> Enter the name of the usbnet interface (Ranges x: 0)
mode Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
wan Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
nat Enable NAT (network address translation) on the interface to translate the source IP address and port number in from-access packets to the IP address of the Ethernet/USB network interface and a randomly chosen port number (Default: Enabled)
interface <ethx|usbnetx> mode wan nat-policy <string>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
<usbnetx> Enter the name of the usbnet interface (Ranges x: 0)
mode Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
wan Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
nat-policy Enable NAT (network address translation) policy on the interface
<string> Enter ip nat policy name (1-32 chars)
interface <ethx|usbnetx> mode wan priority <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
<usbnetx> Enter the name of the usbnet interface (Ranges x: 0)
mode Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
wan Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
priority Set wan priority for the interface
<number> Enter the priority, where a smaller number means a higher priority (Default: eth0 - 1 | ethx - x * 10 | usbnet0 - 600 ; Range: 1 - 9999)
interface <mgtx.y> ip <ip_addr/netmask>
interface Set interface parameters
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
ip Set IP address for the virtual management interface
<ip_addr/netmask> Enter the virtual management interface IP address and netmask
interface <mgtx.y> manage ping
interface Set interface parameters
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
manage Set management service parameters
ping Enable the virtual management interface to respond to pings (Default: Enabled)
interface <mgtx.y> vlan <number>
interface Set interface parameters
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
vlan Set the VLAN ID for the interface
<number> Enter the VLAN ID (Default: 1; Range: 1-4094)
interface <mgtx> default-ip-prefix <ip_addr/netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
default-ip-prefix Set the network address to combine with the automatically generated host IP address to make a complete IP address (The netmask for the default IP address is 255.255.0.0)
<ip_addr/netmask> Enter the network address/netmask (Default: 192.168.0.0/16; Note: Only 8, 16, and 24-bit netmasks are supported.)
interface <mgtx> default-ip-prefix <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
default-ip-prefix Set the network address to combine with the automatically generated host IP address to make a complete IP address (The netmask for the default IP address is 255.255.0.0)
<ip_addr> Enter the network address (Default: 192.168.0.0)
interface <mgtx> dhcp client fallback-to-static-ip
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
client Set DHCP client parameters
fallback-to-static-ip Assign the static IP address to mgt0 when it does not receive an address through DHCP by the end of the timeout interval
interface <mgtx> dhcp keepalive enable
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
enable Enable the checking of network connectivity to DHCP servers in the specified VLAN range and also in VLANs set in user profile definitions or assigned by RADIUS servers, the native VLAN, and the management interface VLAN (Default: Disabled)
interface <mgtx> dhcp keepalive interval <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
interval Set the interval between periodic connectivity status checks
<number> Enter the interval in seconds (Range: 60-86400; Default: 3600)
interface <mgtx> dhcp keepalive retry <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
retry Set the number of times to retry sending a probe that does not elicit a response from a DHCP server
<number> Enter the retry value (Range: 1-10; Default: 2)
interface <mgtx> dhcp keepalive timeout <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
timeout Set the timeout for waiting for a response to a DHCP probe
<number> Enter the timeout value in seconds (Range: 1-60; Default:10)
interface <mgtx> dhcp keepalive vlan <number> [ <number> ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
vlan Set the range of VLANs in which to probe for DHCP servers
<number> Enter the start of the VLAN range (Range: 1-4094)
<number> Enter the end of the VLAN range (Range: 1-4094)
interface <mgtx> dhcp-probe vlan-range <number> <number> [ timeout <number> ] [ retries <number> ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp-probe Probe for DHCP servers in one or more VLANs
vlan-range Set the range of VLANs in which to probe for a DHCP server
<number> Enter the start of the VLAN range (Range: 1-4094)
<number> Enter the end of the VLAN range (Range: 1-4094)
timeout Set the timeout for waiting for a response to a probe
<number> Enter the timeout value (Default: 3 secs; Range: 1-60)
retries Set the number of times to retry sending a probe that does not elicit a response from a DHCP server
<number> Enter the retry value (Default: 1; Range: 1-10)
interface <mgtx> hive <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
hive Set the hive profile to the mgt0 interface or enable/disable the wifi interface used for hive communications
<string> Enter a hive profile name (1-32 chars)
interface <mgtx> ip <ip_addr/netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
ip Set mgt0 IP address
<ip_addr/netmask> Enter mgt0 IP address/netmask
interface <mgtx> ip <ip_addr> <netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
ip Set mgt0 IP address
<ip_addr> Enter mgt0 IP address
<netmask> Enter mgt0 netmask
interface <mgtx> mtu <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
mtu Set the MTU (maximum transmission unit) to determine when to start fragmenting packets
<number> Enter the MTU value in bytes (Default: 1500; Range: 100-1500)
interface <mgtx> native-vlan <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
native-vlan Set the native (untagged) VLAN that the switch infrastructure in the surrounding wired and wireless backhaul network uses
<number> Enter the native (untagged) VLAN (Default: 1; Range: 1-4094)
interface <mgtx> vlan <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
vlan Set the VLAN for administrative access to the HiveAP, management traffic between HiveAPs and HiveManager, and control traffic among hive members
<number> Enter the VLAN ID for the interface (Default: 1; Range: 1-4094)
interface <mgtx|ethx> dhcp client
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
dhcp Set DHCP parameters
client Set DHCP client parameters
interface <mgtx|ethx> dhcp client address-only
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
dhcp Set DHCP parameters
client Set DHCP client parameters
address-only Set the AP to use only the IP address, netmask, and gateway received through DHCP instead of all TCP/IP settings (Default: Use all TCP/IP settings received through DHCP)
interface <mgtx|ethx> dhcp client option custom ppsk-server <number> ip
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
ppsk-server Set a custom DHCP option ID and ID type for a private PSK server
<number> Enter the custom DHCP option ID (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
ip Set the type of the custom DHCP option as IP
interface <mgtx|ethx> dhcp client option custom radius-server <number> ip
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
radius-server Set a custom DHCP option ID and ID type for a RADIUS authentication or accounting server
<number> Enter the custom DHCP option ID for a RADIUS authentication server (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
ip Set the type of the custom DHCP option as IP
interface <mgtx|ethx> dhcp client option custom radius-server accounting <number> ip
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
radius-server Set a custom DHCP option ID and ID type for a RADIUS authentication or accounting server
accounting Set a custom DHCP option ID and ID type for a RADIUS accounting server
<number> Enter the custom DHCP option ID for a RADIUS accounting server (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
ip Set the type of the custom DHCP option as IP
interface <mgtx|ethx> dhcp client option custom {syslog-server|hivemanager} <number> {string|ip}
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
syslog-server Set a custom DHCP option ID and ID type for a syslog server
hivemanager Set a custom DHCP option ID and ID type for HiveManager
<number> Enter the custom DHCP option ID (Default ID numbers and types: HiveManager = 225 string, 226 IP; Syslog server = 227 string, 228 IP)
string Set the type of the custom DHCP option as a string
ip Set the type of the custom DHCP option as an IP address
interface <mgtx|ethx> dhcp client prefer-subnet <ip_addr/netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
dhcp Set DHCP parameters
client Set DHCP client parameters
prefer-subnet Set prefer subnet for DHCP client
<ip_addr/netmask> Enter prefer subnet for DHCP client
interface <mgtx|ethx> dhcp client timeout <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
dhcp Set DHCP parameters
client Set DHCP client parameters
timeout Set the interval to wait for a response from the DHCP server before applying the admin-defined or default network settings
<number> Enter the timeout value in seconds (Default: 20; Range: 0-3600)
interface <mgtx|mgtx.y> dhcp-server enable
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
enable Enable the DHCP server on the interface
interface <mgtx|mgtx.y> dhcp-server ip-pool <ip_addr> <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
ip-pool Set the IP address pool from which the DHCP server draws addresses when making assignments
<ip_addr> Enter the first address in the range that makes up the IP address pool
<ip_addr> Enter the last address in the range that makes up the IP address pool
interface <mgtx|mgtx.y> dhcp-server options custom <number> hex <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
hex Set the custom option data type as a hexadecimal digit
<string> Enter the hexadecimal digit (1-32 chars; Note: For option 46, which sets the NetBIOS over TCP/IP node type, the string must be 1, 2, 4, or 8.)
interface <mgtx|mgtx.y> dhcp-server options custom <number> integer <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
integer Set the custom option data type as an integer
<number> Enter the integer (Range: 0-2147483647)
interface <mgtx|mgtx.y> dhcp-server options custom <number> ip <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
ip Set the custom option data type as an IP address
<ip_addr> Enter the IP address
interface <mgtx|mgtx.y> dhcp-server options custom <number> string <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
string Set the custom option data type as a string
<string> Enter the string (1-255 chars)
interface <mgtx|mgtx.y> dhcp-server options default-gateway <ip_addr> [ {nat-support} ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
default-gateway Set the default gateway for DHCP clients
<ip_addr> Enter the default gateway (Note: The gateway IP address cannot be the same as that of the interface.)
nat-support Enable NAT support(Note: AP will automatically generates ARP response for default gateway specified in DHCP server options.)
interface <mgtx|mgtx.y> dhcp-server options domain-name <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
domain-name Set the domain name for DHCP clients
<string> Enter the domain name (1-32 chars)
interface <mgtx|mgtx.y> dhcp-server options hivemanager <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
hivemanager Set the IP address or domain name of the HiveManager that you want APs to contact
<ip_addr> Enter the IP address (Note: Use DHCP option 226.)
interface <mgtx|mgtx.y> dhcp-server options hivemanager <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
hivemanager Set the IP address or domain name of the HiveManager that you want APs to contact
<string> Enter the domain name (Length: 1-64 chars; Note: Use DHCP option 225.)
interface <mgtx|mgtx.y> dhcp-server options lease-time <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
lease-time Set the length of the DHCP lease
<number> Enter the lease time in seconds (Default: 86400; Range: 60-86400000)
interface <mgtx|mgtx.y> dhcp-server options mtu <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
mtu Set the path MTU (maximum transmission unit)
<number> Enter the MTU value (Range: 68-8192)
interface <mgtx|mgtx.y> dhcp-server options netmask <netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
netmask Set the netmask for DHCP clients
<netmask> Enter the netmask (Default: The same as the interface netmask.)
interface <mgtx|mgtx.y> dhcp-server options {dns1|dns2|dns3} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
dns1 Set the IP address of the primary DNS (Domain Name System) server that you want DHCP clients to use
dns2 Set the IP address of the secondary DNS server
dns3 Set the IP address of the tertiary DNS server
<ip_addr> Enter the IP address (Note: The DNS server IP address cannot be the same as that of the interface.)
interface <mgtx|mgtx.y> dhcp-server options {logsrv|pop3|smtp} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
logsrv Set the IP address of the log server that is available for DHCP clients
pop3 Set the IP address of the POP3 (Post Office Protocol v3) server that you want DHCP clients to use
smtp Set the IP address of the SMTP (Simple Mail Transfer Protocol) server that you want DHCP clients to use
<ip_addr> Enter the IP address
interface <mgtx|mgtx.y> dhcp-server options {ntp1|ntp2} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
ntp1 Set the IP address of the primary NTP (Network Time Protocol) server with which DHCP clients can synchronize their clocks
ntp2 Set the IP address of the secondary NTP (Network Time Protocol) server with which DHCP clients can synchronize their clocks
<ip_addr> Enter the IP address
interface <mgtx|mgtx.y> dhcp-server options {wins1|wins2} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
wins1 Set the IP address of the primary WINS (Windows Internet Name Service) server for NetBIOS name-to-address resolution
wins2 Set the IP address of the secondary WINS (Windows Internet Name Service) server for NetBIOS name-to-address resolution
<ip_addr> Enter the IP address
interface <mgtx|mgtx.y> dhcp-server {arp-check|authoritative-flag}
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
arp-check Use ARP to check that an IP address is not already in use on the network before assigning it to a DHCP client (Default: Enabled)
authoritative-flag Set the DHCP server as authoritative (Default: Authoritative; Note: An authoritative DHCP server can send NAKs in response to DHCP requests for addresses in a different subnet from those in the configured IP pool.)
interface <mgtx|mgtx.y> dns-server enable
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dns-server Set DNS server parameters
enable Enable the DNS server on the interface
interface <mgtx|mgtx.y> dns-server ext-resolve {dns1|dns2|dns3} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dns-server Set DNS server parameters
ext-resolve Set the external DNS servers used to resolve all domain names not specified for resolution by internal DNS servers
dns1 Set the IP address of the primary external DNS server
dns2 Set the IP address of the secondary external DNS server
dns3 Set the IP address of the tertiary external DNS server dns3
<ip_addr> Enter the IP address of the external DNS server
interface <mgtx|mgtx.y> dns-server int-domain-name <string> [ <ip_addr> ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dns-server Set DNS server parameters
int-domain-name Set a domain name for resolution by internal DNS servers
<string> Enter the domain name (Max 32 chars; Note: Domain names are matched with implicit wildcards at the left end of the string; for example, both "www.aerohive.com" and "www.my-hive.com" match the domain name string "hive.com".)
<ip_addr> Enter the IP address of the internal DNS server to use for this domain name
interface <mgtx|mgtx.y> dns-server int-resolve {dns1|dns2|dns3} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dns-server Set DNS server parameters
int-resolve Set the DNS servers on the internal network used to resolve domain names in the match list
dns1 Set the IP address of the primary internal DNS server
dns2 Set the IP address of the secondary internal DNS server
dns3 Set the IP address of the tertiary internal DNS server dns3
<ip_addr> Enter the IP address of the internal DNS server
interface <mgtx|mgtx.y> dns-server mode {split|nonsplit}
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dns-server Set DNS server parameters
mode Set the mode for responding to domain name resolution queries (Default: split)
split Forward queries only for domain names in a match list to internal DNS servers and forward queries for everything else to external DNS servers
nonsplit Forward all queries to internal DNS servers
interface <mgtx|mgtx.y> dns-server opendns-device-id <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dns-server Set DNS server parameters
opendns-device-id Set the device ID to use with OpenDNS
<string> Enter the device ID (16-char hex string)
interface <mgtx|mgtx.y> ip-helper address <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
ip-helper Forward DHCP broadcast packets to a DHCP server
address Set the DHCP server IP address
<ip_addr> Enter the IP address
interface <wifix> hive <string> shutdown
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
hive Set the hive profile to the mgt0 interface or enable/disable the wifi interface used for hive communications
<string> Enter a hive profile name (1-32 chars)
shutdown Disable the wifi subinterface used for hive communications
interface <wifix> mode {access|backhaul|dual}
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
mode Set the operational mode for the interface
access Set the operational mode of the interface to access (Default: access (wifi0), dual (wifi1))
backhaul Set the operational mode of the interface to backhaul (Default: access (wifi0), dual (wifi1))
dual Set the operational mode of the interface to dual so that it can provide both access and backhaul services (Default: access (wifi0), dual (wifi1))
interface <wifix> radio antenna diversity
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
radio Set parameters for the wifi radio interface
antenna Set the antenna parameters for the interface
diversity Set radio antenna diversity
interface <wifix> radio channel <string>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
radio Set parameters for the wifi radio interface
channel Set the radio channel for the interface
<string> Enter the frequency with an optional suffix (G: GHz; M: MHz; K: KHz;), or the channel number, or "auto" to allow ACSP (Advanced Channel Selection Protocol) to select a channel automatically (Default: auto)
interface <wifix> radio power <number>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
radio Set parameters for the wifi radio interface
power Set the radio power for an interface
<number> Enter the radio power (in dBm) for an interface (Default: auto; Range: 1-20 dBm)
interface <wifix> radio power auto
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
radio Set parameters for the wifi radio interface
power Set the radio power for an interface
auto Set the radio power (in dBm) for an interface (Default: auto; Range: 1-20 dBm)
interface <wifix> radio profile <string>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
radio Set parameters for the wifi radio interface
profile Set radio profile parameters for an interface
<string> Enter a radio profile name (1-32 chars)
interface <wifix> radio range <number>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
radio Set parameters for the wifi radio interface
range Set the transmission range for the radio linked to the interface
<number> Enter the range value in meters (Default: 300; Range: 300-10000)
interface <wifix> ssid <string>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
ssid Set the SSID (Service Set Identifier) profile for the interface
<string> Enter an SSID profile name (1-32 chars)
interface <wifix> ssid <string> ip <ip_addr/netmask>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
ssid Set the SSID (Service Set Identifier) profile for the interface
<string> Enter an SSID profile name (1-32 chars)
ip Set IP address for the SSID
<ip_addr/netmask> Enter the SSID IP address
interface <wifix> ssid <string> shutdown
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
ssid Set the SSID (Service Set Identifier) profile for the interface
<string> Enter an SSID profile name (1-32 chars)
shutdown Disable the subinterface to which the SSID is bound
ip nat-policy <string>
ip Set IP parameters
nat-policy Set IP nat policy parameters
<string> Enter IP nat policy name (1-32 chars)
ip nat-policy <string> type match-net inside <ip_addr/netmask> outside <ip_addr/netmask>
ip Set IP parameters
nat-policy Set IP nat policy parameters
<string> Enter IP nat policy name (1-32 chars)
type Set the IP nat policy type
match-net Set the IP nat policy type match-net
inside Set the match-net inside subnet
<ip_addr/netmask> Enter the IP address and netmask for the match-net inside subnet
outside Set the match-net outside subnet
<ip_addr/netmask> Enter the IP address and netmask for the match-net outside subnet
ip nat-policy <string> type virtual-host inside-host <ip_addr> inside-port <port> outside-port <port> protocol {tcp|udp}
ip Set IP parameters
nat-policy Set IP nat policy parameters
<string> Enter IP nat policy name (1-32 chars)
type Set the IP nat policy type
virtual-host Set the IP nat policy type virtual-host
inside-host Set the virtual-host inside host
<ip_addr> Enter the IP address for the virtual-host inside host
inside-port Set the virtual-host inside port
<port> [1~65535]Enter the port number
outside-port Set the virtual-host outside port
<port> [1~65535]Enter the port number
protocol Set the virtual-host service protocol
tcp Choose tcp protocol for virtual host
udp Choose udp protocol for virtual host
ip path-mtu-discovery enable
ip Set IP parameters
path-mtu-discovery Set Path MTU (Maximum Transmission Unit) Discovery parameters on a device functioning as a router or VPN gateway
enable Enable Path MTU Discovery to learn the maximum packet size that can be sent across the network between two hosts without fragmentation (Default: Enabled)
ip route default gateway <ip_addr> [ metric <number> ]
ip Set IP parameters
route Set a routing entry
default Set a default route entry
gateway Set the network gateway
<ip_addr> Enter the gateway IP address
metric Set metric parameter
<number> Enter a metric for an IP route (Default: 0; Range: 0-32766)
ip route host <ip_addr> [ gateway <ip_addr> ] [ metric <number> ]
ip Set IP parameters
route Set a routing entry
host Set a route to a host
<ip_addr> Enter target IP address
gateway Set the network gateway
<ip_addr> Enter the gateway IP address
metric Set metric parameter
<number> Enter a metric for an IP route (Default: 0; Range: 0-32766)
ip route net <ip_addr> <netmask> [ gateway <ip_addr> ] [ metric <number> ]
ip Set IP parameters
route Set a routing entry
net Set a route to a net
<ip_addr> Enter target IP address
<netmask> Enter target netmask
gateway Set the network gateway
<ip_addr> Enter the gateway IP address
metric Set metric parameter
<number> Enter a metric for an IP route (Default: 0; Range: 0-32766)
ip tcp-mss-threshold enable
ip Set IP parameters
tcp-mss-threshold Set TCP Maximum Segment Size parameters (Note: This setting only applies to a device functioning as a router or VPN gateway.)
enable Enable the monitoring of the MSS option in TCP SYN and SYN-ACK messagesand, if necessary, reduce the MSS value as determined by the TCP MSS threshold (Default: Enabled; Note: If no TCP MSS threshold value is specified, TCP MSS clamping uses the Path MTU- 40 bytes for the IP and TCP headers.)
ip tcp-mss-threshold l3-vpn-threshold-size <number>
ip Set IP parameters
tcp-mss-threshold Set TCP Maximum Segment Size parameters (Note: This setting only applies to a device functioning as a router or VPN gateway.)
l3-vpn-threshold-size Set the TCP MSS threshold for TCP connections that pass through a Layer 3 VPN tunnel
<number> Enter the TCP MSS threshold in bytes for tunneled traffic (Range: 64-1460; Note: If not set, the device uses the TCP MSS threshold.)
ip tcp-mss-threshold threshold-size <number>
ip Set IP parameters
tcp-mss-threshold Set TCP Maximum Segment Size parameters (Note: This setting only applies to a device functioning as a router or VPN gateway.)
threshold-size Set the TCP MSS threshold for all TCP connections passing through the device
<number> Enter the TCP MSS threshold in bytes (Range: 64-1460; Default: Path MTU - 40 bytes for the IP and TCP headers)
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
permit Set the action to permit (Default: deny)
deny Set the action to deny (Default: deny)
nat Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
inter-station-traffic-drop Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action deny log packet-drop
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
deny Set the action to deny (Default: deny)
log Set logging options for packets and sessions that match the IP firewall policy
packet-drop Log dropped packets that the IP firewall policy denies
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action inter-station-traffic-drop log [ {initiate-session|terminate-session|packet-drop} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
inter-station-traffic-drop Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
log Set logging options for packets and sessions that match IP FW policy
initiate-session Log the creation of sessions that are permitted by the policy
terminate-session Log the termination of sessions that are permitted by the policy
packet-drop Log dropped packets that are denied by the policy
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action permit log [ {initiate-session|terminate-session} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
permit Set the action to permit (Default: deny)
log Set logging options for packets and sessions that match the IP firewall policy
initiate-session Log session details when a session is created after passing a IP firewall policy lookup
terminate-session Log session details when a session matching a IP firewall policy is terminated
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] to local-subnet [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
local-subnet Set the subnet of the mgt0 interface as the destination
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
permit Set the action to permit (Default: deny)
deny Set the action to deny (Default: deny)
nat Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
inter-station-traffic-drop Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
license <string> <string>
license Set license parameters
<string> Enter registration license
<string> Enter registration key
load config {current|backup|bootstrap|default}
load Load a configuration file
config Specify which configuration file to load after rebooting
current Load the current configuration file after rebooting
backup Load the backup configuration file after rebooting
bootstrap Load the bootstrap configuration file after rebooting
default Load the default configuration file after rebooting
logging buffered level {emergency|alert|critical|error|warning|notification|info|debug}
logging Set logging parameters
buffered Set logging buffer
level Set logging level
emergency Send emergency-level log entries (Default: debug)
alert Send log entries from alert to emergency levels (Default: debug)
critical Send log entries from critical to emergency levels (Default: debug)
error Send log entries from error to emergency levels (Default: debug)
warning Send log entries from warning to emergency levels (Default: debug)
notification Send log entries from notification to emergency levels (Default: debug)
info Send log entries from info to emergency levels (Default: debug)
debug Send log entries for all severity levels (Default: debug)
logging debug
logging Set logging parameters
debug Enable debug messages
logging facility {local0|local1|local2|local3|local4|local5|local6|local7|auth|authpriv|security|user}
logging Set logging parameters
facility Set logging facility
local0 Set log facility to local0 (Default: local6)
local1 Set log facility to local1 (Default: local6)
local2 Set log facility to local2 (Default: local6)
local3 Set log facility to local3 (Default: local6)
local4 Set log facility to local4 (Default: local6)
local5 Set log facility to local5 (Default: local6)
local6 Set log facility to local6 (Default: local6)
local7 Set log facility to local7 (Default: local6)
auth Set log facility to auth (Default: local6)
authpriv Set log facility to authpriv (Default: local6)
security Set log facility to security (Default: local6)
user Set log facility to user (Default: local6)
logging flash level {emergency|alert|critical|error|warning|notification|info|debug}
logging Set logging parameters
flash Set logging flash
level Set logging level
emergency Send emergency-level log entries (Default: error)
alert Send log entries from alert to emergency levels (Default: error)
critical Send log entries from critical to emergency levels (Default: error)
error Send log entries from error to emergency levels (Default: error)
warning Send log entries from warning to emergency levels (Default: error)
notification Send log entries from notification to emergency levels (Default: error)
info Send log entries from info to emergency levels (Default: error)
debug Send log entries for all severity levels (Default: error)
logging server <string> [ level {emergency|alert|critical|error|warning|notification|info|debug} ] [ {via-vpn-tunnel} ]
logging Set logging parameters
server Set parameters for a syslog server
<string> Set the IP address or domain name (1-32 chars) for the syslog server
level Set the severity level for the log messages you want to send
emergency Send emergency-level log entries
alert Send log entries from alert to emergency levels
critical Send log entries from critical to emergency levels
error Send log entries from error to emergency levels
warning Send log entries from warning to emergency levels
notification Send log entries from notification to emergency levels
info Send log entries from info to emergency levels
debug Send log entries for all severity levels
via-vpn-tunnel Send all logging traffic through a VPN tunnel (Note: Set this option on VPN clients when the logging server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
logging trap level [ {emerg|alert|crit|err|warning|notice|info} ]
logging Set logging parameters
trap Set logging trap parameters
level Set logging trap level
emerg Set logging trap level to emerg (Default: info)
alert Set logging trap level to alert (Default: info)
crit Set logging trap level to crit (Default: info)
err Set logging trap level to err (Default: info)
warning Set logging trap level to warning (Default: info)
notice Set logging trap level to notice (Default: info)
info Set logging trap level to info (Default: info)
login banner <string>
login Set parameters fot the CLI login
banner Set the banner that appears after logging in to the CLI
<string> Enter the banner text (Default: 'Aerohive Networks Inc.\n Copyright (C) 2006-2010\n'; Max: 256 chars; Notes: Use '\n' to indicate a line break.)
mac-object <string> mac-range <mac_addr> - <mac_addr>
mac-object Set parameters for an MAC object that the HiveAP can use to assign a client with a matching MAC address to a user profile (Max: 128 MAC objects per HiveAP.)
<string> Enter the MAC object name (1-32 chars)
mac-range Set a range of MAC addresses for the MAC object (Max: 255 MAC address ranges per MAC object)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
- Set a range of MAC addresses
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] [ action {permit|deny} ]
mac-policy Set MAC policy parameters
<string> Enter a MAC policy name (1-32 chars)
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
before Set the before parameters for a MAC policy
after Set the after parameters for a MAC policy
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
from Set the source MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
to Set the destination MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
action Set action for a MAC policy (Default: deny)
permit Set the action to permit (Default: deny)
deny Set the action to deny (Default: deny)
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action deny log packet-drop
mac-policy Set MAC policy parameters
<string> Enter a MAC policy name (1-32 chars)
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
before Set the before parameters for a MAC policy
after Set the after parameters for a MAC policy
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
from Set the source MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
to Set the destination MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
action Set action for a MAC policy (Default: deny)
deny Set the action to deny (Default: deny)
log Set logging options for packets and sessions that match the MAC firewall policy
packet-drop Log dropped packets that the MAC firewall policy denies
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action permit log [ {initiate-session|terminate-session} ]
mac-policy Set MAC policy parameters
<string> Enter a MAC policy name (1-32 chars)
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
before Set the before parameters for a MAC policy
after Set the after parameters for a MAC policy
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
from Set the source MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
to Set the destination MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
action Set action for a MAC policy (Default: deny)
permit Set the action to permit (Default: deny)
log Set logging options for packets and sessions that match the MAC firewall policy
initiate-session Log session details when a session is created after passing a MAC firewall policy lookup
terminate-session Log session details when a session matching a MAC firewall policy is terminated
mobile-device-policy <string> [ rule <number> ] [ original-user-profile <string> ] device-group <string> reassigned-user-profile-attr <number>
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
rule Add a rule to the mobile device policy
<number> Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the HiveAP automatically assigns one.)
original-user-profile Specify the user profile that the HiveAP first assigns to traffic before it completes the device classification process
<string> Enter the original user profile (1-32 chars)
device-group Set the device group that the policy rule references to classify the type of client device in use
<string> Enter a device group name (1-32 chars)
reassigned-user-profile-attr Reassign the client to a different user profile if it belongs to the specified device group or was initially assigned to the specified original user profile
<number> Enter the attribute of the user profile to assign in place of the originally assigned one (Range: 0-4095)
mobile-device-policy <string> apply {once|multiple-times}
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
apply Set the method for applying mobile device policy rules
once Apply a policy rule once if a client match is found after finishing the complete device type classification process(Default: Once)
multiple-times Apply a policy rule if a client match is found at any point during the device type detection process (Default: Once)(Note: Different rules might be applied at different times as the HiveAP collects more information about a client.)
mobile-device-policy <string> client-classification [ {mac} ] [ {domain} ] [ {os} ]
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
client-classification Set the client device classification methods that you want to use
mac Use the client classification method that is based on the MAC address of the device
domain Use the client classification method that is based on the computer domain to which a client belongs in the database
os Use the client classification method that is based on the OS running on the device
mobile-device-policy <string> rule <number> {before|after} rule <number>
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
rule Add a rule to the mobile device policy
<number> Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the HiveAP automatically assigns one.)
before Move the mobile device policy rule before another rule in the policy
after Move the mobile device policy rule after another rule in the policy
rule Set a rule before or after another rule in the mobile device policy
<number> Enter a rule ID number (Range: 1-65535)
mobility-policy <string> dnxp
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
dnxp Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring hive members)
mobility-policy <string> dnxp nomadic-roaming
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
dnxp Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring hive members)
nomadic-roaming Enable fast roaming support on nonneighboring hive members in different subnets (Default: predictive-roaming)
mobility-policy <string> dnxp unroam-threshold <number> <number>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
dnxp Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring hive members)
unroam-threshold Set the minimum traffic level required to continue tunneling traffic back to the original subnet of a L3 roaming client. (Note: If the volume of client traffic dips below the threshold, it is disassociated.)
<number> Enter the minimum number of packets/minute to and from the client required to continue tunneling its traffic back to its original subnet (Default: 0; Range: 0-2147483647; Note: The value "0" disables the unroaming feature.)
<number> Enter the interval in seconds for polling traffic statistics (Default: 60 seconds; Range: 10-600)
mobility-policy <string> inxp gre-tunnel from <ip_addr/netmask> password <string>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
inxp Assign INXP (Identity Network eXtension Protocol) for the mobility policy
gre-tunnel Set the INXP gre-tunnel parameters
from Set the INXP gre-tunnel source parameters
<ip_addr/netmask> Enter subnet for INXP gre-tunnel source
password Set password for INXP gre-tunnel
<string> Enter password for INXP gre-tunnel (1-64 chars)
mobility-policy <string> inxp gre-tunnel to <ip_addr> <ip_addr> password <string>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
inxp Assign INXP (Identity Network eXtension Protocol) for the mobility policy
gre-tunnel Set the INXP gre-tunnel parameters
to Set the INXP gre-tunnel destination parameters
<ip_addr> Enter start IP address for INXP gre-tunnel destination
<ip_addr> Enter end IP address for INXP gre-tunnel destination
password Set password for INXP gre-tunnel
<string> Enter password for INXP gre-tunnel (1-64 chars)
mobility-policy <string> inxp gre-tunnel to <ip_addr> password <string>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
inxp Assign INXP (Identity Network eXtension Protocol) for the mobility policy
gre-tunnel Set the INXP gre-tunnel parameters
to Set the INXP gre-tunnel destination parameters
<ip_addr> Enter start IP address for INXP gre-tunnel destination
password Set password for INXP gre-tunnel
<string> Enter password for INXP gre-tunnel (1-64 chars)
mobility-threshold gre-tunnel permitted-load {low|medium|high}
mobility-threshold Set parameters for tunneling mobile user traffic
gre-tunnel Set the volume of traffic that the local AP will accept through GRE (Generic Routing Encapsulation) tunnels (Note: Only set this option on portals.)
permitted-load Set a level determining the amount of traffic the local AP will accept through GRE tunnels
low Accept a relatively low number of tunnels (Default: high)
medium Accept a relatively moderate number of tunnels (Default: high)
high Accept a relatively high number of tunnels (Default: high)
network-firewall name <string> [ from {any|vpn} ] [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
any Apply the rule regardless of the traffic source
vpn Apply the rule if the traffic comes from a VPN tunnel
to Apply the rule based on the traffic destination (Default: any)
any Apply the rule regardless of the traffic destination
vpn Apply the rule if the traffic destination is a VPN tunnel
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> [ from {any|vpn} ] to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
any Apply the rule regardless of the traffic source
vpn Apply the rule if the traffic comes from a VPN tunnel
to Apply the rule based on the traffic destination (Default: any)
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter a host or domain name (1-32 chars)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> [ from {any|vpn} ] to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
any Apply the rule regardless of the traffic source
vpn Apply the rule if the traffic comes from a VPN tunnel
to Apply the rule based on the traffic destination (Default: any)
ip-range Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> [ from {any|vpn} ] to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
any Apply the rule regardless of the traffic source
vpn Apply the rule if the traffic comes from a VPN tunnel
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
<mask> Enter a netmask
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> [ from {any|vpn} ] to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
any Apply the rule regardless of the traffic source
vpn Apply the rule if the traffic comes from a VPN tunnel
to Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from ip-range <ip_addr> <ip_addr> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
ip-range Set a range of IP addresses as the traffic source
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
to Apply the rule based on the traffic destination (Default: any)
any Apply the rule regardless of the traffic destination
vpn Apply the rule if the traffic destination is a VPN tunnel
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
ip-range Set a range of IP addresses as the traffic source
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
to Apply the rule based on the traffic destination (Default: any)
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter a host or domain name (1-32 chars)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
ip-range Set a range of IP addresses as the traffic source
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
to Apply the rule based on the traffic destination (Default: any)
ip-range Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
ip-range Set a range of IP addresses as the traffic source
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
<mask> Enter a netmask
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
ip-range Set a range of IP addresses as the traffic source
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
to Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from network <ip_addr> <mask> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
any Apply the rule regardless of the traffic destination
vpn Apply the rule if the traffic destination is a VPN tunnel
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from network <ip_addr> <mask> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter a host or domain name (1-32 chars)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from network <ip_addr> <mask> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
ip-range Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from network <ip_addr> <mask> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
<mask> Enter a netmask
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from network <ip_addr> <mask> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from user-profile <string> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
user-profile Apply the rule if the HiveAP assigns a user profile to the traffic
<string> Enter the user profile name (1-32 chars)
to Apply the rule based on the traffic destination (Default: any)
any Apply the rule regardless of the traffic destination
vpn Apply the rule if the traffic destination is a VPN tunnel
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from user-profile <string> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
user-profile Apply the rule if the HiveAP assigns a user profile to the traffic
<string> Enter the user profile name (1-32 chars)
to Apply the rule based on the traffic destination (Default: any)
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter a host or domain name (1-32 chars)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from user-profile <string> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
user-profile Apply the rule if the HiveAP assigns a user profile to the traffic
<string> Enter the user profile name (1-32 chars)
to Apply the rule based on the traffic destination (Default: any)
ip-range Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from user-profile <string> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
user-profile Apply the rule if the HiveAP assigns a user profile to the traffic
<string> Enter the user profile name (1-32 chars)
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
<mask> Enter a netmask
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from user-profile <string> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
user-profile Apply the rule if the HiveAP assigns a user profile to the traffic
<string> Enter the user profile name (1-32 chars)
to Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from wildcard <ip_addr> <mask> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
any Apply the rule regardless of the traffic destination
vpn Apply the rule if the traffic destination is a VPN tunnel
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from wildcard <ip_addr> <mask> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter a host or domain name (1-32 chars)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from wildcard <ip_addr> <mask> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
ip-range Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from wildcard <ip_addr> <mask> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
<mask> Enter a netmask
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from wildcard <ip_addr> <mask> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
ntp enable
ntp Set NTP (Network Time Protocol) parameters
enable Enable the local AP to act as an NTP client
ntp interval <number>
ntp Set NTP (Network Time Protocol) parameters
interval Set the interval for synchronizing the internal clock with an NTP server
<number> Enter the interval in minutes (Default: 1440; Range: 60-10080)
ntp server <string> [ {second|third|fourth} ] [ {via-vpn-tunnel} ]
ntp Set NTP (Network Time Protocol) parameters
server Set NTP server parameters
<string> Enter the IP address or domain name of an NTP server (1-32 chars)
second Set the priority of the NTP server as second
third Set its priority as third
fourth Set its priority as fourth
via-vpn-tunnel Send all NTP traffic through a VPN tunnel (Note: Set this option on VPN clients when the NTP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
os-detection enable
os-detection Set the OS (Operating System) detection parameters
enable Enable OS detection to learn client station operating systems (Default: Enabled)
os-detection method dhcp-option55
os-detection Set the OS (Operating System) detection parameters
method Set the OS detection method (Note: HiveAPs can detect the OS of client stations using option 55 in the DHCP packets or by parsing the HTTP headers to find the User-Agent field.)
dhcp-option55 Detect client station operating systems by parsing option 55 in DHCP messages from clients (Default: Enabled)
os-detection method user-agent
os-detection Set the OS (Operating System) detection parameters
method Set the OS detection method (Note: HiveAPs can detect the OS of client stations using option 55 in the DHCP packets or by parsing the HTTP headers to find the User-Agent field.)
user-agent Detect client station operating systems by parsing the User-Agent field in HTTP packets (Default: Disabled)
os-object <string> os-version <string>
os-object Set parameters for an OS object that the HiveAP can use to assign a client running a matching OS to a user profile (Max: 64 OS objects per HiveAP.)
<string> Enter an OS object name (1-32 chars; Note: The object name is an admin-defined name and does not have to be the name of an operating system.)
os-version Set the name and version of an operating system version (Max: 32 OS versions per OS object)
<string> Enter the exact text string that identifies an operating system as it appears in the user agent ID field in HTTP headers (1-32 chars; Note: Use quotation marks if spaces are required. Examples: "Windows NT 5.1", "Mac OS X", "Linux i686")
os-version <string> option55 <string>
os-version Set the OS (operating system) version you want to detect in the DHCP packets
<string> Enter the OS version name (1-32 chars; Note: The OS version name can be in any form you choose; for example, "Windows XP" or "WinXP".)
option55 Set the option 55 string for the type of operating system you want to detect
<string> Enter the DHCP option 55 string (1-256 chars)
performance-sentinel notification-interval <number>
performance-sentinel Set performance sentinel parameters to moderate client throughput
notification-interval Set the interval for sending SNMP traps to HiveManager to update the performance sentinel log
<number> Enter the performance sentinel log update interval in seconds (Default: 600; Range: 30-1800)
ping <ip_addr> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
ping Perform a ping
<ip_addr> Enter the destination IP address
count Stop pinging after sending the specified number of ICMP echo requests
<number> Enter a number after sending the number of ICMP echo requests the pinging stop (Default: 5, Range: 1-65535)
size Set the size of the ICMP packets
<number> Enter the packet size in bytes (Default: 56, Range: 1-1024)
ttl Set the TTL (time to live)
<number> Enter the TTL (Range: 1-255)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 10; Range: 1-60)
ping <string> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
ping Perform a ping
<string> Enter the destination domain name (1-32 chars)
count Set the number of ICMP echo requests to send
<number> Enter the number of ICMP echo requests (Default: 5, Range: 1-65535)
size Set the size of the ICMP packets
<number> Enter the packet size in bytes (Default: 56, Range: 1-1024)
ttl Set the TTL (time to live)
<number> Enter the TTL (Range: 1-255)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 10; Range: 1-60)
probe <ip_addr|mac_addr> [ size <number> ] [ src-mac <mac_addr> ] [ wait-time <number> ] [ ttl <number> ] [ count <number> ]
probe Set the probe parameters
<ip_addr> Enter the target IP or MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
size Set the probe request packet size (default: 256 bytes)
<number> Enter a packet size (range: 256-1400 bytes)
src-mac Set the Source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
wait-time Set the timeout value (default: 1 second)
<number> Enter an timeout value (range: 1-30 seconds)
ttl Set the TTL value (default 32)
<number> Enter an TTL value (range: 1-255)
count Set probe request count (default: 5)
<number> Enter the probe request count (range: 1-64)
probe portal [ size <number> ] [ src-mac <mac_addr> ] [ wait-time <number> ] [ ttl <number> ] [ count <number> ]
probe Set the probe parameters
portal Set the target of the probe as the MAC address of the HiveAP acting as portal
size Set the probe request packet size (default: 256 bytes)
<number> Enter a packet size (range: 256-1400 bytes)
src-mac Set the Source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
wait-time Set the timeout value (default: 1 second)
<number> Enter an timeout value (range: 1-30 seconds)
ttl Set the TTL value (default 32)
<number> Enter an TTL value (range: 1-255)
count Set probe request count (default: 5)
<number> Enter the probe request count (range: 1-64)
qos airtime enable
qos Set QoS (Quality of Service) parameters
airtime Set QoS parameters based on the amount of airtime that wireless client traffic uses
enable Enable dynamic airtime scheduling
qos airtime rate-preference-weight {none|moderate|high}
qos Set QoS (Quality of Service) parameters
airtime Set QoS parameters based on the amount of airtime that wireless client traffic uses
rate-preference-weight Set a preference for forwarding traffic to and from wireless clients that are capable of fast data transfer rates
none Set no preference for clients with a fast data rate (Default: high)
moderate Set a moderate preference for clients with a fast data rate (Default: high)
high Set a high preference for clients with a fast data rate (Default: high)
qos classifier-map 80211e <number> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
80211e Map IEEE 802.11e user priority markers on incoming packets to Aerohive QoS classes
<number> Enter IEEE 802.11e user priority (Range: 0-7)
<number> Enter Aerohive QoS class (Range: 0-7)
qos classifier-map 8021p <number> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
8021p Map IEEE 802.1p priority markers on incoming packets to Aerohive QoS classes
<number> Enter IEEE 802.1p Priority (Range: 0-7)
<number> Enter Aerohive QoS class (Range: 0-7)
qos classifier-map diffserv <number> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
diffserv Map diffserv DSCP (Differentiated Services Code Point) values on incoming packets to Aerohive QoS classes
<number> Enter the DSCP class (Range: 0-63)
<number> Enter the Aerohive QoS class (Range: 0-7)
qos classifier-map interface <ethx> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
interface Map incoming Ethernet traffic to Aerohive QoS classes by its ingress interface (eth0)
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
<number> Enter the Aerohive QoS class (Range: 0-7)
qos classifier-map oui <oui> [ qos <number> ] [ action {permit|deny|log} ] [ comment <string> ]
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
oui Set a MAC OUI (Organizational Unique Identifier) classification table
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
qos Set an Aerohive QoS class to the MAC
<number> Enter Aerohive QoS class (Range: 0-7)
action Set an action to the MAC OUI
permit permit the packet
deny deny the packet
log log the packet
comment Add a comment to the MAC OUI
<string> Enter a comment (Maximum:32 chars) to the MAC
qos classifier-map service <string> [ qos <number> ] [ action {permit|deny|log} ]
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
service Set service-based classification table
<string> Enter service name (1-32 chars)
qos Set an Aerohive QoS class to the service
<number> Enter the Aerohive QoS class (Range: 0-7)
action Set the action to take when receiving a packet for this service
permit permit the packet
deny deny the packet
log log the packet
qos classifier-map ssid <string> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
ssid Map incoming wireless traffic to Aerohive QoS classes by SSID
<string> Enter an SSID name
<number> Enter the Aerohive QoS class (Range: 0-7)
qos classifier-profile <string> [ {interface/ssid-only|8021p|80211e|diffserv|interface/ssid|mac|service} ]
qos Set QoS (Quality of Service) parameters
classifier-profile Set a QoS classification profile
<string> Enter a classifier profile name (1-32 chars)
interface/ssid-only Classify all incoming and outgoing packets using the interface or SSID bound to this classifier profile (Note: The interface/ssid-only method cannot be combined with other methods in the same classifier profile or applied to more than one profile. This profile has precedence over all others.)
8021p Classify incoming packets by 802.1p priority markers present in Layer2 frame headers
80211e Classify incoming packets by 802.11e priority markers present in wireless frame headers
diffserv Classify incoming packets by DiffServ DSCP values present in Layer3 packet headers
interface/ssid Classify packets by the interface or SSID that they traverse (Note: If two interface/SSID classifier profiles apply to the same session, the one providing better QoS is used.)
mac Classify packets by the OUI (organizationally unique identifier) of the session participants (Note: If two OUI classifier profiles apply to the same session, the one providing better QoS is used.)
service Classify incoming packets by network service type
qos enable
qos Set QoS (Quality of Service) parameters
enable Enable QoS (Quality of Service)
qos l3-police interface <string> enable
qos Set QoS (Quality of Service) parameters
l3-police Set parameters for simplified Layer 3 (VoIP QoS) policing
interface Set simplified Layer 3 (VoIP QoS) parameters for the specified interface
<string> Interface name
enable Enable Layer 3 policing for the specified interface
qos l3-police interface <string> max-download-bw <number>
qos Set QoS (Quality of Service) parameters
l3-police Set parameters for simplified Layer 3 (VoIP QoS) policing
interface Set simplified Layer 3 (VoIP QoS) parameters for the specified interface
<string> Interface name
max-download-bw Set the maximum download bandwidth in Kbps
<number> The maximum download bandwidth in Kbps (the default is 100 Kbps)
qos l3-police interface <string> max-upload-bw <number>
qos Set QoS (Quality of Service) parameters
l3-police Set parameters for simplified Layer 3 (VoIP QoS) policing
interface Set simplified Layer 3 (VoIP QoS) parameters for the specified interface
<string> Interface name
max-upload-bw Set the maximum upload bandwidth in Kbps
<number> The maximum upload bandwidth in Kbps (Default: 100)
qos l3-police voip-detect-timeout <number>
qos Set QoS (Quality of Service) parameters
l3-police Set parameters for simplified Layer 3 (VoIP QoS) policing
voip-detect-timeout Sets timeout used to turn off VoIP QoS policing after VoIP media traffic detection stops
<number> The timeout duration in seconds (the default is 10 seconds)
qos marker-map 80211e <number> <number>
qos Set QoS (Quality of Service) parameters
marker-map Map Aerohive QoS classes to QoS priority markers on outgoing packets
80211e Map Aerohive QoS classes to IEEE 802.11e user priority markers on outgoing packets
<number> Enter the Aerohive QoS class (Range: 0-7)
<number> Enter the IEEE 802.11e user priority (Range: 0-7)
qos marker-map 8021p <number> <number>
qos Set QoS (Quality of Service) parameters
marker-map Map Aerohive QoS classes to QoS priority markers on outgoing packets
8021p Map Aerohive QoS classes to IEEE 802.1p priority markers on outgoing packets
<number> Enter Aerohive QoS class (Range: 0-7)
<number> Enter IEEE 802.1p Priority (Range: 0-7)
qos marker-map diffserv <number> <number>
qos Set QoS (Quality of Service) parameters
marker-map Map Aerohive QoS classes to QoS priority markers on outgoing packets
diffserv Map Aerohive QoS classes to diffserv DSCP (Differentiated Services Code Point) values on outgoing packets
<number> Enter the Aerohive QoS class (Range: 0-7)
<number> Enter the DSCP class (Range: 0-63)
qos marker-profile <string> [ {8021p|80211e|diffserv} ]
qos Set QoS (Quality of Service) parameters
marker-profile Set a QoS marker profile
<string> Enter the marker profile name (1-32 chars)
8021p Use 802.1p priority markers in Layer 2 frame headers as the marking method
80211e Use 802.11e priority markers in wireless frame headers as the marking method
diffserv Use DiffServ DSCP values in Layer 3 packet headers as the marking method
qos policy <string> [ user-profile <number> <number> ] [ user <number> ] [ qos <number> {strict|wrr} <number> <number> ]
qos Set QoS (Quality of Service) parameters
policy Set a QoS policy to control traffic forwarding
<string> Enter the policy name (1-32 chars)
user-profile Set QoS policy parameters at the user profile level
<number> Enter the user profile rate limit in kbps (Range: 0-2000000)
<number> Enter the scheduling weight for the user profile (Range: 0-1000)
user Set QoS parameters at the user level
<number> Enter the user rate limit in kbps (Range: 0-2000000)
qos Set QoS parameters at the Aerohive QoS class level
<number> Enter the Aerohive QoS class (Range: 0-7)
strict Set the scheduling mode as strict to forward traffic without queuing it
wrr Set the scheduling mode as WRR (weighted round robin) to queue traffic and use rate limits and weights to prioritize forwarding
<number> Enter the class rate limit in kbps (Range: 0-2000000)
<number> Enter the scheduling weight (Range: 0-1000; Note: If the scheduling mode is strict, its weight must be zero.)
quit
quit Quit CLI (Command Line Interface)
radio profile <string>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
radio profile <string> acsp access channel-auto-select time-range <time> <time> [ station <number> ]
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
access Set access point interface parameters
channel-auto-select Set conditions for automatically selecting radio channels
time-range Set the time range when a new radio channel can be selected (Note: During this time, the radio re-evaluates the channel in use. It might switch to a different channel or continue using the same channel.)
<time> Enter the start time (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
<time> Enter the end time (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
station Set the maximum number of stations that can be connected to the HiveAP when selecting a channel (If more are connected during the time range, no channel selection occurs.)
<number> Enter the station maximum (Range: 0-100; Default: 0)
radio profile <string> acsp all-channels-model enable
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
all-channels-model Set all channels from which the radio can select the optimal channel
enable Enable all channels selection
radio profile <string> acsp channel-model 4-channels [ <channel_g4> ]
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
channel-model Set the pool of channels from which the radio can select the optimal channel
4-channels Set 4-channel model (Defaults: USA: 3 channels, 01-06-11, 01-04-08-11; Europe: 4 channels, 01-05-09-13, 01-06-11; Japan: 4 channels, 01-05-09-14, 01-06-11)
<channel_g4> Enter the pool of channels from which the radio can select one to use (Format: xx-xx-xx-xx;)
radio profile <string> acsp channel-model {3-channels} [ <channel_g3> ]
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
channel-model Set the pool of channels from which the radio can select the optimal channel
3-channels Set 3-channel model (Defaults: USA: 3 channels, 01-06-11, 01-04-08-11; Europe: 4 channels, 01-05-09-13, 01-06-11; Japan: 4 channels, 01-05-09-14, 01-06-11)
<channel_g3> Enter the pool of channels from which the radio can select one to use (Format: xx-xx-xx;)
radio profile <string> acsp interference-switch crc-err-threshold <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
interference-switch Set parameters for the collection of RF interference-related data and switch channels if the threshold is reached
crc-err-threshold Set an RF interference threshold based on the rate of CRC (cyclic redundancy check) errors (Note: If the rate of CRC errors exceeds this threshold, the HiveAP switches channels)
<number> Enter the threshold as a percent (Default: 25; Range: 10-80)
radio profile <string> acsp interference-switch iu-threshold <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
interference-switch Set parameters for the collection of RF interference-related data and switch channels if the threshold is reached
iu-threshold Set an RF interference threshold based on interference utilization (Note: If the percent of interference utilization exceeds this value, the HiveAP switches channels)
<number> Enter the threshold as a percent (Default: 25; Range: 10-80)
radio profile <string> acsp interference-switch {enable|no-station-enable|disable}
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
interference-switch Set parameters for the collection of RF interference-related data and switch channels if the threshold is reached
enable Enable the radio to switch channels if the RF interference threshold is reached (Default setting: no-station-enable)
no-station-enable Enable the radio to switch channels only if the RF interference threshold is reached and no stations are connected (Default setting: no-station-enable)
disable Disable the radio from switching channels because of RF interference-related data (Default setting: no-station-enable)
radio profile <string> acsp max-tx-power <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
max-tx-power Set radio max transmit power
<number> Enter the max transmit power (Default: 20 dBm; Range: 10-20 dBm)
radio profile <string> ampdu
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
ampdu Enable AMPDU (Aggregate MAC Protocol Data Unit) transmissions to reduce overhead when the transmission channel is busy
radio profile <string> backhaul failover [ trigger-time <number> ] [ hold-time <number> ]
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
backhaul Set parameters for failing over the backhaul link from Ethernet to wireless (Note: Only set this command on a HiveAP that acts as a portal.)
failover Enable backhaul communications to fail over to the wireless link if the Ethernet link goes down (Default: enabled)
trigger-time Set how long the Ethernet link must be down to trigger a failover to the wireless link
<number> Enter the failover trigger time in seconds (Default: 2; Range: 1-5)
hold-time Set how long the Ethernet link must be up to revert backhaul communications from wireless to Ethernet
<number> Enter the hold time in seconds (Default: 30; Range: 1-300)
radio profile <string> beacon-period <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
beacon-period Set the period of time between beacon broadcasts
<number> Enter the beacon period in TUs (time units, a measurement of time equal to 1024 microseconds) for the radio profile (Default: 100, Range: 40-3500)
radio profile <string> benchmark phymode 11a rate {6|9|12|18|24|36|48|54} success <number> usage <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
benchmark Set benchmark parameters for gauging the health of client connectivity
phymode Set the physical mode for which you want to measure client connectivity
11a Set benchmark parameters for 11a mode
rate Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
6 Enter the transmission rate
9 Enter the transmission rate
12 Enter the transmission rate
18 Enter the transmission rate
24 Enter the transmission rate
36 Enter the transmission rate
48 Enter the transmission rate
54 Enter the transmission rate
success Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
<number> Enter the percent for successfully transmitted packets (Range: 1-100)
usage Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
<number> Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
radio profile <string> benchmark phymode 11b rate {1|2|5.5|11} success <number> usage <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
benchmark Set benchmark parameters for gauging the health of client connectivity
phymode Set the physical mode for which you want to measure client connectivity
11b Set benchmark parameters for 11b mode
rate Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
1 Enter the transmission rate
2 Enter the transmission rate
5.5 Enter the transmission rate
11 Enter the transmission rate
success Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
<number> Enter the percent for successfully transmitted packets (Range: 1-100)
usage Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
<number> Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
radio profile <string> benchmark phymode 11g rate {1|2|5.5|11|6|9|12|18|24|36|48|54} success <number> usage <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
benchmark Set benchmark parameters for gauging the health of client connectivity
phymode Set the physical mode for which you want to measure client connectivity
11g Set benchmark parameters for 11g mode
rate Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
1 Enter the transmission rate
2 Enter the transmission rate
5.5 Enter the transmission rate
11 Enter the transmission rate
6 Enter the transmission rate
9 Enter the transmission rate
12 Enter the transmission rate
18 Enter the transmission rate
24 Enter the transmission rate
36 Enter the transmission rate
48 Enter the transmission rate
54 Enter the transmission rate
success Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
<number> Enter the percent for successfully transmitted packets (Range: 1-100)
usage Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
<number> Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
radio profile <string> benchmark phymode 11n rate {6|9|12|18|24|36|48|54|mcs0|mcs1|mcs2|mcs3|mcs4|mcs5|mcs6|mcs7|mcs8|mcs9|mcs10|mcs11|mcs12|mcs13|mcs14|mcs15} success <number> usage <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
benchmark Set benchmark parameters for gauging the health of client connectivity
phymode Set the physical mode for which you want to measure client connectivity
11n Set benchmark parameters for 11n mode
rate Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
6 Enter the transmission rate
9 Enter the transmission rate
12 Enter the transmission rate
18 Enter the transmission rate
24 Enter the transmission rate
36 Enter the transmission rate
48 Enter the transmission rate
54 Enter the transmission rate
mcs0 Enter the transmission rate
mcs1 Enter the transmission rate
mcs2 Enter the transmission rate
mcs3 Enter the transmission rate
mcs4 Enter the transmission rate
mcs5 Enter the transmission rate
mcs6 Enter the transmission rate
mcs7 Enter the transmission rate
mcs8 Enter the transmission rate
mcs9 Enter the transmission rate
mcs10 Enter the transmission rate
mcs11 Enter the transmission rate
mcs12 Enter the transmission rate
mcs13 Enter the transmission rate
mcs14 Enter the transmission rate
mcs15 Enter the transmission rate
success Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
<number> Enter the percent for successfully transmitted packets (Range: 1-100)
usage Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
<number> Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
radio profile <string> channel-width {20|40-above|40-below}
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
channel-width Set the channel width and the extensive channel offset when channel width is 40 MHz
20 Enter the channel width and extensive channel offset (Default: 20 Mhz)
40-above Enter the channel width and extensive channel offset (Default: 20 Mhz)
40-below Enter the channel width and extensive channel offset (Default: 20 Mhz)
radio profile <string> deny-client {11b|11abg}
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
deny-client Deny connections from wireless clients using the specified standards
11b Deny connections from wireless clients using the 802.11b standard (Default: All connections are accepted)
11abg Deny connections from wireless clients using the 802.11a/b/g standard (Default: All connections are accepted; Note: This option is only allowed for radio profiles supporting 802.11n)
radio profile <string> detect-bssid-spoofing
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
detect-bssid-spoofing Enable the detection of spoofed BSSIDs (Default: Disabled)
radio profile <string> dfs
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
dfs Enable DFS (Dynamic Frequency Selection) so the radio can switch channels automatically when detecting a radar signal (Default: Disabled)
radio profile <string> dfs radar-detect-only
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
dfs Enable DFS (Dynamic Frequency Selection) so the radio can switch channels automatically when detecting a radar signal (Default: Disabled)
radar-detect-only Enable radar signal detection but do not change channels if it is detected (Default: Disabled)
radio profile <string> interference-map crc-err-threshold <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
interference-map Set parameters for the collection of RF interference-related data and the reporting of this data to HiveManager
crc-err-threshold Set an RF interference threshold based on the rate of CRC (cyclic redundancy check) errors (Note: If the rate of CRC errors exceeds this threshold, the HiveAP alerts HiveManager to switch from its regular polling interval to a shorter one)
<number> Enter the threshold as a percent (Default: 20; Range: 15-60)
radio profile <string> interference-map cu-threshold <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
interference-map Set parameters for the collection of RF interference-related data and the reporting of this data to HiveManager
cu-threshold Set an RF interference threshold based on channel utilization (Note: If the percent of channel utilization exceeds this value, the HiveAP alerts HiveManager to switch from its regular polling interval to a shorter one)
<number> Enter the threshold as a percent (Default: 20; Range: 15-60)
radio profile <string> interference-map enable
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
interference-map Set parameters for the collection of RF interference-related data and the reporting of this data to HiveManager
enable Enable the collection and reporting of RF interference-related data to HiveManager
radio profile <string> interference-map short-term-interval <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
interference-map Set parameters for the collection of RF interference-related data and the reporting of this data to HiveManager
short-term-interval Set the interval during which the HiveAP calculates a short-term average of channel utilization and CRC errors (Note: The HiveAP calculates three averages: a running average, a configurable short-term average, and a 60-second snapshot average)
<number> Enter the short-term interval in minutes (Default: 5; Range: 5-30)
radio profile <string> max-client <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
max-client Set radio profile's max number of clients/neighbors
<number> Enter the maximum number of clients (Range: 1-32)
radio profile <string> phymode {11a|11b/g|11na|11ng}
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
phymode Set the physical mode of the radio profile
11a Set the physical mode to 11a (Default: 11b/g)
11b/g Set the physical mode to 11b/g (Default: 11b/g)
11na Set the physical mode to 11na (Default: 11b/g)
11ng Set the physical mode to 11ng (Default: 11b/g)
radio profile <string> scan access
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
scan Enable scanning to detect neighboring APs
access Enable scanning for interfaces in access mode (Default: Enabled)
radio profile <string> scan access client
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
scan Enable scanning to detect neighboring APs
access Enable scanning for interfaces in access mode (Default: Enabled)
client Allow scanning to occur when clients are connected (Default: Allowed)
radio profile <string> scan access client power-save
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
scan Enable scanning to detect neighboring APs
access Enable scanning for interfaces in access mode (Default: Enabled)
client Allow scanning to occur when clients are connected (Default: Allowed)
power-save Allow scanning to occur when connected clients are in a power save state (Default: Disallowed)
radio profile <string> scan access interval <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
scan Enable scanning to detect neighboring APs
access Enable scanning for interfaces in access mode (Default: Enabled)
interval Set the scan interval
<number> Enter the scan interval in minutes (Default: 10 minutes; Range: 1-1440)
radio profile <string> scan access voice
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
scan Enable scanning to detect neighboring APs
access Enable scanning for interfaces in access mode (Default: Enabled)
voice Allow scanning to occur while processing voice traffic (Default: Disallowed)
radio profile <string> short-guard-interval
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
short-guard-interval Enable the short guard interval option (400ns) to avoid inter-symbol interference and improve media throughput (Note: This is only valid in 40-MHz channel mode.)
radio profile <string> short-preamble
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
short-preamble Set short preamble mode of radio profile
radio profile <string> tx-beamforming
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
tx-beamforming Enable beamforming on the transmit antennas (Default: Disabled)
radio profile <string> tx-rate {auto|1Mbps|2Mbps|5.5Mbps|6Mbps|9Mbps|11Mbps|12Mbps|18Mbps|24Mbps|36Mbps|48Mbps|54Mbps|MCS0|MCS1|MCS2|MCS3|
MCS4|MCS5|MCS6|MCS7|MCS8|MCS9|MCS10|MCS11|MCS12|MCS13|MCS14|MCS15|MCS16|MCS17|MCS18|MCS19|MCS20|MCS21|MCS22|MCS23}
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
tx-rate Set the Tx (transmission) rate for the radio profile
auto Set the radio to determine its transmission rate automatically (Default: auto; Range: 1-54 Mbps)
1Mbps Set the transmit rate as 1Mbps (Only for 802.11bg and 802.11ng)
2Mbps Set the transmit rate as 2Mbps (Only for 802.11bg and 802.11ng)
5.5Mbps Set the transmit rate as 5.5Mbps (Only for 802.11bg and 802.11ng)
6Mbps Set the transmit rate as 6Mbps
9Mbps Set the transmit rate as 9Mbps
11Mbps Set the transmit rate as 11Mbps (Only for 802.11bg and 802.11ng)
12Mbps Set the transmit rate as 12Mbps
18Mbps Set the transmit rate as 18Mbps
24Mbps Set the transmit rate as 24Mbps
36Mbps Set the transmit rate as 36Mbps
48Mbps Set the transmit rate as 48Mbps
54Mbps Set the transmit rate as 54Mbps
MCS0 Set the transmit rate as MCS0
MCS1 Set the transmit rate as MCS1
MCS2 Set the transmit rate as MCS2
MCS3 Set the transmit rate as MCS3
MCS4 Set the transmit rate as MCS4
MCS5 Set the transmit rate as MCS5
MCS6 Set the transmit rate as MCS6
MCS7 Set the transmit rate as MCS7
MCS8 Set the transmit rate as MCS8
MCS9 Set the transmit rate as MCS9
MCS10 Set the transmit rate as MCS10
MCS11 Set the transmit rate as MCS11
MCS12 Set the transmit rate as MCS12
MCS13 Set the transmit rate as MCS13
MCS14 Set the transmit rate as MCS14
MCS15 Set the transmit rate as MCS15
MCS16 Set the transmit rate as MCS16 (Only for the HiveAP 330 and 350)
MCS17 Set the transmit rate as MCS17 (Only for the HiveAP 330 and 350)
MCS18 Set the transmit rate as MCS18 (Only for the HiveAP 330 and 350)
MCS19 Set the transmit rate as MCS19 (Only for the HiveAP 330 and 350)
MCS20 Set the transmit rate as MCS20 (Only for the HiveAP 330 and 350)
MCS21 Set the transmit rate as MCS21 (Only for the HiveAP 330 and 350)
MCS22 Set the transmit rate as MCS22 (Only for the HiveAP 330 and 350)
MCS23 Set the transmit rate as MCS23 (Only for the HiveAP 330 and 350)
radio profile <string> wmm ac {background|best-effort|video|voice} aifs <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
wmm Set Wi-Fi Multimedia parameters
ac Set Access Category parameters
background Set background access category parameters
best-effort Set best-effort access category parameters
video Set video access category parameters
voice Set voice access category parameters
aifs Set AIFS (arbitration interframe space) parameters
<number> Set the AIFS value (Range: 0-15)
radio profile <string> wmm ac {background|best-effort|video|voice} cwmax <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
wmm Set Wi-Fi Multimedia parameters
ac Set Access Category parameters
background Set background access category parameters
best-effort Set best-effort access category parameters
video Set video access category parameters
voice Set voice access category parameters
cwmax Set maximal contention window parameters
<number> contention window maximal value (Range: 1-15)
radio profile <string> wmm ac {background|best-effort|video|voice} cwmin <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
wmm Set Wi-Fi Multimedia parameters
ac Set Access Category parameters
background Set background access category parameters
best-effort Set best-effort access category parameters
video Set video access category parameters
voice Set voice access category parameters
cwmin Set minimal contention window parameters
<number> Set contention window minimal value (Range: 1-15)
radio profile <string> wmm ac {background|best-effort|video|voice} noack
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
wmm Set Wi-Fi Multimedia parameters
ac Set Access Category parameters
background Set background access category parameters
best-effort Set best-effort access category parameters
video Set video access category parameters
voice Set voice access category parameters
noack Set no acknowledgments
radio profile <string> wmm ac {background|best-effort|video|voice} txoplimit <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 chars)
wmm Set Wi-Fi Multimedia parameters
ac Set Access Category parameters
background Set background access category parameters
best-effort Set best-effort access category parameters
video Set video access category parameters
voice Set voice access category parameters
txoplimit Set transmission opportunity limit parameters
<number> Set transmission opportunity limit value (Range: 0-8192; Note: Your input must be multiples of 64)
reboot
reboot Reboot the system
reboot date <date> time <time>
reboot Reboot the system
date Schedule the system to reboot at a specific date and time
<date> Enter the date when you want the system to reboot (Format: yyyy-mm-dd; Default: The current date provided by HiveOS)
time Set the time when you want the system to reboot
<time> Enter the time (Format: hh:mm:ss; Default: 00:00:00)
reboot offset <time>
reboot Reboot the system
offset Schedule the system to reboot at a time relative to the moment you enter the command
<time> Enter the length of time after which the system will reboot (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss; Default:00:00:00)
report statistic alarm-threshold client {tx-drop-rate|rx-drop-rate|tx-retry-rate|airtime-consumption} <number>
report Set the parameters for gathering traffic statistics and reporting them to HiveManager
statistic Set the periodic reporting of interface-level and client-level traffic statistics
alarm-threshold Set the alarm threshold for the CRC error rate, Tx/Rx drop rate, and Tx retry rate(Note: If the rate exceeds the threshold, the HiveAP sends an alarm to HiveManager.)
client Set the Tx/Rx drop rate, Tx retry rate, and airtime consumption alarm threshold of clients
tx-drop-rate Set the Tx drop rate alarm threshold for clients (Default: 40%)
rx-drop-rate Set the Rx drop rate alarm threshold for clients (Default: 40%)
tx-retry-rate Set the Tx retry rate alarm threshold for clients (Default: 40%)
airtime-consumption Set the airtime consumption (Tx airtime percentage + Rx airtime percentage) alarm threshold for clients (Default: 30%)
<number> Enter the alarm threshold (Range: 1-100)
report statistic alarm-threshold interface {crc-error-rate|tx-drop-rate|rx-drop-rate|tx-retry-rate|airtime-consumption} <number>
report Set the parameters for gathering traffic statistics and reporting them to HiveManager
statistic Set the periodic reporting of interface-level and client-level traffic statistics
alarm-threshold Set the alarm threshold for the CRC error rate, Tx/Rx drop rate, and Tx retry rate(Note: If the rate exceeds the threshold, the HiveAP sends an alarm to HiveManager.)
interface Set the CRC error rate, Tx/Rx drop rate, Tx retry rate, and airtime consumption alarm threshold of wifi interfaces
crc-error-rate Set CRC error rate alarm threshold for the wifi interfaces (Default: 30%)
tx-drop-rate Set the Tx drop rate alarm threshold for the wifi interfaces (Default: 40%)
rx-drop-rate Set the Rx drop rate alarm threshold for the wifi interfaces (Default: 40%)
tx-retry-rate Set the Tx retry rate alarm threshold for the wifi interfaces (Default: 40%)
airtime-consumption Set the airtime consumption (Tx airtime percentage + Rx airtime percentage) alarm threshold for the wifi interfaces (Default: 50%)
<number> Enter the alarm threshold (Range: 1-100)
report statistic enable
report Set the parameters for gathering traffic statistics and reporting them to HiveManager
statistic Set the periodic reporting of interface-level and client-level traffic statistics
enable Enable the creation of traffic statistics reports
report statistic period <number>
report Set the parameters for gathering traffic statistics and reporting them to HiveManager
statistic Set the periodic reporting of interface-level and client-level traffic statistics
period Set the time interval for gathering traffic statistics and calculating percentages
<number> Enter the time interval (Default: 10 minutes; Supported: 1, 5, 10, 30 or 60 minutes)
reset config [ {bootstrap} ]
reset Return the configuration to its default settings or the files in a web directory to the default file set
config Reset the configuration to the factory default settings and reboot
bootstrap Clear bootstrap configuration
reset web-directory [ <string> [ {save-to-flash} ] ]
reset Return the configuration to its default settings or the files in a web directory to the default file set
web-directory Reset the files in all web directories, in a specific directory, or in directories referenced by SSIDs to the default file set
<string> Enter the web directory name to reset files in the directory to the default file set (1-32 chars)
save-to-flash Save the default set of files in the specified directory to flash memory
reset web-directory all-running-ssid
reset Return the configuration to its default settings or the files in a web directory to the default file set
web-directory Reset the files in all web directories, in a specific directory, or in directories referenced by SSIDs to the default file set
all-running-ssid Reset the web directories for all SSIDs to the default file set
reset-button reset-config-enable
reset-button Enable the reset button on the AP chassis to reset the AP config
reset-config-enable Enable the reset button to reset the AP to its factory default settings or, if set, to a bootstrap config (Default: enabled)
roaming cache update-interval <number> ageout <number>
roaming Set roaming parameter
cache Set the interval between updates and the number of times to update station's roaming cache
update-interval Set the interval for sending roaming cache updates to neighbors
<number> Enter the roaming cache update interval in seconds (Default: 60; Range: 10-36000)
ageout Set how many times an entry must be absent from a neighbors updates before removing it from the roaming cache
<number> Enter the number of absences required to remove an entry (Default:60; Range: 1-1000)
roaming cache-broadcast neighbor-type access enable
roaming Set roaming parameter
cache-broadcast Set parameters for broadcasting roaming cache data to hive neighbors
neighbor-type Set the type of neighbor to which you want to broadcast roaming cache data
access Broadcast roaming cache data to hive neighbors discovered through wireless access links
enable Enable the broadcasting of roaming cache data to hive neighbors over wireless access links (Default: Enabled)
roaming cache-broadcast neighbor-type backhaul enable
roaming Set roaming parameter
cache-broadcast Set parameters for broadcasting roaming cache data to hive neighbors
neighbor-type Set the type of neighbor to which you want to broadcast roaming cache data
backhaul Broadcast roaming cache data to hive neighbors discovered through Ethernet and wireless backhaul links
enable Enable the broadcasting of roaming cache data to hive neighbors over backhaul links (Default: Enabled)
roaming hop <number>
roaming Set roaming parameter
hop Set the number of HiveAPs away from the source HiveAP to which it sends station authentication information
<number> Set roaming hop value (Defaule: 1, Range: 0-16)
roaming neighbor exclude ip <ip_addr>
roaming Set roaming parameter
neighbor Set which HiveAPs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
exclude Exclude dynamic roaming neighbor
ip Set IP address parameter for static roaming neighbor
<ip_addr> Enter IP address for static roaming neighbor
roaming neighbor include ip <ip_addr> <netmask>
roaming Set roaming parameter
neighbor Set which HiveAPs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
include Include dynamic roaming neighbor
ip Set IP address parameter for static roaming neighbor
<ip_addr> Enter IP address for static roaming neighbor
<netmask> Enter netmask for static roaming neighbor
roaming neighbor query-interval <number> query-times <number>
roaming Set roaming parameter
neighbor Set which HiveAPs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
query-interval Set roaming neighbor query interval
<number> Enter roaming neighbor query interval (Default: 10 secs; Min: 5; Max: 360000)
query-times Set roaming neighbor query times
<number> Enter roaming neighbor query times (Default: 5; Min: 2; Max: 1000)
roaming port <number>
roaming Set roaming parameter
port Set the port number that hive members use when sending roaming control data to each other
<number> Enter the port number for L3 roaming control traffic (Default: 3000; Range: 1500-65000; Note: The new setting must be at least 50 more or 50 less than the current setting.)
route <mac_addr> outgoing-interface <string> next-hop <mac_addr>
route Set a MAC address route
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
outgoing-interface Set outgoing interface
<string> Enter interface name
next-hop Set the MAC address of the next hop in the L2 forwarding route
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
routing internal-sub-network <ip_addr/netmask> [ {tunnel-dist-only} ]
routing Set routing parameters
internal-sub-network Set an internal subnetwork to be used in branch offices
<ip_addr/netmask> Enter the IP address and netmask for the internal subnetwork
tunnel-dist-only Do not advertise the route to the internal subnetwork via dynamic routing protocols
routing match-map <string> from {any} to {any|private}
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
any Apply the policy regardless of the traffic source
to Apply the policy based on the traffic destination prefix
any Apply the policy regardless of the traffic destination
private Private internet
routing match-map <string> from {any} to {hostname} <string>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
any Apply the policy regardless of the traffic source
to Apply the policy based on the traffic destination prefix
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter an destination hostname
routing match-map <string> from {any} to {iprange} <ip_addr> <ip_addr>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
any Apply the policy regardless of the traffic source
to Apply the policy based on the traffic destination prefix
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter a start IP address
<ip_addr> Enter an end IP address
routing match-map <string> from {any} to {network} <ip_addr/netmask>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
any Apply the policy regardless of the traffic source
to Apply the policy based on the traffic destination prefix
network Set a network as the traffic destination
<ip_addr/netmask> Enter an destination IP address
routing match-map <string> from {iprange} <ip_addr> <ip_addr> to {any|private}
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
iprange Set a range of IP addresses as the traffic source
<ip_addr> Entry start source IP address
<ip_addr> Entry end source IP address
to Apply the policy based on the traffic destination prefix
any Apply the policy regardless of the traffic destination
private Private internet
routing match-map <string> from {iprange} <ip_addr> <ip_addr> to {hostname} <string>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
iprange Set a range of IP addresses as the traffic source
<ip_addr> Entry start source IP address
<ip_addr> Entry end source IP address
to Apply the policy based on the traffic destination prefix
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter an destination hostname
routing match-map <string> from {iprange} <ip_addr> <ip_addr> to {iprange} <ip_addr> <ip_addr>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
iprange Set a range of IP addresses as the traffic source
<ip_addr> Entry start source IP address
<ip_addr> Entry end source IP address
to Apply the policy based on the traffic destination prefix
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter a start IP address
<ip_addr> Enter an end IP address
routing match-map <string> from {iprange} <ip_addr> <ip_addr> to {network} <ip_addr/netmask>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
iprange Set a range of IP addresses as the traffic source
<ip_addr> Entry start source IP address
<ip_addr> Entry end source IP address
to Apply the policy based on the traffic destination prefix
network Set a network as the traffic destination
<ip_addr/netmask> Enter an destination IP address
routing match-map <string> from {network} <ip_addr/netmask> to {any|private}
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
network Set a network as the traffic source
<ip_addr/netmask> Entry source IP address
to Apply the policy based on the traffic destination prefix
any Apply the policy regardless of the traffic destination
private Private internet
routing match-map <string> from {network} <ip_addr/netmask> to {hostname} <string>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
network Set a network as the traffic source
<ip_addr/netmask> Entry source IP address
to Apply the policy based on the traffic destination prefix
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter an destination hostname
routing match-map <string> from {network} <ip_addr/netmask> to {iprange} <ip_addr> <ip_addr>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
network Set a network as the traffic source
<ip_addr/netmask> Entry source IP address
to Apply the policy based on the traffic destination prefix
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter a start IP address
<ip_addr> Enter an end IP address
routing match-map <string> from {network} <ip_addr/netmask> to {network} <ip_addr/netmask>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
network Set a network as the traffic source
<ip_addr/netmask> Entry source IP address
to Apply the policy based on the traffic destination prefix
network Set a network as the traffic destination
<ip_addr/netmask> Enter an destination IP address
routing match-map <string> {iif} <ethx> to {any|private}
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
iif Apply the policy based on the traffic incoming LAN interface
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
to Apply the policy based on the traffic destination prefix
any Apply the policy regardless of the traffic destination
private Private internet
routing match-map <string> {iif} <ethx> to {hostname} <string>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
iif Apply the policy based on the traffic incoming LAN interface
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
to Apply the policy based on the traffic destination prefix
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter an destination hostname
routing match-map <string> {iif} <ethx> to {iprange} <ip_addr> <ip_addr>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
iif Apply the policy based on the traffic incoming LAN interface
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
to Apply the policy based on the traffic destination prefix
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter a start IP address
<ip_addr> Enter an end IP address
routing match-map <string> {iif} <ethx> to {network} <ip_addr/netmask>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
iif Apply the policy based on the traffic incoming LAN interface
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
to Apply the policy based on the traffic destination prefix
network Set a network as the traffic destination
<ip_addr/netmask> Enter an destination IP address
routing match-map <string> {user-profile} <string> to {any|private}
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
user-profile Apply the policy if the HiveAP assigns a user profile to the traffic
<string> Set user-profile name (1-32 chars)
to Apply the policy based on the traffic destination prefix
any Apply the policy regardless of the traffic destination
private Private internet
routing match-map <string> {user-profile} <string> to {hostname} <string>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
user-profile Apply the policy if the HiveAP assigns a user profile to the traffic
<string> Set user-profile name (1-32 chars)
to Apply the policy based on the traffic destination prefix
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter an destination hostname
routing match-map <string> {user-profile} <string> to {iprange} <ip_addr> <ip_addr>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
user-profile Apply the policy if the HiveAP assigns a user profile to the traffic
<string> Set user-profile name (1-32 chars)
to Apply the policy based on the traffic destination prefix
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter a start IP address
<ip_addr> Enter an end IP address
routing match-map <string> {user-profile} <string> to {network} <ip_addr/netmask>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
user-profile Apply the policy if the HiveAP assigns a user profile to the traffic
<string> Set user-profile name (1-32 chars)
to Apply the policy based on the traffic destination prefix
network Set a network as the traffic destination
<ip_addr/netmask> Enter an destination IP address
routing policy <string> id <number> match-map <string> route-map <string>
routing Set routing parameters
policy Set parameters for a routing policy
<string> Enter routing policy name (1-32 chars)
id Assign a routing policy ID (range: 1 - 128)
<number> Enter a routing policy ID (range: 1 - 128)
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
route-map Set route-map parameters for a routing policy
<string> Enter route map name (1-32 chars)
routing route-map <string> via <ethx|usbnetx|wifix>
routing Set routing parameters
route-map Set route-map parameters for a routing policy
<string> Enter route map name (1-32 chars)
via Specify the nexthop of traffic
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
<usbnetx> Enter the name of the usbnet interface (Ranges x: 0)
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
routing route-map <string> via {encrypted|blackhole}
routing Set routing parameters
route-map Set route-map parameters for a routing policy
<string> Enter route map name (1-32 chars)
via Specify the nexthop of traffic
encrypted encryped
blackhole via blackhole
routing route-request enable
routing Set routing parameters
route-request Set parameters for requesting routing information from route authorities
enable Enable the device to request routing information (Default: disabled)
routing route-request interval <number>
routing Set routing parameters
route-request Set parameters for requesting routing information from route authorities
interval Set the time interval for requesting routing information
<number> Enter the interval in seconds (Default: 60; Range: 30-600)
save config <location> bootstrap
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
bootstrap Save a configuration to the bootstrap configuration
save config <location> current
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
save config <location> current <time> [ <date> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
save config <location> current now
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
now Save the configuration and reboot the system immediately
save config <location> current offset <time>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
save config <url> bootstrap [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
bootstrap Save the config file for the HiveAP to use as its bootstrap configuration, which is the one it loads if it fails to load the current and backup config files or if you enter the 'reset config' command
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config <url> current <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
current Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config <url> current [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
current Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
now Save the configuration and reboot the system immediately
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config <url> current offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
current Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config [ running current ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
running Save a configuration from the running configuration
current Save a configuration to the current configuration
save config bootstrap <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
bootstrap Save the bootstrap configuration to a remote server
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save config current <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
current Save the current configuration to a remote server or to the bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save config current bootstrap
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
current Save the current configuration to a remote server or to the bootstrap config
bootstrap Save a configuration to the bootstrap configuration
save config pppoe [ bootstrap ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
pppoe Save PPPoE configurations to the current or bootstrap configuration
bootstrap Save PPPoE configurations to the bootstrap configuration
save config running bootstrap
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
running Save a configuration from the running configuration
bootstrap Save a configuration to the bootstrap configuration
save config users [ bootstrap ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
users Save private PSK user accounts to the current or bootstrap configuration
bootstrap Save private PSK user accounts to the bootstrap configuration
save config {current|bootstrap} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
current Save the current configuration to a remote server or to the bootstrap config
bootstrap Save the bootstrap configuration to a remote server
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save dhcp-fingerprint {option55} <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
dhcp-fingerprint Save a fingerprint file of DHCP options for client OS detection
option55 Save a fingerprint file of various parameter request lists mapped to client operating systems (Note: DHCP clients include unique lists in DHCP option 55 when sending DHCPDISCOVER messages. By comparing those lists with the fingerprints in the file, client operating systems can be detected.)
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save dhcp-fingerprint {option55} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
dhcp-fingerprint Save a fingerprint file of DHCP options for client OS detection
option55 Save a fingerprint file of various parameter request lists mapped to client operating systems (Note: DHCP clients include unique lists in DHCP option 55 when sending DHCPDISCOVER messages. By comparing those lists with the fingerprints in the file, client operating systems can be detected.)
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save image <location> <time> [ <date> ] [ limit <number> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
save image <location> [ {now} ] [ limit <number> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
now Save the image and reboot the system immediately
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
save image <location> offset <time> [ limit <number> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
save image <url> <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save image <url> [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
now Save the image and reboot the system immediately
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save image <url> offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save server-files
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
server-files Save certificate and private key files used by the internal web and RADIUS servers and VPN from DRAM to flash memory for persistent storage after reboots (Note: For security reasons, these files are saved only in DRAM by default.)
save signature-file <location> [ limit <number> ]
save Save remote file
signature-file Remote image used for L7 application
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
save signature-file <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
signature-file Remote image used for L7 application
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save users <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
users Save private PSK (preshared key) configurations
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save users <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
users Save private PSK (preshared key) configurations
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save vpn {ca-cert|ee-cert|private-key} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
vpn Save a VPN certificate or private key file
ca-cert Save a CA (certificate authority) certificate for the HiveAP to verify its IKE peer's certificate
ee-cert Save an end-entity certificate for the HiveAP to use when authenticating itself to an IKE peer
private-key Save the private key for the HiveAP to use when creating its RSA signature
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save vpn {ee-cert|private-key|ca-cert} <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
vpn Save a VPN certificate or private key file
ee-cert Save an end-entity certificate for the HiveAP to use when authenticating itself to an IKE peer
private-key Save the private key for the HiveAP to use when creating its RSA signature
ca-cert Save a CA (certificate authority) certificate for the HiveAP to verify its IKE peer's certificate
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save web-page [ ppsk-self-reg ] web-directory <string> <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-page Save a file for use with the internal web server
ppsk-self-reg Save a file to the private PSK self-registration web directory (Note: The HiveAP, as a private PSK server, uses these files to respond to self-registration requests.)
web-directory Save a file to a specific web directory
<string> Enter the web directory name
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save web-page [ ppsk-self-reg ] web-directory <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-page Save a file for use with the internal web server
ppsk-self-reg Save a file to the private PSK self-registration web directory (Note: The HiveAP, as a private PSK server, uses these files to respond to self-registration requests.)
web-directory Save a file to a specific web directory
<string> Enter the web directory name
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save web-server-key <number> <location> [ comment <string> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-server-key Save certificate files for the internal web server to use
<number> Enter key file index for the internal web server (Range : 0-15)
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
comment Enter a comment
<string> Enter a comment (max 64 chars)
save web-server-key <number> <url> [ comment <string> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-server-key Save certificate files for the internal web server to use
<number> Enter key file index for the internal web server (Range : 0-15)
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
comment Set a comment about the certificate file
<string> Enter the comment (1-64 chars)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save {capture} local <string> <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
capture Save a packet capture file stored locally to a remote server
local Save a locally stored packet capture file to a remote server
<string> Enter the file name to upload to a remote server
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save {capture} local <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
capture Save a packet capture file stored locally to a remote server
local Save a locally stored packet capture file to a remote server
<string> Enter the file name to upload to a remote server
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
schedule <string> once <date> <time> to <date> <time> [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 chars)
once Set a one-time schedule
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
to Set a date and time range
<date> Enter an end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter an end time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
schedule <string> ppsk once <date> <time> to <date> <time> [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 chars)
ppsk Set a schedule to determine the validity period for the private PSK users to which the schedule is applied
once Set a one-time schedule
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
to Set a date and time range
<date> Enter an end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter an end time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
schedule <string> ppsk recurrent [ date-range <date> [ to <date> ] ] [ weekday <string> ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 chars)
ppsk Set a schedule to determine the validity period for the private PSK users to which the schedule is applied
recurrent Set a recurrent schedule
date-range Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
to Set a date range (If you do not want to set an end date, do not use this option.)
<date> Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
weekday Set the weekdays during which private PSK users are valid
<string> Enter one or more numbers to indicate which days the schedule is applied (1=Sunday, 2=Monday, ... 7=Saturday; Examples: 246=Monday, Wednesday, Friday; 23456=Monday-Friday; 1234567=everyday)
time-range Set a time range during which the schedule will be applied on each scheduled day
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
to Set a time range
<time> Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
time-range Set a second time range for the schedule
<time> Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
to Set a time range
<time> Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
schedule <string> recurrent [ date-range <date> [ to <date> ] ] [ weekday-range {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} [ to {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} ] ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 chars)
recurrent Set a recurrent schedule
date-range Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
to Set a date range (If you do not want to set an end date, do not use this option.)
<date> Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
weekday-range Apply the schedule on specific days of the week (To apply the schedule everyday, do not use this option.)
Monday Apply the schedule on every Monday within the date range
Tuesday Apply the schedule on every Tuesday within the date range
Wednesday Apply the schedule on every Wednesday within the date range
Thursday Apply the schedule on every Thursday within the date range
Friday Apply the schedule on every Friday within the date range
Saturday Apply the schedule on every Saturday within the date range
Sunday Apply the schedule on every Sunday within the date range
to Set a range of weekdays during which the schedule will be applied (Example: monday to friday)
Monday Apply the schedule on every Monday within the date range
Tuesday Apply the schedule on every Tuesday within the date range
Wednesday Apply the schedule on every Wednesday within the date range
Thursday Apply the schedule on every Thursday within the date range
Friday Apply the schedule on every Friday within the date range
Saturday Apply the schedule on every Saturday within the date range
Sunday Apply the schedule on every Sunday within the date range
time-range Set a time range during which the schedule will be applied on each scheduled day
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
to Set a time range
<time> Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
time-range Set a second time range for the schedule
<time> Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
to Set a time range
<time> Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
security mac-filter <string> address <mac_addr> {permit|deny} [ comment <string> ]
security Set the security parameters
mac-filter Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (1-32 chars)
address Set MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
permit Set the action of the specified MAC to permit
deny Set the action of the specified MAC to deny
comment Enter a comment
<string> Enter a comment (max 64 chars)
security mac-filter <string> default {permit|deny}
security Set the security parameters
mac-filter Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (1-32 chars)
default Set MAC-filter default action
permit Set MAC-filter default action to permit (Default: permit)
deny Set MAC-filter default action to deny (Default: permit)
security mac-filter <string> oui <oui> {permit|deny} [ comment <string> ]
security Set the security parameters
mac-filter Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (1-32 chars)
oui Set the OUI used to identify a vendor
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
permit Set the action of the specified OUI to permit
deny Set the action of the specified OUI to deny
comment Enter a comment
<string> Enter a comment (max 64 chars)
security-object <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security-object <string> default-user-profile-attr <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
default-user-profile-attr Set the attribute of the user profile to apply to user traffic by default
<number> Enter the default user profile attribute for the security object (Default: 0; Range: 0-4095)
security-object <string> dhcp-server lease-time <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
dhcp-server Set DHCP-server parameters
lease-time Set the lease time
<number> Enter the lease time in seconds (Default: 10; Range: 5-36000)
security-object <string> dhcp-server renewal-response {renew-nak-unicast|keep-silent}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
dhcp-server Set DHCP-server parameters
renewal-response Set the response to a DHCP lease renewal request for a nonexistent lease
renew-nak-unicast Respond to a DHCP lease renewal request for a nonexistent lease with a unicast DHCP-NAK message (Default: Broadcast a DHCP-NAK message)
keep-silent Do not respond to a DHCP lease renewal request for a nonexistent lease (Default: Broadcast a DHCP-NAK message)
security-object <string> mobile-device-policy <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile and the MAC OUI, domain, and OS of the user's client
<string> Enter a mobile device policy name (1-32 chars)
security-object <string> ppsk-web-server auth-user
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
auth-user Send credentials submitted by users during private PSK self-registration to a RADIUS server for authentication before issuing private PSKs to them
security-object <string> ppsk-web-server bind-to-ppsk-ssid <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
bind-to-ppsk-ssid Bind the SSID referencing this security object, which must be set with open authentication and an external captive web portal, to an SSID using private PSKs so the PSKs can be assigned to users automatically
<string> Enter the name of the SSID using private PSK authentication (1-32 chars)
security-object <string> ppsk-web-server https
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
https Use HTTPS for redirection from the private PSK authenticator to the private PSK server (Default: HTTP)
security-object <string> ppsk-web-server login-page <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
login-page Specify the .cgi file on the private PSK web server through which the user registers (Default: ppsk-index.cgi)
<string> Enter the .cgi file name for the registration page (1-32 chars; Note: The file name cannot be index.cgi.)
security-object <string> ppsk-web-server login-script <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
login-script Specify the .cgi file that the private PSK web server uses for processing user registration requests (Default: ppsk-login.cgi)
<string> Enter the script name (1-32 chars)
security-object <string> ppsk-web-server web-directory <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
web-directory Set the name of the web directory containing the login page and script files that the private PSK web server uses
<string> Enter the web directory name (1-32 chars)
security-object <string> security aaa radius-server account-interim-interval <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
account-interim-interval Set the interval in seconds for sending RADIUS accounting updates
<number> Enter the interval in seconds for sending RADIUS accounting updates (Default: 20 secs; Range: 10-100000000)
security-object <string> security aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
accounting Set parameters for a RADIUS accounting server
primary Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets first
backup1 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the primary server does not respond
backup2 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup1 server does not respond
backup3 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup2 server does not respond
<ip_addr> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
<string> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
shared-secret Set the shared secret for securing communications with RADIUS accounting servers
<string> Enter the shared secret (1-64 chars)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
security-object <string> security aaa radius-server dynamic-auth-extension
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
dynamic-auth-extension Enable the HiveAP acting as a NAS to accept unsolicited messages from the RADIUS authentication server (Default: Disabled)
security-object <string> security aaa radius-server inject Operator-Name
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
inject Set injection parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
security-object <string> security aaa radius-server retry-interval <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
retry-interval Set RADIUS server retry interval
<number> Enter RADIUS server retry interval (Default: 600 secs; Range: 60-100000000)
security-object <string> security aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
primary Set the RADIUS server that is first queried when authenticating users
backup1 Set the RADIUS server that is queried if the primary server stops responding
backup2 Set the RADIUS server that is queried if the backup1 server stops responding
backup3 Set the RADIUS server that is queried if the backup2 server stops responding
<ip_addr> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
<string> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
auth-port Set the RADIUS authentication port number
<number> Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
security-object <string> security aaa user-profile-mapping attribute-id <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
user-profile-mapping Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
attribute-id Set an ID for a RADIUS attribute that contains the text that maps to the user profile (Default: 11; Note: Attribute ID 11 corresponds to the Filter-ID RADIUS attribute.)
<number> Enter the RADIUS attribute ID number (Range: 1-255)
security-object <string> security aaa user-profile-mapping enable
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
user-profile-mapping Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
enable Enable the mapping of attribute values to user profile attributes (Default: Disabled)
security-object <string> security aaa user-profile-mapping vendor-id <number> attribute-id <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
user-profile-mapping Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
vendor-id Set a vendor ID RADIUS attribute
<number> Enter the vendor ID number (Range: 1-65535)
attribute-id Set an ID for a private RADIUS attribute
<number> Enter the private RADIUS attribute ID number to be combined with the vendor ID number (Range: 1-255)
security-object <string> security additional-auth-method captive-web-portal [ reg-user-profile-attr <number> ] [ auth-user-profile-attr <number> ] [ timeout <number> ] [ timer-display ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
reg-user-profile-attr Set the registered user profile attribute
<number> Enter the registered user profile attribute (Default: 0; Range: 0-4095)
auth-user-profile-attr Set the default authenticated user profile
<number> Enter the default authenticated user profile (Default: 0; Range: 0-4095)
timeout Set the default timeout for a registered user's session (Note: A timeout provided by an external authentication server overrides this setting.)
<number> Enter the timeout in minutes (Default: 720 mins; Range: 1-120960)
timer-display Enable timer-display windows to communicate login and session information
security-object <string> security additional-auth-method captive-web-portal anonymous-access
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
anonymous-access Enable anonymous access which will indicate users to read and accept the network use policy and apply a time and data usage limit to the client (Default: Disabled)
security-object <string> security additional-auth-method captive-web-portal auth-method [ {pap|chap|ms-chap-v2} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
auth-method Set the CWP (captive web portal) user authentication method
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
security-object <string> security additional-auth-method captive-web-portal check-use-policy
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
check-use-policy Check if users select the check box on the login page to indicate they have read and accepted the network use policy (Note: This option only applies to captive web portals that require user authentication and use policy acceptance.)
security-object <string> security additional-auth-method captive-web-portal default-language {chinese-simple|chinese-traditional|dutch|english|french|german|italian|korean|spanish}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
default-language Set the default language for the captive web portal web pages
chinese-simple Set Simple Chinese as the default language
chinese-traditional Set Traditional Chinese as the default language
dutch Set Dutch as the default language
english Set English as the default language
french Set French as default language
german Set German as the default language
italian Set Italian as the default language
korean Set Korean as the default language
spanish Set Spanish as the default language
security-object <string> security additional-auth-method captive-web-portal external-server {primary} login-page <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
login-page Set the login page to which the HiveAP redirects traffic from unregistered users
<string> Enter the login page URL (1-256 chars; Format: http:///.php/; Example: http://10.1.1.20/weblogin.php/5)
security-object <string> security additional-auth-method captive-web-portal external-server {primary} password-encryption uam-basic
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
password-encryption Set the method for encrypting the user password that the HiveAP forwards to the RADIUS server
uam-basic Set the encryption method as UAM (User Authentication Module)-Basic (Note: The HiveAP uses XOR to recover the password encrypted by the external CWP and sends it to the RADIUS server. PAP, CHAP, or MSCHAPv2 can be used. Default: No encryption)
security-object <string> security additional-auth-method captive-web-portal external-server {primary} password-encryption uam-shared <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
password-encryption Set the method for encrypting the user password that the HiveAP forwards to the RADIUS server
uam-shared Set the encryption method as UAM-Shared (Note: The HiveAP sends the user password encrypted by the external CWP and the means for the RADIUS server to perform the same operation and validate the user's password by comparing results. CHAP must be used. Default: No encryption)
<string> Enter the shared secret (1-128 chars)
security-object <string> security additional-auth-method captive-web-portal external-server {primary} {success-register|no-roaming-at-login|no-radius-auth}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
success-register Permit network access without first disconnecting the client after it registers on the external captive web portal (Default: Permit network access only after an initial client disconnection)
no-roaming-at-login Disable roaming support for clients while they log in (Default: Enabled)
no-radius-auth Disable RADIUS authentication when the external captive web portal returns an attribute indicating that the user has already been authenticated
security-object <string> security additional-auth-method captive-web-portal failure-redirect external-page <string> [ delay <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
failure-redirect Set options for the page shown to a user after an unsuccessful registration attempt
external-page Display a page stored on an external web server that indicates the login attempt was unsuccessful
<string> Enter the URL for the page on the external web server (1-256 chars; Format: http:///.html or https: ///.html)
delay Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
<number> Enter the length of time in seconds that the HiveAP displays the message (Default: 5; Range: 5-60)
security-object <string> security additional-auth-method captive-web-portal failure-redirect login-page [ delay <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
failure-redirect Set options for the page shown to a user after an unsuccessful registration attempt
login-page Display the login page again
delay Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
<number> Enter the length of time that the HiveAP displays the message (Default: 5 seconds; Range: 5-60 seconds)
security-object <string> security additional-auth-method captive-web-portal internal-pages {no-success-page|no-failure-page}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
internal-pages Set options for showing pages stored internally on the HiveAP
no-success-page Do not display the success page stored on the HiveAP when a registration attempt is successful (Default: Display)
no-failure-page Do not display the failure page stored on the HiveAP when a registration attempt is unsuccessful (Default: Display)
security-object <string> security additional-auth-method captive-web-portal internal-servers
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
internal-servers Enable internal servers to process unregistered users' DHCP and DNS traffic
security-object <string> security additional-auth-method captive-web-portal login-page-method http302
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
login-page-method Set the method to redirect the user to the login page
http302 Use HTTP 302 redirect code as the redirection method (Default: JavaScript)
security-object <string> security additional-auth-method captive-web-portal pass-through vlan <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
pass-through Set the captive web portal to pass DHCP, DNS, and ICMP traffic from unregistered users to external servers
vlan Set the VLAN ID to assign users before and after registration (Note: This setting overrides any VLAN ID set locally or received from a RADIUS server.)
<number> Enter a CWP VLAN ID (Range: 1-4094)
security-object <string> security additional-auth-method captive-web-portal process-sip-info
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
process-sip-info Enable the captive web portal to process library SIP information (Default: Enabled)
security-object <string> security additional-auth-method captive-web-portal process-sip-info block-redirect <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
process-sip-info Enable the captive web portal to process library SIP information (Default: Enabled)
block-redirect Set the page that appears when a library patron logs in but is denied network access because of overdue fines
<string> Enter the URL for the page to which the patron is redirected to submit payment (Max 256 chars; Format: http:///.html or https: ///.html)
security-object <string> security additional-auth-method captive-web-portal server-name <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
server-name Set a domain name for the local web server (Default server name: IP address of the interface on which the captive web portal will operate; Note: The authoritative DNS server must be configured to resolve this domain name to the interface IP address.)
<string> Enter the domain name for the web server (1-32 chars)
security-object <string> security additional-auth-method captive-web-portal server-name cert-dn
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
server-name Set a domain name for the local web server (Default server name: IP address of the interface on which the captive web portal will operate; Note: The authoritative DNS server must be configured to resolve this domain name to the interface IP address.)
cert-dn Set the same domain name as the CN value in the certificate that the captive web portal uses for HTTPS (Note: The CN must be a valid domain name that can be resolved to the IP address of the interface hosting the portal. The CN max length is 32 chars.)
security-object <string> security additional-auth-method captive-web-portal success-redirect external-page <string> [ delay <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
success-redirect Set options for displaying the page shown to a user after a successful registration
external-page Display a page stored on an external web server
<string> Enter the URL for the page on the external web server (1-256 chars; Format: http:///.html or https: ///.html)
delay Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
<number> Enter the length of time in seconds that the HiveAP displays the message (Default: 5; Range: 5-60)
security-object <string> security additional-auth-method captive-web-portal success-redirect original-page [ delay <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
success-redirect Set options for displaying the page shown to a user after a successful registration
original-page Display the original page that the user requested
delay Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
<number> Enter the length of time that the HiveAP displays the message (Default: 5 seconds; Range: 5-60 seconds)
security-object <string> security additional-auth-method captive-web-portal timer-display alert <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
timer-display Enable timer-display windows to communicate login and session information
alert Notify users when their session is about to expire
<number> Enter the interval before the session expires in minutes (Default: 5 mins; Range: 1-30)
security-object <string> security additional-auth-method mac-based-auth [ {auth-method} {pap|chap|ms-chap-v2} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mac-based-auth Use client MAC addresses as user names and passwords for RADIUS authentication (Default: Disabled)
auth-method Set user authentication method
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
security-object <string> security additional-auth-method mac-based-auth fallback-to-ecwp
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mac-based-auth Use client MAC addresses as user names and passwords for RADIUS authentication (Default: Disabled)
fallback-to-ecwp Redirect HTTP/HTTPS traffic to an external captive web portal if MAC-based authentication fails on the RADIUS server
security-object <string> security auth-mode {port-based} [ failure-user-profile-attr <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
auth-mode Set the authentication mode (Default: port based)
port-based Limit 802.1X authentication to a single host per port
failure-user-profile-attr Set the user profile attribute to assign users who do not pass the authentication check
<number> Enter the failure user profile attribute (Range: 0-4095)
security-object <string> security eap retries <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
eap Set parameters for exchanging EAP packets during 802.1X authentication
retries Set the number of times that the HiveAP will resend an EAP packet when it receives no response from a client
<number> Enter the number of retries (Default: 3; Range: 1-5)
security-object <string> security eap timeout <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
eap Set parameters for exchanging EAP packets during 802.1X authentication
timeout Set the interval that the HiveAP waits for a client to respond before resending an EAP packet
<number> Enter the EAP timeout in seconds (Default: 30; Range: 5-300)
security-object <string> security ft
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
ft Enable 802.11r fast BSS (basic service sets) transition
security-object <string> security ft mobility-domain-id <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
ft Enable 802.11r fast BSS (basic service sets) transition
mobility-domain-id Set the mobility domain identifier which is used to indicate a group of BSSs (within the same ESS) between which a station can use 802.11r fast BSS transition
<number> Enter the mobility domain identifier (Default: 19771; Range: 0-65535)
security-object <string> security initial-auth-method mac-based-auth
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
initial-auth-method Set the user authentication method to apply first
mac-based-auth Apply MAC-based authentcation first (Note: By default, 802.1X authentication is applied first.)
security-object <string> security local-cache timeout <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
local-cache Set parameters for storing PMK (pairwise master key) entries in the local cache
timeout Set the length of time to keep PMK entries before deleting them
<number> Enter the timeout in seconds (Default: 86400; that is, 1 day; Range: 60-604800; that is, 1 minute to 7 days)
security-object <string> security preauth [ interface <ethx|wifix.y> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
preauth Set an interface to accept pre-authenticated 802.1X frames for fast roaming
interface Set an interface to accept pre-authenticated 802.1X frames for fast roaming
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0; y: 1-16)
security-object <string> security private-psk
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
security-object <string> security private-psk default-psk-disabled
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
default-psk-disabled Disable the default PSK (Default: Enabled)
security-object <string> security private-psk external-server
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
external-server Look up private PSKs that users submit on an external private PSK server
security-object <string> security private-psk mac-binding-enable
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
mac-binding-enable Enable the automatic binding of a private PSK to a MAC address (Default: Disabled)
security-object <string> security private-psk ppsk-server <ip_addr>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
ppsk-server Set the HiveAP private PSK server to which other hive members redirect users to self-register and receive private PSK assignments automatically
<ip_addr> Enter the mgt0 IP address of the HiveAP private PSK server
security-object <string> security private-psk radius-auth [ {pap|chap|ms-chap-v2} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
radius-auth Enable the HiveAP to forward authentication checks for private PSKs to an external RADIUS server and set the method for authenticating communications with it (Default: disabled)
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
security-object <string> security private-psk same-user-limit <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
same-user-limit Set a limit for the number of private PSK users that can be authenticated with the same user name and PSK concurrently
<number> Enter the maximum number of private PSK users that can use the same user name and PSK concurrently (Default: 0, which means there is no limit; Range: 0-15)
security-object <string> security protocol-suite 802.1x
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
802.1x Set the security protocol suite as 802.1X authentication
security-object <string> security protocol-suite open
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
open Set network access as 'open', meaning that user traffic is neither authenticated nor encrypted
security-object <string> security protocol-suite wep-open <number> {hex-key|ascii-key} <string> [ default ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wep-open Set the security protocol suite as preshared-key key management, WEP40/WEP104 encryption, and open authentication
<number> Enter the index to identify one of 4 possible WEP keys (Default: 0; Range: 0-3)
hex-key Set key type as hexadecimal
ascii-key Set key type as ASCII (American Standard Code for Information Interchange)
<string> Enter key value (ascii-key: a 5(WEP40)/13(WEP104) characters key; hex-key: a 10(WEP40)/26(WEP104) digit hex key)
default Set the current key as the default WEP key
security-object <string> security protocol-suite wep-shared <number> {hex-key|ascii-key} <string> [ default ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wep-shared Set the security protocol suite as preshared-key key management, WEP40/WEP104 encryption, and preshared-key authentication
<number> Enter the index to identify one of 4 possible WEP keys (Range: 0-3)
hex-key Set key type as hexadecimal
ascii-key Set key type as ASCII (American Standard Code for Information Interchange)
<string> Enter key value (ascii-key: a 5(WEP40)/13(WEP104) characters key; hex-key: a 10(WEP40)/26(WEP104) digit hex key)
default Set the current key as the default WEP key
security-object <string> security protocol-suite wep104-8021x [ rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wep104-8021x Set the security protocol suite as 104-bit WEP encryption and EAP (802.1x) authentication
rekey-period Set the period after which a new group temporal key replaces the current one
<number> Enter the period after which a new group temporal key replaces current one (Default: 600secs; Min: 600; Max: 50000000)
security-object <string> security protocol-suite wep40-8021x [ rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wep40-8021x Set the security protocol suite as 40-bit WEP encryption and EAP (802.1x) authentication
rekey-period Set the period after which a new group temporal key replaces the current one
<number> Enter the period after which a new group temporal key replaces current one (Default: 600secs; Min: 600; Max: 50000000)
security-object <string> security protocol-suite wpa-aes-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-aes-8021x Set the security protocol suite as WPA-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
rekey-period Set the period after which a new group temporal key replaces the current one
<number> Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
non-strict Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
gmk-rekey-period Set the GMK (group master key) rekey periodDefault: 0)
<number> Enter the interval in seconds for rekeying the GMK (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
ptk-timeout Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
ptk-retry Set the maximum number of times the HiveAP will retry sending PTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
gtk-timeout Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
gtk-retry Set the maximum number of times the HiveAP will retry sending GTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
security-object <string> security protocol-suite wpa-aes-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-aes-psk Set the security protocol suite as WPA-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
hex-key Set key type as hexadecimal
ascii-key Set key type as ASCII (American Standard Code for Information Interchange)
<string> Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
rekey-period Set the period after which a new group temporal key replaces the current one
<number> Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
non-strict Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
gmk-rekey-period Set the GMK (group master key) rekey periodDefault: 0)
<number> Enter the interval in seconds for rekeying the GMK (Range: 0 or 600-50000000, where 0 means disabled; Default: Disabled)
ptk-timeout Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
ptk-retry Set the maximum number of times the HiveAP will retry sending PTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
gtk-timeout Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
gtk-retry Set the maximum number of times the HiveAP will retry sending GTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
security-object <string> security protocol-suite wpa-auto-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ roaming proactive-pmkid-response ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-auto-8021x Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
rekey-period Set the period after which a new group temporal key replaces the current one
<number> Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
non-strict Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
gmk-rekey-period Set the GMK (group master key) rekey periodDefault: 0)
<number> Enter the interval in seconds for rekeying the GMK (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
ptk-timeout Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
ptk-retry Set the maximum number of times the HiveAP will retry sending PTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
gtk-timeout Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
gtk-retry Set the maximum number of times the HiveAP will retry sending GTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
roaming Set roaming parameters for the protocol suite
proactive-pmkid-response Respond to a client sending an empty PMK (pairwise master key) ID list with a cached PMK ID (Default: Disabled)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
security-object <string> security protocol-suite wpa-auto-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-auto-psk Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
hex-key Set key type as hexadecimal
ascii-key Set key type as ASCII (American Standard Code for Information Interchange)
<string> Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
rekey-period Set the period after which a new group temporal key replaces the current one
<number> Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
non-strict Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
gmk-rekey-period Set the GMK (group master key) rekey periodDefault: 0)
<number> Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
ptk-timeout Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
ptk-retry Set the maximum number of times the HiveAP will retry sending PTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
gtk-timeout Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
gtk-retry Set the maximum number of times the HiveAP will retry sending GTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
security-object <string> security protocol-suite wpa-tkip-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-tkip-8021x Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
rekey-period Set the period after which a new group temporarey key replaces the current one
<number> Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
non-strict Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
gmk-rekey-period Set the GMK (group master key) rekey periodDefault: 0)
<number> Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
ptk-timeout Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
ptk-retry Set the maximum number of times the HiveAP will retry sending PTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
gtk-timeout Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
gtk-retry Set the maximum number of times the HiveAP will retry sending GTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
security-object <string> security protocol-suite wpa-tkip-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-tkip-psk Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
hex-key Set key type as hexadecimal
ascii-key Set key type as ASCII (American Standard Code for Information Interchange)
<string> Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
rekey-period Set the period after which a new group temporal key replaces the current one
<number> Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
non-strict Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
gmk-rekey-period Set the GMK (group master key) rekey periodDefault: 0)
<number> Enter the interval in seconds for rekeying the GMK (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
ptk-timeout Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
ptk-retry Set the maximum number of times the HiveAP will retry sending PTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
gtk-timeout Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
gtk-retry Set the maximum number of times the HiveAP will retry sending GTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
security-object <string> security protocol-suite wpa2-aes-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ roaming proactive-pmkid-response ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa2-aes-8021x Set the security protocol suite as WPA2-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
rekey-period Set the period after which a new group temporal key replaces the current one
<number> Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
non-strict Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
gmk-rekey-period Set the GMK (group master key) rekey periodDefault: 0)
<number> Enter the interval in seconds for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-Seconds, where 0 means disabled)
ptk-timeout Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
ptk-retry Set the maximum number of times the HiveAP will retry sending PTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
gtk-timeout Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
gtk-retry Set the maximum number of times the HiveAP will retry sending GTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
roaming Set roaming parameters for the protocol suite
proactive-pmkid-response Respond to a client sending an empty PMK (Pairwise Master Key) ID list with a cached PMK ID (Default: disabled)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
security-object <string> security protocol-suite wpa2-aes-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa2-aes-psk Set the security protocol suite as WPA2-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
hex-key Set key type as hexadecimal
ascii-key Set key type as ASCII (American Standard Code for Information Interchange)
<string> Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
rekey-period Set the period after which a new group temporal key replaces the current one
<number> Enter the period after which a new group temporal key replaces the current one (Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
non-strict Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
gmk-rekey-period Set the GMK (group master key) rekey periodDefault: 0)
<number> Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
ptk-timeout Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
ptk-retry Set the maximum number of times the HiveAP will retry sending PTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
gtk-timeout Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
gtk-retry Set the maximum number of times the HiveAP will retry sending GTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
security-object <string> security protocol-suite wpa2-tkip-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ roaming proactive-pmkid-response ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa2-tkip-8021x Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
rekey-period Set the period after which a new group temporal key replaces the current one
<number> Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
non-strict Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
gmk-rekey-period Set the GMK (group master key) rekey periodDefault: 0)
<number> Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
ptk-timeout Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
ptk-retry Set the maximum number of times the HiveAP will retry sending PTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
gtk-timeout Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
gtk-retry Set the maximum number of times the HiveAP will retry sending GTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
roaming Set roaming parameters for the protocol suite
proactive-pmkid-response Respond to a client sending an empty PMK (pairwise master key) ID list with a cached PMK ID (Default: Disabled)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
security-object <string> security protocol-suite wpa2-tkip-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa2-tkip-psk Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
hex-key Set key type as hexadecimal
ascii-key Set key type as ASCII (American Standard Code for Information Interchange)
<string> Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
rekey-period Set the period after which a new group temporal key replaces the current one
<number> Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
non-strict Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
gmk-rekey-period Set the GMK (group master key) rekey periodDefault: 0)
<number> Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
ptk-timeout Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
ptk-retry Set the maximum number of times the HiveAP will retry sending PTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
gtk-timeout Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
gtk-retry Set the maximum number of times the HiveAP will retry sending GTK messages
<number> Enter the maximum number of retries (Range: 1-10; Default: 3)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-aes-8021x|wpa2-aes-8021x} reauth-interval <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-auto-8021x Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
wpa-tkip-8021x Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
wpa2-tkip-8021x Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
wpa-aes-8021x Set the security protocol suite as WPA-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
wpa2-aes-8021x Set the security protocol suite as WPA2-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
reauth-interval Set the default interval for reauthenticating users
<number> Enter the default reauth interval in seconds (Range: 600-86400; Default: Disabled)
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-auto-psk|wpa-tkip-psk|wpa2-tkip-psk|wpa-aes-psk|wpa2-aes-psk|wpa-aes-8021x|wpa2-aes-8021x} replay-window <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-auto-8021x Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
wpa-tkip-8021x Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
wpa2-tkip-8021x Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
wpa-auto-psk Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
wpa-tkip-psk Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
wpa2-tkip-psk Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
wpa-aes-psk Set the security protocol suite as WPA-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
wpa2-aes-psk Set the security protocol suite as WPA2-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
wpa-aes-8021x Set the security protocol suite as WPA-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
wpa2-aes-8021x Set the security protocol suite as WPA2-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
replay-window Set a window size within which the HiveAP accepts replies to previously sent messages during 4-way handshakes
<number> Enter the number of packets prior to the one most recently sent to which the HiveAP will accept a reply (Default: 0; Range: 0-10)
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-auto-psk|wpa-tkip-psk|wpa2-tkip-psk} local-tkip-counter-measure
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-auto-8021x Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
wpa-tkip-8021x Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
wpa2-tkip-8021x Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
wpa-auto-psk Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
wpa-tkip-psk Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
wpa2-tkip-psk Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
local-tkip-counter-measure Enable the deauthentication of all previously authenticated clients when the local HiveAP detects MIC (message integrity check) failures during TKIP operations (Default: enabled)
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-auto-psk|wpa-tkip-psk|wpa2-tkip-psk} remote-tkip-counter-measure
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-auto-8021x Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
wpa-tkip-8021x Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
wpa2-tkip-8021x Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
wpa-auto-psk Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
wpa-tkip-psk Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
wpa2-tkip-psk Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
remote-tkip-counter-measure Enable the deauthentication of all previously authenticated clients when a client reports MIC (message integrity check) failures during TKIP operations (Default: enabled)]
security-object <string> security protocol-suite {wpa2-aes-psk|wpa2-aes-8021x} mfp {mandatory|optional}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa2-aes-psk Set the security protocol suite as WPA2-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
wpa2-aes-8021x Set the security protocol suite as WPA2-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
mfp Enable 802.11w support of MFP (Management Frame Protection)
mandatory Require that clients support MFP
optional Use MFP only if clients support it
security-object <string> security roaming cache update-interval <number> ageout <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
roaming Set roaming parameters for clients to which the security object is applied
cache Set the interval between updates and the number of times to update a station's roaming cache
update-interval Set the interval for sending roaming cache updates to neighbors
<number> Enter the roaming cache update interval in seconds (Default: 60; Range: 10-36000)
ageout Set how many times an entry must be absent from a neighbor's updates before removing it from the roaming cache
<number> Enter the number of absences required to remove an entry (Default: 60; Range: 1-1000)
security-object <string> user-profile-allowed <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
user-profile-allowed Allow network access for members of all or specified user profiles bound to the security object
<string> Enter the user profile name (1-32 chars)
security-object <string> user-profile-allowed {all}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
user-profile-allowed Allow network access for members of all or specified user profiles bound to the security object
all Allow network access to members of all user profiles
security-object <string> user-profile-deny action ban [ <number> ] [ strict ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
user-profile-deny Set parameters for denying network access to users if they do not belong to an allowed user profile
action Set an action which will be taken if a user profile is not allowed to access this SSID
ban Set the action to ban network access for a specified length of time
<number> Enter the amount of time in seconds to perform the action (Default: 60; Range: 1-100000000)
strict Set the behavior to deauthenticate all connected stations whenever a user profile bound to the security object changes (Note: When stations reauthenticate, the user profile changes take effect.)
security-object <string> user-profile-deny action {ban-forever|disconnect} [ strict ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
user-profile-deny Set parameters for denying network access to users if they do not belong to an allowed user profile
action Set an action which will be taken if a user profile is not allowed to access this SSID
ban-forever Set the action to ban network access indefinitely
disconnect Set the action to disconnect the station from the HiveAP
strict Set the behavior to deauthenticate all connected stations whenever a user profile bound to the security object changes (Note: When stations reauthenticate, the user profile changes take effect.)
security-object <string> user-profile-sequence {cwp-ssid-mac|cwp-mac-ssid|ssid-cwp-mac|ssid-mac-cwp|mac-ssid-cwp|mac-cwp-ssid}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
user-profile-sequence Set the sequential order to apply user profiles when the authentication process involves multiple components referencing different profiles (Default: mac-ssid-cwp; Note: The user profile applied last is the one that is ultimately used.)
cwp-ssid-mac Apply the user profile for a captive web portal first, SSID second, and MAC authentication last
cwp-mac-ssid Apply the user profile for a captive web portal first, MAC authentication second, and SSID last
ssid-cwp-mac Apply the user profile for an SSID first, captive web portal second, and MAC authentication last
ssid-mac-cwp Apply the user profile for an SSID first, MAC authentication second, and captive web portal last
mac-ssid-cwp Apply the user profile for MAC authentication first, SSID second, and captive web portal last
mac-cwp-ssid Apply the user profile for MAC authentication first, captive web portal second, and SSID last
security-object <string> walled-garden hostname <string> [ service {all|web} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
walled-garden Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
hostname Set the host name of a server in the walled garden
<string> Enter the domain name (max 32 chars)
service Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
all Permit all services
web Permit HTTP and HTTPS
security-object <string> walled-garden hostname <string> service protocol <number> port <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
walled-garden Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
hostname Set the host name of a server in the walled garden
<string> Enter the domain name (max 32 chars)
service Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
protocol Set the protocol of the service that you want to permit
<number> Enter the protocol number (Note: UDP: 17; TCP: 6; All: 0; Range: 0-255)
port Set the port number
<number> Enter the port number (Range: 1-65535)
security-object <string> walled-garden ip-address <ip_addr|ip_addr/mask> [ service {all|web} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
walled-garden Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
ip-address Set the IP address of a server or a subnet in the walled garden
<ip_addr> Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
<ip_addr/netmask> Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
service Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
all Permit all services
web Permit HTTP and HTTPS
security-object <string> walled-garden ip-address <ip_addr|ip_addr/mask> service protocol <number> port <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
walled-garden Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
ip-address Set the IP address of a server or a subnet in the walled garden
<ip_addr> Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
<ip_addr/netmask> Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
service Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
protocol Set the protocol of the service that you want to permit
<number> Enter the protocol number (Note: UDP: 17; TCP: 6; ICMP: 1; All: 0; Range: 0-255)
port Set the port number
<number> Enter the port number (Range: 1-65535)
security-object <string> web-directory <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
web-directory Enter the web directory name for the captive web portal specified in the security object
<string> Enter the web directory name for the security object
security-object <string> web-server [ port <number> ] [ index-file <string> ] [ success-file <string> ] [ failure-file <string> ] [ ssl server-key <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
web-server Enable the internal web server
port Set the HTTP port number for the web server
<number> Enter the HTTP port number for the web server. Set the port number to 0 is disable the HTTP method (Default: 80; Range: 0-65535)
index-file Specify the .html file as the default index page
<string> Enter the .html file name (Default: success.html; Range: 1-32 chars)
success-file Specify the .html file that you want to appear after a user successfully registers through the captive web portal
<string> Enter the .html file name (Default: success.html; Range: 1-32 chars)
failure-file Specify the .html file that you want to appear after a user failed registers through the captive web portal
<string> Enter the .html file name (Default: failure.html; Range: 1-32 chars)
ssl Enable the SSL (Secure Socket Layer) method
server-key Set the server key (a X509 certificate) for SSL
<number> Enter the server key index (Default: 0; Range: 0-15)
security-object <string> web-server web-page {mandatory-field} <number> [ optional-field <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
web-server Enable the internal web server
web-page Set the web pages parameters
mandatory-field Set the mandatory field numbers in login web page
<number> Enter the mandatory field numbers in login web page (Default: 4; Range: 0-8)
optional-field Set the optional field numbers in login web page
<number> Enter the optional field numbers in login web page (Default: 2; Range: 0-8)
service <string> alg {ftp|tftp|sip|dns|http}
service Set a custom service
<string> Enter service name (1-32 chars)
alg Assign an ALG (Application Level Gateway) to the service
ftp Assign an FTP (File Transfer Protocol) ALG to the service
tftp Assign a TFTP (Trivial File Transfer Protocol) ALG to the service
sip Assign a SIP (Session Initiation Protocol) ALG to the service
dns Assign a DNS (Domain Name System) ALG to the service
http Assign an HTTP (Hypertext Transfer Protocol) ALG to the service
service <string> app-id <number> [ timeout <number> ]
service Set a custom service
<string> Enter service name (1-32 chars)
app-id Assign an L7 application ID to the service
<number> Assign an L7 application ID to the service
timeout Set the service session timeout
<number> Set the session timeout value in seconds (Range: 0-65535; Default 300)
service <string> protocol <number> [ port <number> ] [ timeout <number> ]
service Set a custom service
<string> Enter service name (1-32 chars)
protocol Set the protocol used by the custom service
<number> Enter the protocol number (Range: 1-255)
port Set the destination port number for the transport protocol
<number> Enter the port number (Range: 0-65535)
timeout Set the service session timeout
<number> Set the session timeout value in seconds (Range: 0-65535; Default TCP: 300; UDP: 100; Other: 100)
service <string> protocol {tcp|udp|svp} [ port <number> ] [ timeout <number> ]
service Set a custom service
<string> Enter service name (1-32 chars)
protocol Set the protocol used by the custom service
tcp Enter the transport protocol as TCP (Transmission Control Protocol)
udp Enter the transport protocol as UDP (User Datagram Protocol)
svp Enter the transport protocol as SVP (SpectraLink Voice Priority)
port Set the destination port number for the transport protocol
<number> Enter the port number (Range: 0-65535)
timeout Set the service session timeout
<number> Set the session timeout value in seconds (Range: 0-65535; Default TCP: 300; UDP: 100; Other: 100)
show 802.1x-mac-table [ interface <ethx> ] [ mac <mac_addr> ]
show Show settings, parameters, or dynamically generated information
802.1x-mac-table Show the MAC table used for 802.1X/EAP user authentication on an Ethernet interface
interface Show interface and subinterface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
mac Specify a station MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show aaa
show Show settings, parameters, or dynamically generated information
aaa Show parameters for AAA (authentication, authorization, accounting)
show access-console
show Show settings, parameters, or dynamically generated information
access-console Show access console status and parameters
show acsp
show Show settings, parameters, or dynamically generated information
acsp Show parameters for ACSP (Advanced Channel Selection Protocol)
show acsp channel-info [ {detail|arbiter} ]
show Show settings, parameters, or dynamically generated information
acsp Show parameters for ACSP (Advanced Channel Selection Protocol)
channel-info Show channel information for ACSP
detail Show detailed channel information about the calculated cost of each channel and the factors used to determine that cost
arbiter Show information regarding the assignment of channels to hive members
show acsp neighbor
show Show settings, parameters, or dynamically generated information
acsp Show parameters for ACSP (Advanced Channel Selection Protocol)
neighbor Show acsp neighbor list
show admin [ active ]
show Show settings, parameters, or dynamically generated information
admin Show admin parameters
active Show currently connected admin users
show admin auth
show Show settings, parameters, or dynamically generated information
admin Show admin parameters
auth Show admin authentication method
show admin manager-ip
show Show settings, parameters, or dynamically generated information
admin Show admin parameters
manager-ip Show IP addresses from which administrative traffic is accepted
show alg [ {ftp|tftp|sip|dns|http} ]
show Show settings, parameters, or dynamically generated information
alg Show ALG (Application Level Gateway) information
ftp Show FTP (File Transfer Protocol) information
tftp Show TFTP (Trivial File Transfer Protocol) information
sip Show SIP (Session Initiation Protocol) information
dns Show DNS (Domain Name System) information
http Show settings for the HTTP ALG
show alg sip calls [ <string> ]
show Show settings, parameters, or dynamically generated information
alg Show ALG (Application Level Gateway) information
sip Show SIP (Session Initiation Protocol) information
calls Show information for all currently active SIP calls
<string> Enter a call ID to show information for a specific SIP call (up to 128 chars)
show amrp
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
show amrp Ethlink
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
Ethlink Show the number of AMRP Ethernet links, and the number of hive members and interfaces on each link
show amrp Ethlink <mac_addr>
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
Ethlink Show the number of AMRP Ethernet links, and the number of hive members and interfaces on each link
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show amrp client [ <mac_addr> ]
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
client Show information about currently active clients associated with all hive members
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show amrp dnxp cache [ <mac_addr> ]
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
dnxp Show DNXP (Dynamic Network Extension Protocol) information
cache Show the entire DNXP cache or the cached entry for a specific client
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show amrp dnxp neighbor [ <mac_addr> ]
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
dnxp Show DNXP (Dynamic Network Extension Protocol) information
neighbor Show information about all DNXP neighbors or a specific neighbor to which the local HiveAP can tunnel the traffic of roaming clients
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show amrp interface
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
interface Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
show amrp interface <ethx|redx|aggx> bmt-table
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
interface Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
<redx> Enter the name of the redundant interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
bmt-table Broadcast Master Table
show amrp interface <ethx|redx|aggx> mac-learning
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
interface Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
<redx> Enter the name of the redundant interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
mac-learning Show the MAC addresses learned on this interface
show amrp interface <ethx|redx|aggx|mgtx|wifix.y>
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
interface Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
<redx> Enter the name of the redundant interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<mgtx> Enter the name of the management interface, where x = 0
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0; y: 1-16)
show amrp neighbor [ {Ethernet|WiFi} ]
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
neighbor Show AMRP neighbor information (Note: An AMRP neighbor is another hive member that is one hop away.)
Ethernet Show AMRP neighbors that connect to the local HiveAP through its Ethernet interfaces
WiFi Show AMRP neighbors that connect to the local HiveAP through its WiFi interfaces
show amrp node <ip_addr|mac_addr>
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
node Show information about all AMRP nodes or a specific node (Note: An AMRP node is another hive member in the same layer-2 domain.)
<ip_addr> Enter node address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show amrp node [ all ]
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
node Show information about all AMRP nodes or a specific node (Note: An AMRP node is another hive member in the same layer-2 domain.)
all Show amrp all node detail
show amrp static-neighbor
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
static-neighbor Show AMRP information for neighbors with statically defined route metrics
show amrp tunnel [ <ip_addr> ]
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
tunnel Show a information about all DNXP, INXP (Identity Network Extension Protocol), and VPN tunnels or about a tunnel to a specific peer
<ip_addr> Enter the tunnel peer IPv4 address
show amrp tunnel route [ <ip_addr> ]
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
tunnel Show a information about all DNXP, INXP (Identity Network Extension Protocol), and VPN tunnels or about a tunnel to a specific peer
route Show tunneled route
<ip_addr> Enter the tunneled route IPv4 address
show arp-cache
show Show settings, parameters, or dynamically generated information
arp-cache Show arp cache table
show auth [ interface <wifix.y|ethx> ]
show Show settings, parameters, or dynamically generated information
auth Show authentication parameters per interface
interface Show authentication parameters for special interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0; y: 1-16)
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
show auth private-psk
show Show settings, parameters, or dynamically generated information
auth Show authentication parameters per interface
private-psk Show private PSK (preshared key) entries
show boot-param
show Show settings, parameters, or dynamically generated information
boot-param Show boot parameter information
show boot-param country-code
show Show settings, parameters, or dynamically generated information
boot-param Show boot parameter information
country-code Show the country code to control channel and power selections
show cac summary
show Show settings, parameters, or dynamically generated information
cac Show CAC (Call Admission Control) parameters
summary Show a summary of CAC settings and statistics
show capture interface <wifix>
show Show settings, parameters, or dynamically generated information
capture Show packet capture parameters
interface Show the status of packet capturing on a radio interface
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
show capture local
show Show settings, parameters, or dynamically generated information
capture Show packet capture parameters
local Show local captured files
show capture remote-sniffer
show Show settings, parameters, or dynamically generated information
capture Show packet capture parameters
remote-sniffer Show the status and connection settings for the remote packet sniffer
show capwap client
show Show settings, parameters, or dynamically generated information
capwap Show the settings and current status for CAPWAP (Control and Provisioning of Wireless Access Points)
client Show CAPWAP client settings and current status
show clock
show Show settings, parameters, or dynamically generated information
clock Show the date, time of the internal clock
show cmds
show Show settings, parameters, or dynamically generated information
cmds Show CLI (Command Line Interface) commands including ones derived from optional keywords
show config rollback
show Show settings, parameters, or dynamically generated information
config Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Show the configuration rollback status, the mechanism for triggering it, and the length of time to wait before performing a rollback operation
show config running
show Show settings, parameters, or dynamically generated information
config Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
running Show the running configuration
show config running password
show Show settings, parameters, or dynamically generated information
config Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
running Show the running configuration
password Show passwords and sensitive networking keys as obscured text strings in the output (Default: Passwords and keys are represented by asterisks; Note: A HiveAP can recover an original string from an obscured one, but not if the string is replaced with asterisks.)
show config version
show Show settings, parameters, or dynamically generated information
config Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
version Show the version number of the current configuration file
show config {current|backup|bootstrap|default|failed}
show Show settings, parameters, or dynamically generated information
config Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
current Show the current configuration
backup Show the backup configuration
bootstrap Show the bootstrap configuration
default Show the default configuration
failed Show the failed configuration
show console
show Show settings, parameters, or dynamically generated information
console Show console parameter
show cpu [ {detail} ]
show Show settings, parameters, or dynamically generated information
cpu Show the percentage of the CPU used in total, for system operations, and for processing user traffic
detail Show CPU utilization in detail
show data-collection
show Show settings, parameters, or dynamically generated information
data-collection Show parameters for collecting data about the types and capabilities of devices on the network and their network usage
show device-group [ <string> ]
show Show settings, parameters, or dynamically generated information
device-group Show all device group names or the settings of an individual device group
<string> Enter a device group name (1-32 chars)
show dns
show Show settings, parameters, or dynamically generated information
dns Show DNS (Domain Name System) parameters
show domain-object [ <string> ]
show Show settings, parameters, or dynamically generated information
domain-object Show all domain object names or the device domains assigned to an individual domain object
<string> Enter an domain object name (1-32 chars)
show filter [ <number> ]
show Show settings, parameters, or dynamically generated information
filter Show capture filter parameters
<number> Enter a filter ID (Range: 1-64)
show forwarding-engine counters [ interface <wifix|wifix.y|ethx|mgtx> ] [ station <mac_addr> ] [ drop ]
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
counters Show forwarding engine counter statistics
interface Show forwarding engine counter by interface
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0; y: 1-16)
<ethx> Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
<mgtx> Enter the name of the management interface, where x = 0
station Show forwarding engine counter by station MAC
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
drop Show the drop packet counter
show forwarding-engine inter-ssid-flood
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
inter-ssid-flood Show status of flooding multicast or broadcast packets between access interfaces
show forwarding-engine ip-gates
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
ip-gates Show IP gates information
show forwarding-engine ip-sessions [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ src-port <number> ] [ dst-port <number> ] [ protocol <number> ] [ qos <number> ]
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
ip-sessions Show IP session information
src-ip Filter by source IP
<ip_addr> Source IP address
dst-ip Filter by destination IP
<ip_addr> Destination IP address
src-port Filter by source port
<number> source IP port (Range: 1-65535)
dst-port Filter by destination port
<number> destination IP port (Range: 1-65535)
protocol Filter by protocol
<number> protocol (Range: 1-255)
qos Filter by QoS value
<number> QoS value (Range: 0-7)
show forwarding-engine ip-sessions id <number>
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
ip-sessions Show IP session information
id Show a IP session by ID
<number> Enter the flow ID (Range: 1-9999)
show forwarding-engine mac-sessions [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ] [ vlan <number> ]
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
mac-sessions Show MAC session information
src-mac Filter by source MAC
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Filter by destination MAC
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
vlan Filter by VLAN ID of station
<number> VLAN ID (Range: 1-4094)
show forwarding-engine mac-sessions id <number>
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
mac-sessions Show MAC session information
id Show a MAC session by ID
<number> Enter the flow ID (Range: 1-9999)
show forwarding-engine max-ip-sess-per-station
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
max-ip-sess-per-station Show the maximum number of IP sessions that can be created to or from a station
show forwarding-engine max-mac-sess-per-station
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
max-mac-sess-per-station Show the maximum number of MAC sessions that can be created to or from a station
show forwarding-engine open-ports-to-self
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
open-ports-to-self Show permitted services destined for the HiveAP itself when it is set to drop all non-management traffic
show forwarding-engine policy
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
policy Show policy information
show forwarding-engine tunnel selective-multicast-forward
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
tunnel Show tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
selective-multicast-forward Show the settings for selective multicast forwarding through GRE tunnels
show forwarding-engine tunnel tcp-mss-threshold
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
tunnel Show tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
tcp-mss-threshold Show TCP MSS threshold parameters
show gre-tunnel
show Show settings, parameters, or dynamically generated information
gre-tunnel Show GRE (Generic Routing Encapsulation) tunnel information
show history
show Show settings, parameters, or dynamically generated information
history Show command history
show hive <string> connecting-threshold
show Show settings, parameters, or dynamically generated information
hive Show hive parameters
<string> Enter a hive profile name (1-32 chars)
connecting-threshold Show hive neighbor connecting threshold parameters
show hive <string> counter neighbor [ <mac_addr> ]
show Show settings, parameters, or dynamically generated information
hive