aaa attribute Operator-Name namespace-id {TADIG|REALM|E212|ICC}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
attribute |
Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
|
Operator-Name |
Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
|
namespace-id |
Set the namespace ID parameter of the Operator-Name (Default: realm)
|
TADIG |
Set the Namespace-ID parameter to TADIG (Transferred Account Data Interchange Group; Note: TADIG namespaces include a country code and a company code, and are used in cellular telephone networks.)
|
REALM |
Set the Namespace-ID parameter to REALM (Note: Realm namespaces must be globally unique, so administrators commonly use device fully qualified domain name.)
|
E212 |
Set the Namespace-ID parameter to E212 (Note: The E.212 standard is defined in the ITU (International Telecommunication Union) standard. E.212 namespaces include a mobile country code and a mobile network code, and are used in cellular telephone networks.)
|
ICC |
Set the Namespace-ID parameter to ICC (ITU carrier code; Note: ICC namespaces consist of a country code and the carrier code, and are used in cellular telephone networks.)
|
aaa attribute user-profile-attribute vendor-id <number> attribute-id <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
attribute |
Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
|
user-profile-attribute |
Map a RADIUS attribute to the user profile
|
vendor-id |
Set a vendor ID RADIUS attribute
|
<number> |
Enter the vendor ID number (Range: 1-65535; Note: Aerohive recommends a vendor ID of 26928, which identifies Aerohive as the vendor.)
|
attribute-id |
Set an ID for a private RADIUS attribute
|
<number> |
Enter the private RADIUS attribute ID number to be combined with the vendor ID number(Range: 1-255; Note: Aerohive recommends an attribute ID of 6, which corresponds to the user profile attribute.)
|
aaa mac-format style {two-delimiter|five-delimiter|no-delimiter}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
mac-format |
Set the MAC address format to use when sending client MAC addresses to an external authentication server
|
style |
Set the number of delimiters to use when grouping the hexadecimal digits in a MAC address
|
two-delimiter |
Set the number of delimiters in a MAC address as two (Example: 0123.4567.89ab; Default: no-delimiter)
|
five-delimiter |
Set the number of delimiters in a MAC address as five (Example: 01-23-45-67-89-ab; Default: no-delimiter)
|
no-delimiter |
Set the number of delimiters in a MAC address as none (Example: 0123456789ab; Default: no-delimiter)
|
aaa ppsk-server radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ via-vpn-tunnel ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
ppsk-server |
Set parameters for the local HiveAP when it is acting as a private PSK server
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
primary |
Set the RADIUS server that is first queried when authenticating users
|
backup1 |
Set the RADIUS server that is queried if the primary server stops responding
|
backup2 |
Set the RADIUS server that is queried if the backup1 server stops responding
|
backup3 |
Set the RADIUS server that is queried if the backup2 server stops responding
|
<ip_addr> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
<string> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
shared-secret |
Set the shared secret for authenticating communications with a RADIUS server
|
<string> |
Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
|
auth-port |
Set the RADIUS authentication port number
|
<number> |
Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
accounting |
Set parameters for a RADIUS accounting server
|
primary |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets first
|
backup1 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the primary server does not respond
|
backup2 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup1 server does not respond
|
backup3 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup2 server does not respond
|
<ip_addr> |
Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
|
<string> |
Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
|
shared-secret |
Set the shared secret for securing communications with RADIUS accounting servers
|
<string> |
Enter the shared secret (1-64 chars; Note: The RADIUS shared secret is case sensitive and can contain spaces.)
|
acct-port |
Set the RADIUS accounting port number
|
<number> |
Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
aaa radius-server keepalive username <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
keepalive |
Set parameters for periodically checking network connectivity to RADIUS servers
|
username |
Set the user name to submit in Access-Request messages when checking the connectivity to RADIUS authentication servers
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password to submit in Access-Request messages
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} computer-ou <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
computer-ou |
Set the OU (organizational unit) used on the Active Directory server where the AP RADIUS server admin has privileges to add the AP as a computer in the domain
|
<string> |
Enter the OU (Max: 256 chars; Format: ou/sub-ou/sub-ou; Note: If there are any spaces, enclose the entire string in quotation marks.)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> binddn <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the AD domain controller
|
<string> |
Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
|
binddn |
Set the bindDN (distinguished name) under which LDAP searches are done (Note: bindDN must be set if want to get attributes from AD server or want to check TLS username against LDAP server.)
|
<string> |
Enter the bindDN name (1-256 chars)
|
password |
Set the password which authenticate the bindDN
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> fullname <string> [ default ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the AD domain controller
|
<string> |
Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
|
fullname |
Set the full DNS name of the domain to which the RADIUS server (local AP) and AD server both belong
|
<string> |
Enter the full DNS name of the domain (1-64 chars)
|
default |
Set the domain as the default domain, which will be added to the RADIUS request if no domain name appears in the request
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> server <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the AD domain controller
|
<string> |
Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
|
server |
Set the IP address or resolvable domain name for the AD server (Note: The AD server is the same as the domain controller.)
|
<string> |
Enter the IP address or domain name (1-64 chars)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} login admin-user <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
login |
Set admin user name and password that the local AP will use to access the AD server
|
admin-user |
Set the admin user name
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password which authenticate the login user
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} {server} <string> [ {via-vpn-tunnel} ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
server |
Set the IP address or resolvable domain name for the AD server
|
<string> |
Enter the IP address or domain name (1-64 chars)
|
via-vpn-tunnel |
Send all traffic from the AP RADIUS authentication server to the AD server through a VPN tunnel (Note: Set this option on VPN clients when the AD server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} {tls-enable|global-catalog}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
tls-enable |
Enable TLS authentication that the local AP, as an LDAP client, uses with the AD server (Default: Disabled)
|
global-catalog |
Set the AP to use TCP port 3268 when doing an LDAP search on an AD global catalog server (Default: Disabled)
|
aaa radius-server local db-type ldap-server sub-type edirectory acct-policy-check
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
sub-type |
Set the type of LDAP server
|
edirectory |
Set the user database on an eDirectory LDAP server
|
acct-policy-check |
Enable the Novell eDirectory account policy check and intruder detection for RADIUS users (Default: Disabled)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} basedn <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
basedn |
Set the base DN (distinguished name) where the user profiles are located in the LDAP tree structure
|
<string> |
Enter the base DN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} binddn <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
binddn |
Set the bind DN (distinguished name) under which LDAP searches are done
|
<string> |
Enter the bind DN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
|
password |
Set the password which authenticate the bindDN
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} filter-attr <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
filter-attr |
Set the LDAP search filter to locate user objects using the name the client supplies during RADIUS authentication
|
<string> |
Enter the filter attribute used to search for the user (Default: "cn"; 1-32 chars)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} no-strip-filter
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
no-strip-filter |
Do not strip the realm name
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} port <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
port |
Set the destination port number for communicating with the LDAP server
|
<number> |
Enter the destination port number (Default: 389, 636 for LDAPS; Range: 1-65535)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} protocol {ldap|ldaps}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
protocol |
Set the protocol for communicating with the LDAP server
|
ldap |
Set LDAP as the protocol for communicating with the LDAP server (Default: LDAP)
|
ldaps |
Set LDAPS (Secure LDAP) as the protocol for communicating with the LDAP server (Default: LDAP)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} {server} <string> [ {via-vpn-tunnel} ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
server |
Set the IP address or resolvable domain name for the LDAP server
|
<string> |
Enter the IP address or domain name (1-32 chars)
|
via-vpn-tunnel |
Send all traffic from the AP RADIUS authentication server to the LDAP server through a VPN tunnel(Note: Set this option on VPN clients when the LDAP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
aaa radius-server local db-type library-sip-server {primary} institution-id <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
institution-id |
Set institution ID that the local RADIUS server provides when exchanging messages with the library SIP server
|
<string> |
Enter the institution ID (1-64 chars)
|
aaa radius-server local db-type library-sip-server {primary} login-enable
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
login-enable |
Enable the AP, acting as a library SIP client, to log in when connecting to the library SIP server (Default: Disabled)
|
aaa radius-server local db-type library-sip-server {primary} login-user <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
login-user |
Set the user name that the local RADIUS server submits when logging in to the library SIP server
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that the local AP RADIUS server submits when logging in to the library SIP server
|
<string> |
Enter the password (1-32 chars)
|
aaa radius-server local db-type library-sip-server {primary} port <port>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
port |
Set the library SIP server port number
|
<port> |
[1~65535]Enter the port number (Default: 6001; Range: 1-65535)
|
aaa radius-server local db-type library-sip-server {primary} separator <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
separator |
Set the character that the library SIP server uses to separate multiple field name + value entries
|
<string> |
Enter the separator (1 char; Default: '|')
|
aaa radius-server local db-type library-sip-server {primary} {server} <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
server |
Set IP address or domain name of the library SIP server
|
<string> |
Enter the IP address or domain name (Domain name: 1-32 chars)
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} admin-user <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
admin-user |
Set the admin user name that the local AP uses when logging in to the OD server
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that the local AP uses when logging in to the OD server
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} domain <string> binddn <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the OD domain controller
|
<string> |
Enter the name of the domain (1-64 chars)
|
binddn |
Set the bindDN (distinguished name) under which LDAP searches are done
|
<string> |
Enter the bindDN name (1-256 chars)
|
password |
Set the password which authenticate the bindDN
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} domain <string> fullname <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the OD domain controller
|
<string> |
Enter the name of the domain (1-64 chars)
|
fullname |
Set the full DNS name of the OD domain server
|
<string> |
Enter the full DNS name of the domain (1-64 chars)
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} filter-attr <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
filter-attr |
Set the LDAP search filter to locate user objects using the name the client supplies during RADIUS authentication
|
<string> |
Enter the filter attribute used to search for the user (Default: "uid"; 1-32 chars)
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} no-strip-filter
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
no-strip-filter |
Do not strip the realm name
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} tls-enable
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
tls-enable |
Enable TLS authentication that the local AP, as an LDAP client, uses with the OD server (Default: Disabled)
|
aaa radius-server local ldap-auth {primary|backup1|backup2|backup3} type tls ca-cert <string> [ client-cert <string> private-key <string> [ private-key-password <string> ] ] [ verify-server {never|try|demand} ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
ldap-auth |
Set the authentication method that the local AP, as an LDAP client, uses with the LDAP server
|
primary |
Set the authentication method for the first LDAP server
|
backup1 |
Set the authentication method for the second LDAP server
|
backup2 |
Set the authentication method for the third LDAP server
|
backup3 |
Set the authentication method for the fouth LDAP server
|
type |
Set the authentication type to use for LDAP communications
|
tls |
Set the authentication type as TLS (Transport Layer Security)
|
ca-cert |
Set the CA certificate that the local AP uses when authenticating itself as an LDAP client to an LDAP server
|
<string> |
Enter the file name of the CA certificate (1-32 chars)
|
client-cert |
Set the client certificate that the local AP uses when authenticating itself to an LDAP server
|
<string> |
Enter the file name of the client certificate (1-32 chars)
|
private-key |
Set the private key that the local AP uses to authenticate itself to an LDAP server
|
<string> |
Enter the name of the private key file (1-32 chars)
|
private-key-password |
Set the password for the private key that is used when forming a TLS tunnel
|
<string> |
Enter the password (1-32 chars)
|
verify-server |
Set options for verifying the LDAP server (Default: LDAP server verification is try.)
|
never |
never verify the identity of the LDAP server (Default: try)
|
try |
try verify the identity of the LDAP server (Default: try)
|
demand |
demand verify the identity of the LDAP server (Default: try)
|
aaa radius-server local nas <string> shared-key <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
nas |
Set parameters for communicating with other hive members acting as the RADIUS NAS (Network Access Server) devices
|
<string> |
Enter the IP address or resolvable domain name (1-32 chars) for a single NAS device or the subnet for multiple devices
|
shared-key |
Set the shared secret for authenticating communications with the RADIUS NAS
|
<string> |
Enter the shared secret (1-31 chars)
|
aaa radius-server local nas <string> tls
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
nas |
Set parameters for communicating with other hive members acting as the RADIUS NAS (Network Access Server) devices
|
<string> |
Enter the IP address or resolvable domain name (1-32 chars) for a single NAS device or the subnet for multiple devices
|
tls |
Set TLS (Transport Layer Security) encryption for securing communications with the RADIUS NAS devices
|
aaa radius-server local sta-auth ca-cert <string> server-cert <string> private-key <string> [ private-key-password <string> ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
ca-cert |
Set the CA certificate for a TLS (Transport Layer Security) tunnel
|
<string> |
Enter the file name of the CA certificate (1-32 chars)
|
server-cert |
Set the server certificate used when forming a TLS tunnel
|
<string> |
Enter the file name of the server certificate (1-32 chars)
|
private-key |
Set the private key used when forming a TLS tunnel
|
<string> |
Enter the name of the private key file (1-32 chars)
|
private-key-password |
Set the password for encrypting the private key used when forming a TLS tunnel
|
<string> |
Enter a password (1-64 chars)
|
aaa radius-server local sta-auth default-type {leap|peap|tls|ttls|md5}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
default-type |
Set the default RADIUS authentication type
|
leap |
Set LEAP (Lightweight Extensible Authentication Protocol) as the default RADIUS authentication type (Default: peap)
|
peap |
Set PEAP (Protected Extensible Authentication Protocol) as the default RADIUS authentication type (Default: peap)
|
tls |
Set TLS (Transport Layer Security) as the default RADIUS authentication type (Default: peap)
|
ttls |
Set TTLS (Tunneled TLS) as the default RADIUS authentication type (Default: peap)
|
md5 |
Set MD5 as the default RADIUS authentication type (Default: peap)
|
aaa radius-server local sta-auth type tls {check-cert-cn|check-in-db}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
type |
Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
tls |
Set TLS (Transport Layer Security) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
check-cert-cn |
Check the CN (common name) in the certificate against the user name (Default: Disabled)
|
check-in-db |
Query databases to check if the user exists (Default: Disabled)
|
aaa radius-server local sta-auth type {leap|peap|tls|ttls|md5}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
type |
Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
leap |
Set LEAP (Lightweight Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
peap |
Set PEAP (Protected Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
tls |
Set TLS (Transport Layer Security) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
ttls |
Set TTLS (Tunneled TLS) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
md5 |
Set MD5 as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
aaa radius-server local sta-auth type {peap|ttls} check-in-db
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
type |
Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
peap |
Set PEAP (Protected Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
ttls |
Set TTLS (Tunneled TLS) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
check-in-db |
Enable the local RADIUS server to query the Active Directory database to check that user accounts are stored under the proper baseDN before authenticating them (Default: Disabled)
|
aaa radius-server name <string> server <string> shared-secret <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
name |
Set the name for the RADIUS server
|
<string> |
Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
|
server |
Set the IP address or resolvable domain name for the RADIUS server
|
<string> |
Enter the IP address or domain name (max 32 chars)
|
shared-secret |
Set the shared secret for authenticating communications with a RADIUS server
|
<string> |
Enter the shared secret (1-64 chars; Note: The RADIUS shared secret is case sensitive and can contain spaces.)
|
aaa radius-server name <string> server <string> tls
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
name |
Set the name for the RADIUS server
|
<string> |
Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
|
server |
Set the IP address or resolvable domain name for the RADIUS server
|
<string> |
Enter the IP address or domain name (max 32 chars)
|
tls |
Set TLS (Transport Layer Security) encryption for authenticating communications with the RADIUS server
|
aaa radius-server proxy radsec realm <string> {primary|backup} <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
radsec |
Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
|
realm |
Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
|
<string> |
Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
|
primary |
Assign a primary RADIUS server to the realm
|
backup |
Assign a backup RADIUS server to the realm
|
<string> |
Enter the RADIUS server name (1-32 chars)
|
aaa radius-server proxy radsec tls-port <port>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
radsec |
Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
|
tls-port |
Set the auth proxy TLS port number (Max: 8 ports per Aerohive device)
|
<port> |
[1~65535]Enter the auth proxy TLS port number (Range: 1-65535; Default: 80,443)
|
aaa radius-server proxy realm <string> no-strip
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
realm |
Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
|
<string> |
Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
|
no-strip |
Do not strip the realm name from a submitted user name when proxying requests to the RADIUS server (Default: The realm name is stripped from proxied requests.)
|
aaa radius-server proxy realm <string> {primary|backup} <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
realm |
Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
|
<string> |
Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
|
primary |
Assign a primary RADIUS server to the realm
|
backup |
Assign a backup RADIUS server to the realm
|
<string> |
Enter the RADIUS server name (1-32 chars)
|
aaa radius-server proxy realm format {nai|nt-domain}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
realm |
Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
|
format |
Set the format in which a realm name is appended to a user's name in request packets
|
nai |
Set NAI (network access identifier) as the realm name format: user@realm (Default: NAI)
|
nt-domain |
Set Windows NT domain as the realm name format: realm\user (Default: NAI)
|
aaa radius-server proxy retry-delay <number> retry-count <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
retry-delay |
Set the interval to wait for a response from the RADIUS server before resending a proxied request
|
<number> |
Enter the interval between retries in seconds (Default: 5; Range: 3-10)
|
retry-count |
Set the number of times to retry proxying a request to the RADIUS server
|
<number> |
Enter the number of retries (Default: 3; Range: 1-10)
|
aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
primary |
Set the RADIUS server that is first queried when authenticating users
|
backup1 |
Set the RADIUS server that is queried if the primary server stops responding
|
backup2 |
Set the RADIUS server that is queried if the backup1 server stops responding
|
backup3 |
Set the RADIUS server that is queried if the backup2 server stops responding
|
<ip_addr> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
<string> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
shared-secret |
Set the shared secret for authenticating communications with a RADIUS server
|
<string> |
Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
|
auth-port |
Set the RADIUS authentication port number
|
<number> |
Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
|
acct-port |
Set the RADIUS accounting port number
|
<number> |
Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
access-console security protocol-suite {wpa-aes-psk|wpa-tkip-psk|wpa2-aes-psk|wpa2-tkip-psk|wpa-auto-psk} ascii-key <string>
|
access-console |
Set access console parameters
|
security |
Set the security parameters for the access console
|
protocol-suite |
Set the security protocol suite for the access console
|
wpa-aes-psk |
Set the security protocol suite as wpa-aes-psk
|
wpa-tkip-psk |
Set the security protocol suite as wpa-tkip-psk
|
wpa2-aes-psk |
Set the security protocol suite as wpa2-aes-psk
|
wpa2-tkip-psk |
Set the security protocol suite as wpa2-tkip-psk
|
wpa-auto-psk |
Set the security protocol suite as wpa-auto-psk
|
ascii-key |
Set key type as an ASCII string
|
<string> |
Enter the ASCII key value (8-63 chars)
|
admin {read-write|read-only} <string> password <string>
|
admin |
Set the administrator parameters
|
read-write |
The read-write admin has the ability to view, set commands and modify his or her own password, but not the ability to reset the configuration or add, modify, and delete other admins
|
read-only |
The read-only admin has the ability to view settings
|
<string> |
Enter an admin user's name (3-20 chars)
|
password |
Set password for the user
|
<string> |
Set password for the user ([min-password-length]-32 chars, use CLI "show min-password-length" to get value of min-password-length, default: 8)
|
alg {ftp|tftp|sip|dns} qos <number>
|
alg |
Set ALG (Application Level Gateway) parameters
|
ftp |
Set an FTP (File Transfer Protocol) ALG
|
tftp |
Set a TFTP (Trivial File Transfer Protocol) ALG
|
sip |
Set a SIP (Session Initiation Protocol) ALG
|
dns |
Set a DNS (Domain Name System) ALG
|
qos |
Set an Aerohive QoS class for ALG data traffic
|
<number> |
Enter an Aerohive QoS class (Default: 0 for FTP, 0 for TFTP, 6 for SIP, 0 for DNS; Range: 0-7)
|
amrp interface <ethx|redx|aggx> priority <number>
|
amrp |
Set AMRP (Advanced Mobility Routing Protocol) parameters
|
interface |
Set AMRP parameters per interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
priority |
Set a priority for the AP to be elected as a DA (designated AP) on the Ethernet link to which the interface connects
|
<number> |
Enter the priority value (Range: 0-255; Default: 0; Note: The greater the number is, the higher its priority, and the more preferred the AP will be during the DA election process. For example, 100 has a higher priority than 50.)
|
amrp neighbor <mac_addr> metric min <number> max <number>
|
amrp |
Set AMRP (Advanced Mobility Routing Protocol) parameters
|
neighbor |
Specify the neighbor to which you want to set AMRP parameters
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
metric |
Set route metric parameters for the backhaul link (Ethernet and wireless) to the neighbor
|
min |
Set the minimum metric value
|
<number> |
Enter the minimum metric value (Default: 67; Range: 8-1200)
|
max |
Set the maximum metric value equal to or greater than the minimum value
|
<number> |
Enter the maximum metric value (Default: 67; Range: 8-1200)
|
bonjour-gateway filter rule <number> [ from <string> ] <string> [ to <string> ] [ metric <number> ]
|
bonjour-gateway |
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
|
filter |
Set a filter to control which Bonjour services the local gateway transmits to remote gateways
|
rule |
Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
|
<number> |
Enter the ID for the rule (Range 1-128)
|
from |
Set the source from which services are advertised
|
<string> |
Enter the source VLAN group name (1-32 chars)
|
<string> |
Enter the text string to filter which services are advertised (1-64 chars; Note: A service is advertised if its name matches the string in a rule. You can use asterisks as wildcards)
|
to |
Set the VLAN group to which services are advertised
|
<string> |
Enter the destination VLAN group name (1-32 chars)
|
metric |
Set the maximum number of hops away from the local BDD to accept service advertisements (Note: An immediately neighboring BDD is one hop away, a neighbor of that neighbor is two hops away, and so on.)
|
<number> |
Enter the maximum distance from which service advertisements are acceptable (Range: 0-100; Default: 0; Note: A value of 0 means that there is no maximum distance.)
|
bonjour-gateway filter rule <number> {before|after} rule <number>
|
bonjour-gateway |
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
|
filter |
Set a filter to control which Bonjour services the local gateway transmits to remote gateways
|
rule |
Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
|
<number> |
Enter the ID for the rule (Range 1-128)
|
before |
Move the rule before another rule in the Bonjour Gateway filter
|
after |
Move the rule after another rule in the Bonjour Gateway filter
|
rule |
Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
|
<number> |
Enter the ID for the rule (Range 1-128)
|
bonjour-gateway priority <number>
|
bonjour-gateway |
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
|
priority |
Set the priority of the local device to be elected as the BDD (Bonjour Designated Device)
|
<number> |
Enter the BDD election priority (Range: 0-255; Defaults: SR platform=50, BR200 series=40, VG-VA/VG-1U=25, AP230=21, AP330/AP350=20, AP320/AP340=15, AP120/AP121/AP141/AP170=10, AP110=5; Note: Values closer to 255 have higher priority.)
|
capwap client HTTP proxy name <string> port <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
HTTP |
Set HTTP as the application-level protocol using TCP as the transport mode
|
proxy |
Set parameters for the HTTP proxy server
|
name |
Set the HTTP proxy server name
|
<string> |
Enter the IP address or domain name of the HTTP proxy server (1-32 chars)
|
port |
Set the HTTP proxy server port number
|
<number> |
Enter the port number (Range: 1-65535)
|
capwap client HTTP proxy user <string> password <string>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
HTTP |
Set HTTP as the application-level protocol using TCP as the transport mode
|
proxy |
Set parameters for the HTTP proxy server
|
user |
Set the user name for authenticating the HiveAP with the HTTP proxy server
|
<string> |
Enter the authentication user name (1-32 chars)
|
password |
Set the user password for authenticating the HiveAP with the HTTP proxy server
|
<string> |
Enter the password (1-32 chars)
|
capwap client server [ {backup} ] name <string> [ connect-delay <number> ] [ via-vpn-tunnel ]
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
server |
Set parameters for communicating with the CAPWAP server
|
backup |
Set the backup CAPWAP server
|
name |
Set the IP address or domain name of the CAPWAP server
|
<string> |
Enter IP address or name for CAPWAP server (1-32 chars)
|
connect-delay |
Schedule a connection to the specified CAPWAP server at a time relative to the moment the HiveAP receives the command
|
<number> |
Enter the interval in seconds after which the CAPWAP client connects (Range: 0-65535)
|
via-vpn-tunnel |
Send all CAPWAP traffic through a VPN tunnel (Note: Set this option on VPN clients when the CAPWAP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
capwap ping <string> [ port <number> ] [ count <number> ] [ size <number> ] [ timeout <number> ]
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
ping |
Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
|
<string> |
Enter the IP address or domain name of the CAPWAP server (1-32 chars)
|
port |
Set the destination UDP port number for communicating with the CAPWAP server
|
<number> |
Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
|
count |
Set the number of CAPWAP UDP packets to send
|
<number> |
Enter the number of packets to send (Default: 5; Range: 1-65535)
|
size |
Set the size of the UDP packets
|
<number> |
Enter the packet size in bytes (Default: 56; Range:1-1300)
|
timeout |
Set the length of time to wait for a response
|
<number> |
Enter the timeout in seconds (Default: 5; Range: 1-60)
|
capwap ping <string> [ port <number> ] flood <number> [ size <number> ] [ timeout <number> ]
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
ping |
Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
|
<string> |
Enter the IP address or domain name of the CAPWAP server (1-32 chars)
|
port |
Set the destination UDP port number for communicating with the CAPWAP server
|
<number> |
Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
|
flood |
Set the number of batches, each consisting of 100 CAPWAP UDP packets, to send at one time
|
<number> |
Enter the number of batches of packets(Range: 1-65535)
|
size |
Set the size of the UDP packets
|
<number> |
Enter the packet size in bytes (Default: 56; Range:1-1300)
|
timeout |
Set the length of time to wait for a response
|
<number> |
Enter the timeout in seconds (Default: 5; Range: 1-60)
|
clear auth roaming-cache mac <mac_addr> {hive-neighbors|hive-all}
|
clear |
Clear dynamic system information or remove all web directories
|
auth |
Clear dynamic authentication information
|
roaming-cache |
Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
|
mac |
Set the MAC address of the station whose cached authentication information you want to clear
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
hive-neighbors |
Clear all entries from the local roaming cache and from the roaming caches of all neighboring hive members
|
hive-all |
Clear the MAC address from the local roaming cache and from the roaming caches of all hive members
|
clear auth {local-cache|roaming-cache|station} [ mac <mac_addr> ]
|
clear |
Clear dynamic system information or remove all web directories
|
auth |
Clear dynamic authentication information
|
local-cache |
Clear all entries from the local cache, which contains authentication information for stations currently connected to the local HiveAP
|
roaming-cache |
Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
|
station |
Clear authentication information for a specific station
|
mac |
Set the MAC address of the station whose cached authentication information you want to clear
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear auth {local-cache|roaming-cache|station} ssid <string>
|
clear |
Clear dynamic system information or remove all web directories
|
auth |
Clear dynamic authentication information
|
local-cache |
Clear all entries from the local cache, which contains authentication information for stations currently connected to the local HiveAP
|
roaming-cache |
Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
|
station |
Clear authentication information for a specific station
|
ssid |
Clear cached authentication information based on the SSID with which stations associated
|
<string> |
Enter a user name (1-32 chars)
|
clear forwarding-engine counters [ interface <wifix|wifix.y|ethx|mgtx|aggx|redx> ] [ station <mac_addr> ] [ drop ] [ tunnel ] [ policy ]
|
clear |
Clear dynamic system information or remove all web directories
|
forwarding-engine |
Clear dynamically generated data from the forwarding engine
|
counters |
Clear forwarding engine counter statistics
|
interface |
Clear forwarding engine counter by interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface(Note: The local device does not support Wi-Fi radio interfaces)
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
station |
Clear forwarding engine counter by station MAC
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
drop |
Clear the drop packet counter
|
tunnel |
Clear the counter on tunnels
|
policy |
Clear the counter on policies
|
clear forwarding-engine ip-sessions [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ src-port <number> ] [ dst-port <number> ] [ protocol <number> ]
|
clear |
Clear dynamic system information or remove all web directories
|
forwarding-engine |
Clear dynamically generated data from the forwarding engine
|
ip-sessions |
Clear IP sessions
|
src-ip |
Clear IP sessions by source IP address
|
<ip_addr> |
Source IP address
|
dst-ip |
Clear IP sessions by destination IP address
|
<ip_addr> |
Destination IP address
|
src-port |
Clear IP essions by source port number
|
<number> |
source IP port (Range: 1-65535)
|
dst-port |
Clear IP sessions by destination port number
|
<number> |
destination IP port (Range: 1-65535)
|
protocol |
Clear IP sessions by protocol type
|
<number> |
source IP port (Range: 1-255)
|
clear forwarding-engine mac-sessions [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ]
|
clear |
Clear dynamic system information or remove all web directories
|
forwarding-engine |
Clear dynamically generated data from the forwarding engine
|
mac-sessions |
Clear MAC sessions
|
src-mac |
Clear MAC sessions by source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Clear MAC sessions by destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear interface <ethx|aggx|redx> mac-learning dynamic <mac_addr>
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
mac-learning |
Clear entries in the MAC address learning table
|
dynamic |
Clear dynamically learned MAC address entries
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear interface <ethx|aggx|redx> mac-learning dynamic all
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
mac-learning |
Clear entries in the MAC address learning table
|
dynamic |
Clear dynamically learned MAC address entries
|
all |
Clear all dynamically learned MAC address entries
|
clear interface <ethx|wifix|wifix.y|aggx|redx> counter
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<wifix> |
Enter the name of a Wi-Fi radio interface(Note: The local device does not support Wi-Fi radio interfaces)
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
counter |
Clear all counters for the interface
|
clear interface <mgtx|mgtx.y> dhcp-server lease mac <mac_addr>
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Clear the DHCP server lease
|
lease |
Clear a specific DHCP lease or all leases
|
mac |
Clear the DHCP lease assigned to a client with a specific MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
client-monitor policy <string> problem-type {association|authentication} [ trigger-times <number> ] [ report-interval <number> ] [ quiet-time <number> ]
|
client-monitor |
Set parameters for Client Monitor
|
policy |
Set parameters for a Client Monitor policy
|
<string> |
Enter the Client Monitor policy name (1-32 chars)
|
problem-type |
Set the problem type which specifies a category of client-centric problems
|
association |
Detect, analyze and report the client association problem
|
authentication |
Detect, analyze and report the client authentication problem
|
trigger-times |
Set how many times the problem type is detected to trigger reporting the problem and related logs
|
<number> |
Enter trigger times for the problem type (Range: 1-10; Default: 1)
|
report-interval |
Set the interval to report the problem and related logs
|
<number> |
Enter report interval in seconds for the problem type (Range: 0 or 30-3600; Default: 0, report every instance of the problem)
|
quiet-time |
Set the period of time after which the problem elapses
|
<number> |
Enter quiet time in seconds for the problem type (Range: 60-86400; Default: 300)
|
clock time-zone daylight-saving-time <date> <time> <date> <time>
|
clock |
Set the internal clock
|
time-zone |
Set the time zone for the internal clock
|
daylight-saving-time |
Set the daylight saving time parameters
|
<date> |
Enter the start date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
|
<time> |
Enter the start time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
|
<date> |
Enter the end date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
|
<time> |
Enter the end time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
|
config rollback manual [ wait-time <number> ]
|
config |
Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
rollback |
Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
|
manual |
Perform the configuration rollback after the defined length of time elapses regardless of its CAPWAP connectivity (Note: This option is useful when accessing the CLI remotely and you are concerned that some commands might cause the AP to lose its network connection.)
|
wait-time |
Set the length of time that the AP must be disconnected from the CAPWAP server before rolling back the configuration
|
<number> |
Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 0-60000: Note: 0 means that the rollback point persists indefinitely until the 'config rollback now' command is entered.)
|
config rollback {capwap-disconnect|next-reboot} [ wait-time <number> ]
|
config |
Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
rollback |
Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
|
capwap-disconnect |
Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time (Note: This is useful when uploading a delta configuration, which does not require the AP to reboot, and you are concerned that some changes might disrupt network connectivity for the AP.)
|
next-reboot |
Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time after the AP reboots (Note: This is useful when uploading a full configuration, which requires the AP to reboot, and you are concerned that the new config might disrupt network connectivity for the AP.)
|
wait-time |
Set the length of time that the AP must be disconnected from the CAPWAP server before rolling back the configuration
|
<number> |
Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 2-60000)
|
debug console level {emergency|alert|critical|error|warning|notification|info|debug}
|
debug |
Enable debug messages
|
console |
Show debug messages on the console
|
level |
Specify a logging level
|
emergency |
Show emergency-level log entries (Default: debug)
|
alert |
Show log entries from alert to emergency levels (Default: debug)
|
critical |
Show log entries from critical to emergency levels (Default: debug)
|
error |
Show log entries from error to emergency levels (Default: debug)
|
warning |
Show log entries from warning to emergency levels (Default: debug)
|
notification |
Show log entries from notification to emergency levels (Default: debug)
|
info |
Show log entries from info to emergency levels (Default: debug)
|
debug |
Show log entries for all severity levels (Default: debug)
|
exec aaa idm-test auth username <string> password <string> [ {pap|ms-chap-v2} ] [ proxy <string> ] [ bind-ssid <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
idm-test |
Test TLS connectivity from the Aerohive device acting as the RadSec or AUTH proxy to the ID Manager gateway
|
auth |
Send a RADIUS Access-Request message from the Aerohive device to the ID Manager
|
username |
Set the user name belonging to an account on the ID Manager
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that belongs to the same account as the user name on the ID Manager
|
<string> |
Enter the password (1-64 chars)
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the Aerohive device and ID Manager (Default: MS-CHAP-v2)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the Aerohive device and ID Manager (Default: MS-CHAP-v2)
|
proxy |
Set parameters for connecting to an ID Manager proxy server
|
<string> |
Enter the IP address or domain name of the ID Manager proxy server (1-32 chars)
|
bind-ssid |
Set the SSID to which the user name binds for ID Manager testing (Note: By default, wired links use the user name-password pair for testing ID Manager accounts, so the user name does not need to bind to an SSID.)
|
<string> |
Enter the name of the SSID to which you want to bind the user name (1-32 chars)
|
exec aaa ldap-search server-type {active-directory|ldap-server|open-directory} server <string> basedn <string> binddn <string> password <string> [ {attributes} [ <string> ] ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
ldap-search |
Execute a search of the LDAP database
|
server-type |
Set the type of LDAP server whose database you want to search
|
active-directory |
Set the server type as an Active Directory server
|
ldap-server |
Set the server type as an OpenLDAP server
|
open-directory |
Set the server type as an Open Directory server
|
server |
Set the IP address or resolvable domain name of the LDAP server
|
<string> |
Enter the IP address or domain name (up to 32 chars)
|
basedn |
Set a node in the LDAP tree structure as the baseDN (distinguished name) from which to search for nodes one level below it or for information about one or all of its attributes
|
<string> |
Enter the baseDN (up to 256 chars) (Note: If there are any spaces, enclose the whole string in quotation marks.)
|
binddn |
Set the bindDN name and password for the user that has permission to search the LDAP directory
|
<string> |
Enter the bindDN name (up to 256 chars)
|
password |
Set the bindDN password
|
<string> |
Enter the password (1-64 chars)
|
attributes |
Search for attributes of the node specified as the baseDN
|
<string> |
Enter the name of a specific attribute for which to search (Note: To see the user group attribute of the baseDN node when the default group attribute name is being used, do not enter anything.)
|
exec aaa ldap-search username <string> [ basedn <string> ] [ domain <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
ldap-search |
Execute a search of the LDAP database
|
username |
Set the user name to search for in the LDAP database
|
<string> |
Enter a user name (1-32 chars)
|
basedn |
Set the baseDN (distinguished name) where the user profiles are located in the LDAP tree structure
|
<string> |
Enter the baseDN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
|
domain |
Set the domain name of the domain controller
|
<string> |
Enter a NT domain name (1-64 chars)
|
exec aaa library-sip-test primary username <string> password <string>
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
library-sip-test |
Test a simulated authentication process for a library patron on a library SIP (Standard Interchange Protocol) server
|
primary |
Test the authentication process on the primary library SIP server
|
username |
Set the library patron's user name to submit to the library SIP server
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the library patron's password to submit to the library SIP server
|
<string> |
Enter the password (1-64 chars)
|
exec aaa net-join [ {primary|backup1|backup2|backup3} username <string> password <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
net-join |
Join the local AP RADIUS server to the domain controller
|
primary |
Join the local AP RADIUS server to the primary domain controller
|
backup1 |
Join the local AP RADIUS server to the backup1 domain controller
|
backup2 |
Join the local AP RADIUS server to the backup2 domain controller
|
backup3 |
Join the local AP RADIUS server to the backup3 domain controller
|
username |
Set the admin user name for the local AP RADIUS server (Note: For the AP RADIUS server to join the domain, its user account must have domain admin privileges or higher.)
|
<string> |
Enter a user name (1-32 chars)
|
password |
Set the password for the user name
|
<string> |
Enter a password (1-64 chars)
|
exec aaa net-join domain <string> fullname <string> server <string> username <string> password <string> [ computer-ou <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
net-join |
Join the local AP RADIUS server to the domain controller
|
domain |
Set the domain name of the AD domain controller
|
<string> |
Enter the NetBIOS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
|
fullname |
Set the full name of the domain to which the RADIUS server (local AP) and AD server both belong
|
<string> |
Enter the full domain name (1-64 chars)
|
server |
Set the IP address or resolvable domain name for the AD server (Note: The AD server is the same as the domain controller.)
|
<string> |
Enter the IP address or domain name (up to 32 chars)
|
username |
Set the admin user name that the local AP RADIUS server submits to the AD server (Note: For the AP RADIUS server to join the domain, its user account must have domain admin privileges or higher.)
|
<string> |
Enter a user name (1-32 chars)
|
password |
Set the password for the user name
|
<string> |
Enter a password (1-64 chars)
|
computer-ou |
Set the OU (organizational unit) used on the Active Directory server where the AP RADIUS server admin has privileges to add the AP as a computer in the domain
|
<string> |
Enter the OU (Max: 256 chars; Format: ou/sub-ou/sub-ou; Note: If there are any spaces, enclose the entire string in quotation marks.)
|
exec aaa ntlm-auth username <string> password <string> [ domain <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
ntlm-auth |
Initiate NTLM (NT LAN Manager) authentication between the AP RADIUS server and the domain controller
|
username |
Set the user name that the AP RADIUS server uses when authenticating itself to the domain controller
|
<string> |
Enter a user name (1-32 chars)
|
password |
Set the password that the AP RADIUS server uses when authenticating itself to the domain controller
|
<string> |
Enter a password (1-64 chars)
|
domain |
Set the domain name of the domain controller
|
<string> |
Enter a NT domain name (1-64 chars)
|
exec aaa radius-test <string> username <string> password <string> [ {pap|chap|ms-chap-v2} ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-test |
Send a RADIUS Access-Request message from the HiveAP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
|
<string> |
Enter the IP address or domain name of the RADIUS server (1-32 chars)
|
username |
Set the user name belonging to an account on the RADIUS server
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that belongs to the same account as the user name on the RADIUS server
|
<string> |
Enter the password (1-64 chars)
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
|
chap |
Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
|
exec capture remote-sniffer [ user <string> <string> ] [ host-allowed <string> ] [ local-port <number> ] [ promiscuous ]
|
exec |
Execute a command to initiate a task immediately
|
capture |
Initiate packet capturing
|
remote-sniffer |
Set parameters for a remote packet sniffer
|
user |
Set user name and password that the remote sniffer uses when authenticating itself to the HiveAP
|
<string> |
Enter the user name (1-32 chars)
|
<string> |
Enter the password (1-32 chars)
|
host-allowed |
Set the IP address or domain name of the remote packet sniffer that is allowed to connect to the HiveAP
|
<string> |
Enter the IP address or domain name (1-32 chars)
|
local-port |
Set the port number on which the HiveAP listens for connection requests from the remote sniffer
|
<number> |
Enter the port number (Default: 2002; Range: 1024-65535)
|
promiscuous |
Enable the wifi interfaces to operate in promiscuous mode during packet capturing (Default: Disabled)
|
exec {jss-check|airwatch-check|aerohive-check} mobile-device <mac_addr> enroll-status
|
exec |
Execute a command to initiate a task immediately
|
jss-check |
Check the enrollment status of a mobile device on the JSS (JAMF software server)
|
airwatch-check |
Check the enrollment status of a mobile device on the AirWatch
|
aerohive-check |
Check the enrollment status of a mobile device on the Aerohive MDM server
|
mobile-device |
Set the MAC address or ID of a mobile device
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
enroll-status |
Retrieve the enrollment status of the mobile device
|
filter <number> l2 [ {data|ctl|mgmt} ] [ subtype <hex> ] [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ] [ bssid <mac_addr> ] [ tx-mac <mac_addr> ] [ rx-mac <mac_addr> ] [ error {crc|decrypt|mic|all|no} ] [ etype <hex> ]
|
filter |
Set packet capture filter parameters
|
<number> |
Enter a filter ID (Range: 1-64)
|
l2 |
Set packet capture filter for layer 2 parameters
|
data |
Filter by data traffic
|
ctl |
Filter by ctl traffic
|
mgmt |
Filter by mgmt traffic
|
subtype |
Filter by frame subtype
|
<hex> |
Enter frame subtype value
|
src-mac |
Filter by source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Filter by destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
bssid |
Filter by BSSID
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Filter by transmitter MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
rx-mac |
Filter by receiver MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
error |
Filter by error condition
|
crc |
Filter by crc error
|
decrypt |
Filter by decrypt error
|
mic |
Filter by mic error
|
all |
Filter by all error
|
no |
Filter by no error
|
etype |
Filter by Ethernet value
|
<hex> |
Enter the value indicating an ethernet type (ARP:0806; IP:0800; IPX:8137; RARP:8035)
|
filter <number> l3 [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ protocol <number> ] [ src-port <number> ] [ dst-port <number> ]
|
filter |
Set packet capture filter parameters
|
<number> |
Enter a filter ID (Range: 1-64)
|
l3 |
Set packet capture filter for layer 3 parameters
|
src-ip |
Filter by source IP address
|
<ip_addr> |
Enter a source IP address
|
dst-ip |
Filter by destination IP address
|
<ip_addr> |
Enter a destination IP address
|
protocol |
Filter by protocol number in IP header
|
<number> |
Enter a protocol value (UDP:17; TCP:6 ICMP:1)
|
src-port |
Filter by source port filter
|
<number> |
Enter a source port number
|
dst-port |
Filter by destination port
|
<number> |
Enter a destination port number (HTTP:80; FTP:21; TELNET:23; DHCP:67; TFTP:79)
|
forwarding-engine l2-default-route interface <ethx> vlan <number> [ - <number> ]
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
l2-default-route |
Set the default Layer 2 route for VLANs that must use an interface other than eth0 (Note: Do not set for the eth0 interface.)
|
interface |
Set the Ethernet interface that connects to the VLANs for which you want to create default routes (Note: Do not set this command for the eth0 interface.)
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
vlan |
Set a range of VLAN IDs that use the default Layer 2 route for the specified interface
|
<number> |
Enter the VLAN ID (Range: 1-4094)
|
- |
Set a range of VLAN IDs
|
<number> |
Enter the last VLAN ID in the range (Range: 1-4094; Note: The end of the VLAN ID range must be equal to or greater than the VLAN ID at the start.)
|
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> dst-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> dst-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine tunnel selective-multicast-forward allow-all except <ip_addr|ip_addr/mask>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
tunnel |
Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
|
selective-multicast-forward |
Selective multicast forwarding through GRE tunnels
|
allow-all |
Allow the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
|
except |
Block specific IP multicast traffic through tunnels
|
<ip_addr> |
Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
|
<ip_addr/netmask> |
Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
|
forwarding-engine tunnel selective-multicast-forward block-all except <ip_addr|ip_addr/mask>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
tunnel |
Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
|
selective-multicast-forward |
Selective multicast forwarding through GRE tunnels
|
block-all |
Block the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
|
except |
Allow specific IP multicast traffic through tunnels
|
<ip_addr> |
Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
|
<ip_addr/netmask> |
Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
|
hive <string> neighbor connecting-threshold {low|medium|high} polling-interval <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
neighbor |
Set the threshold parameters for connecting wirelessly with neighboring hive members
|
connecting-threshold |
Set the minimum signal strength threshold required for connecting with a neighboring hive member
|
low |
Set a relatively low minimum signal strength threshold (-85dBm)
|
medium |
Set a relatively moderate minimum signal strength threshold (-80dBm)
|
high |
Set a relatively high minimum signal strength threshold (-75dBm)
|
polling-interval |
Set the time interval in minutes for polling the signal strength of neighboring hive members
|
<number> |
Enter the polling time interval (Default: 1 minute; range: 1-60)
|
hive <string> security wlan dos station-level frame-type {assoc-req|auth|eapol} ban <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
auth |
Specify WLAN DoS frame type auth
|
eapol |
Specify WLAN DoS frame type eapol
|
ban |
Set the period of time to ignore frames after a theshold has been crossed
|
<number> |
Enter the period of time in seconds to ignore frames after a theshold has been crossed (Default: 60; Min: 0 Max: None)
|
hive <string> security wlan dos station-level frame-type {assoc-req|auth|eapol} ban forever
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
auth |
Specify WLAN DoS frame type auth
|
eapol |
Specify WLAN DoS frame type eapol
|
ban |
Set the period of time to ignore frames after a theshold has been crossed
|
forever |
Set ban forever
|
hive <string> security wlan dos {hive-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all}
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
hive-level |
Set DoS parameters at hive-level
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
probe-req |
Specify WLAN DoS frame type probe-req
|
probe-resp |
Specify WLAN DoS frame type probe-resp
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
assoc-resp |
Specify WLAN DoS frame type assoc-resp
|
disassoc |
Specify WLAN DoS frame type disassoc
|
auth |
Specify WLAN DoS frame type auth
|
deauth |
Specify WLAN DoS frame type deauth
|
eapol |
Specify WLAN DoS frame type eapol
|
all |
Specify WLAN DoS frame type all
|
hive <string> security wlan dos {hive-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all} alarm <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
hive-level |
Set DoS parameters at hive-level
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
probe-req |
Specify WLAN DoS frame type probe-req
|
probe-resp |
Specify WLAN DoS frame type probe-resp
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
assoc-resp |
Specify WLAN DoS frame type assoc-resp
|
disassoc |
Specify WLAN DoS frame type disassoc
|
auth |
Specify WLAN DoS frame type auth
|
deauth |
Specify WLAN DoS frame type deauth
|
eapol |
Specify WLAN DoS frame type eapol
|
all |
Specify WLAN DoS frame type all
|
alarm |
Set the interval in seconds between alarms to indicate continuous DoS conditions
|
<number> |
Enter the interval in seconds between alarms to indicate continuous DoS conditions (Default: 60 secs; Min: 0 Max: None)
|
hive <string> security wlan dos {hive-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all} threshold <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
hive-level |
Set DoS parameters at hive-level
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
probe-req |
Specify WLAN DoS frame type probe-req
|
probe-resp |
Specify WLAN DoS frame type probe-resp
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
assoc-resp |
Specify WLAN DoS frame type assoc-resp
|
disassoc |
Specify WLAN DoS frame type disassoc
|
auth |
Specify WLAN DoS frame type auth
|
deauth |
Specify WLAN DoS frame type deauth
|
eapol |
Specify WLAN DoS frame type eapol
|
all |
Specify WLAN DoS frame type all
|
threshold |
Set the frame threshold in ppm (packets per minute) that must be crossed to trigger an alarm
|
<number> |
Enter threshold in ppm (Default: hive-level probe-req 12000, probe-resp 24000, eapol 6000, auth 6000, assoc-req 6000, assoc-resp 2400, all others 1200; sta-level probe-req 1200 ppm, probe-resp 2400, eapol 600, auth 600, assoc-req 600, assoc-resp 240, all others 120; Min: 0 Max: None)
|
hiveui cas client server name <string>
|
hiveui |
Enable the NetConfig UI for defining network settings, configuring settings to connect to HiveManager, and uploading a new HiveOS image
|
cas |
Set client and server parameters for CAS (Central Authentication Service) to authenticate users such as teachers accessing TeacherView
|
client |
Set parameters for the local AP to act as a CAS client
|
server |
Set parameters for communicating with the CAS server
|
name |
Set the IP address or resolvable domain name for the CAS server
|
<string> |
Enter the IP address or domain name (max 32 chars) of the CAS server
|
interface <ethx|aggx|redx> allowed-vlan <number> [ - <number> ]
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
allowed-vlan |
Set a list of VLAN IDs by which traffic allowed to cross the interface can be filtered
|
<number> |
Enter the VLAN ID to be allowed (Range: 1-4094)
|
- |
Set a range of allowed VLAN IDs
|
<number> |
Enter the last VLAN ID in the range (Range: 1-4094; Note: The end of the VLAN ID range must be equal to or greater than the VLAN ID at the start.)
|
interface <ethx|aggx|redx> allowed-vlan {all|auto}
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
allowed-vlan |
Set a list of VLAN IDs by which traffic allowed to cross the interface can be filtered
|
all |
Allow traffic tagged with any VLAN ID
|
auto |
Allow traffic whose VLAN ID matches that of the management interface, virtual management interface, native VLAN, or the default VLAN configured in user profiles
|
interface <ethx|aggx|redx> mac-learning static <mac_addr>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
mac-learning |
Set parameters for MAC address learning
|
static |
Set statically defined MAC address entries
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
interface <ethx|aggx|redx> manage {Telnet|SSH|SNMP|ping|all}
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
manage |
Set management service parameters
|
Telnet |
Enable Telnet manageability of mgt0 through this interface (Default: Disabled)
|
SSH |
Enable SSH manageability of mgt0 through this interface (Default: Enabled)
|
SNMP |
Enable SNMP manageability of mgt0 through this interface (Default: Disabled)
|
ping |
Enable mgt0 to respond to pings through this interface (Default: Enabled)
|
all |
Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through this interface
|
interface <ethx|aggx|redx> mode bridge-802.1q user-profile-attribute <number>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
bridge-802.1q |
Set the interface in bridge-802.1Q mode, making it a VLAN-aware layer 2 interface to enable the bridging of traffic between 802.1Q VLAN-capable devices in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
|
user-profile-attribute |
Map a RADIUS attribute to the user profile
|
<number> |
Enter a numeric value for a single RADIUS attribute (Default:0; Range: 0-4095)
|
interface <ethx|aggx|redx> mode {bridge-802.1q|backhaul}
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
bridge-802.1q |
Set the interface in bridge-802.1Q mode, making it a VLAN-aware layer 2 interface to enable the bridging of traffic between 802.1Q VLAN-capable devices in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
|
backhaul |
Set the interface in backhaul mode, making it a VLAN-aware layer 2 interface through which the default MAC route for traffic to and from the main LAN passes
|
interface <ethx|aggx|redx> rate-limit {multicast|broadcast|unicast} enable
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
rate-limit |
Set parameter for interface-based rate limiting
|
multicast |
Set multicast traffic rate limiting
|
broadcast |
Set broadcast traffic rate limiting
|
unicast |
Set unicast traffic rate limiting
|
enable |
Enable rate limiting on the interface for this type of traffic (Default: multicast/broadcast Enable,unicast Disable)
|
interface <ethx|redx|aggx> mode bridge-access [ user-profile-attribute <number> ]
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
bridge-access |
Set the interface in bridge-access mode, making it a layer 2 interface to enable the bridging of traffic between devices in a single VLAN in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
|
user-profile-attribute |
Map a RADIUS attribute to the user profile
|
<number> |
Enter a numeric value for a single RADIUS attribute (Default:0; Range: 0-4095)
|
interface <mgtx> dhcp-probe vlan-range <number> <number> [ timeout <number> ] [ retries <number> ]
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
dhcp-probe |
Probe for DHCP servers in one or more VLANs
|
vlan-range |
Set the range of VLANs in which to probe for a DHCP server
|
<number> |
Enter the start of the VLAN range (Range: 1-4094)
|
<number> |
Enter the end of the VLAN range (Range: 1-4094)
|
timeout |
Set the timeout for waiting for a response to a probe
|
<number> |
Enter the timeout value (Default: 10 secs; Range: 1-60)
|
retries |
Set the number of times to retry sending a probe that does not elicit a response from a DHCP server
|
<number> |
Enter the retry value (Default: 1; Range: 1-10)
|
interface <mgtx|ethx> dhcp client option custom ppsk-server <number> ip
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
ppsk-server |
Set a custom DHCP option ID and ID type for a private PSK server
|
<number> |
Enter the custom DHCP option ID (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
|
ip |
Set the type of the custom DHCP option as IP
|
interface <mgtx|ethx> dhcp client option custom radius-server <number> ip
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
radius-server |
Set a custom DHCP option ID and ID type for a RADIUS authentication or accounting server
|
<number> |
Enter the custom DHCP option ID for a RADIUS authentication server (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
|
ip |
Set the type of the custom DHCP option as IP
|
interface <mgtx|ethx> dhcp client option custom radius-server accounting <number> ip
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
radius-server |
Set a custom DHCP option ID and ID type for a RADIUS authentication or accounting server
|
accounting |
Set a custom DHCP option ID and ID type for a RADIUS accounting server
|
<number> |
Enter the custom DHCP option ID for a RADIUS accounting server (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
|
ip |
Set the type of the custom DHCP option as IP
|
interface <mgtx|ethx> dhcp client option custom {syslog-server|hivemanager} <number> {string|ip}
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
syslog-server |
Set a custom DHCP option ID and ID type for a syslog server
|
hivemanager |
Set a custom DHCP option ID and ID type for HiveManager
|
<number> |
Enter the custom DHCP option ID (Default ID numbers and types: HiveManager = 225 string, 226 IP; Syslog server = 227 string, 228 IP)
|
string |
Set the type of the custom DHCP option as a string
|
ip |
Set the type of the custom DHCP option as an IP address
|
interface <mgtx|mgtx.y> dhcp-server options custom <number> hex <string>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
custom |
Set a custom DHCP option
|
<number> |
Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
|
hex |
Set the custom option data type as a hexadecimal digit
|
<string> |
Enter the hexadecimal digit (1-254 chars; Note: For option 46, which sets the NetBIOS over TCP/IP node type, the string must be 1, 2, 4, or 8.)
|
interface <mgtx|mgtx.y> dhcp-server options custom <number> integer <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
custom |
Set a custom DHCP option
|
<number> |
Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
|
integer |
Set the custom option data type as an integer
|
<number> |
Enter the integer (Range: 0-2147483647)
|
interface <mgtx|mgtx.y> dhcp-server options custom <number> string <string>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
custom |
Set a custom DHCP option
|
<number> |
Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
|
string |
Set the custom option data type as a string
|
<string> |
Enter the string (1-255 chars)
|
interface <mgtx|mgtx.y> dhcp-server options {dns1|dns2|dns3} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
dns1 |
Set the IP address of the primary DNS (Domain Name System) server that you want DHCP clients to use
|
dns2 |
Set the IP address of the secondary DNS server
|
dns3 |
Set the IP address of the tertiary DNS server
|
<ip_addr> |
Enter the IP address (Note: The DNS server IP address cannot be the same as that of the interface.)
|
interface <mgtx|mgtx.y> dhcp-server options {logsrv|pop3|smtp} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
logsrv |
Set the IP address of the log server that is available for DHCP clients
|
pop3 |
Set the IP address of the POP3 (Post Office Protocol v3) server that you want DHCP clients to use
|
smtp |
Set the IP address of the SMTP (Simple Mail Transfer Protocol) server that you want DHCP clients to use
|
<ip_addr> |
Enter the IP address
|
interface <mgtx|mgtx.y> dns-server ext-resolve {dns1|dns2|dns3} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dns-server |
Set DNS server parameters
|
ext-resolve |
Set the external DNS servers used to resolve all domain names not specified for resolution by internal DNS servers
|
dns1 |
Set the IP address of the primary external DNS server
|
dns2 |
Set the IP address of the secondary external DNS server
|
dns3 |
Set the IP address of the tertiary external DNS server dns3
|
<ip_addr> |
Enter the IP address of the external DNS server
|
interface <mgtx|mgtx.y> dns-server int-resolve {dns1|dns2|dns3} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dns-server |
Set DNS server parameters
|
int-resolve |
Set the DNS servers on the internal network used to resolve domain names in the match list
|
dns1 |
Set the IP address of the primary internal DNS server
|
dns2 |
Set the IP address of the secondary internal DNS server
|
dns3 |
Set the IP address of the tertiary internal DNS server dns3
|
<ip_addr> |
Enter the IP address of the internal DNS server
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
nat |
Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
|
inter-station-traffic-drop |
Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action deny log packet-drop
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
log |
Set logging options for packets and sessions that match the IP firewall policy
|
packet-drop |
Log dropped packets that the IP firewall policy denies
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action inter-station-traffic-drop log [ {initiate-session|terminate-session|packet-drop} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
inter-station-traffic-drop |
Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
|
log |
Set logging options for packets and sessions that match IP FW policy
|
initiate-session |
Log the creation of sessions that are permitted by the policy
|
terminate-session |
Log the termination of sessions that are permitted by the policy
|
packet-drop |
Log dropped packets that are denied by the policy
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action permit log [ {initiate-session|terminate-session} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
log |
Set logging options for packets and sessions that match the IP firewall policy
|
initiate-session |
Log session details when a session is created after passing a IP firewall policy lookup
|
terminate-session |
Log session details when a session matching a IP firewall policy is terminated
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] to local-subnet [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
local-subnet |
Set the subnet of the mgt0 interface as the destination
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
nat |
Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
|
inter-station-traffic-drop |
Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
|
iperf client <ip_addr> [ {port} <number> ] [ {udp} ] [ {interval} <number> ] [ {no-delay} ] [ {dual-test} ] [ {tradeoff} ] [ {listen-port} <number> ] [ {window} <number> ] [ {mss} <number> ] [ {bandwidth} <number> ] [ {time} <number> ] [ {parallel} <number> ]
|
iperf |
Set parameters for Iperf, a tool for testing and measuring network performance
|
client |
Set Iperf to run in client mode
|
<ip_addr> |
Enter the server IP address with which the HiveAP connects as an Iperf client
|
port |
Set the port on which the client connects to the server
|
<number> |
Enter the port number (Range: 1024-65535; Default: 5001)
|
udp |
Set the transport protocol as UDP (Default: TCP)
|
interval |
Set the interval between periodic bandwidth, jitter, and loss reports
|
<number> |
Enter the interval in seconds (Range: 1-60; Default: 0, which means that the report is not made periodically)
|
no-delay |
Transmit small logical packets individually without the delay incurred by putting them in batches within a single larger physical packet (Default: Smaller packets are transmitted without delay)
|
dual-test |
Set the Iperf tool to do bidirectional upstream and downstream performance testing between the client and server concurrently
|
tradeoff |
Set the Iperf tool to do bidirectional upstream and downstream performance testing at different times so downstream testing only begins after upstream testing is complete
|
listen-port |
Set the port on which the server connects to the client
|
<number> |
Enter the port number (Range: 1024-65535; Default: The same port on which the client connects to the server)
|
window |
Set the TCP window size (socket buffer size)
|
<number> |
Enter the TCP window size in kilobytes (Range: 2-65535; Default: 83.5)
|
mss |
Set the maximum TCP segment size (MTU: 40 bytes)
|
<number> |
Enter the maximum TCP segment size in bytes (Range: 40-65535; Default: 4160)
|
bandwidth |
Set the amount of UDP bandwidth to send
|
<number> |
Enter the bandwidth in megabits per second (Range: 1-1000; Default: 1)
|
time |
Set the length of transmission time
|
<number> |
Enter the time in seconds (Range: 1-65535; Default: 10)
|
parallel |
Set the client to make multiple connections to the server concurrently (Note: This option requires multiple thread support on both the client and server.)
|
<number> |
Enter the number of parallel client threads to run (Range: 1-10; Default: 1)
|
iperf server [ {port} <number> ] [ {udp} ] [ {single-udp} ] [ {interval} <number> ] [ {no-delay} ] [ {window} <number> ] [ {mss} <number> ] [ {bind} <ip_addr> ]
|
iperf |
Set parameters for Iperf, a tool for testing and measuring network performance
|
server |
Set Iperf to run in server mode
|
port |
Set the port on which the server listen on
|
<number> |
Enter the port number (Range: 1024-65535; Default: 5001)
|
udp |
Set the transport protocol as UDP (Default: TCP)
|
single-udp |
Set the Iperf tool to run in single-threaded UDP mode
|
interval |
Set the interval between periodic bandwidth, jitter, and loss reports
|
<number> |
Enter the interval in seconds (Range: 1-60; Default: 0, which means that the report is not made periodically)
|
no-delay |
Transmit small logical packets individually without the delay incurred by putting them in batches within a single larger physical packet (Default: Smaller packets are transmitted without delay)
|
window |
Set the TCP window size (socket buffer size)
|
<number> |
Enter the TCP window size in kilobytes (Range: 2-65535; Default: 83.5)
|
mss |
Set the maximum TCP segment size (MTU: 40 bytes)
|
<number> |
Enter the maximum TCP segment size in bytes (Range: 40-65535; Default: 4160)
|
bind |
Bind and join the HiveAP to a multicast group
|
<ip_addr> |
Enter the IP address of the multicast group (Range: 224.0.0.0-239.255.255.255)
|
library-sip-policy <string> default user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
|
library-sip-policy |
Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
|
<string> |
Enter a library SIP policy name (1-32 chars)
|
default |
Set the default rule to apply to unregistered library patrons
|
user-group |
Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
|
<string> |
Enter the user group name (1-32 chars)
|
action |
Set the action that the library SIP policy rule applies
|
permit |
Notify users assigned to the user group that they are permitted network access
|
restricted |
Notify users assigned to the user group that they are given restricted network access
|
deny |
Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
|
additional-display-message |
Set a message to display when a user attempts to access the network
|
<string> |
Enter a message string (up to 256 chars)
|
library-sip-policy <string> id <number> field <string> {equal|greater-than|less-than} <number> user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
|
library-sip-policy |
Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
|
<string> |
Enter a library SIP policy name (1-32 chars)
|
id |
Set an ID number for a rule to add it to the library SIP policy
|
<number> |
Enter an ID number (Range: 1-64)
|
field |
Set the two-letter character code that identifies the field name of a specific library SIP value
|
<string> |
Enter the two-letter character code(2 char)
|
equal |
Check if the field value that the SIP server returns equals the number entered in the local AP RADIUS server
|
greater-than |
Check if the field value that the SIP server returns is greater than the number entered in the local AP RADIUS server
|
less-than |
Check if the field value that the SIP server returns is less than the number entered in the local AP RADIUS server
|
<number> |
Enter the number that the AP RADIUS server uses when checking the field values that the SIP server returns (Range: 0-65535)
|
user-group |
Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
|
<string> |
Enter the user group name (1-32 chars)
|
action |
Set the action that the library SIP policy rule applies
|
permit |
Notify users assigned to the user group that they are permitted network access
|
restricted |
Notify users assigned to the user group that they are given restricted network access
|
deny |
Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
|
additional-display-message |
Set a message to display when a user attempts to access the network
|
<string> |
Enter a message string (up to 256 chars)
|
library-sip-policy <string> id <number> field <string> {matches|differs-from|starts-with|occurs-after|occurs-before|contains} <string> user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
|
library-sip-policy |
Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
|
<string> |
Enter a library SIP policy name (1-32 chars)
|
id |
Set an ID number for a rule to add it to the library SIP policy
|
<number> |
Enter an ID number (Range: 1-64)
|
field |
Set the two-letter character code that identifies the field name of a specific library SIP value
|
<string> |
Enter the two-letter character code(2 char)
|
matches |
Check if the field value that the SIP server returns matches the string entered in the local AP RADIUS server
|
differs-from |
Check if the field value that the SIP server returns differs-from the string entered in the local AP RADIUS server
|
starts-with |
Check if the field value that the SIP server returns starts-with the string entered in the local AP RADIUS server
|
occurs-after |
Check if the field value that the SIP server returns occurs-after the string entered in the local AP RADIUS server
|
occurs-before |
Check if the field value that the SIP server returns occurs-before the string entered in the local AP RADIUS server
|
contains |
Check if the field value that the SIP server returns contains the string entered in the local AP RADIUS server
|
<string> |
Enter the string that the AP RADIUS server uses when checking the field values that the SIP server returns (1-32 chars; Note: Date format must be YYYY-MM-DD; Example: 2010-01-01.)
|
user-group |
Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
|
<string> |
Enter the user group name (1-32 chars)
|
action |
Set the action that the library SIP policy rule applies
|
permit |
Notify users assigned to the user group that they are permitted network access
|
restricted |
Notify users assigned to the user group that they are given restricted network access
|
deny |
Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
|
additional-display-message |
Set a message to display when a user attempts to access the network
|
<string> |
Enter a message string (up to 256 chars)
|
library-sip-policy <string> id <number> {after|before} id <number>
|
library-sip-policy |
Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
|
<string> |
Enter a library SIP policy name (1-32 chars)
|
id |
Set an ID number for a rule to add it to the library SIP policy
|
<number> |
Enter an ID number (Range: 1-64)
|
after |
Move the library SIP rule after another rule in the policy
|
before |
Move the library SIP rule before another rule in the policy
|
id |
Set an ID number for a rule to add it to the library SIP policy
|
<number> |
Enter an ID number (Range: 1-64)
|
logging buffered level {emergency|alert|critical|error|warning|notification|info|debug}
|
logging |
Set logging parameters
|
buffered |
Set logging buffer
|
level |
Set logging level
|
emergency |
Send emergency-level log entries (Default: debug)
|
alert |
Send log entries from alert to emergency levels (Default: debug)
|
critical |
Send log entries from critical to emergency levels (Default: debug)
|
error |
Send log entries from error to emergency levels (Default: debug)
|
warning |
Send log entries from warning to emergency levels (Default: debug)
|
notification |
Send log entries from notification to emergency levels (Default: debug)
|
info |
Send log entries from info to emergency levels (Default: debug)
|
debug |
Send log entries for all severity levels (Default: debug)
|
logging facility {local0|local1|local2|local3|local4|local5|local6|local7|auth|authpriv|security|user}
|
logging |
Set logging parameters
|
facility |
Set logging facility
|
local0 |
Set log facility to local0 (Default: local6)
|
local1 |
Set log facility to local1 (Default: local6)
|
local2 |
Set log facility to local2 (Default: local6)
|
local3 |
Set log facility to local3 (Default: local6)
|
local4 |
Set log facility to local4 (Default: local6)
|
local5 |
Set log facility to local5 (Default: local6)
|
local6 |
Set log facility to local6 (Default: local6)
|
local7 |
Set log facility to local7 (Default: local6)
|
auth |
Set log facility to auth (Default: local6)
|
authpriv |
Set log facility to authpriv (Default: local6)
|
security |
Set log facility to security (Default: local6)
|
user |
Set log facility to user (Default: local6)
|
logging flash level {emergency|alert|critical|error|warning|notification|info|debug}
|
logging |
Set logging parameters
|
flash |
Set logging flash
|
level |
Set logging level
|
emergency |
Send emergency-level log entries (Default: error)
|
alert |
Send log entries from alert to emergency levels (Default: error)
|
critical |
Send log entries from critical to emergency levels (Default: error)
|
error |
Send log entries from error to emergency levels (Default: error)
|
warning |
Send log entries from warning to emergency levels (Default: error)
|
notification |
Send log entries from notification to emergency levels (Default: error)
|
info |
Send log entries from info to emergency levels (Default: error)
|
debug |
Send log entries for all severity levels (Default: error)
|
logging server <string> [ level {emergency|alert|critical|error|warning|notification|info|debug} ] [ {via-vpn-tunnel} ]
|
logging |
Set logging parameters
|
server |
Set parameters for a syslog server
|
<string> |
Set the IP address or domain name (1-32 chars) for the syslog server
|
level |
Set the severity level for the log messages you want to send
|
emergency |
Send emergency-level log entries
|
alert |
Send log entries from alert to emergency levels
|
critical |
Send log entries from critical to emergency levels
|
error |
Send log entries from error to emergency levels
|
warning |
Send log entries from warning to emergency levels
|
notification |
Send log entries from notification to emergency levels
|
info |
Send log entries from info to emergency levels
|
debug |
Send log entries for all severity levels
|
via-vpn-tunnel |
Send all logging traffic through a VPN tunnel (Note: Set this option on VPN clients when the logging server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
mac-object <string> mac-range <mac_addr> - <mac_addr>
|
mac-object |
Set parameters for an MAC object that the HiveAP can use to assign a client with a matching MAC address to a user profile (Max: 128 MAC objects per HiveAP.)
|
<string> |
Enter the MAC object name (1-32 chars)
|
mac-range |
Set a range of MAC addresses for the MAC object (Max: 255 MAC address ranges per MAC object)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
- |
Set a range of MAC addresses
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] [ action {permit|deny} ]
|
mac-policy |
Set MAC policy parameters
|
<string> |
Enter a MAC policy name (1-32 chars)
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
before |
Set the before parameters for a MAC policy
|
after |
Set the after parameters for a MAC policy
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
from |
Set the source MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
to |
Set the destination MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
action |
Set action for a MAC policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action deny log packet-drop
|
mac-policy |
Set MAC policy parameters
|
<string> |
Enter a MAC policy name (1-32 chars)
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
before |
Set the before parameters for a MAC policy
|
after |
Set the after parameters for a MAC policy
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
from |
Set the source MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
to |
Set the destination MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
action |
Set action for a MAC policy (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
log |
Set logging options for packets and sessions that match the MAC firewall policy
|
packet-drop |
Log dropped packets that the MAC firewall policy denies
|
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action permit log [ {initiate-session|terminate-session} ]
|
mac-policy |
Set MAC policy parameters
|
<string> |
Enter a MAC policy name (1-32 chars)
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
before |
Set the before parameters for a MAC policy
|
after |
Set the after parameters for a MAC policy
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
from |
Set the source MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
to |
Set the destination MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
action |
Set action for a MAC policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
log |
Set logging options for packets and sessions that match the MAC firewall policy
|
initiate-session |
Log session details when a session is created after passing a MAC firewall policy lookup
|
terminate-session |
Log session details when a session matching a MAC firewall policy is terminated
|
mdm-object <string> [ enroll-status {enrolled|non-enrolled|unknown} ] [ compliance-status {compliant|non-compliant|unknown} ] [ client-tag <string> ]
|
mdm-object |
Set the MDM (mobile device management) object
|
<string> |
Enter an MDM object name (1-32 chars)
|
enroll-status |
Set the enrollment status of the managed mobile device
|
enrolled |
Set the MDM enrollment status of the device as enrolled
|
non-enrolled |
Set the MDM enrollment status of the device as non-enrolled
|
unknown |
Set the MDM enrollment status of the device as unknown
|
compliance-status |
Set a compliance status
|
compliant |
Set the compliance status as compliant
|
non-compliant |
Set the compliance status as non-compliant
|
unknown |
Set the compliance status as unknown
|
client-tag |
Set an MDM client tag name to indicate the ownership of the managed mobile device (Note: BYOD and CID are common ownership tags that describe bring-your-own-device and corporate-issues-device situations.)
|
<string> |
Enter a tag name (1-32 chars)
|
mobile-device-policy <string> [ rule <number> ] [ original-user-profile <string> ] device-group <string> reassigned-user-profile-attr <number>
|
mobile-device-policy |
Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
|
<string> |
Enter the mobile device policy name (1-32 chars)
|
rule |
Add a rule to the mobile device policy
|
<number> |
Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the HiveAP automatically assigns one.)
|
original-user-profile |
Specify the user profile that the HiveAP first assigns to traffic before it completes the device classification process
|
<string> |
Enter the original user profile (1-32 chars)
|
device-group |
Set the device group that the policy rule references to classify the type of client device in use
|
<string> |
Enter a device group name (1-32 chars)
|
reassigned-user-profile-attr |
Reassign the client to a different user profile if it belongs to the specified device group or was initially assigned to the specified original user profile
|
<number> |
Enter the attribute of the user profile to assign in place of the originally assigned one (Range: 0-4095)
|
mobile-device-policy <string> rule <number> {before|after} rule <number>
|
mobile-device-policy |
Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
|
<string> |
Enter the mobile device policy name (1-32 chars)
|
rule |
Add a rule to the mobile device policy
|
<number> |
Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the HiveAP automatically assigns one.)
|
before |
Move the mobile device policy rule before another rule in the policy
|
after |
Move the mobile device policy rule after another rule in the policy
|
rule |
Set a rule before or after another rule in the mobile device policy
|
<number> |
Enter a rule ID number (Range: 1-65535)
|
mobility-policy <string> dnxp unroam-threshold <number> <number>
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
dnxp |
Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring hive members)
|
unroam-threshold |
Set the minimum traffic level required to continue tunneling traffic back to the original subnet of a L3 roaming client. (Note: If the volume of client traffic dips below the threshold, it is disassociated.)
|
<number> |
Enter the minimum number of packets/minute to and from the client required to continue tunneling its traffic back to its original subnet (Default: 0; Range: 0-2147483647; Note: The value "0" disables the unroaming feature.)
|
<number> |
Enter the interval in seconds for polling traffic statistics (Default: 60 seconds; Range: 10-600)
|
mobility-policy <string> inxp gre-tunnel to <ip_addr> <ip_addr> password <string>
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
inxp |
Assign INXP (Identity Network eXtension Protocol) for the mobility policy
|
gre-tunnel |
Set the INXP gre-tunnel parameters
|
to |
Set the INXP gre-tunnel destination parameters
|
<ip_addr> |
Enter start IP address for INXP gre-tunnel destination
|
<ip_addr> |
Enter end IP address for INXP gre-tunnel destination
|
password |
Set password for INXP gre-tunnel
|
<string> |
Enter password for INXP gre-tunnel (1-64 chars)
|
ping <ip_addr> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
|
ping |
Perform a ping
|
<ip_addr> |
Enter the destination IP address
|
count |
Stop pinging after sending the specified number of ICMP echo requests
|
<number> |
Enter a number after sending the number of ICMP echo requests the pinging stop (Default: 5, Range: 1-65535)
|
size |
Set the size of the ICMP packets
|
<number> |
Enter the packet size in bytes (Default: 56, Range: 1-1024)
|
ttl |
Set the TTL (time to live)
|
<number> |
Enter the TTL (Range: 1-255)
|
timeout |
Set the length of time to wait for a response
|
<number> |
Enter the timeout in seconds (Default: 10; Range: 1-60)
|
ping <string> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
|
ping |
Perform a ping
|
<string> |
Enter the destination domain name (1-32 chars)
|
count |
Set the number of ICMP echo requests to send
|
<number> |
Enter the number of ICMP echo requests (Default: 5, Range: 1-65535)
|
size |
Set the size of the ICMP packets
|
<number> |
Enter the packet size in bytes (Default: 56, Range: 1-1024)
|
ttl |
Set the TTL (time to live)
|
<number> |
Enter the TTL (Range: 1-255)
|
timeout |
Set the length of time to wait for a response
|
<number> |
Enter the timeout in seconds (Default: 10; Range: 1-60)
|
probe <ip_addr|mac_addr> [ size <number> ] [ src-mac <mac_addr> ] [ wait-time <number> ] [ ttl <number> ] [ count <number> ]
|
probe |
Set the probe parameters
|
<ip_addr> |
Enter the target IP or MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
size |
Set the probe request packet size (default: 512 bytes)
|
<number> |
Enter a packet size (range: 256-1400 bytes)
|
src-mac |
Set the Source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
wait-time |
Set the timeout value (default: 1 second)
|
<number> |
Enter an timeout value (range: 1-30 seconds)
|
ttl |
Set the TTL value (default 32)
|
<number> |
Enter an TTL value (range: 1-255)
|
count |
Set probe request count (default: 5)
|
<number> |
Enter the probe request count (range: 1-64)
|
probe portal [ size <number> ] [ src-mac <mac_addr> ] [ wait-time <number> ] [ ttl <number> ] [ count <number> ]
|
probe |
Set the probe parameters
|
portal |
Set the target of the probe as the MAC address of the HiveAP acting as portal
|
size |
Set the probe request packet size (default: 512 bytes)
|
<number> |
Enter a packet size (range: 256-1400 bytes)
|
src-mac |
Set the Source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
wait-time |
Set the timeout value (default: 1 second)
|
<number> |
Enter an timeout value (range: 1-30 seconds)
|
ttl |
Set the TTL value (default 32)
|
<number> |
Enter an TTL value (range: 1-255)
|
count |
Set probe request count (default: 5)
|
<number> |
Enter the probe request count (range: 1-64)
|
qos classifier-map interface <ethx|aggx|redx> <number>
|
qos |
Set QoS (Quality of Service) parameters
|
classifier-map |
Map QoS priority markers on incoming packets to Aerohive QoS classes
|
interface |
Map incoming Ethernet traffic to Aerohive QoS classes by its ingress interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
<number> |
Enter the Aerohive QoS class (Range: 0-7)
|
qos classifier-map oui <oui> [ qos <number> ] [ action {permit|deny|log} ] [ comment <string> ]
|
qos |
Set QoS (Quality of Service) parameters
|
classifier-map |
Map QoS priority markers on incoming packets to Aerohive QoS classes
|
oui |
Set a MAC OUI (Organizational Unique Identifier) classification table
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
qos |
Set an Aerohive QoS class to the MAC
|
<number> |
Enter Aerohive QoS class (Range: 0-7)
|
action |
Set an action to the MAC OUI
|
permit |
permit the packet
|
deny |
deny the packet
|
log |
log the packet
|
comment |
Add a comment to the MAC OUI
|
<string> |
Enter a comment (Maximum:32 chars) to the MAC
|
qos classifier-profile <string> [ {interface/ssid-only|8021p|80211e|diffserv|interface/ssid|mac|service} ]
|
qos |
Set QoS (Quality of Service) parameters
|
classifier-profile |
Set a QoS classification profile
|
<string> |
Enter a classifier profile name (1-32 chars)
|
interface/ssid-only |
Classify all incoming and outgoing packets using the interface or SSID bound to this classifier profile (Note: The interface/ssid-only method cannot be combined with other methods in the same classifier profile or applied to more than one profile. This profile has precedence over all others.)
|
8021p |
Classify incoming packets by 802.1p priority markers present in Layer2 frame headers
|
80211e |
Classify incoming packets by 802.11e priority markers present in wireless frame headers
|
diffserv |
Classify incoming packets by DiffServ DSCP values present in Layer3 packet headers
|
interface/ssid |
Classify packets by the interface or SSID that they traverse (Note: If two interface/SSID classifier profiles apply to the same session, the one providing better QoS is used.)
|
mac |
Classify packets by the OUI (organizationally unique identifier) of the session participants (Note: If two OUI classifier profiles apply to the same session, the one providing better QoS is used.)
|
service |
Classify incoming packets by network service type
|
qos policy <string> [ user-profile <number> <number> ] [ user <number> ] [ qos <number> {strict|wrr} <number> <number> ]
|
qos |
Set QoS (Quality of Service) parameters
|
policy |
Set a QoS policy to control traffic forwarding
|
<string> |
Enter the policy name (1-32 chars)
|
user-profile |
Set QoS policy parameters at the user profile level
|
<number> |
Enter the user profile rate limit in kbps (Range: 0-2000000)
|
<number> |
Enter the scheduling weight for the user profile (Range: 0-1000)
|
user |
Set QoS parameters at the user level
|
<number> |
Enter the user rate limit in kbps (Range: 0-2000000)
|
qos |
Set QoS parameters at the Aerohive QoS class level
|
<number> |
Enter the Aerohive QoS class (Range: 0-7)
|
strict |
Set the scheduling mode as strict to forward traffic without queuing it
|
wrr |
Set the scheduling mode as WRR (weighted round robin) to queue traffic and use rate limits and weights to prioritize forwarding
|
<number> |
Enter the class rate limit in kbps (Range: 0-2000000)
|
<number> |
Enter the scheduling weight (Range: 0-1000; Note: If the scheduling mode is strict, its weight must be zero.)
|
report statistic alarm-threshold client {tx-drop-rate|rx-drop-rate|tx-retry-rate|airtime-consumption} <number>
|
report |
Set the parameters for gathering traffic statistics and reporting them to HiveManager
|
statistic |
Set the periodic reporting of interface-level and client-level traffic statistics
|
alarm-threshold |
Set the alarm threshold for the CRC error rate, Tx/Rx drop rate, and Tx retry rate(Note: If the rate exceeds the threshold, the HiveAP sends an alarm to HiveManager.)
|
client |
Set the Tx/Rx drop rate, Tx retry rate, and airtime consumption alarm threshold of clients
|
tx-drop-rate |
Set the Tx drop rate alarm threshold for clients (Default: 40%)
|
rx-drop-rate |
Set the Rx drop rate alarm threshold for clients (Default: 40%)
|
tx-retry-rate |
Set the Tx retry rate alarm threshold for clients (Default: 40%)
|
airtime-consumption |
Set the airtime consumption (Tx airtime percentage + Rx airtime percentage) alarm threshold for clients (Default: 30%)
|
<number> |
Enter the alarm threshold (Range: 1-100)
|
report statistic alarm-threshold interface {crc-error-rate|tx-drop-rate|rx-drop-rate|tx-retry-rate|airtime-consumption} <number>
|
report |
Set the parameters for gathering traffic statistics and reporting them to HiveManager
|
statistic |
Set the periodic reporting of interface-level and client-level traffic statistics
|
alarm-threshold |
Set the alarm threshold for the CRC error rate, Tx/Rx drop rate, and Tx retry rate(Note: If the rate exceeds the threshold, the HiveAP sends an alarm to HiveManager.)
|
interface |
Set the CRC error rate, Tx/Rx drop rate, Tx retry rate, and airtime consumption alarm threshold of wifi interfaces
|
crc-error-rate |
Set CRC error rate alarm threshold for the wifi interfaces (Default: 30%)
|
tx-drop-rate |
Set the Tx drop rate alarm threshold for the wifi interfaces (Default: 40%)
|
rx-drop-rate |
Set the Rx drop rate alarm threshold for the wifi interfaces (Default: 40%)
|
tx-retry-rate |
Set the Tx retry rate alarm threshold for the wifi interfaces (Default: 40%)
|
airtime-consumption |
Set the airtime consumption (Tx airtime percentage + Rx airtime percentage) alarm threshold for the wifi interfaces (Default: 50%)
|
<number> |
Enter the alarm threshold (Range: 1-100)
|
save config <location> bootstrap
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
bootstrap |
Save a configuration to the bootstrap configuration
|
save config <location> current
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
current |
Save a configuration to the current configuration
|
save config <location> current <time> [ <date> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
current |
Save a configuration to the current configuration
|
<time> |
Enter the time that you want the system to reboot (Format: hh:mm:ss)
|
<date> |
Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
|
save config <location> current now
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
current |
Save a configuration to the current configuration
|
now |
Save the configuration and reboot the system immediately
|
save config <location> current offset <time>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
current |
Save a configuration to the current configuration
|
offset |
Set a relative time for the system to reboot
|
<time> |
Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
|
save config <url> bootstrap [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
bootstrap |
Save the config file for the HiveAP to use as its bootstrap configuration, which is the one it loads if it fails to load the current and backup config files or if you enter the 'reset config' command
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save config <url> current <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
current |
Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
|
<time> |
Enter the time that you want the system to reboot (Format: hh:mm:ss)
|
<date> |
Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save config <url> current [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
current |
Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
|
now |
Save the configuration and reboot the system immediately
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save config <url> current offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
current |
Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
|
offset |
Set a relative time for the system to reboot
|
<time> |
Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save config bootstrap <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
bootstrap |
Save the bootstrap configuration to a remote server
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save config current <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
current |
Save the current configuration to a remote server or to the bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save config {current|bootstrap} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
current |
Save the current configuration to a remote server or to the bootstrap config
|
bootstrap |
Save the bootstrap configuration to a remote server
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save dhcp-fingerprint {option55} <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
dhcp-fingerprint |
Save a fingerprint file of DHCP options for client OS detection
|
option55 |
Save a fingerprint file of various parameter request lists mapped to client operating systems (Note: DHCP clients include unique lists in DHCP option 55 when sending DHCPDISCOVER messages. By comparing those lists with the fingerprints in the file, client operating systems can be detected.)
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save dhcp-fingerprint {option55} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
dhcp-fingerprint |
Save a fingerprint file of DHCP options for client OS detection
|
option55 |
Save a fingerprint file of various parameter request lists mapped to client operating systems (Note: DHCP clients include unique lists in DHCP option 55 when sending DHCPDISCOVER messages. By comparing those lists with the fingerprints in the file, client operating systems can be detected.)
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save image <location> <time> [ <date> ] [ limit <number> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
<time> |
Enter the time that you want the system to reboot (Format: hh:mm:ss)
|
<date> |
Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
|
limit |
Limit the amount of bandwidth used for uploading the image file
|
<number> |
Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
|
save image <location> [ {now} ] [ limit <number> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
now |
Save the image and reboot the system immediately
|
limit |
Limit the amount of bandwidth used for uploading the image file
|
<number> |
Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
|
save image <location> offset <time> [ limit <number> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
offset |
Set a relative time for the system to reboot
|
<time> |
Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
|
limit |
Limit the amount of bandwidth used for uploading the image file
|
<number> |
Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
|
save image <url> <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
<time> |
Enter the time that you want the system to reboot (Format: hh:mm:ss)
|
<date> |
Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save image <url> [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
now |
Save the image and reboot the system immediately
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save image <url> offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
offset |
Set a relative time for the system to reboot
|
<time> |
Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save radius-server-key radsec {cert|ca} <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
radius-server-key |
Save certificate files for the local Aerohive RADIUS server to use
|
radsec |
Save certificates that the local Aerohive device uses when functioning as a RadSec proxy server (Note: A RadSec proxy server can forward RADIUS requests over a secure TLS tunnel between RadSec peers.)
|
cert |
Save an end-entity certificate for the Aerohive device to use when authenticating itself to a RadSec peer
|
ca |
Save a CA (certificate authority) certificate for the Aerohive device to verify the certificate of its RadSec peer
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save radius-server-key radsec {cert|ca} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
radius-server-key |
Save certificate files for the local Aerohive RADIUS server to use
|
radsec |
Save certificates that the local Aerohive device uses when functioning as a RadSec proxy server (Note: A RadSec proxy server can forward RADIUS requests over a secure TLS tunnel between RadSec peers.)
|
cert |
Save an end-entity certificate for the Aerohive device to use when authenticating itself to a RadSec peer
|
ca |
Save a CA (certificate authority) certificate for the Aerohive device to verify the certificate of its RadSec peer
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name that the local device uses to log in to the HTTP server
|
<string> |
Enter the login name (1-32 chars)
|
password |
Set the password to enter during the login process
|
<string> |
Enter the password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for connecting to an HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domain_name, ip_addr, domain_name:port, or ip_addr:port)
|
proxy-admin |
Set the name that the local device uses to log in to the HTTP proxy server
|
<string> |
Enter the login name (1-32 chars)
|
password |
Set the password to enter during the login process
|
<string> |
Enter the password (1-64 chars)
|
save radius-server-key {radius-server|ldap-client} <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
radius-server-key |
Save certificate files for the local Aerohive RADIUS server to use
|
radius-server |
Save certificates that the local HiveAP uses when functioning as a RADIUS server
|
ldap-client |
Save certificates that the local HiveAP uses when functioning as an LDAP client
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save radius-server-key {radius-server|ldap-client} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
radius-server-key |
Save certificate files for the local Aerohive RADIUS server to use
|
radius-server |
Save certificates that the local HiveAP uses when functioning as a RADIUS server
|
ldap-client |
Save certificates that the local HiveAP uses when functioning as an LDAP client
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save signature-file <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
signature-file |
Remote image used for L7 application
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save users <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
users |
Save private PSK (preshared key) configurations
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save users <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
users |
Save private PSK (preshared key) configurations
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save vpn {ca-cert|ee-cert|private-key} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
vpn |
Save a VPN certificate or private key file
|
ca-cert |
Save a CA (certificate authority) certificate for the HiveAP to verify its IKE peer's certificate
|
ee-cert |
Save an end-entity certificate for the HiveAP to use when authenticating itself to an IKE peer
|
private-key |
Save the private key for the HiveAP to use when creating its RSA signature
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save vpn {ee-cert|private-key|ca-cert} <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
vpn |
Save a VPN certificate or private key file
|
ee-cert |
Save an end-entity certificate for the HiveAP to use when authenticating itself to an IKE peer
|
private-key |
Save the private key for the HiveAP to use when creating its RSA signature
|
ca-cert |
Save a CA (certificate authority) certificate for the HiveAP to verify its IKE peer's certificate
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save web-page [ ppsk-self-reg ] web-directory <string> <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
web-page |
Save a file for use with the internal web server
|
ppsk-self-reg |
Save a file to the private PSK self-registration web directory (Note: The HiveAP, as a private PSK server, uses these files to respond to self-registration requests.)
|
web-directory |
Save a file to a specific web directory
|
<string> |
Enter the web directory name
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save web-page [ ppsk-self-reg ] web-directory <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
web-page |
Save a file for use with the internal web server
|
ppsk-self-reg |
Save a file to the private PSK self-registration web directory (Note: The HiveAP, as a private PSK server, uses these files to respond to self-registration requests.)
|
web-directory |
Save a file to a specific web directory
|
<string> |
Enter the web directory name
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save web-server-key <number> <location> [ comment <string> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
web-server-key |
Save certificate files for the internal web server to use
|
<number> |
Enter key file index for the internal web server (Range : 0-15)
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
comment |
Enter a comment
|
<string> |
Enter a comment (max 64 chars)
|
save web-server-key <number> <url> [ comment <string> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
web-server-key |
Save certificate files for the internal web server to use
|
<number> |
Enter key file index for the internal web server (Range : 0-15)
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
comment |
Set a comment about the certificate file
|
<string> |
Enter the comment (1-64 chars)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save {capture} local <string> <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
capture |
Save a packet capture file stored locally to a remote server
|
local |
Save a locally stored packet capture file to a remote server
|
<string> |
Enter the file name to upload to a remote server
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save {capture} local <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
capture |
Save a packet capture file stored locally to a remote server
|
local |
Save a locally stored packet capture file to a remote server
|
<string> |
Enter the file name to upload to a remote server
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
schedule <string> once <date> <time> to <date> <time> [ time-zone <number> ] [ comment <string> ]
|
schedule |
Set a schedule to control the application of user profiles and the availability of SSIDs
|
<string> |
Enter a schedule name (1-32 chars)
|
once |
Set a one-time schedule
|
<date> |
Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
<time> |
Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a date and time range
|
<date> |
Enter an end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
<time> |
Enter an end time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-zone |
Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
|
<number> |
Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
|
comment |
Write a comment about the schedule for future reference
|
<string> |
Enter a comment about the schedule (max 128 chars)
|
schedule <string> ppsk once <date> <time> to <date> <time> [ time-zone <number> ] [ comment <string> ]
|
schedule |
Set a schedule to control the application of user profiles and the availability of SSIDs
|
<string> |
Enter a schedule name (1-32 chars)
|
ppsk |
Set a schedule to determine the validity period for the private PSK users to which the schedule is applied
|
once |
Set a one-time schedule
|
<date> |
Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
<time> |
Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a date and time range
|
<date> |
Enter an end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
<time> |
Enter an end time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-zone |
Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
|
<number> |
Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
|
comment |
Write a comment about the schedule for future reference
|
<string> |
Enter a comment about the schedule (max 128 chars)
|
schedule <string> ppsk recurrent [ date-range <date> [ to <date> ] ] [ weekday <string> ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ] [ comment <string> ]
|
schedule |
Set a schedule to control the application of user profiles and the availability of SSIDs
|
<string> |
Enter a schedule name (1-32 chars)
|
ppsk |
Set a schedule to determine the validity period for the private PSK users to which the schedule is applied
|
recurrent |
Set a recurrent schedule
|
date-range |
Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
|
<date> |
Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
to |
Set a date range (If you do not want to set an end date, do not use this option.)
|
<date> |
Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
weekday |
Set the weekdays during which private PSK users are valid
|
<string> |
Enter one or more numbers to indicate which days the schedule is applied (1=Sunday, 2=Monday, ... 7=Saturday; Examples: 246=Monday, Wednesday, Friday; 23456=Monday-Friday; 1234567=everyday)
|
time-range |
Set a time range during which the schedule will be applied on each scheduled day
|
<time> |
Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a time range
|
<time> |
Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-range |
Set a second time range for the schedule
|
<time> |
Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a time range
|
<time> |
Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-zone |
Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
|
<number> |
Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
|
comment |
Write a comment about the schedule for future reference
|
<string> |
Enter a comment about the schedule (max 128 chars)
|
schedule <string> recurrent [ date-range <date> [ to <date> ] ] [ weekday-range {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} [ to {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} ] ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ] [ comment <string> ]
|
schedule |
Set a schedule to control the application of user profiles and the availability of SSIDs
|
<string> |
Enter a schedule name (1-32 chars)
|
recurrent |
Set a recurrent schedule
|
date-range |
Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
|
<date> |
Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
to |
Set a date range (If you do not want to set an end date, do not use this option.)
|
<date> |
Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
weekday-range |
Apply the schedule on specific days of the week (To apply the schedule everyday, do not use this option.)
|
Monday |
Apply the schedule on every Monday within the date range
|
Tuesday |
Apply the schedule on every Tuesday within the date range
|
Wednesday |
Apply the schedule on every Wednesday within the date range
|
Thursday |
Apply the schedule on every Thursday within the date range
|
Friday |
Apply the schedule on every Friday within the date range
|
Saturday |
Apply the schedule on every Saturday within the date range
|
Sunday |
Apply the schedule on every Sunday within the date range
|
to |
Set a range of weekdays during which the schedule will be applied (Example: monday to friday)
|
Monday |
Apply the schedule on every Monday within the date range
|
Tuesday |
Apply the schedule on every Tuesday within the date range
|
Wednesday |
Apply the schedule on every Wednesday within the date range
|
Thursday |
Apply the schedule on every Thursday within the date range
|
Friday |
Apply the schedule on every Friday within the date range
|
Saturday |
Apply the schedule on every Saturday within the date range
|
Sunday |
Apply the schedule on every Sunday within the date range
|
time-range |
Set a time range during which the schedule will be applied on each scheduled day
|
<time> |
Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a time range
|
<time> |
Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-range |
Set a second time range for the schedule
|
<time> |
Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a time range
|
<time> |
Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-zone |
Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
|
<number> |
Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
|
comment |
Write a comment about the schedule for future reference
|
<string> |
Enter a comment about the schedule (max 128 chars)
|
security mac-filter <string> address <mac_addr> {permit|deny} [ comment <string> ]
|
security |
Set the security parameters
|
mac-filter |
Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
|
<string> |
Enter the filter name for MAC addresses or OUIs (1-32 chars)
|
address |
Set MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
permit |
Set the action of the specified MAC to permit
|
deny |
Set the action of the specified MAC to deny
|
comment |
Enter a comment
|
<string> |
Enter a comment (max 64 chars)
|
security mac-filter <string> oui <oui> {permit|deny} [ comment <string> ]
|
security |
Set the security parameters
|
mac-filter |
Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
|
<string> |
Enter the filter name for MAC addresses or OUIs (1-32 chars)
|
oui |
Set the OUI used to identify a vendor
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
permit |
Set the action of the specified OUI to permit
|
deny |
Set the action of the specified OUI to deny
|
comment |
Enter a comment
|
<string> |
Enter a comment (max 64 chars)
|
security-object <string> security aaa radius-server account-interim-interval <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
account-interim-interval |
Set the interval in seconds for sending RADIUS accounting updates
|
<number> |
Enter the interval in seconds for sending RADIUS accounting updates (Default: 20 secs; Range: 10-100000000)
|
security-object <string> security aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
accounting |
Set parameters for a RADIUS accounting server
|
primary |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets first
|
backup1 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the primary server does not respond
|
backup2 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup1 server does not respond
|
backup3 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup2 server does not respond
|
<ip_addr> |
Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
|
<string> |
Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
|
shared-secret |
Set the shared secret for securing communications with RADIUS accounting servers
|
<string> |
Enter the shared secret (1-64 chars)
|
acct-port |
Set the RADIUS accounting port number
|
<number> |
Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
security-object <string> security aaa radius-server inject Operator-Name
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
inject |
Set injection parameters for RADIUS Access-Request and Accounting-Request packets
|
Operator-Name |
Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
|
security-object <string> security aaa radius-server retry-interval <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
retry-interval |
Set RADIUS server retry interval
|
<number> |
Enter RADIUS server retry interval (Default: 600 secs; Range: 60-100000000)
|
security-object <string> security aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
primary |
Set the RADIUS server that is first queried when authenticating users
|
backup1 |
Set the RADIUS server that is queried if the primary server stops responding
|
backup2 |
Set the RADIUS server that is queried if the backup1 server stops responding
|
backup3 |
Set the RADIUS server that is queried if the backup2 server stops responding
|
<ip_addr> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
<string> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
shared-secret |
Set the shared secret for authenticating communications with a RADIUS server
|
<string> |
Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
|
auth-port |
Set the RADIUS authentication port number
|
<number> |
Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
|
acct-port |
Set the RADIUS accounting port number
|
<number> |
Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
security-object <string> security aaa user-profile-mapping attribute-id <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
user-profile-mapping |
Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
|
attribute-id |
Set an ID for a RADIUS attribute that contains the text that maps to the user profile (Default: 11; Note: Attribute ID 11 corresponds to the Filter-ID RADIUS attribute.)
|
<number> |
Enter the RADIUS attribute ID number (Range: 1-255)
|
security-object <string> security aaa user-profile-mapping vendor-id <number> attribute-id <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
user-profile-mapping |
Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
|
vendor-id |
Set a vendor ID RADIUS attribute
|
<number> |
Enter the vendor ID number (Range: 1-65535)
|
attribute-id |
Set an ID for a private RADIUS attribute
|
<number> |
Enter the private RADIUS attribute ID number to be combined with the vendor ID number (Range: 1-255)
|
security-object <string> security additional-auth-method captive-web-portal [ reg-user-profile-attr <number> ] [ auth-user-profile-attr <number> ] [ timeout <number> ] [ timer-display ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
reg-user-profile-attr |
Set the registered user profile attribute
|
<number> |
Enter the registered user profile attribute (Default: 0; Range: 0-4095)
|
auth-user-profile-attr |
Set the default authenticated user profile
|
<number> |
Enter the default authenticated user profile (Default: 0; Range: 0-4095)
|
timeout |
Set the default timeout for a registered user's session (Note: A timeout provided by an external authentication server overrides this setting.)
|
<number> |
Enter the timeout in minutes (Default: 720 mins; Range: 1-120960)
|
timer-display |
Enable timer-display windows to communicate login and session information
|
security-object <string> security additional-auth-method captive-web-portal auth-method [ {pap|chap|ms-chap-v2} ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
auth-method |
Set the CWP (captive web portal) user authentication method
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
chap |
Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
security-object <string> security additional-auth-method captive-web-portal cloud-cwp api-key <string> api-nonce <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
cloud-cwp |
Set a cloud captive web portal for additional user authentication or registration
|
api-key |
Set the API key used to encrypt traffic between the Aerohive device and the cloud services
|
<string> |
Enter the API key (16 chars)
|
api-nonce |
Set the API nonce
|
<string> |
Enter the API nonce (1-64 chars)
|
security-object <string> security additional-auth-method captive-web-portal cloud-cwp customer-id <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
cloud-cwp |
Set a cloud captive web portal for additional user authentication or registration
|
customer-id |
Set customer ID for cloud captive web portal
|
<string> |
Enter the customer ID (1-16 chars)
|
security-object <string> security additional-auth-method captive-web-portal cloud-cwp service-id <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
cloud-cwp |
Set a cloud captive web portal for additional user authentication or registration
|
service-id |
Set the service ID for cloud captive web portal
|
<number> |
Enter service ID number(Range: 1-255)
|
security-object <string> security additional-auth-method captive-web-portal cloud-cwp url-root-path <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
cloud-cwp |
Set a cloud captive web portal for additional user authentication or registration
|
url-root-path |
Set the root URL path to register CWP portal service
|
<string> |
Enter the HTTP protocol, remote server domain name, port, directory path(Range: 1-256 chars, Format: https://domain/path)
|
security-object <string> security additional-auth-method captive-web-portal default-language {chinese-simple|chinese-traditional|dutch|english|french|german|italian|korean|spanish}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
default-language |
Set the default language for the captive web portal web pages
|
chinese-simple |
Set Simple Chinese as the default language
|
chinese-traditional |
Set Traditional Chinese as the default language
|
dutch |
Set Dutch as the default language
|
english |
Set English as the default language
|
french |
Set French as default language
|
german |
Set German as the default language
|
italian |
Set Italian as the default language
|
korean |
Set Korean as the default language
|
spanish |
Set Spanish as the default language
|
security-object <string> security additional-auth-method captive-web-portal external-server {primary} login-page <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
external-server |
Set parameters for the primary or backup external captive web portal server
|
primary |
Set parameters for the primary external captive web portal server
|
login-page |
Set the login page to which the HiveAP redirects traffic from unregistered users
|
<string> |
Enter the login page URL (1-256 chars; Format: http:///.php/; Example: http://10.1.1.20/weblogin.php/5)
|
security-object <string> security additional-auth-method captive-web-portal external-server {primary} password-encryption uam-basic
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
external-server |
Set parameters for the primary or backup external captive web portal server
|
primary |
Set parameters for the primary external captive web portal server
|
password-encryption |
Set the method for encrypting the user password that the HiveAP forwards to the RADIUS server
|
uam-basic |
Set the encryption method as UAM (User Authentication Module)-Basic (Note: The HiveAP uses XOR to recover the password encrypted by the external CWP and sends it to the RADIUS server. PAP, CHAP, or MSCHAPv2 can be used. Default: No encryption)
|
security-object <string> security additional-auth-method captive-web-portal external-server {primary} password-encryption uam-shared <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
external-server |
Set parameters for the primary or backup external captive web portal server
|
primary |
Set parameters for the primary external captive web portal server
|
password-encryption |
Set the method for encrypting the user password that the HiveAP forwards to the RADIUS server
|
uam-shared |
Set the encryption method as UAM-Shared (Note: The HiveAP sends the user password encrypted by the external CWP and the means for the RADIUS server to perform the same operation and validate the user's password by comparing results. CHAP must be used. Default: No encryption)
|
<string> |
Enter the shared secret (1-128 chars)
|
security-object <string> security additional-auth-method captive-web-portal external-server {primary} {success-register|no-roaming-at-login|no-radius-auth}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
external-server |
Set parameters for the primary or backup external captive web portal server
|
primary |
Set parameters for the primary external captive web portal server
|
success-register |
Permit network access without first disconnecting the client after it registers on the external captive web portal (Default: Permit network access only after an initial client disconnection)
|
no-roaming-at-login |
Disable roaming support for clients while they log in (Default: Enabled)
|
no-radius-auth |
Disable RADIUS authentication when the external captive web portal returns an attribute indicating that the user has already been authenticated
|
security-object <string> security additional-auth-method captive-web-portal failure-redirect external-page <string> [ delay <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
failure-redirect |
Set options for the page shown to a user after an unsuccessful registration attempt
|
external-page |
Display a page stored on an external web server that indicates the login attempt was unsuccessful
|
<string> |
Enter the URL for the page on the external web server (1-256 chars; Format: http:///.html or https: ///.html)
|
delay |
Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
|
<number> |
Enter the length of time in seconds that the HiveAP displays the message (Default: 5; Range: 5-60)
|
security-object <string> security additional-auth-method captive-web-portal failure-redirect login-page [ delay <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
failure-redirect |
Set options for the page shown to a user after an unsuccessful registration attempt
|
login-page |
Display the login page again
|
delay |
Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
|
<number> |
Enter the length of time that the HiveAP displays the message (Default: 5 seconds; Range: 5-60 seconds)
|
security-object <string> security additional-auth-method captive-web-portal internal-pages {no-success-page|no-failure-page}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
internal-pages |
Set options for showing pages stored internally on the HiveAP
|
no-success-page |
Do not display the success page stored on the HiveAP when a registration attempt is successful (Default: Display)
|
no-failure-page |
Do not display the failure page stored on the HiveAP when a registration attempt is unsuccessful (Default: Display)
|
security-object <string> security additional-auth-method captive-web-portal pass-through vlan <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
pass-through |
Set the captive web portal to pass DHCP, DNS, and ICMP traffic from unregistered users to external servers
|
vlan |
Set the VLAN ID to assign users before and after registration (Note: This setting overrides any VLAN ID set locally or received from a RADIUS server.)
|
<number> |
Enter a CWP VLAN ID (Range: 1-4094)
|
security-object <string> security additional-auth-method captive-web-portal process-sip-info block-redirect <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
process-sip-info |
Enable the captive web portal to process library SIP information (Default: Enabled)
|
block-redirect |
Set the page that appears when a library patron logs in but is denied network access because of overdue fines
|
<string> |
Enter the URL for the page to which the patron is redirected to submit payment (Max 256 chars; Format: http:///.html or https: ///.html)
|
security-object <string> security additional-auth-method captive-web-portal report-guest-info
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
report-guest-info |
Enable the reporting to HiveManager of information that guests enter during registration, such as their first and last names, email address, the person they are visiting, and so on (Default: Disabled)
|
security-object <string> security additional-auth-method captive-web-portal self-reg-via-idm api <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
self-reg-via-idm |
Enable self register via ID Mananger (Default: Disabled)
|
api |
Set the URL of the API for register via ID Mananger
|
<string> |
Enter the URL of API (1-256 chars)
|
security-object <string> security additional-auth-method captive-web-portal self-reg-via-idm crl-file <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
self-reg-via-idm |
Enable self register via ID Mananger (Default: Disabled)
|
crl-file |
Set the URL of the CRL file for validate the ID Manager server certificate
|
<string> |
Enter the URL of CRL file (1-256 chars)
|
security-object <string> security additional-auth-method captive-web-portal server-name <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
server-name |
Set a domain name for the local web server (Default server name: IP address of the interface on which the captive web portal will operate; Note: The authoritative DNS server must be configured to resolve this domain name to the interface IP address.)
|
<string> |
Enter the domain name for the web server (1-32 chars)
|
security-object <string> security additional-auth-method captive-web-portal server-name cert-dn
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
server-name |
Set a domain name for the local web server (Default server name: IP address of the interface on which the captive web portal will operate; Note: The authoritative DNS server must be configured to resolve this domain name to the interface IP address.)
|
cert-dn |
Set the same domain name as the CN value in the certificate that the captive web portal uses for HTTPS (Note: The CN must be a valid domain name that can be resolved to the IP address of the interface hosting the portal. The CN max length is 32 chars.)
|
security-object <string> security additional-auth-method captive-web-portal success-redirect external-page <string> [ delay <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
success-redirect |
Set options for displaying the page shown to a user after a successful registration
|
external-page |
Display a page stored on an external web server
|
<string> |
Enter the URL for the page on the external web server (1-256 chars; Format: http:///.html or https: ///.html)
|
delay |
Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
|
<number> |
Enter the length of time in seconds that the HiveAP displays the message (Default: 5; Range: 5-60)
|
security-object <string> security additional-auth-method captive-web-portal success-redirect original-page [ delay <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
success-redirect |
Set options for displaying the page shown to a user after a successful registration
|
original-page |
Display the original page that the user requested
|
delay |
Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
|
<number> |
Enter the length of time that the HiveAP displays the message (Default: 5 seconds; Range: 5-60 seconds)
|
security-object <string> security additional-auth-method captive-web-portal timer-display alert <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
timer-display |
Enable timer-display windows to communicate login and session information
|
alert |
Notify users when their session is about to expire
|
<number> |
Enter the interval before the session expires in minutes (Default: 5 mins; Range: 1-30)
|
security-object <string> security additional-auth-method mac-based-auth [ {auth-method} {pap|chap|ms-chap-v2} ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mac-based-auth |
Use client MAC addresses as user names and passwords for RADIUS authentication (Default: Disabled)
|
auth-method |
Set user authentication method
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
chap |
Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
security-object <string> security additional-auth-method mobile-device-manager aerohive api-key <string> api-instance-id <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
aerohive |
Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
|
api-key |
Set the API key for location group to enable API access on the aerohive MDM
|
<string> |
Enter the API key (16 chars)
|
api-instance-id |
Set the API instance ID
|
<string> |
Enter the instance ID (1-64 chars)
|
security-object <string> security additional-auth-method mobile-device-manager aerohive onboard access-ssid <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
aerohive |
Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
|
onboard |
Enable onboard procedures
|
access-ssid |
Set SSID for onboard accessing
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security-object <string> security additional-auth-method mobile-device-manager airwatch api-key <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
api-key |
Set the API key for location group to enable API access on the AirWatch
|
<string> |
Enter the API key for location group
|
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant disconnect-for-vlan-change
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
non-compliant |
Set the non-compliant parameters
|
disconnect-for-vlan-change |
Disconnect the station when the VLAN is changed
|
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant guest-upid <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
non-compliant |
Set the non-compliant parameters
|
guest-upid |
Set the user profile attribute number for non-compliant device
|
<number> |
Enter the default user profile attribute number (Range: 0-4095)
|
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant send-message content <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
non-compliant |
Set the non-compliant parameters
|
send-message |
Set the send message parameters
|
content |
Set the content of message
|
<string> |
Enter the content of the message (1-140 chars)
|
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant send-message title <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
non-compliant |
Set the non-compliant parameters
|
send-message |
Set the send message parameters
|
title |
Set Set the subject of the message (Note: The title only takes effect when message type is email.)
|
<string> |
Enter the subject of the message (1-32 chars)
|
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant send-message type {email|sms|push|all}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
non-compliant |
Set the non-compliant parameters
|
send-message |
Set the send message parameters
|
type |
Set the message type
|
email |
Send message using email
|
sms |
Send message using SMS (Short Message Service)
|
push |
Send message using push
|
all |
Send message using all of push, email and SMS
|
security-object <string> security additional-auth-method mobile-device-manager airwatch url-enrollment <url>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
url-enrollment |
Set the enrollment URL path on the AirWatch
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path or http://domain:port/path; Note: You can substitute "https" for "http".)
|
security-object <string> security additional-auth-method mobile-device-manager airwatch url-rest-api <url>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
url-rest-api |
Set the REST API URL path on the AirWatch
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path or http://domain:port/path; Note: You can substitute "https" for "http".)
|
security-object <string> security additional-auth-method mobile-device-manager {jss|aerohive} url-root-path <url>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
jss |
Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
|
aerohive |
Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
|
url-root-path |
Set the root URL path to the "/enroll" page on the JSS (Note: A JSS always displays the device enrollment page at "/enroll", so enter just the root URL path that precedes "/enroll".)
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path or http://domain:port/path; Note: You can substitute "https" for "http".)
|
security-object <string> security additional-auth-method mobile-device-manager {jss|airwatch|aerohive} enable
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
jss |
Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
aerohive |
Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
|
enable |
Enable client management through MDM
|
security-object <string> security additional-auth-method mobile-device-manager {jss|airwatch|aerohive} os-object <string> [ {ios|mac-os} ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
jss |
Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
aerohive |
Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
|
os-object |
Set the name of an OS of clients whose network traffic you want the Aerohive device to redirect to the MDM server for enrollment
|
<string> |
Enter the OS object name (1-32 chars)
|
ios |
Define the type of OS object as Apple iOS (Default client OS type: iOS; Note: JSS only supports iOSv4 or later.)
|
mac-os |
Define the type of OS object as Apple Mac OS (Default client OS type: iOS)
|
security-object <string> security additional-auth-method mobile-device-manager {jss|airwatch} http-auth user <string> password <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
jss |
Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
http-auth |
Set parameters for HTTP authentication when the HiveAP connects to the MDM server
|
user |
Set the user name for HTTP authentication
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password for HTTP authentication
|
<string> |
Enter the password (1-32 chars)
|
security-object <string> security additional-auth-method mobile-device-manager {jss|airwatch} poll-status [ interval <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
jss |
Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
poll-status |
Query the station for enrollment and compliance status periodically
|
interval |
Set the query interval
|
<number> |
Enter the query interval in seconds (Default: 60; Range: 30-600)
|
security-object <string> security preauth [ interface <ethx|wifix.y|redx|aggx> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
preauth |
Set an interface to accept pre-authenticated 802.1X frames for fast roaming
|
interface |
Set an interface to accept pre-authenticated 802.1X frames for fast roaming
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0 or 1
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
security-object <string> security private-psk radius-auth [ {pap|chap|ms-chap-v2} ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
private-psk |
Set the parameters for creating individual user PSKs (preshared keys)
|
radius-auth |
Enable the HiveAP to forward authentication checks for private PSKs to an external RADIUS server and set the method for authenticating communications with it (Default: disabled)
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
chap |
Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
security-object <string> security protocol-suite wep-open <number> {hex-key|ascii-key} <string> [ default ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wep-open |
Set the security protocol suite as preshared-key key management, WEP40/WEP104 encryption, and open authentication
|
<number> |
Enter the index to identify one of 4 possible WEP keys (Default: 0; Range: 0-3)
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ascii-key: a 5(WEP40)/13(WEP104) characters key; hex-key: a 10(WEP40)/26(WEP104) digit hex key)
|
default |
Set the current key as the default WEP key
|
security-object <string> security protocol-suite wep-shared <number> {hex-key|ascii-key} <string> [ default ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wep-shared |
Set the security protocol suite as preshared-key key management, WEP40/WEP104 encryption, and preshared-key authentication
|
<number> |
Enter the index to identify one of 4 possible WEP keys (Range: 0-3)
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ascii-key: a 5(WEP40)/13(WEP104) characters key; hex-key: a 10(WEP40)/26(WEP104) digit hex key)
|
default |
Set the current key as the default WEP key
|
security-object <string> security protocol-suite wpa-aes-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-aes-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval in seconds for rekeying the GMK (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa-aes-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-aes-psk |
Set the security protocol suite as WPA-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey |