aaa attribute Operator-Name namespace-id {TADIG|REALM|E212|ICC}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
attribute |
Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
|
Operator-Name |
Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
|
namespace-id |
Set the namespace ID parameter of the Operator-Name (Default: realm)
|
TADIG |
Set the Namespace-ID parameter to TADIG (Transferred Account Data Interchange Group; Note: TADIG namespaces include a country code and a company code, and are used in cellular telephone networks.)
|
REALM |
Set the Namespace-ID parameter to REALM (Note: Realm namespaces must be globally unique, so administrators commonly use device fully qualified domain name.)
|
E212 |
Set the Namespace-ID parameter to E212 (Note: The E.212 standard is defined in the ITU (International Telecommunication Union) standard. E.212 namespaces include a mobile country code and a mobile network code, and are used in cellular telephone networks.)
|
ICC |
Set the Namespace-ID parameter to ICC (ITU carrier code; Note: ICC namespaces consist of a country code and the carrier code, and are used in cellular telephone networks.)
|
aaa attribute user-profile-attribute vendor-id <number> attribute-id <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
attribute |
Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
|
user-profile-attribute |
Map a RADIUS attribute to the user profile
|
vendor-id |
Set a vendor ID RADIUS attribute
|
<number> |
Enter the vendor ID number (Range: 1-65535; Note: Aerohive recommends a vendor ID of 26928, which identifies Aerohive as the vendor.)
|
attribute-id |
Set an ID for a private RADIUS attribute
|
<number> |
Enter the private RADIUS attribute ID number to be combined with the vendor ID number(Range: 1-255; Note: Aerohive recommends an attribute ID of 6, which corresponds to the user profile attribute.)
|
aaa mac-format style {two-delimiter|five-delimiter|no-delimiter}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
mac-format |
Set the MAC address format to use when sending client MAC addresses to an external authentication server
|
style |
Set the number of delimiters to use when grouping the hexadecimal digits in a MAC address
|
two-delimiter |
Set the number of delimiters in a MAC address as two (Example: 0123.4567.89ab; Default: no-delimiter)
|
five-delimiter |
Set the number of delimiters in a MAC address as five (Example: 01-23-45-67-89-ab; Default: no-delimiter)
|
no-delimiter |
Set the number of delimiters in a MAC address as none (Example: 0123456789ab; Default: no-delimiter)
|
aaa ppsk-server radius-server {primary|backup1|backup2|backup3} <ip_addr|string_64> [ shared-secret <string> ] [ auth-port <number> ] [ via-vpn-tunnel ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
ppsk-server |
Set parameters for the local HiveAP when it is acting as a private PSK server
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
primary |
Set the RADIUS server that is first queried when authenticating users
|
backup1 |
Set the RADIUS server that is queried if the primary server stops responding
|
backup2 |
Set the RADIUS server that is queried if the backup1 server stops responding
|
backup3 |
Set the RADIUS server that is queried if the backup2 server stops responding
|
<ip_addr> |
Enter an IP address or a domain name for the RADIUS server (max 64 chars)
|
<string> |
Enter an IP address or a domain name for the RADIUS server (max 64 chars)
|
shared-secret |
Set the shared secret for authenticating communications with a RADIUS server
|
<string> |
Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
|
auth-port |
Set the RADIUS authentication port number
|
<number> |
Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string_64|ipv6_addr> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
accounting |
Set parameters for a RADIUS accounting server
|
primary |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets first
|
backup1 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the primary server does not respond
|
backup2 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup1 server does not respond
|
backup3 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup2 server does not respond
|
<ip_addr> |
Enter an IPv4 address or an IPv6 address or a domain name for the RADIUS server (max 64 chars)
|
<string> |
Enter an IPv4 address or an IPv6 address or a domain name for the RADIUS server (max 64 chars)
|
<ipv6_addr> |
Enter an IPv4 address or an IPv6 address or a domain name for the RADIUS server (max 64 chars)
|
shared-secret |
Set the shared secret for securing communications with RADIUS accounting servers
|
<string> |
Enter the shared secret (1-64 chars; Note: The RADIUS shared secret is case sensitive and can contain spaces.)
|
acct-port |
Set the RADIUS accounting port number
|
<number> |
Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
aaa radius-server keepalive username <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
keepalive |
Set parameters for periodically checking network connectivity to RADIUS servers
|
username |
Set the user name to submit in Access-Request messages when checking the connectivity to RADIUS authentication servers
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password to submit in Access-Request messages
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} computer-ou <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
computer-ou |
Set the OU (organizational unit) used on the Active Directory server where the AP RADIUS server admin has privileges to add the AP as a computer in the domain
|
<string> |
Enter the OU (Max: 256 chars; Format: ou/sub-ou/sub-ou; Note: If there are any spaces, enclose the entire string in quotation marks.)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> binddn <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the AD domain controller
|
<string> |
Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
|
binddn |
Set the bindDN (distinguished name) under which LDAP searches are done (Note: bindDN must be set if want to get attributes from AD server or want to check TLS username against LDAP server.)
|
<string> |
Enter the bindDN name (1-256 chars)
|
password |
Set the password which authenticate the bindDN
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> fullname <string> [ default ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the AD domain controller
|
<string> |
Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
|
fullname |
Set the full DNS name of the domain to which the RADIUS server (local AP) and AD server both belong
|
<string> |
Enter the full DNS name of the domain (1-64 chars)
|
default |
Set the domain as the default domain, which will be added to the RADIUS request if no domain name appears in the request
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> server <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the AD domain controller
|
<string> |
Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
|
server |
Set the IP address or resolvable domain name for the AD server (Note: The AD server is the same as the domain controller.)
|
<string> |
Enter the IP address or domain name (1-64 chars)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} login admin-user <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
login |
Set admin user name and password that the local AP will use to access the AD server
|
admin-user |
Set the admin user name
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password which authenticate the login user
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} {server} <string> [ {via-vpn-tunnel} ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
server |
Set the IP address or resolvable domain name for the AD server
|
<string> |
Enter the IP address or domain name (1-64 chars)
|
via-vpn-tunnel |
Send all traffic from the AP RADIUS authentication server to the AD server through a VPN tunnel (Note: Set this option on VPN clients when the AD server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} {tls-enable|global-catalog}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
tls-enable |
Enable TLS authentication that the local AP, as an LDAP client, uses with the AD server (Default: Disabled)
|
global-catalog |
Set the AP to use TCP port 3268 when doing an LDAP search on an AD global catalog server (Default: Disabled)
|
aaa radius-server local db-type ldap-server sub-type edirectory acct-policy-check
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
sub-type |
Set the type of LDAP server
|
edirectory |
Set the user database on an eDirectory LDAP server
|
acct-policy-check |
Enable the Novell eDirectory account policy check and intruder detection for RADIUS users (Default: Disabled)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} basedn <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
basedn |
Set the base DN (distinguished name) where the user profiles are located in the LDAP tree structure
|
<string> |
Enter the base DN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} binddn <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
binddn |
Set the bind DN (distinguished name) under which LDAP searches are done
|
<string> |
Enter the bind DN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
|
password |
Set the password which authenticate the bindDN
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} filter-attr <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
filter-attr |
Set the LDAP search filter to locate user objects using the name the client supplies during RADIUS authentication
|
<string> |
Enter the filter attribute used to search for the user (Default: "cn"; 1-32 chars)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} no-strip-filter
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
no-strip-filter |
Do not strip the realm name
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} port <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
port |
Set the destination port number for communicating with the LDAP server
|
<number> |
Enter the destination port number (Default: 389, 636 for LDAPS; Range: 1-65535)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} protocol {ldap|ldaps}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
protocol |
Set the protocol for communicating with the LDAP server
|
ldap |
Set LDAP as the protocol for communicating with the LDAP server (Default: LDAP)
|
ldaps |
Set LDAPS (Secure LDAP) as the protocol for communicating with the LDAP server (Default: LDAP)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} {server} <string> [ {via-vpn-tunnel} ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
server |
Set the IP address or resolvable domain name for the LDAP server
|
<string> |
Enter the IP address or domain name (1-64 chars)
|
via-vpn-tunnel |
Send all traffic from the AP RADIUS authentication server to the LDAP server through a VPN tunnel(Note: Set this option on VPN clients when the LDAP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
aaa radius-server local db-type library-sip-server {primary} institution-id <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
institution-id |
Set institution ID that the local RADIUS server provides when exchanging messages with the library SIP server
|
<string> |
Enter the institution ID (1-64 chars)
|
aaa radius-server local db-type library-sip-server {primary} login-enable
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
login-enable |
Enable the AP, acting as a library SIP client, to log in when connecting to the library SIP server (Default: Disabled)
|
aaa radius-server local db-type library-sip-server {primary} login-user <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
login-user |
Set the user name that the local RADIUS server submits when logging in to the library SIP server
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that the local AP RADIUS server submits when logging in to the library SIP server
|
<string> |
Enter the password (1-32 chars)
|
aaa radius-server local db-type library-sip-server {primary} port <port>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
port |
Set the library SIP server port number
|
<port> |
[1~65535]Enter the port number (Default: 6001; Range: 1-65535)
|
aaa radius-server local db-type library-sip-server {primary} separator <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
separator |
Set the character that the library SIP server uses to separate multiple field name + value entries
|
<string> |
Enter the separator (1 char; Default: '|')
|
aaa radius-server local db-type library-sip-server {primary} {server} <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
server |
Set IP address or domain name of the library SIP server
|
<string> |
Enter the IP address or domain name (Domain name: 1-64 chars)
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} admin-user <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
admin-user |
Set the admin user name that the local AP uses when logging in to the OD server
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that the local AP uses when logging in to the OD server
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} domain <string> binddn <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the OD domain controller
|
<string> |
Enter the name of the domain (1-64 chars)
|
binddn |
Set the bindDN (distinguished name) under which LDAP searches are done
|
<string> |
Enter the bindDN name (1-256 chars)
|
password |
Set the password which authenticate the bindDN
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} domain <string> fullname <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the OD domain controller
|
<string> |
Enter the name of the domain (1-64 chars)
|
fullname |
Set the full DNS name of the OD domain server
|
<string> |
Enter the full DNS name of the domain (1-64 chars)
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} filter-attr <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
filter-attr |
Set the LDAP search filter to locate user objects using the name the client supplies during RADIUS authentication
|
<string> |
Enter the filter attribute used to search for the user (Default: "uid"; 1-32 chars)
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} no-strip-filter
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
no-strip-filter |
Do not strip the realm name
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} tls-enable
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
tls-enable |
Enable TLS authentication that the local AP, as an LDAP client, uses with the OD server (Default: Disabled)
|
aaa radius-server local ldap-auth {primary|backup1|backup2|backup3} type tls ca-cert <string> [ client-cert <string> private-key <string> [ private-key-password <string> ] ] [ verify-server {never|try|demand} ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
ldap-auth |
Set the authentication method that the local AP, as an LDAP client, uses with the LDAP server
|
primary |
Set the authentication method for the first LDAP server
|
backup1 |
Set the authentication method for the second LDAP server
|
backup2 |
Set the authentication method for the third LDAP server
|
backup3 |
Set the authentication method for the fourth LDAP server
|
type |
Set the authentication type to use for LDAP communications
|
tls |
Set the authentication type as TLS (Transport Layer Security)
|
ca-cert |
Set the CA certificate that the local AP uses when authenticating itself as an LDAP client to an LDAP server
|
<string> |
Enter the file name of the CA certificate (1-32 chars)
|
client-cert |
Set the client certificate that the local AP uses when authenticating itself to an LDAP server
|
<string> |
Enter the file name of the client certificate (1-32 chars)
|
private-key |
Set the private key that the local AP uses to authenticate itself to an LDAP server
|
<string> |
Enter the name of the private key file (1-32 chars)
|
private-key-password |
Set the password for the private key that is used when forming a TLS tunnel
|
<string> |
Enter the password (1-32 chars)
|
verify-server |
Set options for verifying the LDAP server (Default: LDAP server verification is try.)
|
never |
never verify the identity of the LDAP server (Default: try)
|
try |
try verify the identity of the LDAP server (Default: try)
|
demand |
demand verify the identity of the LDAP server (Default: try)
|
aaa radius-server local nas <string> shared-key <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
nas |
Set parameters for communicating with other hive members acting as the RADIUS NAS (Network Access Server) devices
|
<string> |
Enter the IP address or resolvable domain name (1-64 chars) for a single NAS device or the subnet for multiple devices
|
shared-key |
Set the shared secret for authenticating communications with the RADIUS NAS
|
<string> |
Enter the shared secret (1-31 chars)
|
aaa radius-server local nas <string> tls
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
nas |
Set parameters for communicating with other hive members acting as the RADIUS NAS (Network Access Server) devices
|
<string> |
Enter the IP address or resolvable domain name (1-64 chars) for a single NAS device or the subnet for multiple devices
|
tls |
Set TLS (Transport Layer Security) encryption for securing communications with the RADIUS NAS devices
|
aaa radius-server local sta-auth ca-cert <string> server-cert <string> private-key <string> [ private-key-password <string> ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
ca-cert |
Set the CA certificate for a TLS (Transport Layer Security) tunnel
|
<string> |
Enter the file name of the CA certificate (1-32 chars)
|
server-cert |
Set the server certificate used when forming a TLS tunnel
|
<string> |
Enter the file name of the server certificate (1-32 chars)
|
private-key |
Set the private key used when forming a TLS tunnel
|
<string> |
Enter the name of the private key file (1-32 chars)
|
private-key-password |
Set the password for encrypting the private key used when forming a TLS tunnel
|
<string> |
Enter a password (1-64 chars)
|
aaa radius-server local sta-auth default-type {leap|peap|tls|ttls|md5}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
default-type |
Set the default RADIUS authentication type
|
leap |
Set LEAP (Lightweight Extensible Authentication Protocol) as the default RADIUS authentication type (Default: peap)
|
peap |
Set PEAP (Protected Extensible Authentication Protocol) as the default RADIUS authentication type (Default: peap)
|
tls |
Set TLS (Transport Layer Security) as the default RADIUS authentication type (Default: peap)
|
ttls |
Set TTLS (Tunneled TLS) as the default RADIUS authentication type (Default: peap)
|
md5 |
Set MD5 as the default RADIUS authentication type (Default: peap)
|
aaa radius-server local sta-auth type tls {check-cert-cn|check-in-db}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
type |
Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
tls |
Set TLS (Transport Layer Security) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
check-cert-cn |
Check the CN (common name) in the certificate against the user name (Default: Disabled)
|
check-in-db |
Query databases to check if the user exists (Default: Disabled)
|
aaa radius-server local sta-auth type {leap|peap|tls|ttls|md5}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
type |
Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
leap |
Set LEAP (Lightweight Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
peap |
Set PEAP (Protected Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
tls |
Set TLS (Transport Layer Security) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
ttls |
Set TTLS (Tunneled TLS) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
md5 |
Set MD5 as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
aaa radius-server local sta-auth type {peap|ttls} check-in-db
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
type |
Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
peap |
Set PEAP (Protected Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
ttls |
Set TTLS (Tunneled TLS) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
check-in-db |
Enable the local RADIUS server to query the Active Directory database to check that user accounts are stored under the proper baseDN before authenticating them (Default: Disabled)
|
aaa radius-server name <string> server <string> shared-secret <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
name |
Set the name for the RADIUS server
|
<string> |
Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
|
server |
Set the IP address or resolvable domain name for the RADIUS server
|
<string> |
Enter the IP address or domain name (max 64 chars)
|
shared-secret |
Set the shared secret for authenticating communications with a RADIUS server
|
<string> |
Enter the shared secret (1-64 chars; Note: The RADIUS shared secret is case sensitive and can contain spaces.)
|
aaa radius-server name <string> server <string> tls
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
name |
Set the name for the RADIUS server
|
<string> |
Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
|
server |
Set the IP address or resolvable domain name for the RADIUS server
|
<string> |
Enter the IP address or domain name (max 64 chars)
|
tls |
Set TLS (Transport Layer Security) encryption for authenticating communications with the RADIUS server
|
aaa radius-server proxy radsec realm <string> {primary|backup} <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
radsec |
Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
|
realm |
Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
|
<string> |
Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
|
primary |
Assign a primary RADIUS server to the realm
|
backup |
Assign a backup RADIUS server to the realm
|
<string> |
Enter the RADIUS server name (1-32 chars)
|
aaa radius-server proxy radsec tls-port <port>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
radsec |
Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
|
tls-port |
Set the auth proxy TLS port number (Max: 8 ports per Aerohive device)
|
<port> |
[1~65535]Enter the auth proxy TLS port number (Range: 1-65535; Default: 80,443)
|
aaa radius-server proxy realm <string> no-strip
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
realm |
Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
|
<string> |
Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
|
no-strip |
Do not strip the realm name from a submitted user name when proxying requests to the RADIUS server (Default: The realm name is stripped from proxied requests.)
|
aaa radius-server proxy realm <string> {primary|backup} <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
realm |
Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
|
<string> |
Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
|
primary |
Assign a primary RADIUS server to the realm
|
backup |
Assign a backup RADIUS server to the realm
|
<string> |
Enter the RADIUS server name (1-32 chars)
|
aaa radius-server proxy realm format {nai|nt-domain|spn|auto}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
realm |
Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
|
format |
Set the format in which a realm name is appended to a user's name in request packets
|
nai |
Set NAI (network access identifier) as the realm name format: user@realm (Default: NAI)
|
nt-domain |
Set Windows NT domain as the realm name format: realm\user (Default: NAI)
|
spn |
Set ServicePrincipalName as the realm name format: host/dev.realm(Default: NAI)
|
auto |
Set auto as the realm name format, it would handle all three formats(NAI or NT-Domain or SPN) automatically
|
aaa radius-server proxy retry-delay <number> retry-count <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
retry-delay |
Set the interval to wait for a response from the RADIUS server before resending a proxied request
|
<number> |
Enter the interval between retries in seconds (Default: 5; Range: 3-10)
|
retry-count |
Set the number of times to retry proxying a request to the RADIUS server
|
<number> |
Enter the number of retries (Default: 3; Range: 1-10)
|
aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string_64|ipv6_addr> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
primary |
Set the RADIUS server that is first queried when authenticating users
|
backup1 |
Set the RADIUS server that is queried if the primary server stops responding
|
backup2 |
Set the RADIUS server that is queried if the backup1 server stops responding
|
backup3 |
Set the RADIUS server that is queried if the backup2 server stops responding
|
<ip_addr> |
Enter an IPv4 address or an IPv6 address or a domain name for the RADIUS server (max 64 chars)
|
<string> |
Enter an IPv4 address or an IPv6 address or a domain name for the RADIUS server (max 64 chars)
|
<ipv6_addr> |
Enter an IPv4 address or an IPv6 address or a domain name for the RADIUS server (max 64 chars)
|
shared-secret |
Set the shared secret for authenticating communications with a RADIUS server
|
<string> |
Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
|
auth-port |
Set the RADIUS authentication port number
|
<number> |
Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
|
acct-port |
Set the RADIUS accounting port number
|
<number> |
Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
admin {read-write|read-only} <string> password <string>
|
admin |
Set the administrator parameters
|
read-write |
The read-write admin has the ability to view, set commands and modify his or her own password, but not the ability to reset the configuration or add, modify, and delete other admins
|
read-only |
The read-only admin has the ability to view settings
|
<string> |
Enter an admin user's name (3-20 chars)
|
password |
Set password for the user
|
<string> |
Set password for the user ([min-password-length]-32 chars, use CLI "show min-password-length" to get value of min-password-length, default: 8)
|
alg {ftp|tftp|sip|dns} qos <number>
|
alg |
Set ALG (Application Level Gateway) parameters
|
ftp |
Set an FTP (File Transfer Protocol) ALG
|
tftp |
Set a TFTP (Trivial File Transfer Protocol) ALG
|
sip |
Set a SIP (Session Initiation Protocol) ALG
|
dns |
Set a DNS (Domain Name System) ALG
|
qos |
Set an Aerohive QoS class for ALG data traffic
|
<number> |
Enter an Aerohive QoS class (Default: 0 for FTP, 0 for TFTP, 6 for SIP, 0 for DNS; Range: 0-7)
|
amrp neighbor <mac_addr> metric min <number> max <number>
|
amrp |
Set AMRP (Advanced Mobility Routing Protocol) parameters
|
neighbor |
Specify the neighbor to which you want to set AMRP parameters
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
metric |
Set route metric parameters for the backhaul link (Ethernet and wireless) to the neighbor
|
min |
Set the minimum metric value
|
<number> |
Enter the minimum metric value (Default: 67; Range: 8-1200)
|
max |
Set the maximum metric value equal to or greater than the minimum value
|
<number> |
Enter the maximum metric value (Default: 67; Range: 8-1200)
|
application identification cdp-index <number> cdp-rule <string> cdp-module {TCP|UDP|HTTP|TLS}
|
application |
Set L7 related parameters
|
identification |
Set L7 identification related parameters
|
cdp-index |
Set index for custom defined application
|
<number> |
Enter the index for custom defined application (Range: 19000-19099)
|
cdp-rule |
Specify the rule for custom defined application
|
<string> |
Enter the rule for custom defined application (1 to 255 characaters)
|
cdp-module |
Specify the module for custom defined application rule
|
TCP |
Enter the module for custom defined application rule TCP
|
UDP |
Enter the module for custom defined application rule UDP
|
HTTP |
Enter the module for custom defined application rule HTTP
|
TLS |
Enter the module for custom defined application rule TLS
|
application reporting upload <url> time-window <number> [ admin <string> password <string> {basic|digest} ]
|
application |
Set L7 related parameters
|
reporting |
Set L7 application reporting related parameters
|
upload |
Set L7 application reporting upload parameters
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/, http://domain:port/path/; Note: You can substitute 'https' for 'http'.)
|
time-window |
Reporting time-window
|
<number> |
minutes(Range: 1-30)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
bonjour-gateway filter rule <number> [ from <string> ] <string> [ to <string> ] [ metric <number> ]
|
bonjour-gateway |
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
|
filter |
Set a filter to control which Bonjour services the local gateway transmits to remote gateways
|
rule |
Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
|
<number> |
Enter the ID for the rule (Range 1-128)
|
from |
Set the source from which services are advertised
|
<string> |
Enter the source VLAN group name (1-32 chars)
|
<string> |
Enter the text string to filter which services are advertised (1-64 chars; Note: A service is advertised if its name matches the string in a rule. You can use asterisks as wildcards)
|
to |
Set the VLAN group to which services are advertised
|
<string> |
Enter the destination VLAN group name (1-32 chars)
|
metric |
Set the maximum number of hops away from the local BDD to accept service advertisements (Note: An immediately neighboring BDD is one hop away, a neighbor of that neighbor is two hops away, and so on.)
|
<number> |
Enter the maximum distance from which service advertisements are acceptable (Range: 0-100; Default: 0; Note: A value of 0 means that there is no maximum distance.)
|
bonjour-gateway filter rule <number> {before|after} rule <number>
|
bonjour-gateway |
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
|
filter |
Set a filter to control which Bonjour services the local gateway transmits to remote gateways
|
rule |
Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
|
<number> |
Enter the ID for the rule (Range 1-128)
|
before |
Move the rule before another rule in the Bonjour Gateway filter
|
after |
Move the rule after another rule in the Bonjour Gateway filter
|
rule |
Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
|
<number> |
Enter the ID for the rule (Range 1-128)
|
bonjour-gateway priority <number>
|
bonjour-gateway |
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
|
priority |
Set the priority of the local device to be elected as the BDD (Bonjour Designated Device)
|
<number> |
Enter the BDD election priority (Range: 0-255; Defaults: SR series=50, BR200 series=40, VG-VA/VG-1U=25, AP250/AP370/AP390/AP550=23, AP230=21, AP330/AP350=20, AP320/AP340=15, AP120/AP121/AP122/AP122X/ATOM/AP130/AP141/AP170/AP1130/AP150W=10, AP110=5; Note: Values closer to 255 have higher priority.)
|
capture interface <wifix> [ count <number> ] [ filter <number> ] [ promiscuous ]
|
capture |
Set packet capture parameters
|
interface |
Enable packet capturing on a radio interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
count |
Set the number of frames to capture
|
<number> |
Enter the number of frames to capture (Default: 2000; Range: 1-100000)
|
filter |
Set the packet capture filter
|
<number> |
Enter a filter ID (Range: 1-64)
|
promiscuous |
Enable the wifi interfaces to operate in promiscuous mode during packet capturing (Default: Disabled)
|
capwap client HTTP proxy name <string> port <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
HTTP |
Set HTTP as the application-level protocol using TCP as the transport mode
|
proxy |
Set parameters for the HTTP proxy server
|
name |
Set the HTTP proxy server name
|
<string> |
Enter the IP address or domain name of the HTTP proxy server (1-63 chars)
|
port |
Set the HTTP proxy server port number
|
<number> |
Enter the port number (Range: 1-65535)
|
capwap client HTTP proxy user <string> password <string>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
HTTP |
Set HTTP as the application-level protocol using TCP as the transport mode
|
proxy |
Set parameters for the HTTP proxy server
|
user |
Set the user name for authenticating the HiveAP with the HTTP proxy server
|
<string> |
Enter the authentication user name (1-32 chars)
|
password |
Set the user password for authenticating the HiveAP with the HTTP proxy server
|
<string> |
Enter the password (1-32 chars)
|
capwap client server [ {backup} ] name <string> [ connect-delay <number> ] [ via-vpn-tunnel ]
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
server |
Set parameters for communicating with the CAPWAP server
|
backup |
Set the backup CAPWAP server
|
name |
Set the IP address or domain name of the CAPWAP server
|
<string> |
Enter IP address or name for CAPWAP server (1-63 chars)
|
connect-delay |
Schedule a connection to the specified CAPWAP server at a time relative to the moment the HiveAP receives the command
|
<number> |
Enter the interval in seconds after which the CAPWAP client connects (Range: 0-65535)
|
via-vpn-tunnel |
Send all CAPWAP traffic through a VPN tunnel (Note: Set this option on VPN clients when the CAPWAP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
capwap ping <string> [ port <number> ] [ count <number> ] [ size <number> ] [ timeout <number> ]
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
ping |
Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
|
<string> |
Enter the IP address or domain name of the CAPWAP server (1-63 chars)
|
port |
Set the destination UDP port number for communicating with the CAPWAP server
|
<number> |
Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
|
count |
Set the number of CAPWAP UDP packets to send
|
<number> |
Enter the number of packets to send (Default: 5; Range: 1-65535)
|
size |
Set the size of the UDP packets
|
<number> |
Enter the packet size in bytes (Default: 56; Range:1-1300)
|
timeout |
Set the length of time to wait for a response
|
<number> |
Enter the timeout in seconds (Default: 5; Range: 1-60)
|
capwap ping <string> [ port <number> ] flood <number> [ size <number> ] [ timeout <number> ]
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
ping |
Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
|
<string> |
Enter the IP address or domain name of the CAPWAP server (1-63 chars)
|
port |
Set the destination UDP port number for communicating with the CAPWAP server
|
<number> |
Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
|
flood |
Set the number of batches, each consisting of 100 CAPWAP UDP packets, to send at one time
|
<number> |
Enter the number of batches of packets(Range: 1-65535)
|
size |
Set the size of the UDP packets
|
<number> |
Enter the packet size in bytes (Default: 56; Range:1-1300)
|
timeout |
Set the length of time to wait for a response
|
<number> |
Enter the timeout in seconds (Default: 5; Range: 1-60)
|
clear auth roaming-cache mac <mac_addr> {hive-neighbors|hive-all}
|
clear |
Clear dynamic system information or remove all web directories
|
auth |
Clear dynamic authentication information
|
roaming-cache |
Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
|
mac |
Set the MAC address of the station whose cached authentication information you want to clear
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
hive-neighbors |
Clear all entries from the local roaming cache and from the roaming caches of all neighboring hive members
|
hive-all |
Clear the MAC address from the local roaming cache and from the roaming caches of all hive members
|
clear auth {local-cache|roaming-cache|station} [ mac <mac_addr> ]
|
clear |
Clear dynamic system information or remove all web directories
|
auth |
Clear dynamic authentication information
|
local-cache |
Clear all entries from the local cache, which contains authentication information for stations currently connected to the local HiveAP
|
roaming-cache |
Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
|
station |
Clear authentication information for a specific station
|
mac |
Set the MAC address of the station whose cached authentication information you want to clear
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear auth {local-cache|roaming-cache|station} ssid <string>
|
clear |
Clear dynamic system information or remove all web directories
|
auth |
Clear dynamic authentication information
|
local-cache |
Clear all entries from the local cache, which contains authentication information for stations currently connected to the local HiveAP
|
roaming-cache |
Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
|
station |
Clear authentication information for a specific station
|
ssid |
Clear cached authentication information based on the SSID with which stations associated
|
<string> |
Enter a user name (1-32 chars)
|
clear forwarding-engine counters [ interface <wifix|wifix.y|ethx|mgtx> ] [ station <mac_addr> ] [ drop ] [ tunnel ] [ policy ]
|
clear |
Clear dynamic system information or remove all web directories
|
forwarding-engine |
Clear dynamically generated data from the forwarding engine
|
counters |
Clear forwarding engine counter statistics
|
interface |
Clear forwarding engine counter by interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
station |
Clear forwarding engine counter by station MAC
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
drop |
Clear the drop packet counter
|
tunnel |
Clear the counter on tunnels
|
policy |
Clear the counter on policies
|
clear forwarding-engine ip-sessions [ src-ip <ip_addr|ipv6_addr> ] [ dst-ip <ip_addr|ipv6_addr> ] [ src-port <number> ] [ dst-port <number> ] [ protocol <number> ]
|
clear |
Clear dynamic system information or remove all web directories
|
forwarding-engine |
Clear dynamically generated data from the forwarding engine
|
ip-sessions |
Clear IP sessions
|
src-ip |
Clear IP sessions by source IPv4 or IPv6 address
|
<ip_addr> |
Source IP address
|
<ipv6_addr> |
Source IP address
|
dst-ip |
Clear IP sessions by destination IPv4 or IPv6 address
|
<ip_addr> |
Destination IP address
|
<ipv6_addr> |
Destination IP address
|
src-port |
Clear IP essions by source port number
|
<number> |
source IP port (Range: 1-65535)
|
dst-port |
Clear IP sessions by destination port number
|
<number> |
destination IP port (Range: 1-65535)
|
protocol |
Clear IP sessions by protocol type
|
<number> |
source IP port (Range: 1-255)
|
clear forwarding-engine mac-sessions [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ]
|
clear |
Clear dynamic system information or remove all web directories
|
forwarding-engine |
Clear dynamically generated data from the forwarding engine
|
mac-sessions |
Clear MAC sessions
|
src-mac |
Clear MAC sessions by source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Clear MAC sessions by destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear interface <mgtx|mgtx.y> dhcp-server lease mac <mac_addr>
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Clear the DHCP server lease
|
lease |
Clear a specific DHCP lease or all leases
|
mac |
Clear the DHCP lease assigned to a client with a specific MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear interface <wifix> wlan-idp mitigate rogue-ap [ <mac_addr> ]
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
wlan-idp |
Clear rogue AP entries from the WLAN IDP (intrusion detection and prevention) table
|
mitigate |
Clear mitigated rogue APs
|
rogue-ap |
Clear all mitigated rogue APs or a specific rogue AP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
client-mode ssid <string> [ {passphrase|wep-key} {hex|ascii} <string> ] [ {-nosave} ]
|
client-mode |
Set wireless client parameters for the local device so that it can associate with an access point
|
ssid |
Set the SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
passphrase |
Set the security protocol suite as WPA-PSK/WPA2-PSK/WPA3-SAE
|
wep-key |
Set the security protocol suite as WEP
|
hex |
Set the key type as hexadecimal
|
ascii |
Set the key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter the key value(ASCII key length: wep-key(5, 13 chars)/passphrase(8-63 chars); Hexadecimal key length: wep-key(10, 26 hex digits)/passphrase(64 hex digits))
|
-nosave |
#hidden
|
client-monitor policy <string> problem-type {association|authentication|networking} [ trigger-times <number> ] [ report-interval <number> ] [ quiet-time <number> ]
|
client-monitor |
Set parameters for Client Monitor
|
policy |
Set parameters for a Client Monitor policy
|
<string> |
Enter the Client Monitor policy name (1-32 chars)
|
problem-type |
Set the problem type which specifies a category of client-centric problems
|
association |
Detect, analyze and report the client association problem
|
authentication |
Detect, analyze and report the client authentication problem
|
networking |
Detect, analyze and report the client networking problem
|
trigger-times |
Set how many times the problem type is detected to trigger reporting the problem and related logs
|
<number> |
Enter trigger times for the problem type (Range: 1-10; Default: 1)
|
report-interval |
Set the interval to report the problem and related logs
|
<number> |
Enter a report interval in seconds for the problem type (Range: 0 or 30-3600; Default: 0; Note: The default value of 0 reports every instance of the problem)
|
quiet-time |
Set the time period after which the problem elapses
|
<number> |
Enter quiet time in seconds for the problem type (Range: 60-86400; Default: 300)
|
clock time-zone daylight-saving-time <date> <time> <date> <time>
|
clock |
Set the internal clock
|
time-zone |
Set the time zone for the internal clock
|
daylight-saving-time |
Set the daylight saving time parameters
|
<date> |
Enter the start date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
|
<time> |
Enter the start time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
|
<date> |
Enter the end date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
|
<time> |
Enter the end time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
|
config rollback manual [ wait-time <number> ]
|
config |
Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
rollback |
Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
|
manual |
Perform the configuration rollback after the defined length of time elapses regardless of its CAPWAP connectivity (Note: This option is useful when accessing the CLI remotely and you are concerned that some commands might cause the AP to lose its network connection.)
|
wait-time |
Set the length of time that the AP must be disconnected from the CAPWAP server before rolling back the configuration
|
<number> |
Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 0-60000: Note: 0 means that the rollback point persists indefinitely until the 'config rollback now' command is entered.)
|
config rollback {capwap-disconnect|next-reboot} [ wait-time <number> ]
|
config |
Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
rollback |
Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
|
capwap-disconnect |
Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time (Note: This is useful when uploading a delta configuration, which does not require the AP to reboot, and you are concerned that some changes might disrupt network connectivity for the AP.)
|
next-reboot |
Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time after the AP reboots (Note: This is useful when uploading a full configuration, which requires the AP to reboot, and you are concerned that the new config might disrupt network connectivity for the AP.)
|
wait-time |
Set the length of time that the AP must be disconnected from the CAPWAP server before rolling back the configuration
|
<number> |
Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 2-60000)
|
debug console level {emergency|alert|critical|error|warning|notification|info|debug}
|
debug |
Enable debug messages
|
console |
Show debug messages on the console
|
level |
Specify a logging level
|
emergency |
Show emergency-level log entries (Default: debug)
|
alert |
Show log entries from alert to emergency levels (Default: debug)
|
critical |
Show log entries from critical to emergency levels (Default: debug)
|
error |
Show log entries from error to emergency levels (Default: debug)
|
warning |
Show log entries from warning to emergency levels (Default: debug)
|
notification |
Show log entries from notification to emergency levels (Default: debug)
|
info |
Show log entries from info to emergency levels (Default: debug)
|
debug |
Show log entries for all severity levels (Default: debug)
|
dns server-ip <ip_addr|ipv6_addr> [ {second|third} ]
|
dns |
Set DNS (Domain Name System) parameters
|
server-ip |
Set the IP address of the primary, secondary, or tertiary DNS server
|
<ip_addr> |
Enter the IP address of the primary, secondary, or tertiary DNS server
|
<ipv6_addr> |
Enter the IP address of the primary, secondary, or tertiary DNS server
|
second |
Assign the IP address to a secondary DNS server
|
third |
Assign the IP address to a tertiary DNS server
|
exec aaa idm-test auth username <string> password <string> [ {pap|ms-chap-v2} ] [ proxy <string> ] [ bind-ssid <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
idm-test |
Test TLS connectivity from the Aerohive device acting as the RadSec or AUTH proxy to the ID Manager gateway
|
auth |
Send a RADIUS Access-Request message from the Aerohive device to the ID Manager
|
username |
Set the user name belonging to an account on the ID Manager
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that belongs to the same account as the user name on the ID Manager
|
<string> |
Enter the password (1-64 chars)
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the Aerohive device and ID Manager (Default: MS-CHAP-v2)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the Aerohive device and ID Manager (Default: MS-CHAP-v2)
|
proxy |
Set parameters for connecting to an ID Manager proxy server
|
<string> |
Enter the IP address or domain name of the ID Manager proxy server (1-64 chars)
|
bind-ssid |
Set the SSID to which the user name binds for ID Manager testing (Note: By default, wired links use the user name-password pair for testing ID Manager accounts, so the user name does not need to bind to an SSID.)
|
<string> |
Enter the name of the SSID to which you want to bind the user name (1-32 chars)
|
exec aaa ldap-search server-type {active-directory|ldap-server|open-directory} server <string> basedn <string> binddn <string> password <string> [ {attributes} [ <string> ] ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
ldap-search |
Execute a search of the LDAP database
|
server-type |
Set the type of LDAP server whose database you want to search
|
active-directory |
Set the server type as an Active Directory server
|
ldap-server |
Set the server type as an OpenLDAP server
|
open-directory |
Set the server type as an Open Directory server
|
server |
Set the IP address or resolvable domain name of the LDAP server
|
<string> |
Enter the IP address or domain name (up to 64 chars)
|
basedn |
Set a node in the LDAP tree structure as the baseDN (distinguished name) from which to search for nodes one level below it or for information about one or all of its attributes
|
<string> |
Enter the baseDN (up to 256 chars) (Note: If there are any spaces, enclose the whole string in quotation marks.)
|
binddn |
Set the bindDN name and password for the user that has permission to search the LDAP directory
|
<string> |
Enter the bindDN name (up to 256 chars)
|
password |
Set the bindDN password
|
<string> |
Enter the password (1-64 chars)
|
attributes |
Search for attributes of the node specified as the baseDN
|
<string> |
Enter the name of a specific attribute for which to search (Note: To see the user group attribute of the baseDN node when the default group attribute name is being used, do not enter anything.)
|
exec aaa ldap-search username <string> [ basedn <string> ] [ domain <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
ldap-search |
Execute a search of the LDAP database
|
username |
Set the user name to search for in the LDAP database
|
<string> |
Enter a user name (1-32 chars)
|
basedn |
Set the baseDN (distinguished name) where the user profiles are located in the LDAP tree structure
|
<string> |
Enter the baseDN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
|
domain |
Set the domain name of the domain controller
|
<string> |
Enter a NT domain name (1-64 chars)
|
exec aaa library-sip-test primary username <string> password <string>
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
library-sip-test |
Test a simulated authentication process for a library patron on a library SIP (Standard Interchange Protocol) server
|
primary |
Test the authentication process on the primary library SIP server
|
username |
Set the library patron's user name to submit to the library SIP server
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the library patron's password to submit to the library SIP server
|
<string> |
Enter the password (1-64 chars)
|
exec aaa net-join [ {primary|backup1|backup2|backup3} username <string> password <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
net-join |
Join the local AP RADIUS server to the domain controller
|
primary |
Join the local AP RADIUS server to the primary domain controller
|
backup1 |
Join the local AP RADIUS server to the backup1 domain controller
|
backup2 |
Join the local AP RADIUS server to the backup2 domain controller
|
backup3 |
Join the local AP RADIUS server to the backup3 domain controller
|
username |
Set the admin user name for the local AP RADIUS server (Note: For the AP RADIUS server to join the domain, its user account must have domain admin privileges or higher.)
|
<string> |
Enter a user name (1-32 chars)
|
password |
Set the password for the user name
|
<string> |
Enter a password (1-64 chars)
|
exec aaa net-join domain <string> fullname <string> server <string> username <string> password <string> [ computer-ou <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
net-join |
Join the local AP RADIUS server to the domain controller
|
domain |
Set the domain name of the AD domain controller
|
<string> |
Enter the NetBIOS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
|
fullname |
Set the full name of the domain to which the RADIUS server (local AP) and AD server both belong
|
<string> |
Enter the full domain name (1-64 chars)
|
server |
Set the IP address or resolvable domain name for the AD server (Note: The AD server is the same as the domain controller.)
|
<string> |
Enter the IP address or domain name (up to 64 chars)
|
username |
Set the admin user name that the local AP RADIUS server submits to the AD server (Note: For the AP RADIUS server to join the domain, its user account must have domain admin privileges or higher.)
|
<string> |
Enter a user name (1-32 chars)
|
password |
Set the password for the user name
|
<string> |
Enter a password (1-64 chars)
|
computer-ou |
Set the OU (organizational unit) used on the Active Directory server where the AP RADIUS server admin has privileges to add the AP as a computer in the domain
|
<string> |
Enter the OU (Max: 256 chars; Format: ou/sub-ou/sub-ou; Note: If there are any spaces, enclose the entire string in quotation marks.)
|
exec aaa ntlm-auth username <string> password <string> [ domain <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
ntlm-auth |
Initiate NTLM (NT LAN Manager) authentication between the AP RADIUS server and the domain controller
|
username |
Set the user name that the AP RADIUS server uses when authenticating itself to the domain controller
|
<string> |
Enter a user name (1-32 chars)
|
password |
Set the password that the AP RADIUS server uses when authenticating itself to the domain controller
|
<string> |
Enter a password (1-64 chars)
|
domain |
Set the domain name of the domain controller
|
<string> |
Enter a NT domain name (1-64 chars)
|
exec aaa radius-test <ip_addr|ipv6_addr|string_64> accounting
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-test |
Send a RADIUS Access-Request message from the HiveAP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
|
<ip_addr> |
Enter the IP address or an IPv6 address or domain name of the RADIUS server (1-64 chars)
|
<ipv6_addr> |
Enter the IP address or an IPv6 address or domain name of the RADIUS server (1-64 chars)
|
<string> |
Enter the IP address or an IPv6 address or domain name of the RADIUS server (1-64 chars)
|
accounting |
Check the network connectivity status of a RADIUS accounting server (Default: Check the status of a RADIUS authentication server.)
|
exec aaa radius-test <ip_addr|ipv6_addr|string_64> call-check <mac_addr>
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-test |
Send a RADIUS Access-Request message from the HiveAP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
|
<ip_addr> |
Enter the IP address or an IPv6 address or domain name of the RADIUS server (1-64 chars)
|
<ipv6_addr> |
Enter the IP address or an IPv6 address or domain name of the RADIUS server (1-64 chars)
|
<string> |
Enter the IP address or an IPv6 address or domain name of the RADIUS server (1-64 chars)
|
call-check |
Do mac-base-auth call-check with Radius server
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
exec aaa radius-test <ip_addr|ipv6_addr|string_64> username <string> password <string> [ {pap|chap|ms-chap-v2} ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-test |
Send a RADIUS Access-Request message from the HiveAP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
|
<ip_addr> |
Enter the IP address or an IPv6 address or domain name of the RADIUS server (1-64 chars)
|
<ipv6_addr> |
Enter the IP address or an IPv6 address or domain name of the RADIUS server (1-64 chars)
|
<string> |
Enter the IP address or an IPv6 address or domain name of the RADIUS server (1-64 chars)
|
username |
Set the user name belonging to an account on the RADIUS server
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that belongs to the same account as the user name on the RADIUS server
|
<string> |
Enter the password (1-64 chars)
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
|
chap |
Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
|
exec antenna-alignment interface <wifix> peer <mac_addr> [ count <number> ] [ interval <number> ] [ text-size <number> ] [ beep {static|adaptive|no} ] [ static-rssi-range <number> - <number> ]
|
exec |
Execute a command to initiate a task immediately
|
antenna-alignment |
Set parameters for aligning a directional or sectional antenna connected to a radio in backhaul or dual (access and backhaul) mode with a specified peer
|
interface |
Set the interface bound to the radio whose antenna you want to align with that of a peer
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
peer |
Set the MAC address of the peer to which the AP sends antenna alignment request frames
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
count |
Set the total number of request frames to send to the peer
|
<number> |
Enter the total number of request frames (Range: 1-1000; Default: 60)
|
interval |
Set the interval between each request frame transmission
|
<number> |
Enter the interval in seconds (Range: 1-30; Default: 1)
|
text-size |
Set the amount of filler text in each request frame
|
<number> |
Enter the amount of filler text in bytes (Range: 16-2048; Default: 16)
|
beep |
Set the mode of antenna buzzer, which the device uses to indicate the quality of antenna alignment by increasing the frequency of audible beeps as the signal strength improves (Default: adaptive)
|
static |
Set the antenna buzzer to beep when the signal strength falls between 0 to 80 dB
|
adaptive |
Set the antenna buzzer to beep based on the signal strengths that are determined during the alignment process
|
no |
Disable the antenna buzzer
|
static-rssi-range |
Set the signal strength range(instead of default 1 ~ 80 dB) which is used in the static beep mode
|
<number> |
Enter the lowest signal strength in dB
|
- |
Set a range of signal strength
|
<number> |
Enter the highest signal strength in dB
|
exec auth <string> ppsk-mac-unbinding mac-ppsk <mac_addr> <string>
|
exec |
Execute a command to initiate a task immediately
|
auth |
Execute an auth module command
|
<string> |
Enter an SSID profile name (1-32 chars)
|
ppsk-mac-unbinding |
Execute a PPSK MAC address-unbinding command
|
mac-ppsk |
Remove the PPSK MAC address binding from MAC address and PPSK
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<string> |
Enter the PPSK of the station used (1-32 chars)
|
exec capture remote-sniffer [ user <string> <string> ] [ host-allowed <string> ] [ local-port <number> ] [ promiscuous ]
|
exec |
Execute a command to initiate a task immediately
|
capture |
Initiate packet capturing
|
remote-sniffer |
Set parameters for a remote packet sniffer
|
user |
Set user name and password that the remote sniffer uses when authenticating itself to the HiveAP
|
<string> |
Enter the user name (1-32 chars)
|
<string> |
Enter the password (1-32 chars)
|
host-allowed |
Set the IP address or domain name of the remote packet sniffer that is allowed to connect to the HiveAP
|
<string> |
Enter the IP address or domain name (1-32 chars)
|
local-port |
Set the port number on which the HiveAP listens for connection requests from the remote sniffer
|
<number> |
Enter the port number (Default: 2002; Range: 1024-65535)
|
promiscuous |
Enable the wifi interfaces to operate in promiscuous mode during packet capturing (Default: Disabled)
|
exec interface <wifix> spectral-scan airiq-mode {Dedicated|Hybrid|X+1}
|
exec |
Execute a command to initiate a task immediately
|
interface |
Execute the command through a specific interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
spectral-scan |
Execute a spectral scan of all the channels specified in the channel scan list and report signal frequency and amplitude, channel utilization, and types of interference to HiveManager
|
airiq-mode |
Set airiq mode of spectral scan
|
Dedicated |
Dedicated spectrum scanning
|
Hybrid |
Hybrid scanning
|
X+1 |
concurrent Tx/Rx on X chains, SA on 1 chain
|
exec interface <wifix> spectral-scan channel <number>
|
exec |
Execute a command to initiate a task immediately
|
interface |
Execute the command through a specific interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
spectral-scan |
Execute a spectral scan of all the channels specified in the channel scan list and report signal frequency and amplitude, channel utilization, and types of interference to HiveManager
|
channel |
Set the channel to be scanned
|
<number> |
Enter the channel number (Note: To create a list of multiple channels, repeatedly enter this command with a different channel number for each one that you want to scan.) (Range: 1-165)
|
exec interface <wifix> spectral-scan report-interval <number>
|
exec |
Execute a command to initiate a task immediately
|
interface |
Execute the command through a specific interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
spectral-scan |
Execute a spectral scan of all the channels specified in the channel scan list and report signal frequency and amplitude, channel utilization, and types of interference to HiveManager
|
report-interval |
Set the length of time to collect spectral data and then report it to HiveManager
|
<number> |
Enter the report interval in seconds (Default: 1; Range: 1-30)
|
exec wlan-idp ap-classify {rogue|friendly} <mac_addr> [ - <mac_addr> ]
|
exec |
Execute a command to initiate a task immediately
|
wlan-idp |
Execute a command relating to WLAN IDP (intrusion detection and prevention)
|
ap-classify |
Classify one or more APs as rogue or friendly by MAC address
|
rogue |
Classify APs as rogue
|
friendly |
Classify APs as friendly
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
- |
Set a range of MAC addresses
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
exec wlan-idp mitigate {rogue-ap} <mac_addr> interface <wifix>
|
exec |
Execute a command to initiate a task immediately
|
wlan-idp |
Execute a command relating to WLAN IDP (intrusion detection and prevention)
|
mitigate |
Mitigate a specific rogue AP and its clients by sending a deauth DoS attack against them
|
rogue-ap |
Mitigate a specific rogue AP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
interface |
Execute the command through a specific interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
exec {jss-check|airwatch-check|aerohive-check} mobile-device <mac_addr> enroll-status
|
exec |
Execute a command to initiate a task immediately
|
jss-check |
Check the enrollment status of a mobile device on the JSS (JAMF software server)
|
airwatch-check |
Check the enrollment status of a mobile device on the AirWatch
|
aerohive-check |
Check the enrollment status of a mobile device on the Aerohive MDM server
|
mobile-device |
Set the MAC address or ID of a mobile device
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
enroll-status |
Retrieve the enrollment status of the mobile device
|
filter <number> l2 [ {data|ctl|mgmt} ] [ subtype <hex> ] [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ] [ bssid <mac_addr> ] [ tx-mac <mac_addr> ] [ rx-mac <mac_addr> ] [ error {crc|decrypt|mic|all|no} ] [ etype <hex> ]
|
filter |
Set packet capture filter parameters
|
<number> |
Enter a filter ID (Range: 1-64)
|
l2 |
Set packet capture filter for layer 2 parameters
|
data |
Filter by data traffic
|
ctl |
Filter by ctl traffic
|
mgmt |
Filter by mgmt traffic
|
subtype |
Filter by frame subtype
|
<hex> |
Enter frame subtype value
|
src-mac |
Filter by source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Filter by destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
bssid |
Filter by BSSID
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Filter by transmitter MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
rx-mac |
Filter by receiver MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
error |
Filter by error condition
|
crc |
Filter by crc error
|
decrypt |
Filter by decrypt error
|
mic |
Filter by mic error
|
all |
Filter by all error
|
no |
Filter by no error
|
etype |
Filter by Ethernet value
|
<hex> |
Enter the value indicating an ethernet type (ARP:0806; IP:0800; IPX:8137; RARP:8035)
|
filter <number> l3 [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ protocol <number> ] [ src-port <number> ] [ dst-port <number> ]
|
filter |
Set packet capture filter parameters
|
<number> |
Enter a filter ID (Range: 1-64)
|
l3 |
Set packet capture filter for layer 3 parameters
|
src-ip |
Filter by source IP address
|
<ip_addr> |
Enter a source IP address
|
dst-ip |
Filter by destination IP address
|
<ip_addr> |
Enter a destination IP address
|
protocol |
Filter by protocol number in IP header
|
<number> |
Enter a protocol value (UDP:17; TCP:6 ICMP:1)
|
src-port |
Filter by source port filter
|
<number> |
Enter a source port number
|
dst-port |
Filter by destination port
|
<number> |
Enter a destination port number (HTTP:80; FTP:21; TELNET:23; DHCP:67; TFTP:79)
|
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> dst-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> dst-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine tunnel selective-multicast-forward allow-all except <ip_addr|ip_addr/mask>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
tunnel |
Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
|
selective-multicast-forward |
Selective multicast forwarding through GRE tunnels
|
allow-all |
Allow the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
|
except |
Block specific IP multicast traffic through tunnels
|
<ip_addr> |
Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
|
<ip_addr/netmask> |
Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
|
forwarding-engine tunnel selective-multicast-forward block-all except <ip_addr|ip_addr/mask>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
tunnel |
Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
|
selective-multicast-forward |
Selective multicast forwarding through GRE tunnels
|
block-all |
Block the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
|
except |
Allow specific IP multicast traffic through tunnels
|
<ip_addr> |
Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
|
<ip_addr/netmask> |
Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
|
hive <string> neighbor connecting-threshold {low|medium|high} polling-interval <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
neighbor |
Set the threshold parameters for connecting wirelessly with neighboring hive members
|
connecting-threshold |
Set the minimum signal strength threshold required for connecting with a neighboring hive member
|
low |
Set a relatively low minimum signal strength threshold (-85dBm)
|
medium |
Set a relatively moderate minimum signal strength threshold (-80dBm)
|
high |
Set a relatively high minimum signal strength threshold (-75dBm)
|
polling-interval |
Set the time interval in minutes for polling the signal strength of neighboring hive members
|
<number> |
Enter the polling time interval (Default: 1 minute; range: 1-60)
|
hive <string> security wlan dos station-level frame-type {assoc-req|auth|eapol} ban <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
auth |
Specify WLAN DoS frame type auth
|
eapol |
Specify WLAN DoS frame type eapol
|
ban |
Set the period of time to ignore frames after a theshold has been crossed
|
<number> |
Enter the period of time in seconds to ignore frames after a theshold has been crossed (Default: 60; Min: 0 Max: 2000000000)
|
hive <string> security wlan dos station-level frame-type {assoc-req|auth|eapol} ban forever
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
auth |
Specify WLAN DoS frame type auth
|
eapol |
Specify WLAN DoS frame type eapol
|
ban |
Set the period of time to ignore frames after a theshold has been crossed
|
forever |
Set ban forever
|
hive <string> security wlan dos {hive-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all}
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
hive-level |
Set DoS parameters at hive-level
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
probe-req |
Specify WLAN DoS frame type probe-req
|
probe-resp |
Specify WLAN DoS frame type probe-resp
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
assoc-resp |
Specify WLAN DoS frame type assoc-resp
|
disassoc |
Specify WLAN DoS frame type disassoc
|
auth |
Specify WLAN DoS frame type auth
|
deauth |
Specify WLAN DoS frame type deauth
|
eapol |
Specify WLAN DoS frame type eapol
|
all |
Specify WLAN DoS frame type all
|
hive <string> security wlan dos {hive-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all} alarm <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
hive-level |
Set DoS parameters at hive-level
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
probe-req |
Specify WLAN DoS frame type probe-req
|
probe-resp |
Specify WLAN DoS frame type probe-resp
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
assoc-resp |
Specify WLAN DoS frame type assoc-resp
|
disassoc |
Specify WLAN DoS frame type disassoc
|
auth |
Specify WLAN DoS frame type auth
|
deauth |
Specify WLAN DoS frame type deauth
|
eapol |
Specify WLAN DoS frame type eapol
|
all |
Specify WLAN DoS frame type all
|
alarm |
Set the interval in seconds between alarms to indicate continuous DoS conditions
|
<number> |
Enter the interval in seconds between alarms to indicate continuous DoS conditions (Default: 60 secs; Min: 0 Max: 2000000000)
|
hive <string> security wlan dos {hive-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all} threshold <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
hive-level |
Set DoS parameters at hive-level
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
probe-req |
Specify WLAN DoS frame type probe-req
|
probe-resp |
Specify WLAN DoS frame type probe-resp
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
assoc-resp |
Specify WLAN DoS frame type assoc-resp
|
disassoc |
Specify WLAN DoS frame type disassoc
|
auth |
Specify WLAN DoS frame type auth
|
deauth |
Specify WLAN DoS frame type deauth
|
eapol |
Specify WLAN DoS frame type eapol
|
all |
Specify WLAN DoS frame type all
|
threshold |
Set the frame threshold in ppm (packets per minute) that must be crossed to trigger an alarm
|
<number> |
Enter threshold in ppm (Default: hive-level probe-req 12000, probe-resp 24000, eapol 6000, auth 6000, assoc-req 6000, assoc-resp 2400, all others 1200; sta-level probe-req 1200 ppm, probe-resp 2400, eapol 600, auth 600, assoc-req 600, assoc-resp 240, all others 120; Min: 0 Max: 2000000000)
|
hive <string> wlan-idp mitigation-mode {automatic|semi-automatic} action {mitigate|report}
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
mitigation-mode |
Set the mode for mitigating rogue APs and their clients
|
automatic |
Set the arbitrator AP to appoint a mitigator AP and start the mitigation process automatically (Default: semi-automatic)
|
semi-automatic |
Set the arbitrator AP to appoint a mitigator AP automatically but start the mitigation process manually (Default: semi-automatic)
|
action |
Set the action that you want detector APs to take after discovering rogue APs and their clients
|
mitigate |
Mitigate rogue APs and their clients (Default: Rogue mitigation)
|
report |
Report rogue APs and their clients (Default: Rogue mitigation)
|
hiveui cas client server name <string>
|
hiveui |
Enable the NetConfig UI for defining network settings, configuring settings to connect to HiveManager, and uploading a new HiveOS image
|
cas |
Set client and server parameters for CAS (Central Authentication Service) to authenticate users such as teachers accessing TeacherView
|
client |
Set parameters for the local AP to act as a CAS client
|
server |
Set parameters for communicating with the CAS server
|
name |
Set the IP address or resolvable domain name for the CAS server
|
<string> |
Enter the IP address or domain name (max 64 chars) of the CAS server
|
hotspot profile <string> 3gpp-info country-code <string> network-code <string>
|
hotspot |
Set hotspot parameters
|
profile |
Set hotspot parameter profile name
|
<string> |
Enter the hotspot profile name (1-32 chars)
|
3gpp-info |
Set 3GPP(3rd Generation Partnership Project) information
|
country-code |
Set the three-digit mobile country code as defined by the ITU (International Telecommunication Union), which indicates the country in which the user is operating
|
<string> |
Enter the mobile country code (3 chars)
|
network-code |
Set the two- or three-digit mobile network code, indicates the mobile network on which the user is operating
|
<string> |
Enter mobile network code (2-3 chars)
|
hotspot profile <string> authentication-type cwp [ redirect-url <url> ]
|
hotspot |
Set hotspot parameters
|
profile |
Set hotspot parameter profile name
|
<string> |
Enter the hotspot profile name (1-32 chars)
|
authentication-type |
Set the authentication type
|
cwp |
Capital web authentication, the network infrastructure performs an http/https redirect for authentication
|
redirect-url |
Set the redirect URL(Uniform Resource Locator) for authentication
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path or http://domain:port/path; Note: You can substitute "https" for "http".)
|
hotspot profile <string> ip-protocol {tcp|udp|icmp|esp} port-number <number> {open|close|unknown}
|
hotspot |
Set hotspot parameters
|
profile |
Set hotspot parameter profile name
|
<string> |
Enter the hotspot profile name (1-32 chars)
|
ip-protocol |
Set the IP protocols that are permitted or denied on the network or whose permission status is unknown (Note: The AP announces this in the ANQP--Access Network Query Protocol--response it sends to clients before they join the network to teach them what types of traffic are permitted. Example: The AP might announce which IP protocols an upstream firewall denies.)
|
tcp |
Set the status of TCP as permitted, denied, or unknown
|
udp |
Set the status of UDP as permitted, denied, or unknown
|
icmp |
Set the status of ICMP as permitted, denied, or unknown
|
esp |
Set the status of ESP (Encapsulating Security Payload) as permitted, denied, or unknown
|
port-number |
Set the destination port numbers that the AP announces as permitted or denied on the network or if its permission or denial status is unknown
|
<number> |
Enter the port number(Range: 0-65535)
|
open |
Set the IP protocol or port number as permitted
|
close |
Set the IP protocol or port number as denied
|
unknown |
Set the status of permitting or denying the IP protocol or port number on the network as unknown
|
hotspot profile <string> ip-type ipv4 <number> ipv6 <number>
|
hotspot |
Set hotspot parameters
|
profile |
Set hotspot parameter profile name
|
<string> |
Enter the hotspot profile name (1-32 chars)
|
ip-type |
Set the IP type, which provides the client station with IP address type and version information
|
ipv4 |
Set the IPV4 address type
|
<number> |
Enter IPV4 address type (Range 0-7, where 0 means address type not available, 1 means public IPv4 address available, 2 means port-restricted IPv4 address available, 3 means single NAT private IPv4 address available, 4 means double NAT private IPv4 address available, 5 means port-restricted IPv4 address and single NAT IPv4 address available, 6 means port-restricted IPv4 address and double NAT IPv4 address available, and 7 means that the availability of the address type is unknown)
|
ipv6 |
Set the IPV6 address type
|
<number> |
Enter IPV6 address type (Range: 0-2, where 0 means the address type is not available, 1 means the address type is available, and 2 means the availability of the address type is unknown)
|
hotspot profile <string> nai-realm <string> eap-method <number> [ auth-method <number> ] [ inner-auth <number> ]
|
hotspot |
Set hotspot parameters
|
profile |
Set hotspot parameter profile name
|
<string> |
Enter the hotspot profile name (1-32 chars)
|
nai-realm |
Set the network access identifier which provide information about stations using Interworking network selection to connect to a network based on credentials
|
<string> |
Enter one or more NAI (Network Access Identifier) realm strings (1-255 chars, Note: You can enter more than one realm string by separating the strings by semicolons)
|
eap-method |
Set the EAP method
|
<number> |
Enter the EAP method, where 13 is EAP-TLS, 17 is LEAP (Lightweight EAP), 18 is EAP-SIM (EAP for GSM Subscriber Identity Module), 21 is EAP-TTLS (EAP-Tunneled Transport Layer Security), and 25 is EAP-PEAP (Protected EAP)
|
auth-method |
Set authentication method
|
<number> |
Enter authentication method(Range: 1-8, where 1 means expanded EAP method, 2 means non-EAP Inner Authentication type, 3 means inner authentication EAP method, 4 means expand inner EAP method, 5 means credential type, and 6 means tunneled EAP method credential type)
|
inner-auth |
Set the inner authentication parameter
|
<number> |
Enter the authentication parameter(Note: If the authentication method value is 2, then for the authentication protocol 1 is PAP, 2 is CHAP, 3 is MSCHAP, and 4 is MSCHAPV2. If the authentication method is 5 or 6, then for the authentication protocol, 1 is SIM, 2 is USIM, 3 is NFC Secure Element, 4 is Hardware Token, 5 is Softoken, 6 is Certificate, 7 is username/password, 8 is Reserved, and 9 is Anonymous.)
|
hotspot profile <string> network-type <number> [ access-internet ]
|
hotspot |
Set hotspot parameters
|
profile |
Set hotspot parameter profile name
|
<string> |
Enter the hotspot profile name (1-32 chars)
|
network-type |
Set network type
|
<number> |
Enter network type(Default: 0, where 0 means private network, 1 means private network with guest access, 2 means chargeable public network, 3 means free public network, 4 means personal device network, 5 means emergency services-only network, 14 means test or experimental, and 15 is a wildcard)
|
access-internet |
Indicate that this network can access the Internet
|
hotspot profile <string> qos-map dscp-range <number> - <number> to ah-class <number>
|
hotspot |
Set hotspot parameters
|
profile |
Set hotspot parameter profile name
|
<string> |
Enter the hotspot profile name (1-32 chars)
|
qos-map |
Set QoS (quality of service) mapping from Aerohive QoS classes to DSCP (Differentiated Services CodePoint) priorities
|
dscp-range |
Set a range of DSCP priorities
|
<number> |
Enter a start value(Range: 0-63)
|
- |
Set the DSCP range
|
<number> |
Enter an end value(Range: 0-63)
|
to |
Map the DSCP range to an Aerohive QoS class
|
ah-class |
Set the Aerohive QoS class
|
<number> |
Enter an Aerohive QoS class value (Range: 0-7)
|
hotspot profile <string> venue group <number> type <number>
|
hotspot |
Set hotspot parameters
|
profile |
Set hotspot parameter profile name
|
<string> |
Enter the hotspot profile name (1-32 chars)
|
venue |
Set venue information
|
group |
Set the group ID that AP belongs to
|
<number> |
Enter the group ID(Default: 0; Range: 0-11, where 0 means unspecified, 1 means assembly, 2 means business, 3 means educational, 4 means factory and industrial, 5 means institutional, 6 means mercantile, 7 means residential, 8 means storage, 9 means utility and miscellaneous, 10 means vehicular, and 11 means outdoor)
|
type |
Set the type to which the AP belongs
|
<number> |
Enter the type ID(Default: 0; Note: The type ID must match the venue group ID to describe the venue information. For more information, refer to IEEE 802.11-2012, section 8.4.1.34)
|
interface <ethx> manage {Telnet|SSH|SNMP|ping|all}
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
manage |
Set management service parameters
|
Telnet |
Enable Telnet manageability of mgt0 through this interface (Default: Disabled)
|
SSH |
Enable SSH manageability of mgt0 through this interface (Default: Enabled)
|
SNMP |
Enable SNMP manageability of mgt0 through this interface (Default: Disabled)
|
ping |
Enable mgt0 to respond to pings through this interface (Default: Enabled)
|
all |
Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through this interface
|
interface <ethx|usbnetx> mode wan nat
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<usbnetx> |
Enter the name of the wireless USB modem interface, where x = 0
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
wan |
Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
|
nat |
Enable NAT (network address translation) on the interface to translate the source IP address and port number in from-access packets to the IP address of the Ethernet/USB network interface and a randomly chosen port number (Default: Enabled)
|
interface <ethx|usbnetx> mode wan priority <number>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<usbnetx> |
Enter the name of the wireless USB modem interface, where x = 0
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
wan |
Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
|
priority |
Set wan priority for the interface
|
<number> |
Enter the priority, where a smaller number means a higher priority (Default: eth0 - 1 | ethx - x * 10 | usbnet0 - 600 ; Range: 1 - 9999)
|
interface <mgtx> dhcp-probe vlan-range <string> [ timeout <number> ] [ retries <number> ]
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
dhcp-probe |
Probe for DHCP servers in one or more VLANs
|
vlan-range |
Set the range of VLANs in which to probe for a DHCP server
|
<string> |
Enter the VLAN list to probe. The range is from 1 to 4094. Use a hyphen (-) to separate the beginning and ending IDs of a range of VLAN IDs; for example, 70-100. Use a comma (,) to separate individual VLAN IDs and ranges of VLAN IDs(at most 5 individuals or ranges); for example, 20,70-100,142
|
timeout |
Set the timeout for waiting for a response to a probe
|
<number> |
Enter the timeout value (Default: 10 secs; Range: 1-60)
|
retries |
Set the number of times to retry sending a probe that does not elicit a response from a DHCP server
|
<number> |
Enter the retry value (Default: 1; Range: 1-10)
|
interface <mgtx|ethx> dhcp client option custom radius-server-ip accounting <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
radius-server-ip |
Set a custom DHCP option ID for a RADIUS authentication or accounting server
|
accounting |
Set a custom DHCP option ID for a RADIUS accounting server
|
<number> |
Enter the custom DHCP option ID for a RADIUS accounting server (Range: 1-255; Suggested ID numbers: RADIUS accounting = 231)
|
interface <mgtx|ethx> dhcp client option custom {syslog-server-ip|hivemanager-ip|backup-hivemanager-ip} <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
syslog-server-ip |
Set a custom DHCP option ID for a syslog server ip
|
hivemanager-ip |
Set a custom DHCP option ID for HiveManager ip
|
backup-hivemanager-ip |
Set a custom DHCP option ID for Backup HiveManager ip
|
<number> |
Enter the custom DHCP option ID (Range: 1-255; Suggested ID numbers: HiveManager ip = 226; Syslog server ip = 228; Backup Hivemanager ip = 233)
|
interface <mgtx|ethx> dhcp client option custom {syslog-server|hivemanager|backup-hivemanager} <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
syslog-server |
Set a custom DHCP option ID for a syslog server name
|
hivemanager |
Set a custom DHCP option ID for HiveManager name
|
backup-hivemanager |
Set a custom DHCP option ID for Backup HiveManager name
|
<number> |
Enter the custom DHCP option ID (Range: 1-255; Suggested ID numbers : HiveManager name= 225; Syslog server name= 227; Backup HiveManagername=232)
|
interface <mgtx|mgtx.y> dhcp-server ip-binding <ip_addr> <mac_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
ip-binding |
Set binding parameters between the IP address and MAC address of a client
|
<ip_addr> |
Enter the IP address in the static lease
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
interface <mgtx|mgtx.y> dhcp-server options custom <number> hex <string>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
custom |
Set a custom DHCP option
|
<number> |
Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Number 43 is reserved for Vendor specific; Numbers 225 and 226 are reserved for HiveManager.)
|
hex |
Set the custom option data type as a hexadecimal digit
|
<string> |
Enter the hexadecimal digit (1-254 chars; Note: For option 46, which sets the NetBIOS over TCP/IP node type, the string must be 1, 2, 4, or 8.)
|
interface <mgtx|mgtx.y> dhcp-server options custom <number> integer <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
custom |
Set a custom DHCP option
|
<number> |
Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Number 43 is reserved for Vendor specific; Numbers 225 and 226 are reserved for HiveManager.)
|
integer |
Set the custom option data type as an integer
|
<number> |
Enter the integer (Range: 0-2147483647)
|
interface <mgtx|mgtx.y> dhcp-server options custom <number> string <string>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
custom |
Set a custom DHCP option
|
<number> |
Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Number 43 is reserved for Vendor specific; Numbers 225 and 226 are reserved for HiveManager.)
|
string |
Set the custom option data type as a string
|
<string> |
Enter the string (1-255 chars)
|
interface <mgtx|mgtx.y> dhcp-server options vendor-specific VCI <string> <number> hex <string>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
vendor-specific |
Set the vendor-specific parameter
|
VCI |
Set vendor class identifier
|
<string> |
Enter the VCI name (1-32 chars)(Note: VCI of aerohive is AEROHIVE)
|
<number> |
Enter the DHCP vendor-specific sub-option ID(Ranges: 1-255; Suggested ID numbers and types: HiveManager: 225 string, 226 IP; syslog: 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231 IP; Backup HiveManager: 232 string, 233 IP)
|
hex |
Set the custom option data type as a hexadecimal digit
|
<string> |
Enter the hexadecimal digit (1-256 chars; Note: For option 46, which sets the NetBIOS over TCP/IP node type, the string must be 1, 2, 4, or 8.)
|
interface <mgtx|mgtx.y> dhcp-server options vendor-specific VCI <string> <number> integer <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
vendor-specific |
Set the vendor-specific parameter
|
VCI |
Set vendor class identifier
|
<string> |
Enter the VCI name (1-32 chars)(Note: VCI of aerohive is AEROHIVE)
|
<number> |
Enter the DHCP vendor-specific sub-option ID(Ranges: 1-255; Suggested ID numbers and types: HiveManager: 225 string, 226 IP; syslog: 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231 IP; Backup HiveManager: 232 string, 233 IP)
|
integer |
Set the custom option data type as an integer
|
<number> |
Enter the integer (Range: 0-2147483647)
|
interface <mgtx|mgtx.y> dhcp-server options vendor-specific VCI <string> <number> ip <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
vendor-specific |
Set the vendor-specific parameter
|
VCI |
Set vendor class identifier
|
<string> |
Enter the VCI name (1-32 chars)(Note: VCI of aerohive is AEROHIVE)
|
<number> |
Enter the DHCP vendor-specific sub-option ID(Ranges: 1-255; Suggested ID numbers and types: HiveManager: 225 string, 226 IP; syslog: 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231 IP; Backup HiveManager: 232 string, 233 IP)
|
ip |
Set the custom option data type as an IP address
|
<ip_addr> |
Enter the IP address
|
interface <mgtx|mgtx.y> dhcp-server options vendor-specific VCI <string> <number> string <string>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
vendor-specific |
Set the vendor-specific parameter
|
VCI |
Set vendor class identifier
|
<string> |
Enter the VCI name (1-32 chars)(Note: VCI of aerohive is AEROHIVE)
|
<number> |
Enter the DHCP vendor-specific sub-option ID(Ranges: 1-255; Suggested ID numbers and types: HiveManager: 225 string, 226 IP; syslog: 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231 IP; Backup HiveManager: 232 string, 233 IP)
|
string |
Set the vendor-specific sub-option data type as a string
|
<string> |
Enter the string (1-253 chars)
|
interface <mgtx|mgtx.y> dhcp-server options {dns1|dns2|dns3} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
dns1 |
Set the IP address of the primary DNS (Domain Name System) server that you want DHCP clients to use
|
dns2 |
Set the IP address of the secondary DNS server
|
dns3 |
Set the IP address of the tertiary DNS server
|
<ip_addr> |
Enter the IP address (Note: The DNS server IP address cannot be the same as that of the interface.)
|
interface <mgtx|mgtx.y> dhcp-server options {logsrv|pop3|smtp} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
logsrv |
Set the IP address of the log server that is available for DHCP clients
|
pop3 |
Set the IP address of the POP3 (Post Office Protocol v3) server that you want DHCP clients to use
|
smtp |
Set the IP address of the SMTP (Simple Mail Transfer Protocol) server that you want DHCP clients to use
|
<ip_addr> |
Enter the IP address
|
interface <mgtx|mgtx.y> dns-server ext-resolve {dns1|dns2|dns3} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dns-server |
Set DNS server parameters
|
ext-resolve |
Set the external DNS servers used to resolve all domain names not specified for resolution by internal DNS servers
|
dns1 |
Set the IP address of the primary external DNS server
|
dns2 |
Set the IP address of the secondary external DNS server
|
dns3 |
Set the IP address of the tertiary external DNS server dns3
|
<ip_addr> |
Enter the IP address of the external DNS server
|
interface <mgtx|mgtx.y> dns-server int-resolve {dns1|dns2|dns3} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dns-server |
Set DNS server parameters
|
int-resolve |
Set the DNS servers on the internal network used to resolve domain names in the match list
|
dns1 |
Set the IP address of the primary internal DNS server
|
dns2 |
Set the IP address of the secondary internal DNS server
|
dns3 |
Set the IP address of the tertiary internal DNS server dns3
|
<ip_addr> |
Enter the IP address of the internal DNS server
|
interface <wifix> mode wan-client priority <number>
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
mode |
Set the operational mode for the interface
|
wan-client |
Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
|
priority |
Set the priority of the interface to determine when to use it when there are multiple WAN interfaces (Note:Multiple WAN interfaces can include Ethernet, Wi-Fi,and wireless USB modem interfaces.)
|
<number> |
Enter the priority number (Range: 1-9999; Defaults: eth0 = 1, ethx = x * 10, wifix = 500, usb0 = 600; Note:A number closer to 1 has a higher priority.)
|
interface <wifix> mode {access|backhaul|dual|wan-client|sensor}
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
mode |
Set the operational mode for the interface
|
access |
Set the operational mode of the interface to access (Default: access (wifi0), dual (wifi1))
|
backhaul |
Set the operational mode of the interface to backhaul (Default: access (wifi0), dual (wifi1))
|
dual |
Set the operational mode of the interface to dual so that it can provide both access and backhaul services (Default: access (wifi0), dual (wifi1))
|
wan-client |
Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
|
sensor |
Set the operational mode of the interface to sensor (Default: access (wifi0), dual (wifi1))
|
interface <wifix> radio antenna type {omni|directional|sector-120|other}
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
radio |
Set parameters for the wifi radio interface
|
antenna |
Set the antenna parameters for the interface
|
type |
Set the type of antennas that the AP will use (Default: Omni)
|
omni |
Set the antenna type to be Aerohive-certified omnidirectional for point-to-multipoint wireless links
|
directional |
Set the antenna type to be Aerohive-certified directional for point-to-point wireless links (supported on the 5 GHz band only)
|
sector-120 |
Set the antenna type to be Aerohive-certified 120-degree sectoral for point-to-multipoint wireless links
|
other |
Set the antenna type to be any other antenna that is not certified by Aerohive
|
interface <wifix> radio rx-sop {low|medium|high}
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
radio |
Set parameters for the wifi radio interface
|
rx-sop |
Enable and set the receiver start-of-packet-detection threshold (Range: -90 to -50, low, medium, high; Default: Disabled; Note: When rx-sop is disabled, the radio reverts to its default sensitivity.)
|
low |
Low density (Note: The low-density settings sets the rx-sop value to -85 dBm on the 2.4 GHz band, and to -80 dBm on the 5 GHz band.)
|
medium |
Medium density (Note: The medium-density settings sets the rx-sop value to -82 dBm on the 2.4 GHz band, and to -78 dBm on the 5 GHz band.)
|
high |
High density (Note: The high-density settings sets the rx-sop value to -79 dBm on the 2.4 GHz band, and to -76 dBm on the 5 GHz band.)
|
ip nat-policy <string> type virtual-host inside-host <ip_addr> inside-port <port> outside-port <port> protocol {tcp|udp}
|
ip |
Set IP parameters
|
nat-policy |
Set IP nat policy parameters
|
<string> |
Enter IP nat policy name (1-32 chars)
|
type |
Set the IP nat policy type
|
virtual-host |
Set the IP nat policy type virtual-host
|
inside-host |
Set the virtual-host inside host
|
<ip_addr> |
Enter the IP address for the virtual-host inside host
|
inside-port |
Set the virtual-host inside port
|
<port> |
[1~65535]Enter the port number
|
outside-port |
Set the virtual-host outside port
|
<port> |
[1~65535]Enter the port number
|
protocol |
Set the virtual-host service protocol
|
tcp |
Choose tcp protocol for virtual host
|
udp |
Choose udp protocol for virtual host
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|ipv6_addr|string_64> [ <mask|number> ] ] [ to <ip_addr|ipv6_addr|string_64> [ <mask|number> ] ] [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop|redirect} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<ipv6_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<string> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<mask> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
<number> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<ipv6_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<string> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<mask> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
<number> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
nat |
Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
|
inter-station-traffic-drop |
Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
|
redirect |
redirect http traffic to specified url(Default: deny)
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|ipv6_addr|string_64> [ <mask|number> ] ] [ to <ip_addr|ipv6_addr|string_64> [ <mask|number> ] ] [ service <string> ] action deny log packet-drop
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<ipv6_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<string> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<mask> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
<number> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<ipv6_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<string> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<mask> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
<number> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
log |
Set logging options for packets and sessions that match the IP firewall policy
|
packet-drop |
Log dropped packets that the IP firewall policy denies
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|ipv6_addr|string_64> [ <mask|number> ] ] [ to <ip_addr|ipv6_addr|string_64> [ <mask|number> ] ] [ service <string> ] action inter-station-traffic-drop log [ {initiate-session|terminate-session|packet-drop} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<ipv6_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<string> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<mask> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
<number> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<ipv6_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<string> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<mask> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
<number> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
inter-station-traffic-drop |
Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
|
log |
Set logging options for packets and sessions that match IP FW policy
|
initiate-session |
Log the creation of sessions that are permitted by the policy
|
terminate-session |
Log the termination of sessions that are permitted by the policy
|
packet-drop |
Log dropped packets that are denied by the policy
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|ipv6_addr|string_64> [ <mask|number> ] ] [ to <ip_addr|ipv6_addr|string_64> [ <mask|number> ] ] [ service <string> ] action permit log [ {initiate-session|terminate-session} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<ipv6_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<string> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<mask> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
<number> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<ipv6_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<string> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<mask> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
<number> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
log |
Set logging options for packets and sessions that match the IP firewall policy
|
initiate-session |
Log session details when a session is created after passing a IP firewall policy lookup
|
terminate-session |
Log session details when a session matching a IP firewall policy is terminated
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|ipv6_addr|string_64> [ <mask|number> ] ] to {local-subnet|local-subnet-ipv6} [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop|redirect} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<ipv6_addr> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<string> |
Enter an IPv4 address, or an IPv6 address, or a domain name (1-64 chars)
|
<mask> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
<number> |
For IPv4, enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets). For IPv6, enter a prefix length number (an integer between 0 and 128)
|
to |
Set the destination IP (Default: any)
|
local-subnet |
Set the IPv4 subnet of the mgt0 interface as the destination
|
local-subnet-ipv6 |
Set the IPv6 subnet of the mgt0 interface as the destination
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
nat |
Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
|
inter-station-traffic-drop |
Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
|
redirect |
redirect http traffic to specified url(Default: deny)
|
iperf client <ip_addr> [ {port} <number> ] [ {udp} ] [ {interval} <number> ] [ {no-delay} ] [ {dual-test} ] [ {tradeoff} ] [ {listen-port} <number> ] [ {window} <number> ] [ {mss} <number> ] [ {bandwidth} <number> ] [ {time} <number> ] [ {parallel} <number> ]
|
iperf |
Set parameters for Iperf, a tool for testing and measuring network performance
|
client |
Set Iperf to run in client mode
|
<ip_addr> |
Enter the server IP address with which the HiveAP connects as an Iperf client
|
port |
Set the port on which the client connects to the server
|
<number> |
Enter the port number (Range: 1024-65535; Default: 5001)
|
udp |
Set the transport protocol as UDP (Default: TCP)
|
interval |
Set the interval between periodic bandwidth, jitter, and loss reports
|
<number> |
Enter the interval in seconds (Range: 1-60; Default: 0, which means that the report is not made periodically)
|
no-delay |
Transmit small logical packets individually without the delay incurred by putting them in batches within a single larger physical packet (Default: Smaller packets are transmitted without delay)
|
dual-test |
Set the Iperf tool to do bidirectional upstream and downstream performance testing between the client and server concurrently
|
tradeoff |
Set the Iperf tool to do bidirectional upstream and downstream performance testing at different times so downstream testing only begins after upstream testing is complete
|
listen-port |
Set the port on which the server connects to the client
|
<number> |
Enter the port number (Range: 1024-65535; Default: The same port on which the client connects to the server)
|
window |
Set the TCP window size (socket buffer size)
|
<number> |
Enter the TCP window size in kilobytes (Range: 2-65535; Default: 83.5)
|
mss |
Set the maximum TCP segment size (MTU: 40 bytes)
|
<number> |
Enter the maximum TCP segment size in bytes (Range: 40-65535; Default: 4160)
|
bandwidth |
Set the amount of UDP bandwidth to send
|
<number> |
Enter the bandwidth in megabits per second (Range: 1-1000; Default: 1)
|
time |
Set the length of transmission time
|
<number> |
Enter the time in seconds (Range: 1-65535; Default: 10)
|
parallel |
Set the client to make multiple connections to the server concurrently (Note: This option requires multiple thread support on both the client and server.)
|
<number> |
Enter the number of parallel client threads to run (Range: 1-10; Default: 1)
|
iperf server [ {port} <number> ] [ {udp} ] [ {single-udp} ] [ {interval} <number> ] [ {no-delay} ] [ {window} <number> ] [ {mss} <number> ] [ {bind} <ip_addr> ]
|
iperf |
Set parameters for Iperf, a tool for testing and measuring network performance
|
server |
Set Iperf to run in server mode
|
port |
Set the port on which the server listen on
|
<number> |
Enter the port number (Range: 1024-65535; Default: 5001)
|
udp |
Set the transport protocol as UDP (Default: TCP)
|
single-udp |
Set the Iperf tool to run in single-threaded UDP mode
|
interval |
Set the interval between periodic bandwidth, jitter, and loss reports
|
<number> |
Enter the interval in seconds (Range: 1-60; Default: 0, which means that the report is not made periodically)
|
no-delay |
Transmit small logical packets individually without the delay incurred by putting them in batches within a single larger physical packet (Default: Smaller packets are transmitted without delay)
|
window |
Set the TCP window size (socket buffer size)
|
<number> |
Enter the TCP window size in kilobytes (Range: 2-65535; Default: 83.5)
|
mss |
Set the maximum TCP segment size (MTU: 40 bytes)
|
<number> |
Enter the maximum TCP segment size in bytes (Range: 40-65535; Default: 4160)
|
bind |
Bind and join the HiveAP to a multicast group
|
<ip_addr> |
Enter the IP address of the multicast group (Range: 224.0.0.0-239.255.255.255)
|
library-sip-policy <string> default user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
|
library-sip-policy |
Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
|
<string> |
Enter a library SIP policy name (1-32 chars)
|
default |
Set the default rule to apply to unregistered library patrons
|
user-group |
Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
|
<string> |
Enter the user group name (1-32 chars)
|
action |
Set the action that the library SIP policy rule applies
|
permit |
Notify users assigned to the user group that they are permitted network access
|
restricted |
Notify users assigned to the user group that they are given restricted network access
|
deny |
Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
|
additional-display-message |
Set a message to display when a user attempts to access the network
|
<string> |
Enter a message string (up to 256 chars)
|
library-sip-policy <string> id <number> field <string> {equal|greater-than|less-than} <number> user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
|
library-sip-policy |
Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
|
<string> |
Enter a library SIP policy name (1-32 chars)
|
id |
Set an ID number for a rule to add it to the library SIP policy
|
<number> |
Enter an ID number (Range: 1-64)
|
field |
Set the two-letter character code that identifies the field name of a specific library SIP value
|
<string> |
Enter the two-letter character code(2 char)
|
equal |
Check if the field value that the SIP server returns equals the number entered in the local AP RADIUS server
|
greater-than |
Check if the field value that the SIP server returns is greater than the number entered in the local AP RADIUS server
|
less-than |
Check if the field value that the SIP server returns is less than the number entered in the local AP RADIUS server
|
<number> |
Enter the number that the AP RADIUS server uses when checking the field values that the SIP server returns (Range: 0-65535)
|
user-group |
Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
|
<string> |
Enter the user group name (1-32 chars)
|
action |
Set the action that the library SIP policy rule applies
|
permit |
Notify users assigned to the user group that they are permitted network access
|
restricted |
Notify users assigned to the user group that they are given restricted network access
|
deny |
Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
|
additional-display-message |
Set a message to display when a user attempts to access the network
|
<string> |
Enter a message string (up to 256 chars)
|
library-sip-policy <string> id <number> field <string> {matches|differs-from|starts-with|occurs-after|occurs-before|contains} <string> user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
|
library-sip-policy |
Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
|
<string> |
Enter a library SIP policy name (1-32 chars)
|
id |
Set an ID number for a rule to add it to the library SIP policy
|
<number> |
Enter an ID number (Range: 1-64)
|
field |
Set the two-letter character code that identifies the field name of a specific library SIP value
|
<string> |
Enter the two-letter character code(2 char)
|
matches |
Check if the field value that the SIP server returns matches the string entered in the local AP RADIUS server
|
differs-from |
Check if the field value that the SIP server returns differs-from the string entered in the local AP RADIUS server
|
starts-with |
Check if the field value that the SIP server returns starts-with the string entered in the local AP RADIUS server
|
occurs-after |
Check if the field value that the SIP server returns occurs-after the string entered in the local AP RADIUS server
|
occurs-before |
Check if the field value that the SIP server returns occurs-before the string entered in the local AP RADIUS server
|
contains |
Check if the field value that the SIP server returns contains the string entered in the local AP RADIUS server
|
<string> |
Enter the string that the AP RADIUS server uses when checking the field values that the SIP server returns (1-32 chars; Note: Date format must be YYYY-MM-DD; Example: 2010-01-01.)
|
user-group |
Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
|
<string> |
Enter the user group name (1-32 chars)
|
action |
Set the action that the library SIP policy rule applies
|
permit |
Notify users assigned to the user group that they are permitted network access
|
restricted |
Notify users assigned to the user group that they are given restricted network access
|
deny |
Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
|
additional-display-message |
Set a message to display when a user attempts to access the network
|
<string> |
Enter a message string (up to 256 chars)
|
library-sip-policy <string> id <number> {after|before} id <number>
|
library-sip-policy |
Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
|
<string> |
Enter a library SIP policy name (1-32 chars)
|
id |
Set an ID number for a rule to add it to the library SIP policy
|
<number> |
Enter an ID number (Range: 1-64)
|
after |
Move the library SIP rule after another rule in the policy
|
before |
Move the library SIP rule before another rule in the policy
|
id |
Set an ID number for a rule to add it to the library SIP policy
|
<number> |
Enter an ID number (Range: 1-64)
|
logging buffered level {emergency|alert|critical|error|warning|notification|info|debug}
|
logging |
Set logging parameters
|
buffered |
Set logging buffer
|
level |
Set logging level
|
emergency |
Send emergency-level log entries (Default: debug)
|
alert |
Send log entries from alert to emergency levels (Default: debug)
|
critical |
Send log entries from critical to emergency levels (Default: debug)
|
error |
Send log entries from error to emergency levels (Default: debug)
|
warning |
Send log entries from warning to emergency levels (Default: debug)
|
notification |
Send log entries from notification to emergency levels (Default: debug)
|
info |
Send log entries from info to emergency levels (Default: debug)
|
debug |
Send log entries for all severity levels (Default: debug)
|
logging facility {local0|local1|local2|local3|local4|local5|local6|local7|auth|authpriv|security|user}
|
logging |
Set logging parameters
|
facility |
Set logging facility
|
local0 |
Set log facility to local0 (Default: local6)
|
local1 |
Set log facility to local1 (Default: local6)
|
local2 |
Set log facility to local2 (Default: local6)
|
local3 |
Set log facility to local3 (Default: local6)
|
local4 |
Set log facility to local4 (Default: local6)
|
local5 |
Set log facility to local5 (Default: local6)
|
local6 |
Set log facility to local6 (Default: local6)
|
local7 |
Set log facility to local7 (Default: local6)
|
auth |
Set log facility to auth (Default: local6)
|
authpriv |
Set log facility to authpriv (Default: local6)
|
security |
Set log facility to security (Default: local6)
|
user |
Set log facility to user (Default: local6)
|
logging flash level {emergency|alert|critical|error|warning|notification|info|debug}
|
logging |
Set logging parameters
|
flash |
Set logging flash
|
level |
Set logging level
|
emergency |
Send emergency-level log entries (Default: error)
|
alert |
Send log entries from alert to emergency levels (Default: error)
|
critical |
Send log entries from critical to emergency levels (Default: error)
|
error |
Send log entries from error to emergency levels (Default: error)
|
warning |
Send log entries from warning to emergency levels (Default: error)
|
notification |
Send log entries from notification to emergency levels (Default: error)
|
info |
Send log entries from info to emergency levels (Default: error)
|
debug |
Send log entries for all severity levels (Default: error)
|
logging group {wifi|vpn|qos|aaa|security|devmgmt|system|switching|routing|application|misc|l2routing} level {emergency|alert|critical|error|warning|notification|info|debug}
|
logging |
Set logging parameters
|
group |
Set a group for log entries of a similar type
|
wifi |
Set a group for log entries about wireless matters
|
vpn |
Set a group for log entries about VPNs
|
qos |
Set a group for log entries about QoS (Quality of Service)
|
aaa |
Set a group for AAA (Authentication, Authorization, and Accounting) log entries
|
security |
Set a group for security-related log entries
|
devmgmt |
Set a group for log entries about device management
|
system |
Set a group for system-specific log entries
|
switching |
Set a group for log entries related to switching
|
routing |
Set a group for log entries related to routing
|
application |
Set a group for application-specific log entries
|
misc |
Set a group for miscellaneous log entries that do not belong to any of the other groups
|
l2routing |
Set a group for log entries about ARMP and Layer 2 routing
|
level |
Set logging group min level (Default: debug)
|
emergency |
Send emergency-level log entries
|
alert |
Send log entries from alert to emergency levels
|
critical |
Send log entries from critical to emergency levels
|
error |
Send log entries from error to emergency levels
|
warning |
Send log entries from warning to emergency levels
|
notification |
Send log entries from notification to emergency levels
|
info |
Send log entries from info to emergency levels
|
debug |
Send log entries for all severity levels
|
logging server <string> [ level {emergency|alert|critical|error|warning|notification|info|debug} ] [ {via-vpn-tunnel} ]
|
logging |
Set logging parameters
|
server |
Set parameters for a syslog server
|
<string> |
Set the IP address or domain name (1-64 chars) for the syslog server
|
level |
Set the severity level for the log messages you want to send
|
emergency |
Send emergency-level log entries
|
alert |
Send log entries from alert to emergency levels
|
critical |
Send log entries from critical to emergency levels
|
error |
Send log entries from error to emergency levels
|
warning |
Send log entries from warning to emergency levels
|
notification |
Send log entries from notification to emergency levels
|
info |
Send log entries from info to emergency levels
|
debug |
Send log entries for all severity levels
|
via-vpn-tunnel |
Send all logging traffic through a VPN tunnel (Note: Set this option on VPN clients when the logging server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
logging trap all [ {emerg|alert|crit|err|warning|notice|info} ]
|
logging |
Set logging parameters
|
trap |
Set logging trap parameters
|
all |
Set logging trap level for all trap categorys
|
emerg |
Set logging SNMP trap level to emerg (Default: info)
|
alert |
Set logging SNMP trap level to alert (Default: info)
|
crit |
Set logging SNMP trap level to crit (Default: info)
|
err |
Set logging SNMP trap level to err (Default: info)
|
warning |
Set logging SNMP trap level to warning (Default: info)
|
notice |
Set logging SNMP trap level to notice (Default: info)
|
info |
Set logging SNMP trap level to info (Default: info)
|
logging trap white-list category {failure|threshold|statechange|connectionchange|idp|powerinfo|channelpower|mitigate|clientinfo|interferencealert|bwsentinel|alarmalert} [ {emerg|alert|crit|err|warning|notice|info} ]
|
logging |
Set logging parameters
|
trap |
Set logging trap parameters
|
white-list |
Set logging trap white list
|
category |
Set logging trap white list for trap category
|
failure |
Enable the trap category failure send to SNMP server
|
threshold |
Enable the trap category threshold send to SNMP server
|
statechange |
Enable the trap category statechange send to SNMP server
|
connectionchange |
Enable the trap category connectionchange send to SNMP server
|
idp |
Enable the trap category idp send to SNMP server
|
powerinfo |
Enable the trap category powerinfo send to SNMP server
|
channelpower |
Enable the trap category channelpower send to SNMP server
|
mitigate |
Enable the trap category mitigate send to SNMP server
|
clientinfo |
Enable the trap category clientinfo send to SNMP server
|
interferencealert |
Enable the trap category interferencealert send to SNMP server
|
bwsentinel |
Enable the trap category bwsentinel send to SNMP server
|
alarmalert |
Enable the trap category alarmalert send to SNMP server
|
emerg |
Set category trap level to emerg (Default: info)
|
alert |
Set category trap level to alert (Default: info)
|
crit |
Set category trap level to crit (Default: info)
|
err |
Set category trap level to err (Default: info)
|
warning |
Set category trap level to warning (Default: info)
|
notice |
Set category trap level to notice (Default: info)
|
info |
Set category trap level to info (Default: info)
|
mac-object <string> mac-range <mac_addr> - <mac_addr>
|
mac-object |
Set parameters for an MAC object that the HiveAP can use to assign a client with a matching MAC address to a user profile (Max: 128 MAC objects per HiveAP.)
|
<string> |
Enter the MAC object name (1-32 chars)
|
mac-range |
Set a range of MAC addresses for the MAC object (Max: 255 MAC address ranges per MAC object)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
- |
Set a range of MAC addresses
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] [ action {permit|deny} ]
|
mac-policy |
Set MAC policy parameters
|
<string> |
Enter a MAC policy name (1-32 chars)
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
before |
Set the before parameters for a MAC policy
|
after |
Set the after parameters for a MAC policy
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
from |
Set the source MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
to |
Set the destination MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
action |
Set action for a MAC policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action deny log packet-drop
|
mac-policy |
Set MAC policy parameters
|
<string> |
Enter a MAC policy name (1-32 chars)
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
before |
Set the before parameters for a MAC policy
|
after |
Set the after parameters for a MAC policy
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
from |
Set the source MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
to |
Set the destination MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
action |
Set action for a MAC policy (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
log |
Set logging options for packets and sessions that match the MAC firewall policy
|
packet-drop |
Log dropped packets that the MAC firewall policy denies
|
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action permit log [ {initiate-session|terminate-session} ]
|
mac-policy |
Set MAC policy parameters
|
<string> |
Enter a MAC policy name (1-32 chars)
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
before |
Set the before parameters for a MAC policy
|
after |
Set the after parameters for a MAC policy
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
from |
Set the source MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
to |
Set the destination MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
action |
Set action for a MAC policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
log |
Set logging options for packets and sessions that match the MAC firewall policy
|
initiate-session |
Log session details when a session is created after passing a MAC firewall policy lookup
|
terminate-session |
Log session details when a session matching a MAC firewall policy is terminated
|
mdm-object <string> [ enroll-status {enrolled|non-enrolled|unknown} ] [ compliance-status {compliant|non-compliant|unknown} ] [ client-tag <string> ]
|
mdm-object |
Set the MDM (mobile device management) object
|
<string> |
Enter an MDM object name (1-32 chars)
|
enroll-status |
Set the enrollment status of the managed mobile device
|
enrolled |
Set the MDM enrollment status of the device as enrolled
|
non-enrolled |
Set the MDM enrollment status of the device as non-enrolled
|
unknown |
Set the MDM enrollment status of the device as unknown
|
compliance-status |
Set a compliance status
|
compliant |
Set the compliance status as compliant
|
non-compliant |
Set the compliance status as non-compliant
|
unknown |
Set the compliance status as unknown
|
client-tag |
Set an MDM client tag name to indicate the ownership of the managed mobile device (Note: BYOD and CID are common ownership tags that describe bring-your-own-device and corporate-issues-device situations.)
|
<string> |
Enter a tag name (1-32 chars)
|
mobile-device-policy <string> [ rule <number> ] [ original-user-profile <string> ] device-group <string> reassigned-user-profile-attr <number>
|
mobile-device-policy |
Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
|
<string> |
Enter the mobile device policy name (1-32 chars)
|
rule |
Add a rule to the mobile device policy
|
<number> |
Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the HiveAP automatically assigns one.)
|
original-user-profile |
Specify the user profile that the HiveAP first assigns to traffic before it completes the device classification process
|
<string> |
Enter the original user profile (1-32 chars)
|
device-group |
Set the device group that the policy rule references to classify the type of client device in use
|
<string> |
Enter a device group name (1-32 chars)
|
reassigned-user-profile-attr |
Reassign the client to a different user profile if it belongs to the specified device group or was initially assigned to the specified original user profile
|
<number> |
Enter the attribute of the user profile to assign in place of the originally assigned one (Range: 0-4095)
|
mobile-device-policy <string> rule <number> {before|after} rule <number>
|
mobile-device-policy |
Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
|
<string> |
Enter the mobile device policy name (1-32 chars)
|
rule |
Add a rule to the mobile device policy
|
<number> |
Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the HiveAP automatically assigns one.)
|
before |
Move the mobile device policy rule before another rule in the policy
|
after |
Move the mobile device policy rule after another rule in the policy
|
rule |
Set a rule before or after another rule in the mobile device policy
|
<number> |
Enter a rule ID number (Range: 1-65535)
|
mobility-policy <string> dnxp unroam-threshold <number> <number>
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
dnxp |
Set DNXP (Dynamic Network eXtension Protocol) mobility policy settings (Default: predictive roaming support among neighboring hive members)
|
unroam-threshold |
Set the minimum traffic level required to continue tunneling traffic back to the original subnet of a L3 roaming client. (Note: If the volume of client traffic dips below the threshold, it is disassociated.)
|
<number> |
Enter the minimum number of packets/minute to and from the client required to continue tunneling its traffic back to its original subnet (Default: 0; Range: 0-2147483647; Note: The value "0" disables the unroaming feature.)
|
<number> |
Enter the interval in seconds for polling traffic statistics (Default: 60 seconds; Range: 10-600)
|
mobility-policy <string> inxp gre-tunnel from ipv6 <ipv6_addr/mask> password <string>
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
inxp |
Set INXP (Identity Network eXtension Protocol) mobility policy settings
|
gre-tunnel |
Set the INXP gre-tunnel parameters
|
from |
Set the INXP gre-tunnel source parameters
|
ipv6 |
Set the INXP gre-tunnel IPv6 source parameters
|
<ipv6_addr/mask> |
Enter subnet for INXP gre-tunnel source
|
password |
Set password for INXP gre-tunnel
|
<string> |
Enter password for INXP gre-tunnel (1-64 chars)
|
mobility-policy <string> inxp gre-tunnel to <ip_addr> <ip_addr> password <string>
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
inxp |
Set INXP (Identity Network eXtension Protocol) mobility policy settings
|
gre-tunnel |
Set the INXP gre-tunnel parameters
|
to |
Set the INXP gre-tunnel destination parameters
|
<ip_addr> |
Enter start IP address for INXP gre-tunnel destination
|
<ip_addr> |
Enter end IP address for INXP gre-tunnel destination
|
password |
Set password for INXP gre-tunnel
|
<string> |
Enter password for INXP gre-tunnel (1-64 chars)
|
mobility-policy <string> inxp gre-tunnel to ipv6 <ipv6_addr> <ipv6_addr> password <string>
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
inxp |
Set INXP (Identity Network eXtension Protocol) mobility policy settings
|
gre-tunnel |
Set the INXP gre-tunnel parameters
|
to |
Set the INXP gre-tunnel destination parameters
|
ipv6 |
Set the INXP gre-tunnel IPv6 destination parameters
|
<ipv6_addr> |
Enter start IPv6 address for INXP gre-tunnel destination
|
<ipv6_addr> |
Enter end IPv6 address for INXP gre-tunnel destination
|
password |
Set password for INXP gre-tunnel
|
<string> |
Enter password for INXP gre-tunnel (1-64 chars)
|
mobility-policy <string> inxp gre-tunnel to ipv6 <ipv6_addr> password <string>
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
inxp |
Set INXP (Identity Network eXtension Protocol) mobility policy settings
|
gre-tunnel |
Set the INXP gre-tunnel parameters
|
to |
Set the INXP gre-tunnel destination parameters
|
ipv6 |
Set the INXP gre-tunnel IPv6 destination parameters
|
<ipv6_addr> |
Enter start IPv6 address for INXP gre-tunnel destination
|
password |
Set password for INXP gre-tunnel
|
<string> |
Enter password for INXP gre-tunnel (1-64 chars)
|
network-firewall name <string> [ from {any|vpn} ] [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
any |
Apply the rule regardless of the traffic source
|
vpn |
Apply the rule if the traffic comes from a VPN tunnel
|
to |
Apply the rule based on the traffic destination (Default: any)
|
any |
Apply the rule regardless of the traffic destination
|
vpn |
Apply the rule if the traffic destination is a VPN tunnel
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> [ from {any|vpn} ] to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
any |
Apply the rule regardless of the traffic source
|
vpn |
Apply the rule if the traffic comes from a VPN tunnel
|
to |
Apply the rule based on the traffic destination (Default: any)
|
hostname |
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
|
<string> |
Enter a host or domain name (1-32 chars)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> [ from {any|vpn} ] to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
any |
Apply the rule regardless of the traffic source
|
vpn |
Apply the rule if the traffic comes from a VPN tunnel
|
to |
Apply the rule based on the traffic destination (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic destination
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> [ from {any|vpn} ] to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
any |
Apply the rule regardless of the traffic source
|
vpn |
Apply the rule if the traffic comes from a VPN tunnel
|
to |
Apply the rule based on the traffic destination (Default: any)
|
network |
Set a network as the traffic destination
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> [ from {any|vpn} ] to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
any |
Apply the rule regardless of the traffic source
|
vpn |
Apply the rule if the traffic comes from a VPN tunnel
|
to |
Apply the rule based on the traffic destination (Default: any)
|
wildcard |
Set the destination address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from ip-range <ip_addr> <ip_addr> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic source
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
to |
Apply the rule based on the traffic destination (Default: any)
|
any |
Apply the rule regardless of the traffic destination
|
vpn |
Apply the rule if the traffic destination is a VPN tunnel
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic source
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
to |
Apply the rule based on the traffic destination (Default: any)
|
hostname |
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
|
<string> |
Enter a host or domain name (1-32 chars)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic source
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
to |
Apply the rule based on the traffic destination (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic destination
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic source
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
to |
Apply the rule based on the traffic destination (Default: any)
|
network |
Set a network as the traffic destination
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic source
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
to |
Apply the rule based on the traffic destination (Default: any)
|
wildcard |
Set the destination address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from network <ip_addr> <mask> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
network |
Set a network as the traffic source
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
to |
Apply the rule based on the traffic destination (Default: any)
|
any |
Apply the rule regardless of the traffic destination
|
vpn |
Apply the rule if the traffic destination is a VPN tunnel
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from network <ip_addr> <mask> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
network |
Set a network as the traffic source
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
to |
Apply the rule based on the traffic destination (Default: any)
|
hostname |
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
|
<string> |
Enter a host or domain name (1-32 chars)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from network <ip_addr> <mask> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
network |
Set a network as the traffic source
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
to |
Apply the rule based on the traffic destination (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic destination
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from network <ip_addr> <mask> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
network |
Set a network as the traffic source
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
to |
Apply the rule based on the traffic destination (Default: any)
|
network |
Set a network as the traffic destination
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from network <ip_addr> <mask> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
network |
Set a network as the traffic source
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
to |
Apply the rule based on the traffic destination (Default: any)
|
wildcard |
Set the destination address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from user-profile <string> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
user-profile |
Apply the rule if the HiveAP assigns a user profile to the traffic
|
<string> |
Enter the user profile name (1-32 chars)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
any |
Apply the rule regardless of the traffic destination
|
vpn |
Apply the rule if the traffic destination is a VPN tunnel
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from user-profile <string> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
user-profile |
Apply the rule if the HiveAP assigns a user profile to the traffic
|
<string> |
Enter the user profile name (1-32 chars)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
hostname |
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
|
<string> |
Enter a host or domain name (1-32 chars)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from user-profile <string> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
user-profile |
Apply the rule if the HiveAP assigns a user profile to the traffic
|
<string> |
Enter the user profile name (1-32 chars)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic destination
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from user-profile <string> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
user-profile |
Apply the rule if the HiveAP assigns a user profile to the traffic
|
<string> |
Enter the user profile name (1-32 chars)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
network |
Set a network as the traffic destination
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from user-profile <string> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
user-profile |
Apply the rule if the HiveAP assigns a user profile to the traffic
|
<string> |
Enter the user profile name (1-32 chars)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
wildcard |
Set the destination address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from wildcard <ip_addr> <mask> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
wildcard |
Set the source address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
any |
Apply the rule regardless of the traffic destination
|
vpn |
Apply the rule if the traffic destination is a VPN tunnel
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |