aaa attribute Operator-Name namespace-id {TADIG|REALM|E212|ICC}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
attribute |
Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
|
Operator-Name |
Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
|
namespace-id |
Set the namespace ID parameter of the Operator-Name (Default: realm)
|
TADIG |
Set the Namespace-ID parameter to TADIG (Transferred Account Data Interchange Group; Note: TADIG namespaces include a country code and a company code, and are used in cellular telephone networks.)
|
REALM |
Set the Namespace-ID parameter to REALM (Note: Realm namespaces must be globally unique, so administrators commonly use device fully qualified domain name.)
|
E212 |
Set the Namespace-ID parameter to E212 (Note: The E.212 standard is defined in the ITU (International Telecommunication Union) standard. E.212 namespaces include a mobile country code and a mobile network code, and are used in cellular telephone networks.)
|
ICC |
Set the Namespace-ID parameter to ICC (ITU carrier code; Note: ICC namespaces consist of a country code and the carrier code, and are used in cellular telephone networks.)
|
aaa attribute user-profile-attribute vendor-id <number> attribute-id <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
attribute |
Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
|
user-profile-attribute |
Map a RADIUS attribute to the user profile
|
vendor-id |
Set a vendor ID RADIUS attribute
|
<number> |
Enter the vendor ID number (Range: 1-65535; Note: Aerohive recommends a vendor ID of 26928, which identifies Aerohive as the vendor.)
|
attribute-id |
Set an ID for a private RADIUS attribute
|
<number> |
Enter the private RADIUS attribute ID number to be combined with the vendor ID number(Range: 1-255; Note: Aerohive recommends an attribute ID of 6, which corresponds to the user profile attribute.)
|
aaa mac-format style {two-delimiter|five-delimiter|no-delimiter}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
mac-format |
Set the MAC address format to use when sending client MAC addresses to an external authentication server
|
style |
Set the number of delimiters to use when grouping the hexadecimal digits in a MAC address
|
two-delimiter |
Set the number of delimiters in a MAC address as two (Example: 0123.4567.89ab; Default: no-delimiter)
|
five-delimiter |
Set the number of delimiters in a MAC address as five (Example: 01-23-45-67-89-ab; Default: no-delimiter)
|
no-delimiter |
Set the number of delimiters in a MAC address as none (Example: 0123456789ab; Default: no-delimiter)
|
aaa ppsk-server radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ via-vpn-tunnel ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
ppsk-server |
Set parameters for the local HiveAP when it is acting as a private PSK server
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
primary |
Set the RADIUS server that is first queried when authenticating users
|
backup1 |
Set the RADIUS server that is queried if the primary server stops responding
|
backup2 |
Set the RADIUS server that is queried if the backup1 server stops responding
|
backup3 |
Set the RADIUS server that is queried if the backup2 server stops responding
|
<ip_addr> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
<string> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
shared-secret |
Set the shared secret for authenticating communications with a RADIUS server
|
<string> |
Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
|
auth-port |
Set the RADIUS authentication port number
|
<number> |
Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
accounting |
Set parameters for a RADIUS accounting server
|
primary |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets first
|
backup1 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the primary server does not respond
|
backup2 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup1 server does not respond
|
backup3 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup2 server does not respond
|
<ip_addr> |
Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
|
<string> |
Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
|
shared-secret |
Set the shared secret for securing communications with RADIUS accounting servers
|
<string> |
Enter the shared secret (1-64 chars; Note: The RADIUS shared secret is case sensitive and can contain spaces.)
|
acct-port |
Set the RADIUS accounting port number
|
<number> |
Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
aaa radius-server keepalive username <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
keepalive |
Set parameters for periodically checking network connectivity to RADIUS servers
|
username |
Set the user name to submit in Access-Request messages when checking the connectivity to RADIUS authentication servers
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password to submit in Access-Request messages
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
primary |
Set the RADIUS server that is first queried when authenticating users
|
backup1 |
Set the RADIUS server that is queried if the primary server stops responding
|
backup2 |
Set the RADIUS server that is queried if the backup1 server stops responding
|
backup3 |
Set the RADIUS server that is queried if the backup2 server stops responding
|
<ip_addr> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
<string> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
shared-secret |
Set the shared secret for authenticating communications with a RADIUS server
|
<string> |
Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
|
auth-port |
Set the RADIUS authentication port number
|
<number> |
Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
|
acct-port |
Set the RADIUS accounting port number
|
<number> |
Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
access-console security protocol-suite {wpa-aes-psk|wpa-tkip-psk|wpa2-aes-psk|wpa2-tkip-psk|wpa-auto-psk} ascii-key <string>
|
access-console |
Set access console parameters
|
security |
Set the security parameters for the access console
|
protocol-suite |
Set the security protocol suite for the access console
|
wpa-aes-psk |
Set the security protocol suite as wpa-aes-psk
|
wpa-tkip-psk |
Set the security protocol suite as wpa-tkip-psk
|
wpa2-aes-psk |
Set the security protocol suite as wpa2-aes-psk
|
wpa2-tkip-psk |
Set the security protocol suite as wpa2-tkip-psk
|
wpa-auto-psk |
Set the security protocol suite as wpa-auto-psk
|
ascii-key |
Set key type as an ASCII string
|
<string> |
Enter the ASCII key value (8-63 chars)
|
alg {ftp|tftp|sip|dns} qos <number>
|
alg |
Set ALG (Application Level Gateway) parameters
|
ftp |
Set an FTP (File Transfer Protocol) ALG
|
tftp |
Set a TFTP (Trivial File Transfer Protocol) ALG
|
sip |
Set a SIP (Session Initiation Protocol) ALG
|
dns |
Set a DNS (Domain Name System) ALG
|
qos |
Set an Aerohive QoS class for ALG data traffic
|
<number> |
Enter an Aerohive QoS class (Default: 0 for FTP, 0 for TFTP, 6 for SIP, 0 for DNS; Range: 0-7)
|
amrp interface <ethx> priority <number>
|
amrp |
Set AMRP (Advanced Mobility Routing Protocol) parameters
|
interface |
Set AMRP parameters per interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
priority |
Set a priority for the AP to be elected as a DA (designated AP) on the Ethernet link to which the interface connects
|
<number> |
Enter the priority value (Range: 0-255; Default: 0; Note: The greater the number is, the higher its priority, and the more preferred the AP will be during the DA election process. For example, 100 has a higher priority than 50.)
|
amrp neighbor <mac_addr> metric min <number> max <number>
|
amrp |
Set AMRP (Advanced Mobility Routing Protocol) parameters
|
neighbor |
Specify the neighbor to which you want to set AMRP parameters
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
metric |
Set route metric parameters for the backhaul link (Ethernet and wireless) to the neighbor
|
min |
Set the minimum metric value
|
<number> |
Enter the minimum metric value (Default: 67; Range: 8-1200)
|
max |
Set the maximum metric value equal to or greater than the minimum value
|
<number> |
Enter the maximum metric value (Default: 67; Range: 8-1200)
|
capture interface <wifix> [ count <number> ] [ filter <number> ] [ promiscuous ]
|
capture |
Set packet capture parameters
|
interface |
Enable packet capturing on a radio interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0
|
count |
Set the number of frames to capture
|
<number> |
Enter the number of frames to capture (Default: 2000; Range: 1-100000)
|
filter |
Set the packet capture filter
|
<number> |
Enter a filter ID (Range: 1-64)
|
promiscuous |
Enable the wifi interfaces to operate in promiscuous mode during packet capturing (Default: Disabled)
|
capwap client HTTP proxy name <string> port <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
HTTP |
Set HTTP as the application-level protocol using TCP as the transport mode
|
proxy |
Set parameters for the HTTP proxy server
|
name |
Set the HTTP proxy server name
|
<string> |
Enter the IP address or domain name of the HTTP proxy server (1-32 chars)
|
port |
Set the HTTP proxy server port number
|
<number> |
Enter the port number (Range: 1-65535)
|
capwap client HTTP proxy user <string> password <string>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
HTTP |
Set HTTP as the application-level protocol using TCP as the transport mode
|
proxy |
Set parameters for the HTTP proxy server
|
user |
Set the user name for authenticating the HiveAP with the HTTP proxy server
|
<string> |
Enter the authentication user name (1-32 chars)
|
password |
Set the user password for authenticating the HiveAP with the HTTP proxy server
|
<string> |
Enter the password (1-32 chars)
|
capwap client server [ {backup} ] name <string> [ connect-delay <number> ] [ via-vpn-tunnel ]
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
server |
Set parameters for communicating with the CAPWAP server
|
backup |
Set the backup CAPWAP server
|
name |
Set the IP address or domain name of the CAPWAP server
|
<string> |
Enter IP address or name for CAPWAP server (1-32 chars)
|
connect-delay |
Schedule a connection to the specified CAPWAP server at a time relative to the moment the HiveAP receives the command
|
<number> |
Enter the interval in seconds after which the CAPWAP client connects (Range: 0-65535)
|
via-vpn-tunnel |
Send all CAPWAP traffic through a VPN tunnel (Note: Set this option on VPN clients when the CAPWAP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
capwap ping <string> [ port <number> ] [ count <number> ] [ size <number> ] [ timeout <number> ]
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
ping |
Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
|
<string> |
Enter the IP address or domain name of the CAPWAP server (1-32 chars)
|
port |
Set the destination UDP port number for communicating with the CAPWAP server
|
<number> |
Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
|
count |
Set the number of CAPWAP UDP packets to send
|
<number> |
Enter the number of packets to send (Default: 5; Range: 1-65535)
|
size |
Set the size of the UDP packets
|
<number> |
Enter the packet size in bytes (Default: 56; Range:1-1300)
|
timeout |
Set the length of time to wait for a response
|
<number> |
Enter the timeout in seconds (Default: 5; Range: 1-60)
|
capwap ping <string> [ port <number> ] flood <number> [ size <number> ] [ timeout <number> ]
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
ping |
Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
|
<string> |
Enter the IP address or domain name of the CAPWAP server (1-32 chars)
|
port |
Set the destination UDP port number for communicating with the CAPWAP server
|
<number> |
Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
|
flood |
Set the number of batches, each consisting of 100 CAPWAP UDP packets, to send at one time
|
<number> |
Enter the number of batches of packets(Default: 5; Range: 1-65535)
|
size |
Set the size of the UDP packets
|
<number> |
Enter the packet size in bytes (Default: 56; Range:1-1300)
|
timeout |
Set the length of time to wait for a response
|
<number> |
Enter the timeout in seconds (Default: 5; Range: 1-60)
|
clear auth roaming-cache mac <mac_addr> hive-neighbors
|
clear |
Clear dynamic system information or remove all web directories
|
auth |
Clear dynamic authentication information
|
roaming-cache |
Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
|
mac |
Set the MAC address of the station whose cached authentication information you want to clear
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
hive-neighbors |
Clear the MAC address from the local roaming cache and from the roaming caches of neighboring hive members
|
clear auth {local-cache|roaming-cache|station} [ mac <mac_addr> ]
|
clear |
Clear dynamic system information or remove all web directories
|
auth |
Clear dynamic authentication information
|
local-cache |
Clear all entries from the local cache, which contains authentication information for stations currently connected to the local HiveAP
|
roaming-cache |
Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
|
station |
Clear authentication information for a specific station
|
mac |
Set the MAC address of the station whose cached authentication information you want to clear
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear auth {local-cache|roaming-cache|station} ssid <string>
|
clear |
Clear dynamic system information or remove all web directories
|
auth |
Clear dynamic authentication information
|
local-cache |
Clear all entries from the local cache, which contains authentication information for stations currently connected to the local HiveAP
|
roaming-cache |
Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
|
station |
Clear authentication information for a specific station
|
ssid |
Clear cached authentication information based on the SSID with which stations associated
|
<string> |
Enter a user name (1-32 chars)
|
clear forwarding-engine counters [ interface <wifix|wifix.y|ethx|mgtx> ] [ station <mac_addr> ] [ drop ] [ tunnel ] [ policy ]
|
clear |
Clear dynamic system information or remove all web directories
|
forwarding-engine |
Clear dynamically generated data from the forwarding engine
|
counters |
Clear forwarding engine counter statistics
|
interface |
Clear forwarding engine counter by interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0; y: 1-16)
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
station |
Clear forwarding engine counter by station MAC
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
drop |
Clear the drop packet counter
|
tunnel |
Clear the counter on tunnels
|
policy |
Clear the counter on policies
|
clear forwarding-engine ip-sessions [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ src-port <number> ] [ dst-port <number> ] [ protocol <number> ]
|
clear |
Clear dynamic system information or remove all web directories
|
forwarding-engine |
Clear dynamically generated data from the forwarding engine
|
ip-sessions |
Clear IP sessions
|
src-ip |
Clear IP sessions by source IP address
|
<ip_addr> |
Source IP address
|
dst-ip |
Clear IP sessions by destination IP address
|
<ip_addr> |
Destination IP address
|
src-port |
Clear IP essions by source port number
|
<number> |
source IP port (Range: 1-65535)
|
dst-port |
Clear IP sessions by destination port number
|
<number> |
destination IP port (Range: 1-65535)
|
protocol |
Clear IP sessions by protocol type
|
<number> |
source IP port (Range: 1-255)
|
clear forwarding-engine mac-sessions [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ]
|
clear |
Clear dynamic system information or remove all web directories
|
forwarding-engine |
Clear dynamically generated data from the forwarding engine
|
mac-sessions |
Clear MAC sessions
|
src-mac |
Clear MAC sessions by source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Clear MAC sessions by destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear interface <ethx> mac-learning dynamic <mac_addr>
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
mac-learning |
Clear entries in the MAC address learning table
|
dynamic |
Clear dynamically learned MAC address entries
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear interface <mgtx|mgtx.y> dhcp-server lease mac <mac_addr>
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Clear the DHCP server lease
|
lease |
Clear a specific DHCP lease or all leases
|
mac |
Clear the DHCP lease assigned to a client with a specific MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clock time-zone daylight-saving-time <date> <time> <date> <time>
|
clock |
Set the internal clock
|
time-zone |
Set the time zone for the internal clock
|
daylight-saving-time |
Set the daylight saving time parameters
|
<date> |
Enter the start date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
|
<time> |
Enter the start time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
|
<date> |
Enter the end date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
|
<time> |
Enter the end time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
|
config rollback manual [ wait-time <number> ]
|
config |
Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
rollback |
Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
|
manual |
Perform the configuration rollback after the defined length of time elapses regardless of its CAPWAP connectivity (Note: This option is useful when accessing the CLI remotely and you are concerned that some commands might cause the AP to lose its network connection.)
|
wait-time |
Set the length of time that the AP must be disconnected from the CAPWAP server before rolling back the configuration
|
<number> |
Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 0-60000: Note: 0 means that the rollback point persists indefinitely until the 'config rollback now' command is entered.)
|
config rollback {capwap-disconnect|next-reboot} [ wait-time <number> ]
|
config |
Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
rollback |
Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
|
capwap-disconnect |
Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time (Note: This is useful when uploading a delta configuration, which does not require the AP to reboot, and you are concerned that some changes might disrupt network connectivity for the AP.)
|
next-reboot |
Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time after the AP reboots (Note: This is useful when uploading a full configuration, which requires the AP to reboot, and you are concerned that the new config might disrupt network connectivity for the AP.)
|
wait-time |
Set the length of time that the AP must be disconnected from the CAPWAP server before rolling back the configuration
|
<number> |
Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 2-60000)
|
debug console level {emergency|alert|critical|error|warning|notification|info|debug}
|
debug |
Enable debug messages
|
console |
Show debug messages on the console
|
level |
Specify a logging level
|
emergency |
Show emergency-level log entries (Default: debug)
|
alert |
Show log entries from alert to emergency levels (Default: debug)
|
critical |
Show log entries from critical to emergency levels (Default: debug)
|
error |
Show log entries from error to emergency levels (Default: debug)
|
warning |
Show log entries from warning to emergency levels (Default: debug)
|
notification |
Show log entries from notification to emergency levels (Default: debug)
|
info |
Show log entries from info to emergency levels (Default: debug)
|
debug |
Show log entries for all severity levels (Default: debug)
|
exec aaa idm-test auth username <string> password <string> [ {pap|ms-chap-v2} ] [ proxy <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
idm-test |
Test TLS connectivity from the Aerohive device acting as the RadSec or AUTH proxy to the ID Manager gateway
|
auth |
Send a RADIUS Access-Request message from the Aerohive device to the ID Manager
|
username |
Set the user name belonging to an account on the ID Manager
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that belongs to the same account as the user name on the ID Manager
|
<string> |
Enter the password (1-64 chars)
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the Aerohive device and ID Manager (Default: MS-CHAP-v2)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the Aerohive device and ID Manager (Default: MS-CHAP-v2)
|
proxy |
Set parameters for connecting to an ID Manager proxy server
|
<string> |
Enter the IP address or domain name of the ID Manager proxy server (1-32 chars)
|
exec aaa radius-test <string> username <string> password <string> [ {pap|chap|ms-chap-v2} ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-test |
Send a RADIUS Access-Request message from the HiveAP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
|
<string> |
Enter the IP address or domain name of the RADIUS server (1-32 chars)
|
username |
Set the user name belonging to an account on the RADIUS server
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that belongs to the same account as the user name on the RADIUS server
|
<string> |
Enter the password (1-64 chars)
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
|
chap |
Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
|
exec antenna-alignment interface <wifix> peer <mac_addr> [ count <number> ] [ interval <number> ] [ text-size <number> ]
|
exec |
Execute a command to initiate a task immediately
|
antenna-alignment |
Set parameters for aligning a directional or sectional antenna connected to a radio in backhaul or dual (access and backhaul) mode with a specified peer
|
interface |
Set the interface bound to the radio whose antenna you want to align with that of a peer
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0
|
peer |
Set the MAC address of the peer to which the HiveAP sends antenna alignment request frames
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
count |
Set the total number of request frames to send to the peer
|
<number> |
Enter the total number of request frames (Default: 60; Range: 1-1000)
|
interval |
Set the interval between each request frame transmission
|
<number> |
Enter the interval in seconds (Default: 1; Range: 1-30)
|
text-size |
Set the amount of filler text in each request frame
|
<number> |
Enter the amount of filler text in bytes (Default: 16; Range: 16-2048)
|
exec capture remote-sniffer [ user <string> <string> ] [ host-allowed <string> ] [ local-port <number> ] [ promiscuous ]
|
exec |
Execute a command to initiate a task immediately
|
capture |
Initiate packet capturing
|
remote-sniffer |
Set parameters for a remote packet sniffer
|
user |
Set user name and password that the remote sniffer uses when authenticating itself to the HiveAP
|
<string> |
Enter the user name (1-32 chars)
|
<string> |
Enter the password (1-32 chars)
|
host-allowed |
Set the IP address or domain name of the remote packet sniffer that is allowed to connect to the HiveAP
|
<string> |
Enter the IP address or domain name (1-32 chars)
|
local-port |
Set the port number on which the HiveAP listens for connection requests from the remote sniffer
|
<number> |
Enter the port number (Default: 2002; Range: 1024-65535)
|
promiscuous |
Enable the wifi interfaces to operate in promiscuous mode during packet capturing (Default: Disabled)
|
filter <number> l2 [ {data|ctl|mgmt} ] [ subtype <hex> ] [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ] [ bssid <mac_addr> ] [ tx-mac <mac_addr> ] [ rx-mac <mac_addr> ] [ error {crc|decrypt|mic|all|no} ] [ etype <hex> ]
|
filter |
Set packet capture filter parameters
|
<number> |
Enter a filter ID (Range: 1-64)
|
l2 |
Set packet capture filter for layer 2 parameters
|
data |
Filter by data traffic
|
ctl |
Filter by ctl traffic
|
mgmt |
Filter by mgmt traffic
|
subtype |
Filter by frame subtype
|
<hex> |
Enter frame subtype value
|
src-mac |
Filter by source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Filter by destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
bssid |
Filter by BSSID
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Filter by transmitter MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
rx-mac |
Filter by receiver MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
error |
Filter by error condition
|
crc |
Filter by crc error
|
decrypt |
Filter by decrypt error
|
mic |
Filter by mic error
|
all |
Filter by all error
|
no |
Filter by no error
|
etype |
Filter by Ethernet value
|
<hex> |
Enter the value indicating an ethernet type (ARP:0806; IP:0800; IPX:8137; RARP:8035)
|
filter <number> l3 [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ protocol <number> ] [ src-port <number> ] [ dst-port <number> ]
|
filter |
Set packet capture filter parameters
|
<number> |
Enter a filter ID (Range: 1-64)
|
l3 |
Set packet capture filter for layer 3 parameters
|
src-ip |
Filter by source IP address
|
<ip_addr> |
Enter a source IP address
|
dst-ip |
Filter by destination IP address
|
<ip_addr> |
Enter a destination IP address
|
protocol |
Filter by protocol number in IP header
|
<number> |
Enter a protocol value (UDP:17; TCP:6 ICMP:1)
|
src-port |
Filter by source port filter
|
<number> |
Enter a source port number
|
dst-port |
Filter by destination port
|
<number> |
Enter a destination port number (HTTP:80; FTP:21; TELNET:23; DHCP:67; TFTP:79)
|
forwarding-engine tunnel selective-multicast-forward allow-all except <ip_addr|ip_addr/mask>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
tunnel |
Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
|
selective-multicast-forward |
Selective multicast forwarding through GRE tunnels
|
allow-all |
Allow the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
|
except |
Block specific IP multicast traffic through tunnels
|
<ip_addr> |
Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
|
<ip_addr/netmask> |
Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
|
forwarding-engine tunnel selective-multicast-forward block-all except <ip_addr|ip_addr/mask>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
tunnel |
Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
|
selective-multicast-forward |
Selective multicast forwarding through GRE tunnels
|
block-all |
Block the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
|
except |
Allow specific IP multicast traffic through tunnels
|
<ip_addr> |
Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
|
<ip_addr/netmask> |
Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
|
hive <string> neighbor connecting-threshold {low|medium|high} polling-interval <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
neighbor |
Set the threshold parameters for connecting wirelessly with neighboring hive members
|
connecting-threshold |
Set the minimum signal strength threshold required for connecting with a neighboring hive member
|
low |
Set a relatively low minimum signal strength threshold (-85dBm)
|
medium |
Set a relatively moderate minimum signal strength threshold (-80dBm)
|
high |
Set a relatively high minimum signal strength threshold (-75dBm)
|
polling-interval |
Set the time interval in minutes for polling the signal strength of neighboring hive members
|
<number> |
Enter the polling time interval (Default: 1 minute; range: 1-60)
|
interface <ethx> manage {Telnet|SSH|SNMP|ping|all}
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
manage |
Set management service parameters
|
Telnet |
Enable Telnet manageability of mgt0 through this interface (Default: Disabled)
|
SSH |
Enable SSH manageability of mgt0 through this interface (Default: Enabled)
|
SNMP |
Enable SNMP manageability of mgt0 through this interface (Default: Disabled)
|
ping |
Enable mgt0 to respond to pings through this interface (Default: Enabled)
|
all |
Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through this interface
|
interface <ethx> mode bridge-802.1q user-profile-attribute <number>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
bridge-802.1q |
Set the interface in bridge-802.1Q mode, making it a VLAN-aware layer 2 interface to enable the bridging of traffic between 802.1Q VLAN-capable devices in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
|
user-profile-attribute |
Map a RADIUS attribute to the user profile
|
<number> |
Enter a numeric value for a single RADIUS attribute (Default:0; Range: 0-4095)
|
interface <ethx> mode bridge-access [ user-profile-attribute <number> ]
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
bridge-access |
Set the interface in bridge-access mode, making it a layer 2 interface to enable the bridging of traffic between devices in a single VLAN in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
|
user-profile-attribute |
Map a RADIUS attribute to the user profile
|
<number> |
Enter a numeric value for a single RADIUS attribute (Default:0; Range: 0-4095)
|
interface <ethx> mode {bridge-802.1q|backhaul}
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
bridge-802.1q |
Set the interface in bridge-802.1Q mode, making it a VLAN-aware layer 2 interface to enable the bridging of traffic between 802.1Q VLAN-capable devices in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
|
backhaul |
Set the interface in backhaul mode, making it a VLAN-aware layer 2 interface through which the default MAC route for traffic to and from the main LAN passes
|
interface <ethx> pppoe auth-method {pap|chap|any}
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
pppoe |
Set PPPoE (Point-to-Point Protocol over Ethernet) parameters for the WAN interface (Note: This command only applies to a device functioning as a router.)
|
auth-method |
Set the type of authentication protocol that the ISP requires clients to use (Default: any)
|
pap |
Use PAP (Password Authentication Protocol) as the method for sending authentication requests between the device and ISP
|
chap |
Use CHAP (Challenge Handshake Authentication Protocol) as the method for sending authentication requests between the device and ISP
|
any |
Use either PAP or CHAP
|
interface <ethx> pppoe username <string> password <string>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
pppoe |
Set PPPoE (Point-to-Point Protocol over Ethernet) parameters for the WAN interface (Note: This command only applies to a device functioning as a router.)
|
username |
Set the user name that the device sends to the ISP to authenticate itself when establishing a PPPoE session with the access concentrator
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that the device uses to authenticate itself to the ISP
|
<string> |
Enter the password (1-32 chars)
|
interface <ethx|usbnetx> mode wan nat
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
<usbnetx> |
Enter the name of the wireless USB modem interface, where x = 0
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
wan |
Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
|
nat |
Enable NAT (network address translation) on the interface to translate the source IP address and port number in from-access packets to the IP address of the Ethernet/USB network interface and a randomly chosen port number (Default: Enabled)
|
interface <ethx|usbnetx> mode wan nat-policy <string>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
<usbnetx> |
Enter the name of the wireless USB modem interface, where x = 0
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
wan |
Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
|
nat-policy |
Enable NAT (network address translation) policy on the interface
|
<string> |
Enter ip nat policy name (1-32 chars)
|
interface <ethx|usbnetx> mode wan priority <number>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
<usbnetx> |
Enter the name of the wireless USB modem interface, where x = 0
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
wan |
Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
|
priority |
Set wan priority for the interface
|
<number> |
Enter the priority, where a smaller number means a higher priority (Default: eth0 - 1 | ethx - x * 10 | usbnet0 - 600 ; Range: 1 - 9999)
|
interface <mgtx> dhcp-probe vlan-range <number> <number> [ timeout <number> ] [ retries <number> ]
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
dhcp-probe |
Probe for DHCP servers in one or more VLANs
|
vlan-range |
Set the range of VLANs in which to probe for a DHCP server
|
<number> |
Enter the start of the VLAN range (Range: 1-4094)
|
<number> |
Enter the end of the VLAN range (Range: 1-4094)
|
timeout |
Set the timeout for waiting for a response to a probe
|
<number> |
Enter the timeout value (Default: 10 secs; Range: 1-60)
|
retries |
Set the number of times to retry sending a probe that does not elicit a response from a DHCP server
|
<number> |
Enter the retry value (Default: 1; Range: 1-10)
|
interface <mgtx|ethx> dhcp client option custom ppsk-server <number> ip
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
ppsk-server |
Set a custom DHCP option ID and ID type for a private PSK server
|
<number> |
Enter the custom DHCP option ID (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
|
ip |
Set the type of the custom DHCP option as IP
|
interface <mgtx|ethx> dhcp client option custom radius-server <number> ip
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
radius-server |
Set a custom DHCP option ID and ID type for a RADIUS authentication or accounting server
|
<number> |
Enter the custom DHCP option ID for a RADIUS authentication server (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
|
ip |
Set the type of the custom DHCP option as IP
|
interface <mgtx|ethx> dhcp client option custom radius-server accounting <number> ip
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
radius-server |
Set a custom DHCP option ID and ID type for a RADIUS authentication or accounting server
|
accounting |
Set a custom DHCP option ID and ID type for a RADIUS accounting server
|
<number> |
Enter the custom DHCP option ID for a RADIUS accounting server (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
|
ip |
Set the type of the custom DHCP option as IP
|
interface <mgtx|ethx> dhcp client option custom {syslog-server|hivemanager} <number> {string|ip}
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
syslog-server |
Set a custom DHCP option ID and ID type for a syslog server
|
hivemanager |
Set a custom DHCP option ID and ID type for HiveManager
|
<number> |
Enter the custom DHCP option ID (Default ID numbers and types: HiveManager = 225 string, 226 IP; Syslog server = 227 string, 228 IP)
|
string |
Set the type of the custom DHCP option as a string
|
ip |
Set the type of the custom DHCP option as an IP address
|
interface <mgtx|mgtx.y> dhcp-server options custom <number> hex <string>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
custom |
Set a custom DHCP option
|
<number> |
Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
|
hex |
Set the custom option data type as a hexadecimal digit
|
<string> |
Enter the hexadecimal digit (1-32 chars; Note: For option 46, which sets the NetBIOS over TCP/IP node type, the string must be 1, 2, 4, or 8.)
|
interface <mgtx|mgtx.y> dhcp-server options custom <number> integer <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
custom |
Set a custom DHCP option
|
<number> |
Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
|
integer |
Set the custom option data type as an integer
|
<number> |
Enter the integer (Range: 0-2147483647)
|
interface <mgtx|mgtx.y> dhcp-server options custom <number> string <string>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
custom |
Set a custom DHCP option
|
<number> |
Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
|
string |
Set the custom option data type as a string
|
<string> |
Enter the string (1-255 chars)
|
interface <mgtx|mgtx.y> dhcp-server options {dns1|dns2|dns3} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
dns1 |
Set the IP address of the primary DNS (Domain Name System) server that you want DHCP clients to use
|
dns2 |
Set the IP address of the secondary DNS server
|
dns3 |
Set the IP address of the tertiary DNS server
|
<ip_addr> |
Enter the IP address (Note: The DNS server IP address cannot be the same as that of the interface.)
|
interface <mgtx|mgtx.y> dhcp-server options {logsrv|pop3|smtp} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
logsrv |
Set the IP address of the log server that is available for DHCP clients
|
pop3 |
Set the IP address of the POP3 (Post Office Protocol v3) server that you want DHCP clients to use
|
smtp |
Set the IP address of the SMTP (Simple Mail Transfer Protocol) server that you want DHCP clients to use
|
<ip_addr> |
Enter the IP address
|
interface <mgtx|mgtx.y> dns-server ext-resolve {dns1|dns2|dns3} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dns-server |
Set DNS server parameters
|
ext-resolve |
Set the external DNS servers used to resolve all domain names not specified for resolution by internal DNS servers
|
dns1 |
Set the IP address of the primary external DNS server
|
dns2 |
Set the IP address of the secondary external DNS server
|
dns3 |
Set the IP address of the tertiary external DNS server dns3
|
<ip_addr> |
Enter the IP address of the external DNS server
|
interface <mgtx|mgtx.y> dns-server int-resolve {dns1|dns2|dns3} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dns-server |
Set DNS server parameters
|
int-resolve |
Set the DNS servers on the internal network used to resolve domain names in the match list
|
dns1 |
Set the IP address of the primary internal DNS server
|
dns2 |
Set the IP address of the secondary internal DNS server
|
dns3 |
Set the IP address of the tertiary internal DNS server dns3
|
<ip_addr> |
Enter the IP address of the internal DNS server
|
interface <wifix> mode {access|backhaul|dual|sensor}
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0
|
mode |
Set the operational mode for the interface
|
access |
Set the operational mode of the interface to access (Default: access (wifi0), dual (wifi1))
|
backhaul |
Set the operational mode of the interface to backhaul (Default: access (wifi0), dual (wifi1))
|
dual |
Set the operational mode of the interface to dual so that it can provide both access and backhaul services (Default: access (wifi0), dual (wifi1))
|
sensor |
Set the operational mode of the interface to sensor (Default: access (wifi0), dual (wifi1))
|
ip nat-policy <string> type virtual-host inside-host <ip_addr> inside-port <port> outside-port <port> protocol {tcp|udp}
|
ip |
Set IP parameters
|
nat-policy |
Set IP nat policy parameters
|
<string> |
Enter IP nat policy name (1-32 chars)
|
type |
Set the IP nat policy type
|
virtual-host |
Set the IP nat policy type virtual-host
|
inside-host |
Set the virtual-host inside host
|
<ip_addr> |
Enter the IP address for the virtual-host inside host
|
inside-port |
Set the virtual-host inside port
|
<port> |
[1~65535]Enter the port number
|
outside-port |
Set the virtual-host outside port
|
<port> |
[1~65535]Enter the port number
|
protocol |
Set the virtual-host service protocol
|
tcp |
Choose tcp protocol for virtual host
|
udp |
Choose udp protocol for virtual host
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
nat |
Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
|
inter-station-traffic-drop |
Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action deny log packet-drop
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
log |
Set logging options for packets and sessions that match the IP firewall policy
|
packet-drop |
Log dropped packets that the IP firewall policy denies
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action inter-station-traffic-drop log [ {initiate-session|terminate-session|packet-drop} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
inter-station-traffic-drop |
Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
|
log |
Set logging options for packets and sessions that match IP FW policy
|
initiate-session |
Log the creation of sessions that are permitted by the policy
|
terminate-session |
Log the termination of sessions that are permitted by the policy
|
packet-drop |
Log dropped packets that are denied by the policy
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action permit log [ {initiate-session|terminate-session} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
log |
Set logging options for packets and sessions that match the IP firewall policy
|
initiate-session |
Log session details when a session is created after passing a IP firewall policy lookup
|
terminate-session |
Log session details when a session matching a IP firewall policy is terminated
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] to local-subnet [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
local-subnet |
Set the subnet of the mgt0 interface as the destination
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
nat |
Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
|
inter-station-traffic-drop |
Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
|
logging buffered level {emergency|alert|critical|error|warning|notification|info|debug}
|
logging |
Set logging parameters
|
buffered |
Set logging buffer
|
level |
Set logging level
|
emergency |
Send emergency-level log entries (Default: debug)
|
alert |
Send log entries from alert to emergency levels (Default: debug)
|
critical |
Send log entries from critical to emergency levels (Default: debug)
|
error |
Send log entries from error to emergency levels (Default: debug)
|
warning |
Send log entries from warning to emergency levels (Default: debug)
|
notification |
Send log entries from notification to emergency levels (Default: debug)
|
info |
Send log entries from info to emergency levels (Default: debug)
|
debug |
Send log entries for all severity levels (Default: debug)
|
logging facility {local0|local1|local2|local3|local4|local5|local6|local7|auth|authpriv|security|user}
|
logging |
Set logging parameters
|
facility |
Set logging facility
|
local0 |
Set log facility to local0 (Default: local6)
|
local1 |
Set log facility to local1 (Default: local6)
|
local2 |
Set log facility to local2 (Default: local6)
|
local3 |
Set log facility to local3 (Default: local6)
|
local4 |
Set log facility to local4 (Default: local6)
|
local5 |
Set log facility to local5 (Default: local6)
|
local6 |
Set log facility to local6 (Default: local6)
|
local7 |
Set log facility to local7 (Default: local6)
|
auth |
Set log facility to auth (Default: local6)
|
authpriv |
Set log facility to authpriv (Default: local6)
|
security |
Set log facility to security (Default: local6)
|
user |
Set log facility to user (Default: local6)
|
logging flash level {emergency|alert|critical|error|warning|notification|info|debug}
|
logging |
Set logging parameters
|
flash |
Set logging flash
|
level |
Set logging level
|
emergency |
Send emergency-level log entries (Default: error)
|
alert |
Send log entries from alert to emergency levels (Default: error)
|
critical |
Send log entries from critical to emergency levels (Default: error)
|
error |
Send log entries from error to emergency levels (Default: error)
|
warning |
Send log entries from warning to emergency levels (Default: error)
|
notification |
Send log entries from notification to emergency levels (Default: error)
|
info |
Send log entries from info to emergency levels (Default: error)
|
debug |
Send log entries for all severity levels (Default: error)
|
logging server <string> [ level {emergency|alert|critical|error|warning|notification|info|debug} ] [ {via-vpn-tunnel} ]
|
logging |
Set logging parameters
|
server |
Set parameters for a syslog server
|
<string> |
Set the IP address or domain name (1-32 chars) for the syslog server
|
level |
Set the severity level for the log messages you want to send
|
emergency |
Send emergency-level log entries
|
alert |
Send log entries from alert to emergency levels
|
critical |
Send log entries from critical to emergency levels
|
error |
Send log entries from error to emergency levels
|
warning |
Send log entries from warning to emergency levels
|
notification |
Send log entries from notification to emergency levels
|
info |
Send log entries from info to emergency levels
|
debug |
Send log entries for all severity levels
|
via-vpn-tunnel |
Send all logging traffic through a VPN tunnel (Note: Set this option on VPN clients when the logging server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
mac-object <string> mac-range <mac_addr> - <mac_addr>
|
mac-object |
Set parameters for an MAC object that the HiveAP can use to assign a client with a matching MAC address to a user profile (Max: 128 MAC objects per HiveAP.)
|
<string> |
Enter the MAC object name (1-32 chars)
|
mac-range |
Set a range of MAC addresses for the MAC object (Max: 255 MAC address ranges per MAC object)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
- |
Set a range of MAC addresses
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] [ action {permit|deny} ]
|
mac-policy |
Set MAC policy parameters
|
<string> |
Enter a MAC policy name (1-32 chars)
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
before |
Set the before parameters for a MAC policy
|
after |
Set the after parameters for a MAC policy
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
from |
Set the source MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
to |
Set the destination MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
action |
Set action for a MAC policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action deny log packet-drop
|
mac-policy |
Set MAC policy parameters
|
<string> |
Enter a MAC policy name (1-32 chars)
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
before |
Set the before parameters for a MAC policy
|
after |
Set the after parameters for a MAC policy
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
from |
Set the source MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
to |
Set the destination MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
action |
Set action for a MAC policy (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
log |
Set logging options for packets and sessions that match the MAC firewall policy
|
packet-drop |
Log dropped packets that the MAC firewall policy denies
|
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action permit log [ {initiate-session|terminate-session} ]
|
mac-policy |
Set MAC policy parameters
|
<string> |
Enter a MAC policy name (1-32 chars)
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
before |
Set the before parameters for a MAC policy
|
after |
Set the after parameters for a MAC policy
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
from |
Set the source MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
to |
Set the destination MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
action |
Set action for a MAC policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
log |
Set logging options for packets and sessions that match the MAC firewall policy
|
initiate-session |
Log session details when a session is created after passing a MAC firewall policy lookup
|
terminate-session |
Log session details when a session matching a MAC firewall policy is terminated
|
mobile-device-policy <string> [ rule <number> ] [ original-user-profile <string> ] device-group <string> reassigned-user-profile-attr <number>
|
mobile-device-policy |
Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
|
<string> |
Enter the mobile device policy name (1-32 chars)
|
rule |
Add a rule to the mobile device policy
|
<number> |
Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the HiveAP automatically assigns one.)
|
original-user-profile |
Specify the user profile that the HiveAP first assigns to traffic before it completes the device classification process
|
<string> |
Enter the original user profile (1-32 chars)
|
device-group |
Set the device group that the policy rule references to classify the type of client device in use
|
<string> |
Enter a device group name (1-32 chars)
|
reassigned-user-profile-attr |
Reassign the client to a different user profile if it belongs to the specified device group or was initially assigned to the specified original user profile
|
<number> |
Enter the attribute of the user profile to assign in place of the originally assigned one (Range: 0-4095)
|
mobile-device-policy <string> rule <number> {before|after} rule <number>
|
mobile-device-policy |
Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
|
<string> |
Enter the mobile device policy name (1-32 chars)
|
rule |
Add a rule to the mobile device policy
|
<number> |
Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the HiveAP automatically assigns one.)
|
before |
Move the mobile device policy rule before another rule in the policy
|
after |
Move the mobile device policy rule after another rule in the policy
|
rule |
Set a rule before or after another rule in the mobile device policy
|
<number> |
Enter a rule ID number (Range: 1-65535)
|
mobility-policy <string> dnxp unroam-threshold <number> <number>
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
dnxp |
Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring hive members)
|
unroam-threshold |
Set the minimum traffic level required to continue tunneling traffic back to the original subnet of a L3 roaming client. (Note: If the volume of client traffic dips below the threshold, it is disassociated.)
|
<number> |
Enter the minimum number of packets/minute to and from the client required to continue tunneling its traffic back to its original subnet (Default: 0; Range: 0-2147483647; Note: The value "0" disables the unroaming feature.)
|
<number> |
Enter the interval in seconds for polling traffic statistics (Default: 60 seconds; Range: 10-600)
|
mobility-policy <string> inxp gre-tunnel to <ip_addr> <ip_addr> password <string>
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
inxp |
Assign INXP (Identity Network eXtension Protocol) for the mobility policy
|
gre-tunnel |
Set the INXP gre-tunnel parameters
|
to |
Set the INXP gre-tunnel destination parameters
|
<ip_addr> |
Enter start IP address for INXP gre-tunnel destination
|
<ip_addr> |
Enter end IP address for INXP gre-tunnel destination
|
password |
Set password for INXP gre-tunnel
|
<string> |
Enter password for INXP gre-tunnel (1-64 chars)
|
network-firewall name <string> [ from {any|vpn} ] [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
any |
Apply the rule regardless of the traffic source
|
vpn |
Apply the rule if the traffic comes from a VPN tunnel
|
to |
Apply the rule based on the traffic destination (Default: any)
|
any |
Apply the rule regardless of the traffic destination
|
vpn |
Apply the rule if the traffic destination is a VPN tunnel
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> [ from {any|vpn} ] to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
any |
Apply the rule regardless of the traffic source
|
vpn |
Apply the rule if the traffic comes from a VPN tunnel
|
to |
Apply the rule based on the traffic destination (Default: any)
|
hostname |
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
|
<string> |
Enter a host or domain name (1-32 chars)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> [ from {any|vpn} ] to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
any |
Apply the rule regardless of the traffic source
|
vpn |
Apply the rule if the traffic comes from a VPN tunnel
|
to |
Apply the rule based on the traffic destination (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic destination
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> [ from {any|vpn} ] to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
any |
Apply the rule regardless of the traffic source
|
vpn |
Apply the rule if the traffic comes from a VPN tunnel
|
to |
Apply the rule based on the traffic destination (Default: any)
|
network |
Set a network as the traffic destination
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> [ from {any|vpn} ] to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
any |
Apply the rule regardless of the traffic source
|
vpn |
Apply the rule if the traffic comes from a VPN tunnel
|
to |
Apply the rule based on the traffic destination (Default: any)
|
wildcard |
Set the destination address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from ip-range <ip_addr> <ip_addr> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic source
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
to |
Apply the rule based on the traffic destination (Default: any)
|
any |
Apply the rule regardless of the traffic destination
|
vpn |
Apply the rule if the traffic destination is a VPN tunnel
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic source
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
to |
Apply the rule based on the traffic destination (Default: any)
|
hostname |
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
|
<string> |
Enter a host or domain name (1-32 chars)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic source
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
to |
Apply the rule based on the traffic destination (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic destination
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic source
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
to |
Apply the rule based on the traffic destination (Default: any)
|
network |
Set a network as the traffic destination
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic source
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
to |
Apply the rule based on the traffic destination (Default: any)
|
wildcard |
Set the destination address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from network <ip_addr> <mask> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
network |
Set a network as the traffic source
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
to |
Apply the rule based on the traffic destination (Default: any)
|
any |
Apply the rule regardless of the traffic destination
|
vpn |
Apply the rule if the traffic destination is a VPN tunnel
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from network <ip_addr> <mask> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
network |
Set a network as the traffic source
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
to |
Apply the rule based on the traffic destination (Default: any)
|
hostname |
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
|
<string> |
Enter a host or domain name (1-32 chars)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from network <ip_addr> <mask> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
network |
Set a network as the traffic source
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
to |
Apply the rule based on the traffic destination (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic destination
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from network <ip_addr> <mask> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
network |
Set a network as the traffic source
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
to |
Apply the rule based on the traffic destination (Default: any)
|
network |
Set a network as the traffic destination
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from network <ip_addr> <mask> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
network |
Set a network as the traffic source
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
to |
Apply the rule based on the traffic destination (Default: any)
|
wildcard |
Set the destination address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from user-profile <string> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
user-profile |
Apply the rule if the HiveAP assigns a user profile to the traffic
|
<string> |
Enter the user profile name (1-32 chars)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
any |
Apply the rule regardless of the traffic destination
|
vpn |
Apply the rule if the traffic destination is a VPN tunnel
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from user-profile <string> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
user-profile |
Apply the rule if the HiveAP assigns a user profile to the traffic
|
<string> |
Enter the user profile name (1-32 chars)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
hostname |
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
|
<string> |
Enter a host or domain name (1-32 chars)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from user-profile <string> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
user-profile |
Apply the rule if the HiveAP assigns a user profile to the traffic
|
<string> |
Enter the user profile name (1-32 chars)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic destination
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from user-profile <string> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
user-profile |
Apply the rule if the HiveAP assigns a user profile to the traffic
|
<string> |
Enter the user profile name (1-32 chars)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
network |
Set a network as the traffic destination
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from user-profile <string> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
user-profile |
Apply the rule if the HiveAP assigns a user profile to the traffic
|
<string> |
Enter the user profile name (1-32 chars)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
wildcard |
Set the destination address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from wildcard <ip_addr> <mask> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
wildcard |
Set the source address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
any |
Apply the rule regardless of the traffic destination
|
vpn |
Apply the rule if the traffic destination is a VPN tunnel
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from wildcard <ip_addr> <mask> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
wildcard |
Set the source address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
hostname |
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
|
<string> |
Enter a host or domain name (1-32 chars)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from wildcard <ip_addr> <mask> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
wildcard |
Set the source address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
ip-range |
Set a range of IP addresses as the traffic destination
|
<ip_addr> |
Enter the first IP address in the range
|
<ip_addr> |
Enter the last IP address in the range
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from wildcard <ip_addr> <mask> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
wildcard |
Set the source address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
network |
Set a network as the traffic destination
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter a netmask
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
network-firewall name <string> from wildcard <ip_addr> <mask> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
|
network-firewall |
Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
|
name |
Assign a name to a Layer 3 firewall policy rule
|
<string> |
Enter the rule name (1-32 chars)
|
from |
Apply the rule based on the traffic source (Default: any)
|
wildcard |
Set the source address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
to |
Apply the rule based on the traffic destination (Default: any)
|
wildcard |
Set the destination address using an IP address and wildcard mask
|
<ip_addr> |
Enter an IP address
|
<mask> |
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
|
service |
Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
|
<string> |
Enter the service name (1-32 chars)
|
action |
Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
|
permit |
Permit traffic to cross the firewall
|
deny |
Do not allow traffic to cross the firewall
|
logging |
Set logging options for packets and sessions that match the firewall rule
|
on |
Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
|
off |
Do not log packets
|
ping <ip_addr> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
|
ping |
Perform a ping
|
<ip_addr> |
Enter the destination IP address
|
count |
Stop pinging after sending the specified number of ICMP echo requests
|
<number> |
Enter a number after sending the number of ICMP echo requests the pinging stop (Default: 5, Range: 1-65535)
|
size |
Set the size of the ICMP packets
|
<number> |
Enter the packet size in bytes (Default: 56, Range: 1-1024)
|
ttl |
Set the TTL (time to live)
|
<number> |
Enter the TTL (Range: 1-255)
|
timeout |
Set the length of time to wait for a response
|
<number> |
Enter the timeout in seconds (Default: 10; Range: 1-60)
|
ping <string> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
|
ping |
Perform a ping
|
<string> |
Enter the destination domain name (1-32 chars)
|
count |
Set the number of ICMP echo requests to send
|
<number> |
Enter the number of ICMP echo requests (Default: 5, Range: 1-65535)
|
size |
Set the size of the ICMP packets
|
<number> |
Enter the packet size in bytes (Default: 56, Range: 1-1024)
|
ttl |
Set the TTL (time to live)
|
<number> |
Enter the TTL (Range: 1-255)
|
timeout |
Set the length of time to wait for a response
|
<number> |
Enter the timeout in seconds (Default: 10; Range: 1-60)
|
probe <ip_addr|mac_addr> [ size <number> ] [ src-mac <mac_addr> ] [ wait-time <number> ] [ ttl <number> ] [ count <number> ]
|
probe |
Set the probe parameters
|
<ip_addr> |
Enter the target IP or MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
size |
Set the probe request packet size (default: 256 bytes)
|
<number> |
Enter a packet size (range: 256-1400 bytes)
|
src-mac |
Set the Source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
wait-time |
Set the timeout value (default: 1 second)
|
<number> |
Enter an timeout value (range: 1-30 seconds)
|
ttl |
Set the TTL value (default 32)
|
<number> |
Enter an TTL value (range: 1-255)
|
count |
Set probe request count (default: 5)
|
<number> |
Enter the probe request count (range: 1-64)
|
probe portal [ size <number> ] [ src-mac <mac_addr> ] [ wait-time <number> ] [ ttl <number> ] [ count <number> ]
|
probe |
Set the probe parameters
|
portal |
Set the target of the probe as the MAC address of the HiveAP acting as portal
|
size |
Set the probe request packet size (default: 256 bytes)
|
<number> |
Enter a packet size (range: 256-1400 bytes)
|
src-mac |
Set the Source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
wait-time |
Set the timeout value (default: 1 second)
|
<number> |
Enter an timeout value (range: 1-30 seconds)
|
ttl |
Set the TTL value (default 32)
|
<number> |
Enter an TTL value (range: 1-255)
|
count |
Set probe request count (default: 5)
|
<number> |
Enter the probe request count (range: 1-64)
|
qos classifier-map oui <oui> [ qos <number> ] [ action {permit|deny|log} ] [ comment <string> ]
|
qos |
Set QoS (Quality of Service) parameters
|
classifier-map |
Map QoS priority markers on incoming packets to Aerohive QoS classes
|
oui |
Set a MAC OUI (Organizational Unique Identifier) classification table
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
qos |
Set an Aerohive QoS class to the MAC
|
<number> |
Enter Aerohive QoS class (Range: 0-7)
|
action |
Set an action to the MAC OUI
|
permit |
permit the packet
|
deny |
deny the packet
|
log |
log the packet
|
comment |
Add a comment to the MAC OUI
|
<string> |
Enter a comment (Maximum:32 chars) to the MAC
|
qos classifier-profile <string> [ {interface/ssid-only|8021p|80211e|diffserv|interface/ssid|mac|service} ]
|
qos |
Set QoS (Quality of Service) parameters
|
classifier-profile |
Set a QoS classification profile
|
<string> |
Enter a classifier profile name (1-32 chars)
|
interface/ssid-only |
Classify all incoming and outgoing packets using the interface or SSID bound to this classifier profile (Note: The interface/ssid-only method cannot be combined with other methods in the same classifier profile or applied to more than one profile. This profile has precedence over all others.)
|
8021p |
Classify incoming packets by 802.1p priority markers present in Layer2 frame headers
|
80211e |
Classify incoming packets by 802.11e priority markers present in wireless frame headers
|
diffserv |
Classify incoming packets by DiffServ DSCP values present in Layer3 packet headers
|
interface/ssid |
Classify packets by the interface or SSID that they traverse (Note: If two interface/SSID classifier profiles apply to the same session, the one providing better QoS is used.)
|
mac |
Classify packets by the OUI (organizationally unique identifier) of the session participants (Note: If two OUI classifier profiles apply to the same session, the one providing better QoS is used.)
|
service |
Classify incoming packets by network service type
|
qos policy <string> [ user-profile <number> <number> ] [ user <number> ] [ qos <number> {strict|wrr} <number> <number> ]
|
qos |
Set QoS (Quality of Service) parameters
|
policy |
Set a QoS policy to control traffic forwarding
|
<string> |
Enter the policy name (1-32 chars)
|
user-profile |
Set QoS policy parameters at the user profile level
|
<number> |
Enter the user profile rate limit in kbps (Range: 0-2000000)
|
<number> |
Enter the scheduling weight for the user profile (Range: 0-1000)
|
user |
Set QoS parameters at the user level
|
<number> |
Enter the user rate limit in kbps (Range: 0-2000000)
|
qos |
Set QoS parameters at the Aerohive QoS class level
|
<number> |
Enter the Aerohive QoS class (Range: 0-7)
|
strict |
Set the scheduling mode as strict to forward traffic without queuing it
|
wrr |
Set the scheduling mode as WRR (weighted round robin) to queue traffic and use rate limits and weights to prioritize forwarding
|
<number> |
Enter the class rate limit in kbps (Range: 0-2000000)
|
<number> |
Enter the scheduling weight (Range: 0-1000; Note: If the scheduling mode is strict, its weight must be zero.)
|
radio profile <string> acsp access channel-auto-select time-range <time> <time> [ station <number> ]
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
acsp |
Set parameters for ACSP (Advanced Channel Selection Protocol)
|
access |
Set access point interface parameters
|
channel-auto-select |
Set conditions for automatically selecting radio channels
|
time-range |
Set the time range when a new radio channel can be selected (Note: During this time, the radio re-evaluates the channel in use. It might switch to a different channel or continue using the same channel.)
|
<time> |
Enter the start time (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
<time> |
Enter the end time (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
station |
Set the maximum number of stations that can be connected to the HiveAP when selecting a channel (If more are connected during the time range, no channel selection occurs.)
|
<number> |
Enter the station maximum (Range: 0-100; Default: 0)
|
radio profile <string> acsp channel-model 4-channels [ <channel_g4> ]
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
acsp |
Set parameters for ACSP (Advanced Channel Selection Protocol)
|
channel-model |
Set the pool of channels from which the radio can select the optimal channel
|
4-channels |
Set 4-channel model (Defaults: USA: 3 channels, 01-06-11, 01-04-08-11; Europe: 4 channels, 01-05-09-13, 01-06-11; Japan: 4 channels, 01-05-09-14, 01-06-11)
|
<channel_g4> |
Enter the pool of channels from which the radio can select one to use (Format: xx-xx-xx-xx;)
|
radio profile <string> acsp channel-model {3-channels} [ <channel_g3> ]
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
acsp |
Set parameters for ACSP (Advanced Channel Selection Protocol)
|
channel-model |
Set the pool of channels from which the radio can select the optimal channel
|
3-channels |
Set 3-channel model (Defaults: USA: 3 channels, 01-06-11, 01-04-08-11; Europe: 4 channels, 01-05-09-13, 01-06-11; Japan: 4 channels, 01-05-09-14, 01-06-11)
|
<channel_g3> |
Enter the pool of channels from which the radio can select one to use (Format: xx-xx-xx;)
|
radio profile <string> acsp interference-switch crc-err-threshold <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
acsp |
Set parameters for ACSP (Advanced Channel Selection Protocol)
|
interference-switch |
Set parameters for the collection of RF interference-related data and switch channels if the threshold is reached
|
crc-err-threshold |
Set an RF interference threshold based on the rate of CRC (cyclic redundancy check) errors (Note: If the rate of CRC errors exceeds this threshold, the HiveAP switches channels)
|
<number> |
Enter the threshold as a percent (Default: 25; Range: 10-80)
|
radio profile <string> acsp interference-switch iu-threshold <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
acsp |
Set parameters for ACSP (Advanced Channel Selection Protocol)
|
interference-switch |
Set parameters for the collection of RF interference-related data and switch channels if the threshold is reached
|
iu-threshold |
Set an RF interference threshold based on interference utilization (Note: If the percent of interference utilization exceeds this value, the HiveAP switches channels)
|
<number> |
Enter the threshold as a percent (Default: 25; Range: 10-80)
|
radio profile <string> acsp interference-switch {enable|no-station-enable|disable}
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
acsp |
Set parameters for ACSP (Advanced Channel Selection Protocol)
|
interference-switch |
Set parameters for the collection of RF interference-related data and switch channels if the threshold is reached
|
enable |
Enable the radio to switch channels if the RF interference threshold is reached (Default setting: no-station-enable)
|
no-station-enable |
Enable the radio to switch channels only if the RF interference threshold is reached and no stations are connected (Default setting: no-station-enable)
|
disable |
Disable the radio from switching channels because of RF interference-related data (Default setting: no-station-enable)
|
radio profile <string> backhaul failover [ trigger-time <number> ] [ hold-time <number> ]
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
backhaul |
Set parameters for failing over the backhaul link from Ethernet to wireless (Note: Only set this command on a HiveAP that acts as a portal.)
|
failover |
Enable backhaul communications to fail over to the wireless link if the Ethernet link goes down (Default: enabled)
|
trigger-time |
Set how long the Ethernet link must be down to trigger a failover to the wireless link
|
<number> |
Enter the failover trigger time in seconds (Default: 2; Range: 1-5)
|
hold-time |
Set how long the Ethernet link must be up to revert backhaul communications from wireless to Ethernet
|
<number> |
Enter the hold time in seconds (Default: 30; Range: 1-300)
|
radio profile <string> benchmark phymode 11a rate {6|9|12|18|24|36|48|54} success <number> usage <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
benchmark |
Set benchmark parameters for gauging the health of client connectivity
|
phymode |
Set the physical mode for which you want to measure client connectivity
|
11a |
Set benchmark parameters for 11a mode
|
rate |
Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
|
6 |
Enter the transmission rate
|
9 |
Enter the transmission rate
|
12 |
Enter the transmission rate
|
18 |
Enter the transmission rate
|
24 |
Enter the transmission rate
|
36 |
Enter the transmission rate
|
48 |
Enter the transmission rate
|
54 |
Enter the transmission rate
|
success |
Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
|
<number> |
Enter the percent for successfully transmitted packets (Range: 1-100)
|
usage |
Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
|
<number> |
Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
|
radio profile <string> benchmark phymode 11b rate {1|2|5.5|11} success <number> usage <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
benchmark |
Set benchmark parameters for gauging the health of client connectivity
|
phymode |
Set the physical mode for which you want to measure client connectivity
|
11b |
Set benchmark parameters for 11b mode
|
rate |
Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
|
1 |
Enter the transmission rate
|
2 |
Enter the transmission rate
|
5.5 |
Enter the transmission rate
|
11 |
Enter the transmission rate
|
success |
Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
|
<number> |
Enter the percent for successfully transmitted packets (Range: 1-100)
|
usage |
Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
|
<number> |
Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
|
radio profile <string> benchmark phymode 11g rate {1|2|5.5|11|6|9|12|18|24|36|48|54} success <number> usage <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
benchmark |
Set benchmark parameters for gauging the health of client connectivity
|
phymode |
Set the physical mode for which you want to measure client connectivity
|
11g |
Set benchmark parameters for 11g mode
|
rate |
Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
|
1 |
Enter the transmission rate
|
2 |
Enter the transmission rate
|
5.5 |
Enter the transmission rate
|
11 |
Enter the transmission rate
|
6 |
Enter the transmission rate
|
9 |
Enter the transmission rate
|
12 |
Enter the transmission rate
|
18 |
Enter the transmission rate
|
24 |
Enter the transmission rate
|
36 |
Enter the transmission rate
|
48 |
Enter the transmission rate
|
54 |
Enter the transmission rate
|
success |
Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
|
<number> |
Enter the percent for successfully transmitted packets (Range: 1-100)
|
usage |
Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
|
<number> |
Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
|
radio profile <string> benchmark phymode 11n rate {6|9|12|18|24|36|48|54|mcs0|mcs1|mcs2|mcs3|mcs4|mcs5|mcs6|mcs7} success <number> usage <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
benchmark |
Set benchmark parameters for gauging the health of client connectivity
|
phymode |
Set the physical mode for which you want to measure client connectivity
|
11n |
Set benchmark parameters for 11n mode
|
rate |
Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
|
6 |
Enter the transmission rate
|
9 |
Enter the transmission rate
|
12 |
Enter the transmission rate
|
18 |
Enter the transmission rate
|
24 |
Enter the transmission rate
|
36 |
Enter the transmission rate
|
48 |
Enter the transmission rate
|
54 |
Enter the transmission rate
|
mcs0 |
Enter the transmission rate
|
mcs1 |
Enter the transmission rate
|
mcs2 |
Enter the transmission rate
|
mcs3 |
Enter the transmission rate
|
mcs4 |
Enter the transmission rate
|
mcs5 |
Enter the transmission rate
|
mcs6 |
Enter the transmission rate
|
mcs7 |
Enter the transmission rate
|
success |
Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
|
<number> |
Enter the percent for successfully transmitted packets (Range: 1-100)
|
usage |
Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
|
<number> |
Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
|
radio profile <string> tx-rate {auto|1Mbps|2Mbps|5.5Mbps|6Mbps|9Mbps|11Mbps|12Mbps|18Mbps|24Mbps|36Mbps|48Mbps|54Mbps|MCS0|MCS1|MCS2|MCS3| MCS4|MCS5|MCS6|MCS7}
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
tx-rate |
Set the Tx (transmission) rate for the radio profile
|
auto |
Set the radio to determine its transmission rate automatically (Default: auto; Range: 1-54 Mbps)
|
1Mbps |
Set the transmit rate as 1Mbps (Only for 802.11bg and 802.11ng)
|
2Mbps |
Set the transmit rate as 2Mbps (Only for 802.11bg and 802.11ng)
|
5.5Mbps |
Set the transmit rate as 5.5Mbps (Only for 802.11bg and 802.11ng)
|
6Mbps |
Set the transmit rate as 6Mbps
|
9Mbps |
Set the transmit rate as 9Mbps
|
11Mbps |
Set the transmit rate as 11Mbps (Only for 802.11bg and 802.11ng)
|
12Mbps |
Set the transmit rate as 12Mbps
|
18Mbps |
Set the transmit rate as 18Mbps
|
24Mbps |
Set the transmit rate as 24Mbps
|
36Mbps |
Set the transmit rate as 36Mbps
|
48Mbps |
Set the transmit rate as 48Mbps
|
54Mbps |
Set the transmit rate as 54Mbps
|
MCS0 |
Set the transmit rate as MCS0
|
MCS1 |
Set the transmit rate as MCS1
|
MCS2 |
Set the transmit rate as MCS2
|
MCS3 |
Set the transmit rate as MCS3
|
MCS4 |
Set the transmit rate as MCS4
|
MCS5 |
Set the transmit rate as MCS5
|
MCS6 |
Set the transmit rate as MCS6
|
MCS7 |
Set the transmit rate as MCS7
|
radio profile <string> wmm ac {background|best-effort|video|voice} aifs <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
wmm |
Set Wi-Fi Multimedia parameters
|
ac |
Set Access Category parameters
|
background |
Set background access category parameters
|
best-effort |
Set best-effort access category parameters
|
video |
Set video access category parameters
|
voice |
Set voice access category parameters
|
aifs |
Set AIFS (arbitration interframe space) parameters
|
<number> |
Set the AIFS value (Range: 0-15)
|
radio profile <string> wmm ac {background|best-effort|video|voice} cwmax <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
wmm |
Set Wi-Fi Multimedia parameters
|
ac |
Set Access Category parameters
|
background |
Set background access category parameters
|
best-effort |
Set best-effort access category parameters
|
video |
Set video access category parameters
|
voice |
Set voice access category parameters
|
cwmax |
Set maximal contention window parameters
|
<number> |
contention window maximal value (Range: 1-15)
|
radio profile <string> wmm ac {background|best-effort|video|voice} cwmin <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
wmm |
Set Wi-Fi Multimedia parameters
|
ac |
Set Access Category parameters
|
background |
Set background access category parameters
|
best-effort |
Set best-effort access category parameters
|
video |
Set video access category parameters
|
voice |
Set voice access category parameters
|
cwmin |
Set minimal contention window parameters
|
<number> |
Set contention window minimal value (Range: 1-15)
|
radio profile <string> wmm ac {background|best-effort|video|voice} noack
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
wmm |
Set Wi-Fi Multimedia parameters
|
ac |
Set Access Category parameters
|
background |
Set background access category parameters
|
best-effort |
Set best-effort access category parameters
|
video |
Set video access category parameters
|
voice |
Set voice access category parameters
|
noack |
Set no acknowledgments
|
radio profile <string> wmm ac {background|best-effort|video|voice} txoplimit <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
wmm |
Set Wi-Fi Multimedia parameters
|
ac |
Set Access Category parameters
|
background |
Set background access category parameters
|
best-effort |
Set best-effort access category parameters
|
video |
Set video access category parameters
|
voice |
Set voice access category parameters
|
txoplimit |
Set transmission opportunity limit parameters
|
<number> |
Set transmission opportunity limit value (Range: 0-8192; Note: Your input must be multiples of 32)
|
report statistic alarm-threshold client {tx-drop-rate|rx-drop-rate|tx-retry-rate|airtime-consumption} <number>
|
report |
Set the parameters for gathering traffic statistics and reporting them to HiveManager
|
statistic |
Set the periodic reporting of interface-level and client-level traffic statistics
|
alarm-threshold |
Set the alarm threshold for the CRC error rate, Tx/Rx drop rate, and Tx retry rate(Note: If the rate exceeds the threshold, the HiveAP sends an alarm to HiveManager.)
|
client |
Set the Tx/Rx drop rate, Tx retry rate, and airtime consumption alarm threshold of clients
|
tx-drop-rate |
Set the Tx drop rate alarm threshold for clients (Default: 40%)
|
rx-drop-rate |
Set the Rx drop rate alarm threshold for clients (Default: 40%)
|
tx-retry-rate |
Set the Tx retry rate alarm threshold for clients (Default: 40%)
|
airtime-consumption |
Set the airtime consumption (Tx airtime percentage + Rx airtime percentage) alarm threshold for clients (Default: 30%)
|
<number> |
Enter the alarm threshold (Range: 1-100)
|
report statistic alarm-threshold interface {crc-error-rate|tx-drop-rate|rx-drop-rate|tx-retry-rate|airtime-consumption} <number>
|
report |
Set the parameters for gathering traffic statistics and reporting them to HiveManager
|
statistic |
Set the periodic reporting of interface-level and client-level traffic statistics
|
alarm-threshold |
Set the alarm threshold for the CRC error rate, Tx/Rx drop rate, and Tx retry rate(Note: If the rate exceeds the threshold, the HiveAP sends an alarm to HiveManager.)
|
interface |
Set the CRC error rate, Tx/Rx drop rate, Tx retry rate, and airtime consumption alarm threshold of wifi interfaces
|
crc-error-rate |
Set CRC error rate alarm threshold for the wifi interfaces (Default: 30%)
|
tx-drop-rate |
Set the Tx drop rate alarm threshold for the wifi interfaces (Default: 40%)
|
rx-drop-rate |
Set the Rx drop rate alarm threshold for the wifi interfaces (Default: 40%)
|
tx-retry-rate |
Set the Tx retry rate alarm threshold for the wifi interfaces (Default: 40%)
|
airtime-consumption |
Set the airtime consumption (Tx airtime percentage + Rx airtime percentage) alarm threshold for the wifi interfaces (Default: 50%)
|
<number> |
Enter the alarm threshold (Range: 1-100)
|
routing match-map <string> from {iprange} <ip_addr> <ip_addr> to {hostname} <string>
|
routing |
Set routing parameters
|
match-map |
Set match-map parameters for a routing policy
|
<string> |
Enter match map name (1-32 chars)
|
from |
Apply the policy based on the traffic source prefix
|
iprange |
Set a range of IP addresses as the traffic source
|
<ip_addr> |
Entry start source IP address
|
<ip_addr> |
Entry end source IP address
|
to |
Apply the policy based on the traffic destination prefix
|
hostname |
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
|
<string> |
Enter an destination hostname
|
routing match-map <string> from {iprange} <ip_addr> <ip_addr> to {network} <ip_addr/netmask>
|
routing |
Set routing parameters
|
match-map |
Set match-map parameters for a routing policy
|
<string> |
Enter match map name (1-32 chars)
|
from |
Apply the policy based on the traffic source prefix
|
iprange |
Set a range of IP addresses as the traffic source
|
<ip_addr> |
Entry start source IP address
|
<ip_addr> |
Entry end source IP address
|
to |
Apply the policy based on the traffic destination prefix
|
network |
Set a network as the traffic destination
|
<ip_addr/netmask> |
Enter an destination IP address
|
routing match-map <string> {iif} <ethx> to {hostname} <string>
|
routing |
Set routing parameters
|
match-map |
Set match-map parameters for a routing policy
|
<string> |
Enter match map name (1-32 chars)
|
iif |
Apply the policy based on the traffic incoming LAN interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
to |
Apply the policy based on the traffic destination prefix
|
hostname |
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
|
<string> |
Enter an destination hostname
|
routing match-map <string> {iif} <ethx> to {network} <ip_addr/netmask>
|
routing |
Set routing parameters
|
match-map |
Set match-map parameters for a routing policy
|
<string> |
Enter match map name (1-32 chars)
|
iif |
Apply the policy based on the traffic incoming LAN interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
to |
Apply the policy based on the traffic destination prefix
|
network |
Set a network as the traffic destination
|
<ip_addr/netmask> |
Enter an destination IP address
|
routing route-map <string> via <ethx|usbnetx|wifix>
|
routing |
Set routing parameters
|
route-map |
Set route-map parameters for a routing policy
|
<string> |
Enter route map name (1-32 chars)
|
via |
Specify the nexthop of traffic
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
<usbnetx> |
Enter the name of the wireless USB modem interface, where x = 0
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0
|
save config <location> bootstrap
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
bootstrap |
Save a configuration to the bootstrap configuration
|
save config <location> current
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
current |
Save a configuration to the current configuration
|
save config <location> current <time> [ <date> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
current |
Save a configuration to the current configuration
|
<time> |
Enter the time that you want the system to reboot (Format: hh:mm:ss)
|
<date> |
Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
|
save config <location> current now
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
current |
Save a configuration to the current configuration
|
now |
Save the configuration and reboot the system immediately
|
save config <location> current offset <time>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
current |
Save a configuration to the current configuration
|
offset |
Set a relative time for the system to reboot
|
<time> |
Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
|
save config <url> bootstrap [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
bootstrap |
Save the config file for the HiveAP to use as its bootstrap configuration, which is the one it loads if it fails to load the current and backup config files or if you enter the 'reset config' command
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save config <url> current <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
current |
Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
|
<time> |
Enter the time that you want the system to reboot (Format: hh:mm:ss)
|
<date> |
Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save config <url> current [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
current |
Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
|
now |
Save the configuration and reboot the system immediately
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save config <url> current offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
current |
Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
|
offset |
Set a relative time for the system to reboot
|
<time> |
Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save config bootstrap <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
bootstrap |
Save the bootstrap configuration to a remote server
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save config current <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
current |
Save the current configuration to a remote server or to the bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save config {current|bootstrap} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
current |
Save the current configuration to a remote server or to the bootstrap config
|
bootstrap |
Save the bootstrap configuration to a remote server
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save dhcp-fingerprint {option55} <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
dhcp-fingerprint |
Save a fingerprint file of DHCP options for client OS detection
|
option55 |
Save a fingerprint file of various parameter request lists mapped to client operating systems (Note: DHCP clients include unique lists in DHCP option 55 when sending DHCPDISCOVER messages. By comparing those lists with the fingerprints in the file, client operating systems can be detected.)
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save dhcp-fingerprint {option55} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
dhcp-fingerprint |
Save a fingerprint file of DHCP options for client OS detection
|
option55 |
Save a fingerprint file of various parameter request lists mapped to client operating systems (Note: DHCP clients include unique lists in DHCP option 55 when sending DHCPDISCOVER messages. By comparing those lists with the fingerprints in the file, client operating systems can be detected.)
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save image <location> <time> [ <date> ] [ limit <number> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
<time> |
Enter the time that you want the system to reboot (Format: hh:mm:ss)
|
<date> |
Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
|
limit |
Limit the amount of bandwidth used for uploading the image file
|
<number> |
Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
|
save image <location> [ {now} ] [ limit <number> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
now |
Save the image and reboot the system immediately
|
limit |
Limit the amount of bandwidth used for uploading the image file
|
<number> |
Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
|
save image <location> offset <time> [ limit <number> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
offset |
Set a relative time for the system to reboot
|
<time> |
Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
|
limit |
Limit the amount of bandwidth used for uploading the image file
|
<number> |
Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
|
save image <url> <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
<time> |
Enter the time that you want the system to reboot (Format: hh:mm:ss)
|
<date> |
Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save image <url> [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
now |
Save the image and reboot the system immediately
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save image <url> offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
offset |
Set a relative time for the system to reboot
|
<time> |
Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save signature-file <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
signature-file |
Remote image used for L7 application
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save users <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
users |
Save private PSK (preshared key) configurations
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save users <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
users |
Save private PSK (preshared key) configurations
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save vpn {ca-cert|ee-cert|private-key} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
vpn |
Save a VPN certificate or private key file
|
ca-cert |
Save a CA (certificate authority) certificate for the HiveAP to verify its IKE peer's certificate
|
ee-cert |
Save an end-entity certificate for the HiveAP to use when authenticating itself to an IKE peer
|
private-key |
Save the private key for the HiveAP to use when creating its RSA signature
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save vpn {ee-cert|private-key|ca-cert} <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
vpn |
Save a VPN certificate or private key file
|
ee-cert |
Save an end-entity certificate for the HiveAP to use when authenticating itself to an IKE peer
|
private-key |
Save the private key for the HiveAP to use when creating its RSA signature
|
ca-cert |
Save a CA (certificate authority) certificate for the HiveAP to verify its IKE peer's certificate
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save web-page [ ppsk-self-reg ] web-directory <string> <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
web-page |
Save a file for use with the internal web server
|
ppsk-self-reg |
Save a file to the private PSK self-registration web directory (Note: The HiveAP, as a private PSK server, uses these files to respond to self-registration requests.)
|
web-directory |
Save a file to a specific web directory
|
<string> |
Enter the web directory name
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save web-page [ ppsk-self-reg ] web-directory <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
web-page |
Save a file for use with the internal web server
|
ppsk-self-reg |
Save a file to the private PSK self-registration web directory (Note: The HiveAP, as a private PSK server, uses these files to respond to self-registration requests.)
|
web-directory |
Save a file to a specific web directory
|
<string> |
Enter the web directory name
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save web-server-key <number> <location> [ comment <string> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
web-server-key |
Save certificate files for the internal web server to use
|
<number> |
Enter key file index for the internal web server (Range : 0-15)
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
comment |
Enter a comment
|
<string> |
Enter a comment (max 64 chars)
|
save web-server-key <number> <url> [ comment <string> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
web-server-key |
Save certificate files for the internal web server to use
|
<number> |
Enter key file index for the internal web server (Range : 0-15)
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
comment |
Set a comment about the certificate file
|
<string> |
Enter the comment (1-64 chars)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save {_kernel|_kddr} {new|all} <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
_kernel |
Save ktrace from the HiveAP to a remote server
|
_kddr |
Save kddr from the HiveAP to a remote server
|
new |
only new kinfo file(Default: new)
|
all |
all the kinfo file(Default:new)
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save {_kernel|_kddr} {new|all} <url> [ admin <string> password <string> {basic|digest} ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
_kernel |
Save ktrace from the HiveAP to a remote server
|
_kddr |
Save kddr from the HiveAP to a remote server
|
new |
only new kinfo file(Default: new)
|
all |
all the kinfo file(Default:new)
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
save {capture} local <string> <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
capture |
Save a packet capture file stored locally to a remote server
|
local |
Save a locally stored packet capture file to a remote server
|
<string> |
Enter the file name to upload to a remote server
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save {capture} local <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
capture |
Save a packet capture file stored locally to a remote server
|
local |
Save a locally stored packet capture file to a remote server
|
<string> |
Enter the file name to upload to a remote server
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
schedule <string> once <date> <time> to <date> <time> [ time-zone <number> ] [ comment <string> ]
|
schedule |
Set a schedule to control the application of user profiles and the availability of SSIDs
|
<string> |
Enter a schedule name (1-32 chars)
|
once |
Set a one-time schedule
|
<date> |
Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
<time> |
Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a date and time range
|
<date> |
Enter an end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
<time> |
Enter an end time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-zone |
Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
|
<number> |
Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
|
comment |
Write a comment about the schedule for future reference
|
<string> |
Enter a comment about the schedule (max 128 chars)
|
schedule <string> ppsk once <date> <time> to <date> <time> [ time-zone <number> ] [ comment <string> ]
|
schedule |
Set a schedule to control the application of user profiles and the availability of SSIDs
|
<string> |
Enter a schedule name (1-32 chars)
|
ppsk |
Set a schedule to determine the validity period for the private PSK users to which the schedule is applied
|
once |
Set a one-time schedule
|
<date> |
Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
<time> |
Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a date and time range
|
<date> |
Enter an end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
<time> |
Enter an end time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-zone |
Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
|
<number> |
Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
|
comment |
Write a comment about the schedule for future reference
|
<string> |
Enter a comment about the schedule (max 128 chars)
|
schedule <string> ppsk recurrent [ date-range <date> [ to <date> ] ] [ weekday <string> ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ] [ comment <string> ]
|
schedule |
Set a schedule to control the application of user profiles and the availability of SSIDs
|
<string> |
Enter a schedule name (1-32 chars)
|
ppsk |
Set a schedule to determine the validity period for the private PSK users to which the schedule is applied
|
recurrent |
Set a recurrent schedule
|
date-range |
Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
|
<date> |
Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
to |
Set a date range (If you do not want to set an end date, do not use this option.)
|
<date> |
Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
weekday |
Set the weekdays during which private PSK users are valid
|
<string> |
Enter one or more numbers to indicate which days the schedule is applied (1=Sunday, 2=Monday, ... 7=Saturday; Examples: 246=Monday, Wednesday, Friday; 23456=Monday-Friday; 1234567=everyday)
|
time-range |
Set a time range during which the schedule will be applied on each scheduled day
|
<time> |
Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a time range
|
<time> |
Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-range |
Set a second time range for the schedule
|
<time> |
Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a time range
|
<time> |
Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-zone |
Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
|
<number> |
Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
|
comment |
Write a comment about the schedule for future reference
|
<string> |
Enter a comment about the schedule (max 128 chars)
|
schedule <string> recurrent [ date-range <date> [ to <date> ] ] [ weekday-range {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} [ to {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} ] ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ] [ comment <string> ]
|
schedule |
Set a schedule to control the application of user profiles and the availability of SSIDs
|
<string> |
Enter a schedule name (1-32 chars)
|
recurrent |
Set a recurrent schedule
|
date-range |
Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
|
<date> |
Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
to |
Set a date range (If you do not want to set an end date, do not use this option.)
|
<date> |
Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
weekday-range |
Apply the schedule on specific days of the week (To apply the schedule everyday, do not use this option.)
|
Monday |
Apply the schedule on every Monday within the date range
|
Tuesday |
Apply the schedule on every Tuesday within the date range
|
Wednesday |
Apply the schedule on every Wednesday within the date range
|
Thursday |
Apply the schedule on every Thursday within the date range
|
Friday |
Apply the schedule on every Friday within the date range
|
Saturday |
Apply the schedule on every Saturday within the date range
|
Sunday |
Apply the schedule on every Sunday within the date range
|
to |
Set a range of weekdays during which the schedule will be applied (Example: monday to friday)
|
Monday |
Apply the schedule on every Monday within the date range
|
Tuesday |
Apply the schedule on every Tuesday within the date range
|
Wednesday |
Apply the schedule on every Wednesday within the date range
|
Thursday |
Apply the schedule on every Thursday within the date range
|
Friday |
Apply the schedule on every Friday within the date range
|
Saturday |
Apply the schedule on every Saturday within the date range
|
Sunday |
Apply the schedule on every Sunday within the date range
|
time-range |
Set a time range during which the schedule will be applied on each scheduled day
|
<time> |
Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a time range
|
<time> |
Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-range |
Set a second time range for the schedule
|
<time> |
Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a time range
|
<time> |
Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-zone |
Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
|
<number> |
Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
|
comment |
Write a comment about the schedule for future reference
|
<string> |
Enter a comment about the schedule (max 128 chars)
|
security mac-filter <string> address <mac_addr> {permit|deny} [ comment <string> ]
|
security |
Set the security parameters
|
mac-filter |
Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
|
<string> |
Enter the filter name for MAC addresses or OUIs (1-32 chars)
|
address |
Set MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
permit |
Set the action of the specified MAC to permit
|
deny |
Set the action of the specified MAC to deny
|
comment |
Enter a comment
|
<string> |
Enter a comment (max 64 chars)
|
security mac-filter <string> oui <oui> {permit|deny} [ comment <string> ]
|
security |
Set the security parameters
|
mac-filter |
Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
|
<string> |
Enter the filter name for MAC addresses or OUIs (1-32 chars)
|
oui |
Set the OUI used to identify a vendor
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
permit |
Set the action of the specified OUI to permit
|
deny |
Set the action of the specified OUI to deny
|
comment |
Enter a comment
|
<string> |
Enter a comment (max 64 chars)
|
security-object <string> security aaa radius-server account-interim-interval <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
account-interim-interval |
Set the interval in seconds for sending RADIUS accounting updates
|
<number> |
Enter the interval in seconds for sending RADIUS accounting updates (Default: 20 secs; Range: 10-100000000)
|
security-object <string> security aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
accounting |
Set parameters for a RADIUS accounting server
|
primary |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets first
|
backup1 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the primary server does not respond
|
backup2 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup1 server does not respond
|
backup3 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup2 server does not respond
|
<ip_addr> |
Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
|
<string> |
Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
|
shared-secret |
Set the shared secret for securing communications with RADIUS accounting servers
|
<string> |
Enter the shared secret (1-64 chars)
|
acct-port |
Set the RADIUS accounting port number
|
<number> |
Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
security-object <string> security aaa radius-server inject Operator-Name
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
inject |
Set injection parameters for RADIUS Access-Request and Accounting-Request packets
|
Operator-Name |
Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
|
security-object <string> security aaa radius-server retry-interval <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
retry-interval |
Set RADIUS server retry interval
|
<number> |
Enter RADIUS server retry interval (Default: 600 secs; Range: 60-100000000)
|
security-object <string> security aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
primary |
Set the RADIUS server that is first queried when authenticating users
|
backup1 |
Set the RADIUS server that is queried if the primary server stops responding
|
backup2 |
Set the RADIUS server that is queried if the backup1 server stops responding
|
backup3 |
Set the RADIUS server that is queried if the backup2 server stops responding
|
<ip_addr> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
<string> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
shared-secret |
Set the shared secret for authenticating communications with a RADIUS server
|
<string> |
Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
|
auth-port |
Set the RADIUS authentication port number
|
<number> |
Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
|
acct-port |
Set the RADIUS accounting port number
|
<number> |
Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
security-object <string> security aaa user-profile-mapping attribute-id <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
user-profile-mapping |
Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
|
attribute-id |
Set an ID for a RADIUS attribute that contains the text that maps to the user profile (Default: 11; Note: Attribute ID 11 corresponds to the Filter-ID RADIUS attribute.)
|
<number> |
Enter the RADIUS attribute ID number (Range: 1-255)
|
security-object <string> security aaa user-profile-mapping vendor-id <number> attribute-id <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
user-profile-mapping |
Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
|
vendor-id |
Set a vendor ID RADIUS attribute
|
<number> |
Enter the vendor ID number (Range: 1-65535)
|
attribute-id |
Set an ID for a private RADIUS attribute
|
<number> |
Enter the private RADIUS attribute ID number to be combined with the vendor ID number (Range: 1-255)
|
security-object <string> security additional-auth-method captive-web-portal [ reg-user-profile-attr <number> ] [ auth-user-profile-attr <number> ] [ timeout <number> ] [ timer-display ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
reg-user-profile-attr |
Set the registered user profile attribute
|
<number> |
Enter the registered user profile attribute (Default: 0; Range: 0-4095)
|
auth-user-profile-attr |
Set the default authenticated user profile
|
<number> |
Enter the default authenticated user profile (Default: 0; Range: 0-4095)
|
timeout |
Set the default timeout for a registered user's session (Note: A timeout provided by an external authentication server overrides this setting.)
|
<number> |
Enter the timeout in minutes (Default: 720 mins; Range: 1-120960)
|
timer-display |
Enable timer-display windows to communicate login and session information
|
security-object <string> security additional-auth-method captive-web-portal auth-method [ {pap|chap|ms-chap-v2} ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
auth-method |
Set the CWP (captive web portal) user authentication method
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
chap |
Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
security-object <string> security additional-auth-method captive-web-portal default-language {chinese-simple|chinese-traditional|dutch|english|french|german|italian|korean|spanish}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
default-language |
Set the default language for the captive web portal web pages
|
chinese-simple |
Set Simple Chinese as the default language
|
chinese-traditional |
Set Traditional Chinese as the default language
|
dutch |
Set Dutch as the default language
|
english |
Set English as the default language
|
french |
Set French as default language
|
german |
Set German as the default language
|
italian |
Set Italian as the default language
|
korean |
Set Korean as the default language
|
spanish |
Set Spanish as the default language
|
security-object <string> security additional-auth-method captive-web-portal external-server {primary} login-page <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
external-server |
Set parameters for the primary or backup external captive web portal server
|
primary |
Set parameters for the primary external captive web portal server
|
login-page |
Set the login page to which the HiveAP redirects traffic from unregistered users
|
<string> |
Enter the login page URL (1-256 chars; Format: http:///.php/; Example: http://10.1.1.20/weblogin.php/5)
|
security-object <string> security additional-auth-method captive-web-portal external-server {primary} password-encryption uam-basic
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
external-server |
Set parameters for the primary or backup external captive web portal server
|
primary |
Set parameters for the primary external captive web portal server
|
password-encryption |
Set the method for encrypting the user password that the HiveAP forwards to the RADIUS server
|
uam-basic |
Set the encryption method as UAM (User Authentication Module)-Basic (Note: The HiveAP uses XOR to recover the password encrypted by the external CWP and sends it to the RADIUS server. PAP, CHAP, or MSCHAPv2 can be used. Default: No encryption)
|
security-object <string> security additional-auth-method captive-web-portal external-server {primary} password-encryption uam-shared <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
external-server |
Set parameters for the primary or backup external captive web portal server
|
primary |
Set parameters for the primary external captive web portal server
|
password-encryption |
Set the method for encrypting the user password that the HiveAP forwards to the RADIUS server
|
uam-shared |
Set the encryption method as UAM-Shared (Note: The HiveAP sends the user password encrypted by the external CWP and the means for the RADIUS server to perform the same operation and validate the user's password by comparing results. CHAP must be used. Default: No encryption)
|
<string> |
Enter the shared secret (1-128 chars)
|
security-object <string> security additional-auth-method captive-web-portal external-server {primary} {success-register|no-roaming-at-login|no-radius-auth}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
external-server |
Set parameters for the primary or backup external captive web portal server
|
primary |
Set parameters for the primary external captive web portal server
|
success-register |
Permit network access without first disconnecting the client after it registers on the external captive web portal (Default: Permit network access only after an initial client disconnection)
|
no-roaming-at-login |
Disable roaming support for clients while they log in (Default: Enabled)
|
no-radius-auth |
Disable RADIUS authentication when the external captive web portal returns an attribute indicating that the user has already been authenticated
|
security-object <string> security additional-auth-method captive-web-portal failure-redirect external-page <string> [ delay <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
failure-redirect |
Set options for the page shown to a user after an unsuccessful registration attempt
|
external-page |
Display a page stored on an external web server that indicates the login attempt was unsuccessful
|
<string> |
Enter the URL for the page on the external web server (1-256 chars; Format: http:///.html or https: ///.html)
|
delay |
Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
|
<number> |
Enter the length of time in seconds that the HiveAP displays the message (Default: 5; Range: 5-60)
|
security-object <string> security additional-auth-method captive-web-portal failure-redirect login-page [ delay <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
failure-redirect |
Set options for the page shown to a user after an unsuccessful registration attempt
|
login-page |
Display the login page again
|
delay |
Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
|
<number> |
Enter the length of time that the HiveAP displays the message (Default: 5 seconds; Range: 5-60 seconds)
|
security-object <string> security additional-auth-method captive-web-portal internal-pages {no-success-page|no-failure-page}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
internal-pages |
Set options for showing pages stored internally on the HiveAP
|
no-success-page |
Do not display the success page stored on the HiveAP when a registration attempt is successful (Default: Display)
|
no-failure-page |
Do not display the failure page stored on the HiveAP when a registration attempt is unsuccessful (Default: Display)
|
security-object <string> security additional-auth-method captive-web-portal pass-through vlan <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
pass-through |
Set the captive web portal to pass DHCP, DNS, and ICMP traffic from unregistered users to external servers
|
vlan |
Set the VLAN ID to assign users before and after registration (Note: This setting overrides any VLAN ID set locally or received from a RADIUS server.)
|
<number> |
Enter a CWP VLAN ID (Range: 1-4094)
|
security-object <string> security additional-auth-method captive-web-portal process-sip-info block-redirect <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
process-sip-info |
Enable the captive web portal to process library SIP information (Default: Enabled)
|
block-redirect |
Set the page that appears when a library patron logs in but is denied network access because of overdue fines
|
<string> |
Enter the URL for the page to which the patron is redirected to submit payment (Max 256 chars; Format: http:///.html or https: ///.html)
|
security-object <string> security additional-auth-method captive-web-portal report-guest-info
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
report-guest-info |
Enable the reporting to HiveManager of information that guests enter during registration, such as their first and last names, email address, the person they are visiting, and so on (Default: Disabled)
|
security-object <string> security additional-auth-method captive-web-portal self-reg-via-idm api <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
self-reg-via-idm |
Enable self register via ID Mananger (Default: Disabled)
|
api |
Set the URL of the API for register via ID Mananger
|
<string> |
Enter the URL of API (1-256 chars)
|
security-object <string> security additional-auth-method captive-web-portal self-reg-via-idm crl-file <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
self-reg-via-idm |
Enable self register via ID Mananger (Default: Disabled)
|
crl-file |
Set the URL of the CRL file for validate the ID Manager server certificate
|
<string> |
Enter the URL of CRL file (1-256 chars)
|
security-object <string> security additional-auth-method captive-web-portal server-name <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
server-name |
Set a domain name for the local web server (Default server name: IP address of the interface on which the captive web portal will operate; Note: The authoritative DNS server must be configured to resolve this domain name to the interface IP address.)
|
<string> |
Enter the domain name for the web server (1-32 chars)
|
security-object <string> security additional-auth-method captive-web-portal server-name cert-dn
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
server-name |
Set a domain name for the local web server (Default server name: IP address of the interface on which the captive web portal will operate; Note: The authoritative DNS server must be configured to resolve this domain name to the interface IP address.)
|
cert-dn |
Set the same domain name as the CN value in the certificate that the captive web portal uses for HTTPS (Note: The CN must be a valid domain name that can be resolved to the IP address of the interface hosting the portal. The CN max length is 32 chars.)
|
security-object <string> security additional-auth-method captive-web-portal success-redirect external-page <string> [ delay <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
success-redirect |
Set options for displaying the page shown to a user after a successful registration
|
external-page |
Display a page stored on an external web server
|
<string> |
Enter the URL for the page on the external web server (1-256 chars; Format: http:///.html or https: ///.html)
|
delay |
Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
|
<number> |
Enter the length of time in seconds that the HiveAP displays the message (Default: 5; Range: 5-60)
|
security-object <string> security additional-auth-method captive-web-portal success-redirect original-page [ delay <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
success-redirect |
Set options for displaying the page shown to a user after a successful registration
|
original-page |
Display the original page that the user requested
|
delay |
Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
|
<number> |
Enter the length of time that the HiveAP displays the message (Default: 5 seconds; Range: 5-60 seconds)
|
security-object <string> security additional-auth-method captive-web-portal timer-display alert <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
timer-display |
Enable timer-display windows to communicate login and session information
|
alert |
Notify users when their session is about to expire
|
<number> |
Enter the interval before the session expires in minutes (Default: 5 mins; Range: 1-30)
|
security-object <string> security additional-auth-method mac-based-auth [ {auth-method} {pap|chap|ms-chap-v2} ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mac-based-auth |
Use client MAC addresses as user names and passwords for RADIUS authentication (Default: Disabled)
|
auth-method |
Set user authentication method
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
chap |
Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
security-object <string> security auth-mode {port-based} [ failure-user-profile-attr <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
auth-mode |
Set the authentication mode (Default: port based)
|
port-based |
Limit 802.1X authentication to a single host per port
|
failure-user-profile-attr |
Set the user profile attribute to assign users who do not pass the authentication check
|
<number> |
Enter the failure user profile attribute (Range: 0-4095)
|
security-object <string> security preauth [ interface <ethx|wifix.y> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
preauth |
Set an interface to accept pre-authenticated 802.1X frames for fast roaming
|
interface |
Set an interface to accept pre-authenticated 802.1X frames for fast roaming
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0; y: 1-16)
|
security-object <string> security private-psk radius-auth [ {pap|chap|ms-chap-v2} ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
private-psk |
Set the parameters for creating individual user PSKs (preshared keys)
|
radius-auth |
Enable the HiveAP to forward authentication checks for private PSKs to an external RADIUS server and set the method for authenticating communications with it (Default: disabled)
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
chap |
Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
security-object <string> security protocol-suite wep-open <number> {hex-key|ascii-key} <string> [ default ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wep-open |
Set the security protocol suite as preshared-key key management, WEP40/WEP104 encryption, and open authentication
|
<number> |
Enter the index to identify one of 4 possible WEP keys (Default: 0; Range: 0-3)
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ascii-key: a 5(WEP40)/13(WEP104) characters key; hex-key: a 10(WEP40)/26(WEP104) digit hex key)
|
default |
Set the current key as the default WEP key
|
security-object <string> security protocol-suite wep-shared <number> {hex-key|ascii-key} <string> [ default ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wep-shared |
Set the security protocol suite as preshared-key key management, WEP40/WEP104 encryption, and preshared-key authentication
|
<number> |
Enter the index to identify one of 4 possible WEP keys (Range: 0-3)
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ascii-key: a 5(WEP40)/13(WEP104) characters key; hex-key: a 10(WEP40)/26(WEP104) digit hex key)
|
default |
Set the current key as the default WEP key
|
security-object <string> security protocol-suite wpa-aes-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-aes-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval in seconds for rekeying the GMK (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa-aes-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-aes-psk |
Set the security protocol suite as WPA-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval in seconds for rekeying the GMK (Range: 0 or 600-50000000, where 0 means disabled; Default: Disabled)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa-auto-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ roaming proactive-pmkid-response ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-auto-8021x |
Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval in seconds for rekeying the GMK (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
roaming |
Set roaming parameters for the protocol suite
|
proactive-pmkid-response |
Respond to a client sending an empty PMK (pairwise master key) ID list with a cached PMK ID (Default: Disabled)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa-auto-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-auto-psk |
Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa-tkip-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-tkip-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
rekey-period |
Set the period after which a new group temporarey key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa-tkip-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-tkip-psk |
Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval in seconds for rekeying the GMK (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa2-aes-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ roaming proactive-pmkid-response ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa2-aes-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval in seconds for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-Seconds, where 0 means disabled)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
roaming |
Set roaming parameters for the protocol suite
|
proactive-pmkid-response |
Respond to a client sending an empty PMK (Pairwise Master Key) ID list with a cached PMK ID (Default: disabled)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa2-aes-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa2-aes-psk |
Set the security protocol suite as WPA2-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period after which a new group temporal key replaces the current one (Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa2-tkip-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ roaming proactive-pmkid-response ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa2-tkip-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
roaming |
Set roaming parameters for the protocol suite
|
proactive-pmkid-response |
Respond to a client sending an empty PMK (pairwise master key) ID list with a cached PMK ID (Default: Disabled)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa2-tkip-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa2-tkip-psk |
Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-aes-8021x|wpa2-aes-8021x} reauth-interval <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-auto-8021x |
Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
|
wpa-tkip-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa2-tkip-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa-aes-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
|
wpa2-aes-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
|
reauth-interval |
Set the default interval for reauthenticating users
|
<number> |
Enter the default reauth interval in seconds (Range: 600-86400; Default: Disabled)
|
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-auto-psk|wpa-tkip-psk|wpa2-tkip-psk|wpa-aes-psk|wpa2-aes-psk|wpa-aes-8021x|wpa2-aes-8021x} replay-window <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-auto-8021x |
Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
|
wpa-tkip-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa2-tkip-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa-auto-psk |
Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
|
wpa-tkip-psk |
Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
|
wpa2-tkip-psk |
Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
|
wpa-aes-psk |
Set the security protocol suite as WPA-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
|
wpa2-aes-psk |
Set the security protocol suite as WPA2-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
|
wpa-aes-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
|
wpa2-aes-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
|
replay-window |
Set a window size within which the HiveAP accepts replies to previously sent messages during 4-way handshakes
|
<number> |
Enter the number of packets prior to the one most recently sent to which the HiveAP will accept a reply (Default: 0; Range: 0-10)
|
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-auto-psk|wpa-tkip-psk|wpa2-tkip-psk} local-tkip-counter-measure
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-auto-8021x |
Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
|
wpa-tkip-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa2-tkip-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa-auto-psk |
Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
|
wpa-tkip-psk |
Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
|
wpa2-tkip-psk |
Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
|
local-tkip-counter-measure |
Enable the deauthentication of all previously authenticated clients when the local HiveAP detects MIC (message integrity check) failures during TKIP operations (Default: enabled)
|
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-auto-psk|wpa-tkip-psk|wpa2-tkip-psk} remote-tkip-counter-measure
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-auto-8021x |
Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
|
wpa-tkip-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa2-tkip-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa-auto-psk |
Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
|
wpa-tkip-psk |
Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
|
wpa2-tkip-psk |
Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
|
remote-tkip-counter-measure |
Enable the deauthentication of all previously authenticated clients when a client reports MIC (message integrity check) failures during TKIP operations (Default: enabled)]
|
security-object <string> security protocol-suite {wpa2-aes-psk|wpa2-aes-8021x} mfp {mandatory|optional} [ bip ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa2-aes-psk |
Set the security protocol suite as WPA2-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
|
wpa2-aes-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
|
mfp |
Enable 802.11w support of MFP (Management Frame Protection)
|
mandatory |
Require that clients support MFP
|
optional |
Use MFP only if clients support it
|
bip |
Set broadcast/multicast integrity protocol
|
security-object <string> security roaming cache update-interval <number> ageout <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
roaming |
Set roaming parameters for clients to which the security object is applied
|
cache |
Set the interval between updates and the number of times to update a station's roaming cache
|
update-interval |
Set the interval for sending roaming cache updates to neighbors
|
<number> |
Enter the roaming cache update interval in seconds (Default: 60; Range: 10-36000)
|
ageout |
Set how many times an entry must be absent from a neighbor's updates before removing it from the roaming cache
|
<number> |
Enter the number of absences required to remove an entry (Default: 60; Range: 1-1000)
|
security-object <string> user-profile-deny action ban [ <number> ] [ strict ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
user-profile-deny |
Set parameters for denying network access to users if they do not belong to an allowed user profile
|
action |
Set an action which will be taken if a user profile is not allowed to access this SSID
|
ban |
Set the action to ban network access for a specified length of time
|
<number> |
Enter the amount of time in seconds to perform the action (Default: 60; Range: 1-100000000)
|
strict |
Set the behavior to deauthenticate all connected stations whenever a user profile bound to the security object changes (Note: When stations reauthenticate, the user profile changes take effect.)
|
security-object <string> user-profile-deny action {ban-forever|disconnect} [ strict ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
user-profile-deny |
Set parameters for denying network access to users if they do not belong to an allowed user profile
|
action |
Set an action which will be taken if a user profile is not allowed to access this SSID
|
ban-forever |
Set the action to ban network access indefinitely
|
disconnect |
Set the action to disconnect the station from the HiveAP
|
strict |
Set the behavior to deauthenticate all connected stations whenever a user profile bound to the security object changes (Note: When stations reauthenticate, the user profile changes take effect.)
|
security-object <string> user-profile-sequence {cwp-ssid-mac|cwp-mac-ssid|ssid-cwp-mac|ssid-mac-cwp|mac-ssid-cwp|mac-cwp-ssid}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
user-profile-sequence |
Set the sequential order to apply user profiles when the authentication process involves multiple components referencing different profiles (Default: mac-ssid-cwp; Note: The user profile applied last is the one that is ultimately used.)
|
cwp-ssid-mac |
Apply the user profile for a captive web portal first, SSID second, and MAC authentication last
|
cwp-mac-ssid |
Apply the user profile for a captive web portal first, MAC authentication second, and SSID last
|
ssid-cwp-mac |
Apply the user profile for an SSID first, captive web portal second, and MAC authentication last
|
ssid-mac-cwp |
Apply the user profile for an SSID first, MAC authentication second, and captive web portal last
|
mac-ssid-cwp |
Apply the user profile for MAC authentication first, SSID second, and captive web portal last
|
mac-cwp-ssid |
Apply the user profile for MAC authentication first, captive web portal second, and SSID last
|
security-object <string> walled-garden hostname <string> service protocol <number> port <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
walled-garden |
Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
|
hostname |
Set the host name of a server in the walled garden
|
<string> |
Enter the domain name (max 32 chars)
|
service |
Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
|
protocol |
Set the protocol of the service that you want to permit
|
<number> |
Enter the protocol number (Note: UDP: 17; TCP: 6; All: 0; Range: 0-255)
|
port |
Set the port number
|
<number> |
Enter the port number (Range: 1-65535)
|
security-object <string> walled-garden ip-address <ip_addr|ip_addr/mask> [ service {all|web} ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
walled-garden |
Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
|
ip-address |
Set the IP address of a server or a subnet in the walled garden
|
<ip_addr> |
Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
|
<ip_addr/netmask> |
Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
|
service |
Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
|
all |
Permit all services
|
web |
Permit HTTP and HTTPS
|
security-object <string> walled-garden ip-address <ip_addr|ip_addr/mask> service protocol <number> port <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
walled-garden |
Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
|
ip-address |
Set the IP address of a server or a subnet in the walled garden
|
<ip_addr> |
Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
|
<ip_addr/netmask> |
Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
|
service |
Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
|
protocol |
Set the protocol of the service that you want to permit
|
<number> |
Enter the protocol number (Note: UDP: 17; TCP: 6; ICMP: 1; All: 0; Range: 0-255)
|
port |
Set the port number
|
<number> |
Enter the port number (Range: 1-65535)
|
security-object <string> web-server [ port <number> ] [ index-file <string> ] [ success-file <string> ] [ failure-file <string> ] [ ssl server-key <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
web-server |
Enable the internal web server
|
port |
Set the HTTP port number for the web server
|
<number> |
Enter the HTTP port number for the web server. Set the port number to 0 is disable the HTTP method (Default: 80; Range: 0-65535)
|
index-file |
Specify the .html file as the default index page
|
<string> |
Enter the .html file name (Default: success.html; Range: 1-32 chars)
|
success-file |
Specify the .html file that you want to appear after a user successfully registers through the captive web portal
|
<string> |
Enter the .html file name (Default: success.html; Range: 1-32 chars)
|
failure-file |
Specify the .html file that you want to appear after a user failed registers through the captive web portal
|
<string> |
Enter the .html file name (Default: failure.html; Range: 1-32 chars)
|
ssl |
Enable the SSL (Secure Socket Layer) method
|
server-key |
Set the server key (a X509 certificate) for SSL
|
<number> |
Enter the server key index (Default: 0; Range: 0-15)
|
security-object <string> web-server web-page {mandatory-field} <number> [ optional-field <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
web-server |
Enable the internal web server
|
web-page |
Set the web pages parameters
|
mandatory-field |
Set the mandatory field numbers in login web page
|
<number> |
Enter the mandatory field numbers in login web page (Default: 4; Range: 0-8)
|
optional-field |
Set the optional field numbers in login web page
|
<number> |
Enter the optional field numbers in login web page (Default: 2; Range: 0-8)
|
service <string> protocol {tcp|udp|svp} [ port <number> ] [ timeout <number> ]
|
service |
Set a custom service
|
<string> |
Enter service name (1-32 chars)
|
protocol |
Set the protocol used by the custom service
|
tcp |
Enter the transport protocol as TCP (Transmission Control Protocol)
|
udp |
Enter the transport protocol as UDP (User Datagram Protocol)
|
svp |
Enter the transport protocol as SVP (SpectraLink Voice Priority)
|
port |
Set the destination port number for the transport protocol
|
<number> |
Enter the port number (Range: 0-65535)
|
timeout |
Set the service session timeout
|
<number> |
Set the session timeout value in seconds (Range: 0-65535; Default TCP: 300; UDP: 100; Other: 100)
|
show 802.1x-mac-table [ interface <ethx> ] [ mac <mac_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
802.1x-mac-table |
Show the MAC table used for 802.1X/EAP user authentication on an Ethernet interface
|
interface |
Show interface and subinterface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
mac |
Specify a station MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show amrp dnxp cache [ <mac_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
dnxp |
Show DNXP (Dynamic Network Extension Protocol) information
|
cache |
Show the entire DNXP cache or the cached entry for a specific client
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show amrp dnxp neighbor [ <mac_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
dnxp |
Show DNXP (Dynamic Network Extension Protocol) information
|
neighbor |
Show information about all DNXP neighbors or a specific neighbor to which the local HiveAP can tunnel the traffic of roaming clients
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show amrp interface <ethx|redx|aggx> bmt-table
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
interface |
Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
bmt-table |
Broadcast Master Table
|
show amrp interface <ethx|redx|aggx> mac-learning
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
interface |
Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
mac-learning |
Show the MAC addresses learned on this interface
|
show amrp interface <ethx|redx|aggx|mgtx|wifix.y>
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
interface |
Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0, 1, 2, 3 or 4
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0; y: 1-16)
|