Aerohive CLI Guide for HiveOS 6.5r6 (HiveSwitch 120 and 170)

The following is a complete list of commands available in the HiveOS 6.5r6 for the HiveSwitch 120 and 170 along with explanations of every keyword. Click a command to see its keyword explanations. Then click the Back Arrow in your browser to return to the list of commands. For an introduction to the Aerohive CLI, explaining different ways to access it, some keyboard shortcuts, and usage tips, click here.

aaa attribute NAS-Identifier <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
NAS-Identifier Set the RADIUS Access-Request and Accounting-Request packets NAS-Identifier parameter (Note: The NAS identifier contains a string that identifies the NAS that is originating the access or accounting request.)
<string> Enter the custom NAS-Identifier (Default: HiveAP host name; 1-64 chars)
aaa attribute Operator-Name namespace-id <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
namespace-id Set the namespace ID parameter of the Operator-Name (Default: realm)
<number> Enter a number used for namespace ID (Range: 4-206; Note: These namespace ID values anticipate future additions to the list of namespaces as defined by IANA and reference in RFC 5580.)
aaa attribute Operator-Name namespace-id {TADIG|REALM|E212|ICC}
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
namespace-id Set the namespace ID parameter of the Operator-Name (Default: realm)
TADIG Set the Namespace-ID parameter to TADIG (Transferred Account Data Interchange Group; Note: TADIG namespaces include a country code and a company code, and are used in cellular telephone networks.)
REALM Set the Namespace-ID parameter to REALM (Note: Realm namespaces must be globally unique, so administrators commonly use device fully qualified domain name.)
E212 Set the Namespace-ID parameter to E212 (Note: The E.212 standard is defined in the ITU (International Telecommunication Union) standard. E.212 namespaces include a mobile country code and a mobile network code, and are used in cellular telephone networks.)
ICC Set the Namespace-ID parameter to ICC (ITU carrier code; Note: ICC namespaces consist of a country code and the carrier code, and are used in cellular telephone networks.)
aaa attribute Operator-Name value <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
value Set the value for the operator name attribute
<string> Enter a string for Operator-Name(1-64 chars)
aaa attribute user-profile-attribute vendor-id <number> attribute-id <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
user-profile-attribute Map a RADIUS attribute to the user profile
vendor-id Set a vendor ID RADIUS attribute
<number> Enter the vendor ID number (Range: 1-65535; Note: Aerohive recommends a vendor ID of 26928, which identifies Aerohive as the vendor.)
attribute-id Set an ID for a private RADIUS attribute
<number> Enter the private RADIUS attribute ID number to be combined with the vendor ID number(Range: 1-255; Note: Aerohive recommends an attribute ID of 6, which corresponds to the user profile attribute.)
aaa mac-format case-sensitivity {lower-case|upper-case}
aaa Set parameters for AAA (authentication, authorization, accounting)
mac-format Set the MAC address format to use when sending client MAC addresses to an external authentication server
case-sensitivity Set the letter case to use when formatting MAC addresses
lower-case Use lowercase formatting (Example: 01ab23cd45ef; Default: lower-case)
upper-case Use uppercase formatting (Example: 01AB23CD45EF; Default: lower-case)
aaa mac-format delimiter {dash|dot|colon}
aaa Set parameters for AAA (authentication, authorization, accounting)
mac-format Set the MAC address format to use when sending client MAC addresses to an external authentication server
delimiter Set the type of delimiter to use when formatting MAC addresses
dash Set a dash ( - ) as the MAC address delimiter (Default: colon)
dot Set a dot ( . ) as the MAC address delimiter (Default: colon)
colon Set a colon ( : ) as the MAC address delimiter (Default: colon)
aaa mac-format style {two-delimiter|five-delimiter|no-delimiter}
aaa Set parameters for AAA (authentication, authorization, accounting)
mac-format Set the MAC address format to use when sending client MAC addresses to an external authentication server
style Set the number of delimiters to use when grouping the hexadecimal digits in a MAC address
two-delimiter Set the number of delimiters in a MAC address as two (Example: 0123.4567.89ab; Default: no-delimiter)
five-delimiter Set the number of delimiters in a MAC address as five (Example: 01-23-45-67-89-ab; Default: no-delimiter)
no-delimiter Set the number of delimiters in a MAC address as none (Example: 0123456789ab; Default: no-delimiter)
aaa ppsk-server auto-save-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
ppsk-server Set parameters for the local HiveAP when it is acting as a private PSK server
auto-save-interval Set the length of time to save the list of private PSK-to-client MAC address bindings to flash memory
<number> Enter the interval in seconds(Default: 600 sec; Range: 60-3600)
aaa ppsk-server radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ via-vpn-tunnel ]
aaa Set parameters for AAA (authentication, authorization, accounting)
ppsk-server Set parameters for the local HiveAP when it is acting as a private PSK server
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
primary Set the RADIUS server that is first queried when authenticating users
backup1 Set the RADIUS server that is queried if the primary server stops responding
backup2 Set the RADIUS server that is queried if the backup1 server stops responding
backup3 Set the RADIUS server that is queried if the backup2 server stops responding
<ip_addr> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
<string> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
auth-port Set the RADIUS authentication port number
<number> Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
aaa radius-server account-interim-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
account-interim-interval Set the interval in seconds for sending RADIUS accounting updates
<number> Enter the interval in seconds for sending RADIUS accounting updates (Default: 600; Range: 10-100000000)
aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
accounting Set parameters for a RADIUS accounting server
primary Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets first
backup1 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the primary server does not respond
backup2 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup1 server does not respond
backup3 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup2 server does not respond
<ip_addr> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
<string> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
shared-secret Set the shared secret for securing communications with RADIUS accounting servers
<string> Enter the shared secret (1-64 chars; Note: The RADIUS shared secret is case sensitive and can contain spaces.)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
aaa radius-server dynamic-auth-extension
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
dynamic-auth-extension Enable the HiveAP acting as a NAS to accept unsolicited messages from the RADIUS authentication server (Default: Disabled)
aaa radius-server inject Operator-Name
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
inject Set injection parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
aaa radius-server keepalive enable
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
enable Set parameters for periodically checking network connectivity to RADIUS servers
aaa radius-server keepalive interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
interval Set the interval between periodic connectivity status checks
<number> Enter the interval in seconds (Default: 60; Range: 60-86400)
aaa radius-server keepalive retry <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
retry Set the number of times to retry sending an Access-Request or Accounting-Request that does not elicit a response from a RADIUS authentication or accounting server
<number> Enter the retry value (Default: 3; Range: 1-10)
aaa radius-server keepalive retry-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
retry-interval Set the interval between retries if no response is received from the RADIUS server
<number> Enter the retry interval value in seconds (Default: 10; Range: 1-60)
aaa radius-server keepalive username <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
username Set the user name to submit in Access-Request messages when checking the connectivity to RADIUS authentication servers
<string> Enter the user name (1-32 chars)
password Set the password to submit in Access-Request messages
<string> Enter the password (1-64 chars)
aaa radius-server local attr-map group-attr-name <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
attr-map Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
group-attr-name Set the user group attribute name that is defined on the LDAP server
<string> Enter the attribute name (1-32 chars; Note: The attribute type must be "string". Default attribute in AD: memberOf; in OD: apple-group-realname; in LDAP server: radiusGroupName)
aaa radius-server local attr-map reauth-attr-name <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
attr-map Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
reauth-attr-name Set the user reauthentication time attribute name that is defined on the LDAP server
<string> Enter the attribute name (1-32 chars; Note: The attribute type must be "integer". Default attribute in AD: msRADIUSServiceType; in LDAP server: radiusServiceType)
aaa radius-server local attr-map user-profile-attr-name <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
attr-map Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
user-profile-attr-name Set the user group ID attribute name that is defined on the LDAP server
<string> Enter the attribute name (1-32 chars; Note: The attribute type must be "string". Default attribute in AD: msRADIUSCallbackNumber; in LDAP server: radiusCallbackNumber)
aaa radius-server local attr-map vlan-attr-name <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
attr-map Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
vlan-attr-name Set the VLAN ID attribute that is defined on the LDAP server
<string> Enter the attribute name (1-32 chars; Note: The attribute type must be "string". Default attribute in AD: msRASSavedCallbackNumber; in LDAP server: radiusCallbackId)
aaa radius-server local cache lifetime <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
cache Set parameters for caching user-authentication responses from external LDAP servers
lifetime Set the lifetime for entries in the RADIUS server cache
<number> Enter the lifetime for keeping entries in the RADIUS server cache (Default: 86400 seconds; Range: 3600-2592000)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} computer-ou <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
computer-ou Set the OU (organizational unit) used on the Active Directory server where the AP RADIUS server admin has privileges to add the AP as a computer in the domain
<string> Enter the OU (Max: 256 chars; Format: ou/sub-ou/sub-ou; Note: If there are any spaces, enclose the entire string in quotation marks.)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> binddn <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
domain Set the domain name of the AD domain controller
<string> Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
binddn Set the bindDN (distinguished name) under which LDAP searches are done (Note: bindDN must be set if want to get attributes from AD server or want to check TLS username against LDAP server.)
<string> Enter the bindDN name (1-256 chars)
password Set the password which authenticate the bindDN
<string> Enter the password (1-64 chars)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> fullname <string> [ default ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
domain Set the domain name of the AD domain controller
<string> Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
fullname Set the full DNS name of the domain to which the RADIUS server (local AP) and AD server both belong
<string> Enter the full DNS name of the domain (1-64 chars)
default Set the domain as the default domain, which will be added to the RADIUS request if no domain name appears in the request
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> server <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
domain Set the domain name of the AD domain controller
<string> Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
server Set the IP address or resolvable domain name for the AD server (Note: The AD server is the same as the domain controller.)
<string> Enter the IP address or domain name (1-64 chars)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} login admin-user <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
login Set admin user name and password that the local AP will use to access the AD server
admin-user Set the admin user name
<string> Enter the user name (1-32 chars)
password Set the password which authenticate the login user
<string> Enter the password (1-64 chars)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} {server} <string> [ {via-vpn-tunnel} ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
server Set the IP address or resolvable domain name for the AD server
<string> Enter the IP address or domain name (1-64 chars)
via-vpn-tunnel Send all traffic from the AP RADIUS authentication server to the AD server through a VPN tunnel (Note: Set this option on VPN clients when the AD server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} {tls-enable|global-catalog}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
tls-enable Enable TLS authentication that the local AP, as an LDAP client, uses with the AD server (Default: Disabled)
global-catalog Set the AP to use TCP port 3268 when doing an LDAP search on an AD global catalog server (Default: Disabled)
aaa radius-server local db-type ldap-server sub-type edirectory
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
sub-type Set the type of LDAP server
edirectory Set the user database on an eDirectory LDAP server
aaa radius-server local db-type ldap-server sub-type edirectory acct-policy-check
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
sub-type Set the type of LDAP server
edirectory Set the user database on an eDirectory LDAP server
acct-policy-check Enable the Novell eDirectory account policy check and intruder detection for RADIUS users (Default: Disabled)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} basedn <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
basedn Set the base DN (distinguished name) where the user profiles are located in the LDAP tree structure
<string> Enter the base DN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} binddn <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
binddn Set the bind DN (distinguished name) under which LDAP searches are done
<string> Enter the bind DN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
password Set the password which authenticate the bindDN
<string> Enter the password (1-64 chars)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} filter-attr <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
filter-attr Set the LDAP search filter to locate user objects using the name the client supplies during RADIUS authentication
<string> Enter the filter attribute used to search for the user (Default: "cn"; 1-32 chars)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} no-strip-filter
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
no-strip-filter Do not strip the realm name
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} port <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
port Set the destination port number for communicating with the LDAP server
<number> Enter the destination port number (Default: 389, 636 for LDAPS; Range: 1-65535)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} protocol {ldap|ldaps}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
protocol Set the protocol for communicating with the LDAP server
ldap Set LDAP as the protocol for communicating with the LDAP server (Default: LDAP)
ldaps Set LDAPS (Secure LDAP) as the protocol for communicating with the LDAP server (Default: LDAP)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} {server} <string> [ {via-vpn-tunnel} ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
server Set the IP address or resolvable domain name for the LDAP server
<string> Enter the IP address or domain name (1-32 chars)
via-vpn-tunnel Send all traffic from the AP RADIUS authentication server to the LDAP server through a VPN tunnel(Note: Set this option on VPN clients when the LDAP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
aaa radius-server local db-type library-sip-server {primary} institution-id <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
institution-id Set institution ID that the local RADIUS server provides when exchanging messages with the library SIP server
<string> Enter the institution ID (1-64 chars)
aaa radius-server local db-type library-sip-server {primary} login-enable
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
login-enable Enable the AP, acting as a library SIP client, to log in when connecting to the library SIP server (Default: Disabled)
aaa radius-server local db-type library-sip-server {primary} login-user <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
login-user Set the user name that the local RADIUS server submits when logging in to the library SIP server
<string> Enter the user name (1-32 chars)
password Set the password that the local AP RADIUS server submits when logging in to the library SIP server
<string> Enter the password (1-32 chars)
aaa radius-server local db-type library-sip-server {primary} port <port>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
port Set the library SIP server port number
<port> [1~65535]Enter the port number (Default: 6001; Range: 1-65535)
aaa radius-server local db-type library-sip-server {primary} separator <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
separator Set the character that the library SIP server uses to separate multiple field name + value entries
<string> Enter the separator (1 char; Default: '|')
aaa radius-server local db-type library-sip-server {primary} {server} <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
server Set IP address or domain name of the library SIP server
<string> Enter the IP address or domain name (Domain name: 1-32 chars)
aaa radius-server local db-type local
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
local Set the user database on the local AP
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} admin-user <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
admin-user Set the admin user name that the local AP uses when logging in to the OD server
<string> Enter the user name (1-32 chars)
password Set the password that the local AP uses when logging in to the OD server
<string> Enter the password (1-64 chars)
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} domain <string> binddn <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
domain Set the domain name of the OD domain controller
<string> Enter the name of the domain (1-64 chars)
binddn Set the bindDN (distinguished name) under which LDAP searches are done
<string> Enter the bindDN name (1-256 chars)
password Set the password which authenticate the bindDN
<string> Enter the password (1-64 chars)
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} domain <string> fullname <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
domain Set the domain name of the OD domain controller
<string> Enter the name of the domain (1-64 chars)
fullname Set the full DNS name of the OD domain server
<string> Enter the full DNS name of the domain (1-64 chars)
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} filter-attr <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
filter-attr Set the LDAP search filter to locate user objects using the name the client supplies during RADIUS authentication
<string> Enter the filter attribute used to search for the user (Default: "uid"; 1-32 chars)
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} no-strip-filter
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
no-strip-filter Do not strip the realm name
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} tls-enable
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
tls-enable Enable TLS authentication that the local AP, as an LDAP client, uses with the OD server (Default: Disabled)
aaa radius-server local ldap-auth {primary|backup1|backup2|backup3} type tls ca-cert <string> [ client-cert <string> private-key <string> [ private-key-password <string> ] ] [ verify-server {never|try|demand} ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
ldap-auth Set the authentication method that the local AP, as an LDAP client, uses with the LDAP server
primary Set the authentication method for the first LDAP server
backup1 Set the authentication method for the second LDAP server
backup2 Set the authentication method for the third LDAP server
backup3 Set the authentication method for the fourth LDAP server
type Set the authentication type to use for LDAP communications
tls Set the authentication type as TLS (Transport Layer Security)
ca-cert Set the CA certificate that the local AP uses when authenticating itself as an LDAP client to an LDAP server
<string> Enter the file name of the CA certificate (1-32 chars)
client-cert Set the client certificate that the local AP uses when authenticating itself to an LDAP server
<string> Enter the file name of the client certificate (1-32 chars)
private-key Set the private key that the local AP uses to authenticate itself to an LDAP server
<string> Enter the name of the private key file (1-32 chars)
private-key-password Set the password for the private key that is used when forming a TLS tunnel
<string> Enter the password (1-32 chars)
verify-server Set options for verifying the LDAP server (Default: LDAP server verification is try.)
never never verify the identity of the LDAP server (Default: try)
try try verify the identity of the LDAP server (Default: try)
demand demand verify the identity of the LDAP server (Default: try)
aaa radius-server local library-sip-policy <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
library-sip-policy Set a library SIP policy to enforce when the local RADIUS server acts as a library SIP client
<string> Enter the library SIP policy name (1-32 chars)
aaa radius-server local local-check-period <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
local-check-period Set the length of time that the local AP RADIUS server checks just its cache of user-authentication responses and its own database before retrying previously unresponsive LDAP servers
<number> Enter the interval for checking the local RADIUS cache and database (Default: 300 secs; Min: 30; Max: 3600)
aaa radius-server local nas <string> shared-key <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
nas Set parameters for communicating with other hive members acting as the RADIUS NAS (Network Access Server) devices
<string> Enter the IP address or resolvable domain name (1-32 chars) for a single NAS device or the subnet for multiple devices
shared-key Set the shared secret for authenticating communications with the RADIUS NAS
<string> Enter the shared secret (1-31 chars)
aaa radius-server local port <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
port Set the local RADIUS port number
<number> Enter the RADIUS port number (Default: 1812; Range: 1-65535)
aaa radius-server local remote-check-period <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
remote-check-period Set the length of time that the local AP RADIUS server will repeatedly try contacting an unresponsive LDAP server before giving up
<number> Enter the LDAP server retry interval (Default: 30 secs; Min: 10; Max: 3600)
aaa radius-server local retry-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
retry-interval Set the interval after which the AP RADIUS server tries to contact a previously unresponsive primary LDAP server (even if a backup server is currently responding)
<number> Enter the interval for retrying the primary LDAP server (Default: 600 secs; Min: 60; Max: 200000000)
aaa radius-server local shared-secret-auto-gen
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
shared-secret-auto-gen Enable the automatic generation of shared secrets when static entries are not found (Default: Enabled)
aaa radius-server local sta-auth ca-cert <string> server-cert <string> private-key <string> [ private-key-password <string> ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
sta-auth Set the authentication type and certificate parameters for authenticating users
ca-cert Set the CA certificate for a TLS (Transport Layer Security) tunnel
<string> Enter the file name of the CA certificate (1-32 chars)
server-cert Set the server certificate used when forming a TLS tunnel
<string> Enter the file name of the server certificate (1-32 chars)
private-key Set the private key used when forming a TLS tunnel
<string> Enter the name of the private key file (1-32 chars)
private-key-password Set the password for encrypting the private key used when forming a TLS tunnel
<string> Enter a password (1-64 chars)
aaa radius-server local sta-auth default-type {leap|peap|tls|ttls|md5}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
sta-auth Set the authentication type and certificate parameters for authenticating users
default-type Set the default RADIUS authentication type
leap Set LEAP (Lightweight Extensible Authentication Protocol) as the default RADIUS authentication type (Default: peap)
peap Set PEAP (Protected Extensible Authentication Protocol) as the default RADIUS authentication type (Default: peap)
tls Set TLS (Transport Layer Security) as the default RADIUS authentication type (Default: peap)
ttls Set TTLS (Tunneled TLS) as the default RADIUS authentication type (Default: peap)
md5 Set MD5 as the default RADIUS authentication type (Default: peap)
aaa radius-server local sta-auth type tls {check-cert-cn|check-in-db}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
sta-auth Set the authentication type and certificate parameters for authenticating users
type Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
tls Set TLS (Transport Layer Security) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
check-cert-cn Check the CN (common name) in the certificate against the user name (Default: Disabled)
check-in-db Query databases to check if the user exists (Default: Disabled)
aaa radius-server local sta-auth type {leap|peap|tls|ttls|md5}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
sta-auth Set the authentication type and certificate parameters for authenticating users
type Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
leap Set LEAP (Lightweight Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
peap Set PEAP (Protected Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
tls Set TLS (Transport Layer Security) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
ttls Set TTLS (Tunneled TLS) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
md5 Set MD5 as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
aaa radius-server local sta-auth type {peap|ttls} check-in-db
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
sta-auth Set the authentication type and certificate parameters for authenticating users
type Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
peap Set PEAP (Protected Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
ttls Set TTLS (Tunneled TLS) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
check-in-db Enable the local RADIUS server to query the Active Directory database to check that user accounts are stored under the proper baseDN before authenticating them (Default: Disabled)
aaa radius-server local user-group <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
user-group Add a user group on the local RADIUS server
<string> Enter the user group name (1-32 chars)
aaa radius-server local {enable|cache}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
enable Enable RADIUS server functionality on the local AP
cache Set parameters for caching user-authentication responses from external LDAP servers
aaa radius-server name <string> acct-port <port>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
name Set the name for the RADIUS server
<string> Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
acct-port Set the RADIUS accounting port number
<port> [1~65535]Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
aaa radius-server name <string> auth-port <port>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
name Set the name for the RADIUS server
<string> Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
auth-port Set the RADIUS authentication port number
<port> [1~65535]Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
aaa radius-server name <string> server <string> shared-secret <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
name Set the name for the RADIUS server
<string> Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
server Set the IP address or resolvable domain name for the RADIUS server
<string> Enter the IP address or domain name (max 32 chars)
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret (1-64 chars; Note: The RADIUS shared secret is case sensitive and can contain spaces.)
aaa radius-server proxy dead-time <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
dead-time Set the interval after which the AP tries to contact a previously unresponsive RADIUS server
<number> Enter the interval in seconds (Default: 300; Range: 30-3600)
aaa radius-server proxy inject operator-name
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
inject Set injection parameters for RADIUS Access-Request and Accounting-Request packets
operator-name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
aaa radius-server proxy realm <string> no-strip
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
realm Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
<string> Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
no-strip Do not strip the realm name from a submitted user name when proxying requests to the RADIUS server (Default: The realm name is stripped from proxied requests.)
aaa radius-server proxy realm <string> {primary|backup} <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
realm Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
<string> Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
primary Assign a primary RADIUS server to the realm
backup Assign a backup RADIUS server to the realm
<string> Enter the RADIUS server name (1-32 chars)
aaa radius-server proxy realm format {nai|nt-domain}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
realm Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
format Set the format in which a realm name is appended to a user's name in request packets
nai Set NAI (network access identifier) as the realm name format: user@realm (Default: NAI)
nt-domain Set Windows NT domain as the realm name format: realm\user (Default: NAI)
aaa radius-server proxy retry-delay <number> retry-count <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
retry-delay Set the interval to wait for a response from the RADIUS server before resending a proxied request
<number> Enter the interval between retries in seconds (Default: 5; Range: 3-10)
retry-count Set the number of times to retry proxying a request to the RADIUS server
<number> Enter the number of retries (Default: 3; Range: 1-10)
aaa radius-server retry-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
retry-interval Set RADIUS server retry interval
<number> Enter RADIUS server retry interval (Default: 600 secs; Range: 60-100000000)
aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
primary Set the RADIUS server that is first queried when authenticating users
backup1 Set the RADIUS server that is queried if the primary server stops responding
backup2 Set the RADIUS server that is queried if the backup1 server stops responding
backup3 Set the RADIUS server that is queried if the backup2 server stops responding
<ip_addr> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
<string> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
auth-port Set the RADIUS authentication port number
<number> Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
access-console custom-ssid <string>
access-console Set access console parameters
custom-ssid Set custom SSID profile name for the access console
<string> Enter an SSID profile name (1-32 chars)
access-console hide-ssid
access-console Set access console parameters
hide-ssid Hide the SSID in beacons and ignore broadcast probe requests(Default: disabled)
access-console max-client <number>
access-console Set access console parameters
max-client Set the maximum number of clients that can associate with the access console SSID
<number> Enter the maximum number of clients that can associate (Default: 2; Range: 1-64)
access-console mode {auto|disable|enable}
access-console Set access console parameters
mode Set the mode for the access console (Note: 'auto' enables the access console only when there is no Ethernet or wireless backhaul connection. 'enable' and 'disable' set the mode manually.)
auto Set the mode as auto (Default: auto)
disable Set the mode as disable (Default: auto)
enable Set the mode as enable (Default: auto)
access-console security mac-filter <string>
access-console Set access console parameters
security Set the security parameters for the access console
mac-filter Assign a MAC filter to the access console to restrict access only to those MAC addresses and OUIs (organizational unique identifiers) specified in the filter
<string> Enter the filter name (1-32 chars)
access-console security protocol-suite open
access-console Set access console parameters
security Set the security parameters for the access console
protocol-suite Set the security protocol suite for the access console
open Set the security protocol suite as open
access-console security protocol-suite {wpa-aes-psk|wpa-tkip-psk|wpa2-aes-psk|wpa2-tkip-psk|wpa-auto-psk} ascii-key <string>
access-console Set access console parameters
security Set the security parameters for the access console
protocol-suite Set the security protocol suite for the access console
wpa-aes-psk Set the security protocol suite as wpa-aes-psk
wpa-tkip-psk Set the security protocol suite as wpa-tkip-psk
wpa2-aes-psk Set the security protocol suite as wpa2-aes-psk
wpa2-tkip-psk Set the security protocol suite as wpa2-tkip-psk
wpa-auto-psk Set the security protocol suite as wpa-auto-psk
ascii-key Set key type as an ASCII string
<string> Enter the ASCII key value (8-63 chars)
access-console telnet
access-console Set access console parameters
telnet Enable Telnet manageability of the access console (Default: enabled)
acl <string>
acl Set IP ACL parameters
<string> Enter an IP ACL name (1-32 chars)
acl <string> rule <number> [ action {permit|deny} ] [ from <ip_addr> [ <mask> ] ] [ to <ip_addr> [ <mask> ] ] [ protocol <number> ] [ src-port <number> ] [ dst-port <number> ]
acl Set IP ACL parameters
<string> Enter an IP ACL name (1-32 chars)
rule Assign an IP ACL rule ID
<number> Enter the IP ACL rule ID (Range: 1-20)
action Set action for an IP ACL (Default: deny)
permit Set the action to permit (Default: deny)
deny Set the action to deny (Default: deny)
from Set the source IP (Default: any)
<ip_addr> Enter an IP address
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP ACL to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP address
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP ACL to all addresses matching only the first and fourth octets.)
protocol Filter by protocol
<number> protocol (Range: 1-255)
src-port Filter by source port
<number> source IP port (Range: 1-65535)
dst-port Filter by destination port
<number> destination IP port (Range: 1-65535)
acl <string> rule <number> before rule <number>
acl Set IP ACL parameters
<string> Enter an IP ACL name (1-32 chars)
rule Assign an IP ACL rule ID
<number> Enter the IP ACL rule ID (Range: 1-20)
before Set the before parameters for an IP ACL rule
rule Assign an IP ACL rule ID
<number> Enter the IP ACL rule ID (Range: 1-20)
admin auth radius-method [ {pap|chap|ms-chap-v2} ]
admin Set the administrator parameters
auth Set the administrators authentication method
radius-method Authenticate admins by checking accounts stored on an external RADIUS server
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the AP and RADIUS server (Default: PAP)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the AP and RADIUS server (Default: PAP)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the AP and RADIUS server (Default: PAP)
admin auth {local|radius|both}
admin Set the administrator parameters
auth Set the administrators authentication method
local Authenticate admins by checking accounts stored on the local database (Default: local)
radius Authenticate admins by checking accounts stored on an external RADIUS server
both Authenticate admins by checking accounts on an external RADIUS server first and the local database second
admin manager-ip <ip_addr/netmask>
admin Set the administrator parameters
manager-ip Allow administrative access from a host or subnet (By default, access from all addresses are allowed.)
<ip_addr/netmask> Enter an IP address and netmask
admin min-password-length <number>
admin Set the administrator parameters
min-password-length Set the minimum password length
<number> Enter the minimum password length (Default: 8; Range: 8-32)
admin root-admin <string> password <string>
admin Set the administrator parameters
root-admin The root-admin has complete privileges, including the ability to add, modify, and delete other admins
<string> Enter root-admin name (3-20 chars)
password Set password for the root-admin
<string> Set password for the root-admin ([min-password-length]-32 chars, use CLI "show min-password-length" to get value of min-password-length, default: 8)
admin {read-write|read-only} <string> password <string>
admin Set the administrator parameters
read-write The read-write admin has the ability to view, set commands and modify his or her own password, but not the ability to reset the configuration or add, modify, and delete other admins
read-only The read-only admin has the ability to view settings
<string> Enter an admin user's name (3-20 chars)
password Set password for the user
<string> Set password for the user ([min-password-length]-32 chars, use CLI "show min-password-length" to get value of min-password-length, default: 8)
agg <number>
agg Set aggregation parameters
<number> Enter the aggregation number(Range: 1-30)
agg load-balance mode [ {src-dst-mac|src-dst-ip|src-dst-ip-port|src-dst-mac-ip-port} ]
agg Set aggregation parameters
load-balance Set aggregation load balance parameters
mode Set aggregation load balance mode
src-dst-mac Set the load-balance mode to src-dst-mac (Default:src-dst-mac-ip-port)
src-dst-ip Set the load-balance mode to src-dst-ip (Default:src-dst-mac-ip-port)
src-dst-ip-port Set the load-balance mode to src-dst-ip-port (Default:src-dst-mac-ip-port)
src-dst-mac-ip-port Set the load-balance mode to src-dst-mac-ip-port (Default:src-dst-mac-ip-port)
alg {ftp|tftp|sip|dns|http} enable
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
dns Set a DNS (Domain Name System) ALG
http Set an HTTP ALG
enable Enable ALG functionality
alg {ftp|tftp|sip|dns} qos <number>
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
dns Set a DNS (Domain Name System) ALG
qos Set an Aerohive QoS class for ALG data traffic
<number> Enter an Aerohive QoS class (Default: 0 for FTP, 0 for TFTP, 6 for SIP, 0 for DNS; Range: 0-7)
alg {ftp|tftp|sip} inactive-data-timeout <number>
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
inactive-data-timeout Set a timeout to close an inactive gate
<number> Enter an inactive gateway timeout value in seconds (Default: 30 for FTP, 30 for TFTP, 60 for SIP; Range: 1-1800s)
alg {ftp|tftp|sip} max-duration <number>
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
max-duration Set the maximum duration for the ALG
<number> Enter the maximum duration in minutes (Default: 60 for FTP, 60 for TFTP, 720 for SIP; Range: 1-7200(min))
amrp interface <ethx> priority <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
interface Set AMRP parameters per interface
<ethx> Enter the name of an Ethernet interface, where x = 0
priority Set a priority for the AP to be elected as a DA (designated AP) on the Ethernet link to which the interface connects
<number> Enter the priority value (Range: 0-255; Default: 0; Note: The greater the number is, the higher its priority, and the more preferred the AP will be during the DA election process. For example, 100 has a higher priority than 50.)
amrp l2-neighbor-keepalive-count <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
l2-neighbor-keepalive-count Number of keepalive packet loss allowed before mesh failover
<number> [1~255] Packet number N. Failover delay time is about 2sec * N (Default: 16; Min: 1; Max: 255)
amrp metric poll-interval <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
metric Set route metric parameters for the backhaul link (Ethernet and wireless)
poll-interval Set the interval for polling neighbors to determine current route metrics
<number> Enter the poll-interval value (Default: 60 secs; Range: 10-300)
amrp metric type {aggressive|conservative|normal}
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
metric Set route metric parameters for the backhaul link (Ethernet and wireless)
type Set the type of behavior governing dynamic changes to route metrics
aggressive Change route metrics to aggressive (Default: normal)
conservative Change route metrics to conservative (Default: normal)
normal Change route metrics to normal (Default: normal)
amrp neighbor <mac_addr> metric min <number> max <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
neighbor Specify the neighbor to which you want to set AMRP parameters
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
metric Set route metric parameters for the backhaul link (Ethernet and wireless) to the neighbor
min Set the minimum metric value
<number> Enter the minimum metric value (Default: 67; Range: 8-1200)
max Set the maximum metric value equal to or greater than the minimum value
<number> Enter the maximum metric value (Default: 67; Range: 8-1200)
amrp vpn-tunnel heartbeat interval <number> retry <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
vpn-tunnel Set parameters for VPN tunneling
heartbeat Set AMRP (Advanced Mobility Routing Protocol) heartbeat parameters for VPN tunnel
interval Set the interval for sending AMRP heartbeats through the tunnel
<number> Enter the heartbeat interval in seconds (Range: 0-65535; Default: 10; Note: 0 disables AMRP heartbeats.)
retry Set the number of times to retry sending a heartbeat when it does not elicit a response
<number> Enter the number of heartbeats to retry sending (Range: 1-255; Default: 10)
bonjour-gateway enable
bonjour-gateway Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
enable Enable Bonjour gateway functionality (Default: Enabled)
bonjour-gateway filter rule <number> [ from <string> ] <string> [ to <string> ] [ metric <number> ]
bonjour-gateway Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
filter Set a filter to control which Bonjour services the local gateway transmits to remote gateways
rule Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
<number> Enter the ID for the rule (Range 1-128)
from Set the source from which services are advertised
<string> Enter the source VLAN group name (1-32 chars)
<string> Enter the text string to filter which services are advertised (1-64 chars; Note: A service is advertised if its name matches the string in a rule. You can use asterisks as wildcards)
to Set the VLAN group to which services are advertised
<string> Enter the destination VLAN group name (1-32 chars)
metric Set the maximum number of hops away from the local BDD to accept service advertisements (Note: An immediately neighboring BDD is one hop away, a neighbor of that neighbor is two hops away, and so on.)
<number> Enter the maximum distance from which service advertisements are acceptable (Range: 0-100; Default: 0; Note: A value of 0 means that there is no maximum distance.)
bonjour-gateway filter rule <number> {before|after} rule <number>
bonjour-gateway Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
filter Set a filter to control which Bonjour services the local gateway transmits to remote gateways
rule Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
<number> Enter the ID for the rule (Range 1-128)
before Move the rule before another rule in the Bonjour Gateway filter
after Move the rule after another rule in the Bonjour Gateway filter
rule Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
<number> Enter the ID for the rule (Range 1-128)
bonjour-gateway neighbor <ip_addr|string>
bonjour-gateway Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
neighbor Set an AP or CVG as a remote BDD (Bonjour Dedicated Device)
<ip_addr> Enter the IP address or resolvable domain name (1-32 chars) of the remote BDD
<string> Enter the IP address or resolvable domain name (1-32 chars) of the remote BDD
bonjour-gateway priority <number>
bonjour-gateway Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
priority Set the priority of the local device to be elected as the BDD (Bonjour Designated Device)
<number> Enter the BDD election priority (Range: 0-255; Defaults: SR series=50, BR200 series=40, VG-VA/VG-1U=25, AP370/AP390=23, AP230=21, AP330/AP350=20, AP320/AP340=15, AP120/AP121/AP130/AP141/AP170/AP1130=10, AP110=5; Note: Values closer to 255 have higher priority.)
bonjour-gateway realm <string>
bonjour-gateway Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
realm Set the name of the Bonjour realm to which the local device belongs
<string> Enter the Bonjour realm name (1-128 chars)
bonjour-gateway vlan <number> [ <number> ]
bonjour-gateway Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
vlan Set the VLAN or range of VLANs in which to probe for DHCP servers
<number> Enter the VLAN ID to be probed (Range: 1-4094; Note: If you are defining a range of VLANs, this is the starting point of that range.)
<number> Enter the last VLAN ID in the range (Range: 1-4094)
boot-param boot-file <string>
boot-param Set parameters for the boot loader
boot-file Set the file name of the HiveOS image that you want to load on the local HiveSwitch through a network connection to a TFTP server
<string> Enter the file name (1-127 chars)
boot-param country-code <number>
boot-param Set parameters for the boot loader
country-code Set the country code used to control radio channel and power selections
<number> Enter a country code value (Default: 840; Range: 1-10000)
boot-param device <ip_addr/netmask>
boot-param Set parameters for the boot loader
device Set the IP address and netmask of the local HiveSwitch device
<ip_addr/netmask> Enter the IP address and netmask
boot-param device <ip_addr> <netmask>
boot-param Set parameters for the boot loader
device Set the IP address and netmask of the local HiveSwitch device
<ip_addr> Enter the IP address
<netmask> Enter the IP netmask
boot-param gateway <ip_addr>
boot-param Set parameters for the boot loader
gateway Set the IP address of the gateway so that the local HiveSwitch can reach the TFTP server with the HiveOS image that you want to load
<ip_addr> Enter the IP address
boot-param image-download enable
boot-param Set parameters for the boot loader
image-download Set the ability of the local HiveSwitch to download a HiveOS image from an external TFTP server during the bootup process (Default: Enabled; Note: Only a root-admin can enable and disable image loading from an external source during bootup.)
enable Enable the ability to download a HiveOS image from a TFTP server to the local HiveSwitch
boot-param management-port <ethx/y>
boot-param Set parameters for the boot loader
management-port Set parameters for traffic to the TFTP server specified in the "boot-param server" command through specified port.
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
boot-param native-vlan <number>
boot-param Set parameters for the boot loader
native-vlan Set the native VLAN ID of the local HiveSwitch
<number> Enter the VLAN ID (Default: 0; Range: 0-4094)
boot-param netboot enable
boot-param Set parameters for the boot loader
netboot Set the HiveSwitch to boot up automatically from an external TFTP server after an application crash occurs
enable Enable the ability to boot up automatically from an external TFTP server after an application crash occurs
boot-param netdump dump-file [ <string> ]
boot-param Set parameters for the boot loader
netdump Set parameters for saving a core dump to the TFTP server specified in the "boot-param server" command (Note: If the HiveSwitch crashes, it saves a core dump file to the TFTP server in its next rebooting phase)
dump-file Set the name of the core dump file to be saved to the TFTP server
<string> Enter the name of the core dump file (Default name: .netdump; 1-32 chars)
boot-param netdump enable
boot-param Set parameters for the boot loader
netdump Set parameters for saving a core dump to the TFTP server specified in the "boot-param server" command (Note: If the HiveSwitch crashes, it saves a core dump file to the TFTP server in its next rebooting phase)
enable Enable the netdump feature (Default: Disabled)
boot-param server <ip_addr>
boot-param Set parameters for the boot loader
server Set the IP address of the TFTP server that has the HiveOS image file that you want to load
<ip_addr> Enter the IP address
boot-param vlan <number>
boot-param Set parameters for the boot loader
vlan Set the VLAN that the local HiveSwitch must use to reach the TFTP server
<number> Enter the VLAN ID (Default: 0; Range: 0-4094)
capwap client HTTP proxy name <string> port <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
HTTP Set HTTP as the application-level protocol using TCP as the transport mode
proxy Set parameters for the HTTP proxy server
name Set the HTTP proxy server name
<string> Enter the IP address or domain name of the HTTP proxy server (1-63 chars)
port Set the HTTP proxy server port number
<number> Enter the port number (Range: 1-65535)
capwap client HTTP proxy user <string> password <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
HTTP Set HTTP as the application-level protocol using TCP as the transport mode
proxy Set parameters for the HTTP proxy server
user Set the user name for authenticating the HiveAP with the HTTP proxy server
<string> Enter the authentication user name (1-32 chars)
password Set the user password for authenticating the HiveAP with the HTTP proxy server
<string> Enter the password (1-32 chars)
capwap client default-server-name <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
default-server-name Set the default IP address or domain name for the CAPWAP server
<string> Enter IP address or name for CAPWAP server (1-63 chars)
capwap client discovery interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
discovery Set CAPWAP client discovery parameters
interval Set CAPWAP discovery interval
<number> Enter the CAPWAP discovery interval (Default: 5 secs; Range:1-999)
capwap client discovery maximum interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
discovery Set CAPWAP client discovery parameters
maximum Set the max time in seconds to wait for a response to a Discovery Request message
interval Set the max time in seconds to wait for a response to a Discovery Request message
<number> Enter the max time to wait for a response to a Discovery Request message (Default: 10 secs; Range: 2-180)
capwap client discovery method {broadcast}
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
discovery Set CAPWAP client discovery parameters
method Set the CAPWAP discovery method
broadcast Enable the broadcast of CAPWAP Discovery Request messages in the local Layer 2 domain as part of the CAPWAP server discovery process (Default: Enabled)
capwap client dtls accept-bootstrap-passphrase
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
accept-bootstrap-passphrase Always accept the bootstrap passphrase proposed by HiveManager
capwap client dtls bootstrap-passphrase <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
bootstrap-passphrase Set a passphrase for initial and recovery CAPWAP connections
<string> Enter the bootstrap passphrase (16-32 chars)
capwap client dtls enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
enable Enable CAPWAP client dtls feature
capwap client dtls handshake-wait-time <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
handshake-wait-time Set the maximum time to wait for a DTLS handshake message from the CAPWAP server
<number> Enter the maximum wait time in seconds (Default: 60; Range: 30-120)
capwap client dtls hm-defined-passphrase <string> key-id <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
hm-defined-passphrase Use the HiveManager-defined passphrase to secure CAPWAP communications
<string> Enter a passphrase for the HiveAP to use when making a secure CAPWAP connection (16-32 chars)
key-id Set the key ID for the passphrase
<number> Enter the key ID (Range: 1-255)
capwap client dtls max-retries <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
max-retries Set the maximum number of times to retry making a DTLS connection
<number> Enter the maximum number of retries (Default: 3; Range: 1-65535)
capwap client dtls negotiation enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
negotiation Set the HiveAP to auto-negotiate the use of DTLS with HiveManager
enable Enable DTLS auto-negotiation
capwap client dtls psk <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
psk Set the DTLS preshared key manually (instead of deriving it from a passphrase)
<string> Enter the DTLS preshared key in ASCII hex format (1-64 chars)
capwap client dtls session-delete-wait-time <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
session-delete-wait-time Set the minimum time to wait for DTLS session deletion
<number> Enter the wait time in seconds (Default: 5; Range: 1-65535)
capwap client enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
enable Enable CAPWAP client
capwap client join timeout <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
join Set the interval that the HiveAP waits for a CAPWAP Join Response message
timeout Set the interval that the HiveAP waits for a CAPWAP Join Response message
<number> Enter join interval in seconds to wait for Join Response message (Default: 60 secs; Range: 30-999)
capwap client neighbor dead interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
neighbor Set CAPWAP client neighbor parameters
dead Set the dead interval for CAPWAP neighbors
interval Set the interval in seconds to wait for ping responses before considering a CAPWAP neighbor dead
<number> Enter interval to wait for responses before considering a neighbor dead (Default: 105 secs; Range: 60-240)
capwap client neighbor heartbeat interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
neighbor Set CAPWAP client neighbor parameters
heartbeat Set the heartbeat parameters for a CAPWAP neighbor
interval Set the heartbeat interval for a CAPWAP neighbor
<number> Enter the heartbeat interval for a CAPWAP neighbor (Default: 30; Range: 30-120)
capwap client pci-alert enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
pci-alert Report PCI (Payment Card Infrastructure) compliance information to HiveManager
enable Enable the reporting of PCI compliance information
capwap client server [ {backup} ] name <string> [ connect-delay <number> ] [ via-vpn-tunnel ]
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
server Set parameters for communicating with the CAPWAP server
backup Set the backup CAPWAP server
name Set the IP address or domain name of the CAPWAP server
<string> Enter IP address or name for CAPWAP server (1-63 chars)
connect-delay Schedule a connection to the specified CAPWAP server at a time relative to the moment the HiveAP receives the command
<number> Enter the interval in seconds after which the CAPWAP client connects (Range: 0-65535)
via-vpn-tunnel Send all CAPWAP traffic through a VPN tunnel (Note: Set this option on VPN clients when the CAPWAP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
capwap client server port <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
server Set parameters for communicating with the CAPWAP server
port Set the destination port number for communicating with the CAPWAP server
<number> Enter the port number (Default: 12222; Range: 1-65535)
capwap client silent interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
silent Set an interval to wait after failing to receive Discovery Request responses before sending more requests
interval Set an interval to wait after failing to receive Discovery Request responses before sending more requests
<number> Enter an interval to wait after failing to receive Discovery Request responses (Default: 15 secs; Range: 1-999)
capwap client statistic-info update-interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
statistic-info Set CAPWAP client statistic info parameters
update-interval Set CAPWAP client statistic info update interval
<number> Enter the CAPWAP statistic info update interval (Default: client not send statistic info actively; Range:10-1440 minutes)
capwap client transport HTTP
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
transport Set the packet transport mode for CAPWAP communications
HTTP Set HTTP as the application-level protocol using TCP as the transport mode
capwap client vhm-name <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
vhm-name Set the name of the virtual HiveManager system
<string> Enter the name of the virtual HiveManager system (1-64 chars)
capwap max-discoveries counter <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
max-discoveries Set the max number of CAPWAP Discovery Request messages
counter Set the max number of CAPWAP Discovery Request messages
<number> Enter the max number of CAPWAP Discovery Request messages (Default: 3; Range: 1-999)
capwap ping <string> [ port <number> ] [ count <number> ] [ size <number> ] [ timeout <number> ]
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
ping Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
<string> Enter the IP address or domain name of the CAPWAP server (1-63 chars)
port Set the destination UDP port number for communicating with the CAPWAP server
<number> Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
count Set the number of CAPWAP UDP packets to send
<number> Enter the number of packets to send (Default: 5; Range: 1-65535)
size Set the size of the UDP packets
<number> Enter the packet size in bytes (Default: 56; Range:1-1300)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 5; Range: 1-60)
capwap ping <string> [ port <number> ] flood <number> [ size <number> ] [ timeout <number> ]
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
ping Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
<string> Enter the IP address or domain name of the CAPWAP server (1-63 chars)
port Set the destination UDP port number for communicating with the CAPWAP server
<number> Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
flood Set the number of batches, each consisting of 100 CAPWAP UDP packets, to send at one time
<number> Enter the number of batches of packets(Range: 1-65535)
size Set the size of the UDP packets
<number> Enter the packet size in bytes (Default: 56; Range:1-1300)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 5; Range: 1-60)
cavc ap-black-list <mac_addr>
cavc Set CAVC management parameters
ap-black-list Add or remove AP to black list
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
cdp enable
cdp Set CDP (Cisco Discovery Protocol) parameters
enable Enable globally
cdp max-entries <number>
cdp Set CDP (Cisco Discovery Protocol) parameters
max-entries Set the maximum number of entries to cache in the neighbor table
<number> Enter the maximum number of entries to cache (Default: 64; Range: 1-128)
clear aaa radius-server cache [ username <string> ]
clear Clear dynamic system information or remove all web directories
aaa Clear parameters for AAA (authentication, authorization, accounting)
radius-server Clear RADIUS server parameters
cache Clear all RADIUS server caches or one cache
username Clear the RADIUS server cache by username
<string> Enter the username (1-32 chars)
clear aaa radius-server-key [ {radius-server|ldap-client} ] [ <string> ]
clear Clear dynamic system information or remove all web directories
aaa Clear parameters for AAA (authentication, authorization, accounting)
radius-server-key Clear all certificates that the local Aerohive device uses as a RADIUS server and LDAP client
radius-server Clear certificates that the local AP uses as a RADIUS server
ldap-client Clear certificates that the local AP uses as a LDAP client
<string> Enter the name of the certificate
clear arp-cache
clear Clear dynamic system information or remove all web directories
arp-cache Clear the ARP cache
clear auth roaming-cache mac <mac_addr> {hive-neighbors|hive-all}
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
mac Set the MAC address of the station whose cached authentication information you want to clear
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
hive-neighbors Clear all entries from the local roaming cache and from the roaming caches of all neighboring hive members
hive-all Clear the MAC address from the local roaming cache and from the roaming caches of all hive members
clear auth roaming-cache {hive-neighbors}
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
hive-neighbors Clear all entries from the local roaming cache and from the roaming caches of all neighboring hive members
clear auth username <string>
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
username Clear dynamic authentication information by user name
<string> Enter a user name (1-32 chars)
clear auth {local-cache|roaming-cache|station} [ mac <mac_addr> ]
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
local-cache Clear all entries from the local cache, which contains authentication information for stations currently connected to the local HiveAP
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
station Clear authentication information for a specific station
mac Set the MAC address of the station whose cached authentication information you want to clear
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear auth {local-cache|roaming-cache|station} ssid <string>
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
local-cache Clear all entries from the local cache, which contains authentication information for stations currently connected to the local HiveAP
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
station Clear authentication information for a specific station
ssid Clear cached authentication information based on the SSID with which stations associated
<string> Enter a user name (1-32 chars)
clear capture local [ <string> ]
clear Clear dynamic system information or remove all web directories
capture Clear packet capture parameters
local Clear one or all locally stored packet capture files
<string> Enter the file name to clear
clear capwap client counter
clear Clear dynamic system information or remove all web directories
capwap Clear CAPWAP (Control and Provisioning of Wireless Access Points) statistics
client Clear CAPWAP client statistics
counter Clear CAPWAP client keepalive packet counters
clear cdp table
clear Clear dynamic system information or remove all web directories
cdp Clear CDP (Cisco Discovery Protocol) parameters
table Clear neighbor table
clear config rollback
clear Clear dynamic system information or remove all web directories
config Clear the configuration rollback settings
rollback Clear the current configuration rollback point and related settings
clear forwarding-engine counters [ interface <ethx/y> ] [ station <mac_addr> ] [ drop ] [ tunnel ] [ policy ]
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
counters Clear forwarding engine counter statistics
interface Clear forwarding engine counter by interface
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
station Clear forwarding engine counter by station MAC
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
drop Clear the drop packet counter
tunnel Clear the counter on tunnels
policy Clear the counter on policies
clear forwarding-engine ip-sessions [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ src-port <number> ] [ dst-port <number> ] [ protocol <number> ]
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
ip-sessions Clear IP sessions
src-ip Clear IP sessions by source IP address
<ip_addr> Source IP address
dst-ip Clear IP sessions by destination IP address
<ip_addr> Destination IP address
src-port Clear IP essions by source port number
<number> source IP port (Range: 1-65535)
dst-port Clear IP sessions by destination port number
<number> destination IP port (Range: 1-65535)
protocol Clear IP sessions by protocol type
<number> source IP port (Range: 1-255)
clear forwarding-engine ip-sessions id <number>
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
ip-sessions Clear IP sessions
id Clear IP sessions by session ID number
<number> Enter the IP session ID (Range: 1-9999)
clear forwarding-engine mac-sessions [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ]
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
mac-sessions Clear MAC sessions
src-mac Clear MAC sessions by source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Clear MAC sessions by destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear forwarding-engine mac-sessions id <number>
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
mac-sessions Clear MAC sessions
id Clear MAC sessions by session ID number
<number> Enter the MAC session ID (Range: 1-9999)
clear gre-tunnel counters tunnel
clear Clear dynamic system information or remove all web directories
gre-tunnel Clear GRE (Generic Routing Encapsulation) tunnel information
counters Clear GRE tunnel counter statistics
tunnel Clear the counter on tunnels
clear hive <string> counter neighbor [ <mac_addr> ]
clear Clear dynamic system information or remove all web directories
hive Clear hive info
<string> Enter a hive profile name (1-32 chars)
counter Clear counters for neighboring hive members
neighbor Clear counters for all neighbors or a specific neighbor in this hive
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear interface <ethx/y|aggx> counters
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
counters Clear the statistics counters of the specified port
clear interface <mgtx|vlanx> dhcp-server lease all
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Clear the DHCP server lease
lease Clear a specific DHCP lease or all leases
all Clear all DHCP leases
clear interface <mgtx|vlanx> dhcp-server lease ip <ip_addr>
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Clear the DHCP server lease
lease Clear a specific DHCP lease or all leases
ip Clear the DHCP lease that uses a specific IP address
<ip_addr> Enter the IP address
clear interface <mgtx|vlanx> dhcp-server lease mac <mac_addr>
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Clear the DHCP server lease
lease Clear a specific DHCP lease or all leases
mac Clear the DHCP lease assigned to a client with a specific MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear lldp table
clear Clear dynamic system information or remove all web directories
lldp Clear LLDP (Link Layer Discovery Protocol) parameters
table Clear neighbor table
clear log [ {buffered|debug|flash|all} ]
clear Clear dynamic system information or remove all web directories
log Clear logging messages
buffered Clear buffered log messages
debug Clear debug log messages
flash Clear flash log messages
all Clear all log messages
clear mac-address-table interface <ethx/y|aggx> [ {static|dynamic} ]
clear Clear dynamic system information or remove all web directories
mac-address-table Clear entries from the MAC address table
interface Clear MAC address for a specific interface
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
static Clear all manually entered MAC addresses
dynamic Clear all dynamically learned MAC addresses
clear mac-address-table vlan <number> [ {static|dynamic} ]
clear Clear dynamic system information or remove all web directories
mac-address-table Clear entries from the MAC address table
vlan Clear MAC addresses for a specific VLAN
<number> Enter the VLAN ID (Range: 1-4094)
static Clear all manually entered MAC addresses
dynamic Clear all dynamically learned MAC addresses
clear mac-address-table {all|static|dynamic}
clear Clear dynamic system information or remove all web directories
mac-address-table Clear entries from the MAC address table
all Clear all entries from the MAC address tables
static Clear all manually entered MAC address table entries
dynamic Clear all dynamically learned MAC address table entries
clear mdnsd counter [ vlan <number> ]
clear Clear dynamic system information or remove all web directories
mdnsd Clear MDNS information
counter Clear MDNS packet counter
vlan Clear MDNS packet counters on a specific VLAN
<number> Enter the VLAN ID number (Range: 1-4094)
clear network-firewall session all
clear Clear dynamic system information or remove all web directories
network-firewall Clear Layer 3 firewall information
session Clear Layer 3 firewall sessions
all Clear all sessions (Note: You must clear all existing sessions for new or changed firewall policy rules to take effect. Once the new rules are in effect, the HiveAP applies them to new sessions.)
clear service [ <string> ] counter
clear Clear dynamic system information or remove all web directories
service Clear dynamically generated information for all services or for a specific service
<string> Enter the name of the service whose counters you want to clear
counter Clear the counter statistics for all services or for a specific service
clear ssh known_host <string>
clear Clear dynamic system information or remove all web directories
ssh Secure Shell
known_host List of known saved hosts
<string> Enter the domain name (1-64 chars) or IP address
clear ssid <string> counter station [ <mac_addr> ]
clear Clear dynamic system information or remove all web directories
ssid Clear SSID info
<string> Enter an SSID profile name (1-32 chars)
counter Clear counters for stations (wireless clients) associated with the SSID
station Clear counters for all stations or a specific station associated with the SSID
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear storm-control counter
clear Clear dynamic system information or remove all web directories
storm-control Clear the traffic storm control parameters
counter Clear the traffic storm control counters
clear user-and-group all
clear Clear dynamic system information or remove all web directories
user-and-group Clear all users and user-groups
all Clear all users and user-groups
clear vpn certificate-key
clear Clear dynamic system information or remove all web directories
vpn Clear VPN information
certificate-key Clear all certificates that the local HiveAP uses when authenticating its identity to a VPN peer and when verifying the identity of a VPN peer
clear vpn {ike|ipsec} sa
clear Clear dynamic system information or remove all web directories
vpn Clear VPN information
ike Clear IKE SA information established during IKE phase 1 negotiations
ipsec Clear IPsec SA information established during IKE phase 2 negotiations
sa Clear SA (security association) information
clear web-directory [ {ppsk-self-reg} ]
clear Clear dynamic system information or remove all web directories
web-directory Remove all web directories
ppsk-self-reg Remove all self-registration web directories from the private PSK server
client-monitor enable
client-monitor Set parameters for Client Monitor
enable Enable client monitor to detect client issues and report client connection activities and problems to HiveManager (Default: Enabled)
client-monitor policy <string> problem-type {association|authentication|networking} [ trigger-times <number> ] [ report-interval <number> ] [ quiet-time <number> ]
client-monitor Set parameters for Client Monitor
policy Set parameters for a Client Monitor policy
<string> Enter the Client Monitor policy name (1-32 chars)
problem-type Set the problem type which specifies a category of client-centric problems
association Detect, analyze and report the client association problem
authentication Detect, analyze and report the client authentication problem
networking Detect, analyze and report the client networking problem
trigger-times Set how many times the problem type is detected to trigger reporting the problem and related logs
<number> Enter trigger times for the problem type (Range: 1-10; Default: 1)
report-interval Set the interval to report the problem and related logs
<number> Enter a report interval in seconds for the problem type (Range: 0 or 30-3600; Default: 0; Note: The default value of 0 reports every instance of the problem)
quiet-time Set the time period after which the problem elapses
<number> Enter quiet time in seconds for the problem type (Range: 60-86400; Default: 300)
client-tracing <mac_addr>
client-tracing Test client tracing
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clock date-time <date> <time>
clock Set the internal clock
date-time Set the date and time for the internal clock
<date> Enter the date for the internal clock, (Format: YYYY-MM-DD, Range: 1970-01-01 to 2035-12-31)
<time> Enter the time for the internal clock, (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
clock time-zone <number> [ {30|45} ]
clock Set the internal clock
time-zone Set the time zone for the internal clock
<number> Enter the time zone for the internal clock (Default: 0; Range: from -12 to 12)
30 Add 30 minutes to the specified time zone
45 Add 45 minutes to the specified time zone
clock time-zone daylight-saving-time <date> <time> <date> <time>
clock Set the internal clock
time-zone Set the time zone for the internal clock
daylight-saving-time Set the daylight saving time parameters
<date> Enter the start date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
<time> Enter the start time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
<date> Enter the end date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
<time> Enter the end time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
config rollback enable
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
enable Enable the configuration rollback feature
config rollback manual [ wait-time <number> ]
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
manual Perform the configuration rollback after the defined length of time elapses regardless of its CAPWAP connectivity (Note: This option is useful when accessing the CLI remotely and you are concerned that some commands might cause the AP to lose its network connection.)
wait-time Set the length of time that the AP must be disconnected from the CAPWAP server before rolling back the configuration
<number> Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 0-60000: Note: 0 means that the rollback point persists indefinitely until the 'config rollback now' command is entered.)
config rollback now
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
now Return the configuration to a previously set rollback point immediately
config rollback {capwap-disconnect|next-reboot} [ wait-time <number> ]
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
capwap-disconnect Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time (Note: This is useful when uploading a delta configuration, which does not require the AP to reboot, and you are concerned that some changes might disrupt network connectivity for the AP.)
next-reboot Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time after the AP reboots (Note: This is useful when uploading a full configuration, which requires the AP to reboot, and you are concerned that the new config might disrupt network connectivity for the AP.)
wait-time Set the length of time that the AP must be disconnected from the CAPWAP server before rolling back the configuration
<number> Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 2-60000)
config version <number>
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
version Set the version number for the current configuration file
<number> Enter the version number (Range: 1-4294967295)
console echo obscure-passwords
console Set console parameters
echo Set parameters for the display of data in the terminal window
obscure-passwords Display passwords and sensitive networking keys as asterisks (***) in the CLI (Default: Passwords and keys are replaced by asterisks instead of displaying original text)
console page <number>
console Set console parameters
page Set the maximum number of lines of data displayed as a batch when retrieved from a device (Note: If the number of retrieved lines exceeds the maximum, press TAB to return the next batch or ENTER to retrieve the next single line. Press the Q key to cancel the display of all further requested data and return to the command prompt.)
<number> Set the maximum number of lines to display at a time (Default: 22, Range: 10-100, Disable: 0, which means that there is no maximum limit)
console serial-port enable
console Set console parameters
serial-port Set administrative access to the serial port
enable Enable access to the console serial port
console timeout <number>
console Set console parameters
timeout Set the amount of time required to close a console connection due to inactivity
<number> Set the console timeout value in minutes (Default: 10, Range: 0-60, Disable: 0)
data-collection collect interval <number>
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
collect Set parameters for collecting data
interval Set the interval for collecting data about devices and their network usage
<number> Enter the amount of time in hours during which the HiveAP collects data (Default: 1; Range: 1-48)
data-collection enable
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
enable Enable the local HiveAP to collect data about types and capabilities of devices on the network and their network usage (Default: Disabled)
data-collection report interval <number>
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
report Set parameters for reporting data to HiveManager
interval Set the interval for reporting data to HiveManager
<number> Enter the amount of time in hours between data reports to HiveManager (Default: 6; Range: 0-48; Note: 0 disables sending reports to HiveManager.)
data-collection {max-collect} <number>
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
max-collect Set the maximum number of collection times that must elapse before clearing data that cannot be reported to HiveManager (Note: The default collection interval is 1 hour and the default report interval is 6 hours.)
<number> Enter the maximum number of times to collect data before clearing it if it cannot be reported to HiveManager (Default: 24; Range: Range:1-48)
debug console [ {all} ]
debug Enable debug messages
console Show debug messages on the console
all Show all messages on the console
debug console level {emergency|alert|critical|error|warning|notification|info|debug}
debug Enable debug messages
console Show debug messages on the console
level Specify a logging level
emergency Show emergency-level log entries (Default: debug)
alert Show log entries from alert to emergency levels (Default: debug)
critical Show log entries from critical to emergency levels (Default: debug)
error Show log entries from error to emergency levels (Default: debug)
warning Show log entries from warning to emergency levels (Default: debug)
notification Show log entries from notification to emergency levels (Default: debug)
info Show log entries from info to emergency levels (Default: debug)
debug Show log entries for all severity levels (Default: debug)
debug console timestamp
debug Enable debug messages
console Show debug messages on the console
timestamp Show debug messages timestamp
designated-server idm-proxy dynamic
designated-server Set parameters for a dynamic server
idm-proxy Set parameters for a dynamic proxy server to forward RADIUS requests over a secure TLS tunnel between the local device and ID Manager
dynamic Enable the Aerohive device acting as a NAS to send RADIUS requests to the designated proxy server (Default: Disabled)
device-group <string> [ mac-object <string> ] [ domain-object <string> ] [ os-object <string> ]
device-group Set a device group containing various objects that the HiveAP can use to classify client devices (Max: 64 groups)
<string> Enter a device group name (1-32 chars)
mac-object Add a MAC object to the device group
<string> Enter the MAC object name (1-32 chars)
domain-object Add a domain object to the device group
<string> Enter the domain object name (1-32 chars)
os-object Add an OS object to the device group
<string> Enter the OS object name (1-32 chars)
device-group <string> ownership {cid|byod}
device-group Set a device group containing various objects that the HiveAP can use to classify client devices (Max: 64 groups)
<string> Enter a device group name (1-32 chars)
ownership Set an attribute for the client device group identifying its devices as user-owned (BYOD=bring your own device) or company-issued (CID=company-issued device)
cid Set the devices in the device group as company-issued
byod Set the devices in the device group as user-owned
device-location <string>
device-location Set the device location
<string> Enter a device location (1-128 chars)
dns domain-name <string>
dns Set DNS (Domain Name System) parameters
domain-name Set the domain name suffix for the local AP
<string> Enter the domain name suffix for the local AP (1-32 chars)
dns server-ip <ip_addr> [ {second|third} ]
dns Set DNS (Domain Name System) parameters
server-ip Set the IP address of the primary, secondary, or tertiary DNS server
<ip_addr> Enter the IP address of the primary, secondary, or tertiary DNS server
second Assign the IP address to a secondary DNS server
third Assign the IP address to a tertiary DNS server
domain-object <string> domain <string>
domain-object Set parameters for a domain object that the HiveAP can use to assign a client that belongs to a matching device domain to a user profile (Max: 64 domain objects per HiveAP)
<string> Enter a domain object name (1-32 chars; Note: The object name is an admin-defined name and does not have to be the name of a device domain.)
domain Add a device domain to the domain object (Note: Specify the domain to which devices in an LDAP-structured database belong.)
<string> Enter an domain name (1-64 chars)
exec aaa idm-test auth username <string> password <string> [ {pap|ms-chap-v2} ] [ proxy <string> ] [ bind-ssid <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
idm-test Test TLS connectivity from the Aerohive device acting as the RadSec or AUTH proxy to the ID Manager gateway
auth Send a RADIUS Access-Request message from the Aerohive device to the ID Manager
username Set the user name belonging to an account on the ID Manager
<string> Enter the user name (1-32 chars)
password Set the password that belongs to the same account as the user name on the ID Manager
<string> Enter the password (1-64 chars)
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the Aerohive device and ID Manager (Default: MS-CHAP-v2)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the Aerohive device and ID Manager (Default: MS-CHAP-v2)
proxy Set parameters for connecting to an ID Manager proxy server
<string> Enter the IP address or domain name of the ID Manager proxy server (1-32 chars)
bind-ssid Set the SSID to which the user name binds for ID Manager testing (Note: By default, wired links use the user name-password pair for testing ID Manager accounts, so the user name does not need to bind to an SSID.)
<string> Enter the name of the SSID to which you want to bind the user name (1-32 chars)
exec aaa ldap-search server-type {active-directory|ldap-server|open-directory} server <string> basedn <string> binddn <string> password <string> [ {attributes} [ <string> ] ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
ldap-search Execute a search of the LDAP database
server-type Set the type of LDAP server whose database you want to search
active-directory Set the server type as an Active Directory server
ldap-server Set the server type as an OpenLDAP server
open-directory Set the server type as an Open Directory server
server Set the IP address or resolvable domain name of the LDAP server
<string> Enter the IP address or domain name (up to 32 chars)
basedn Set a node in the LDAP tree structure as the baseDN (distinguished name) from which to search for nodes one level below it or for information about one or all of its attributes
<string> Enter the baseDN (up to 256 chars) (Note: If there are any spaces, enclose the whole string in quotation marks.)
binddn Set the bindDN name and password for the user that has permission to search the LDAP directory
<string> Enter the bindDN name (up to 256 chars)
password Set the bindDN password
<string> Enter the password (1-64 chars)
attributes Search for attributes of the node specified as the baseDN
<string> Enter the name of a specific attribute for which to search (Note: To see the user group attribute of the baseDN node when the default group attribute name is being used, do not enter anything.)
exec aaa ldap-search username <string> [ basedn <string> ] [ domain <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
ldap-search Execute a search of the LDAP database
username Set the user name to search for in the LDAP database
<string> Enter a user name (1-32 chars)
basedn Set the baseDN (distinguished name) where the user profiles are located in the LDAP tree structure
<string> Enter the baseDN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
domain Set the domain name of the domain controller
<string> Enter a NT domain name (1-64 chars)
exec aaa library-sip-test primary username <string> password <string>
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
library-sip-test Test a simulated authentication process for a library patron on a library SIP (Standard Interchange Protocol) server
primary Test the authentication process on the primary library SIP server
username Set the library patron's user name to submit to the library SIP server
<string> Enter the user name (1-32 chars)
password Set the library patron's password to submit to the library SIP server
<string> Enter the password (1-64 chars)
exec aaa net-ads-info <string>
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
net-ads-info Retrieve information from the Active Directory server such as its IP address, Active Directory domain name, root BaseDN, and realm name
<string> Enter the name of the realm to which the Active Directory server belongs (Example: corp123.com; Note: The realm name is not case sensitive; Range: 1-64 chars)
exec aaa net-join [ {primary|backup1|backup2|backup3} username <string> password <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
net-join Join the local AP RADIUS server to the domain controller
primary Join the local AP RADIUS server to the primary domain controller
backup1 Join the local AP RADIUS server to the backup1 domain controller
backup2 Join the local AP RADIUS server to the backup2 domain controller
backup3 Join the local AP RADIUS server to the backup3 domain controller
username Set the admin user name for the local AP RADIUS server (Note: For the AP RADIUS server to join the domain, its user account must have domain admin privileges or higher.)
<string> Enter a user name (1-32 chars)
password Set the password for the user name
<string> Enter a password (1-64 chars)
exec aaa net-join domain <string> fullname <string> server <string> username <string> password <string> [ computer-ou <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
net-join Join the local AP RADIUS server to the domain controller
domain Set the domain name of the AD domain controller
<string> Enter the NetBIOS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
fullname Set the full name of the domain to which the RADIUS server (local AP) and AD server both belong
<string> Enter the full domain name (1-64 chars)
server Set the IP address or resolvable domain name for the AD server (Note: The AD server is the same as the domain controller.)
<string> Enter the IP address or domain name (up to 32 chars)
username Set the admin user name that the local AP RADIUS server submits to the AD server (Note: For the AP RADIUS server to join the domain, its user account must have domain admin privileges or higher.)
<string> Enter a user name (1-32 chars)
password Set the password for the user name
<string> Enter a password (1-64 chars)
computer-ou Set the OU (organizational unit) used on the Active Directory server where the AP RADIUS server admin has privileges to add the AP as a computer in the domain
<string> Enter the OU (Max: 256 chars; Format: ou/sub-ou/sub-ou; Note: If there are any spaces, enclose the entire string in quotation marks.)
exec aaa ntlm-auth username <string> password <string> [ domain <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
ntlm-auth Initiate NTLM (NT LAN Manager) authentication between the AP RADIUS server and the domain controller
username Set the user name that the AP RADIUS server uses when authenticating itself to the domain controller
<string> Enter a user name (1-32 chars)
password Set the password that the AP RADIUS server uses when authenticating itself to the domain controller
<string> Enter a password (1-64 chars)
domain Set the domain name of the domain controller
<string> Enter a NT domain name (1-64 chars)
exec aaa radius-test <string> accounting
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-test Send a RADIUS Access-Request message from the HiveAP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
<string> Enter the IP address or domain name of the RADIUS server (1-32 chars)
accounting Check the network connectivity status of a RADIUS accounting server (Default: Check the status of a RADIUS authentication server.)
exec aaa radius-test <string> username <string> password <string> [ {pap|chap|ms-chap-v2} ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-test Send a RADIUS Access-Request message from the HiveAP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
<string> Enter the IP address or domain name of the RADIUS server (1-32 chars)
username Set the user name belonging to an account on the RADIUS server
<string> Enter the user name (1-32 chars)
password Set the password that belongs to the same account as the user name on the RADIUS server
<string> Enter the password (1-64 chars)
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
exec active-alarms-resending
exec Execute a command to initiate a task immediately
active-alarms-resending Make device resend all active alarms to HiveManager
exec bypass-wan-hardening
exec Execute a command to initiate a task immediately
bypass-wan-hardening Disable WAN hardening to allow SSH, Telnet, and the remote sniffer tool to access the device over the WAN interface (Note: Execute this command to allow remote access for troubleshooting. To restore WAN hardening, enter "no exec bypass-wan-hardening" or reboot the device.)
exec capture remote-sniffer [ user <string> <string> ] [ host-allowed <string> ] [ local-port <number> ] [ promiscuous ]
exec Execute a command to initiate a task immediately
capture Initiate packet capturing
remote-sniffer Set parameters for a remote packet sniffer
user Set user name and password that the remote sniffer uses when authenticating itself to the HiveAP
<string> Enter the user name (1-32 chars)
<string> Enter the password (1-32 chars)
host-allowed Set the IP address or domain name of the remote packet sniffer that is allowed to connect to the HiveAP
<string> Enter the IP address or domain name (1-32 chars)
local-port Set the port number on which the HiveAP listens for connection requests from the remote sniffer
<number> Enter the port number (Default: 2002; Range: 1024-65535)
promiscuous Enable the wifi interfaces to operate in promiscuous mode during packet capturing (Default: Disabled)
exec client-monitor <mac_addr>
exec Execute a command to initiate a task immediately
client-monitor Monitor the activities of a client
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
exec data-collection {push|clear}
exec Execute a command to initiate a task immediately
data-collection Perform an action on the data collected about the types and capabilities of devices on the network and the types of applications and IP protocols they use
push Push all collected data to HiveManager
clear Clear all collected data that is currently stored in the local HiveAP
exec delay-execute [ <number> ]
exec Execute a command to initiate a task immediately
delay-execute Delay the execution of commands for a period of time (Note: The delay period starts the moment you enter this command and ends when you enter the "no exec delay-execute" command. This does not affect "show" commands.)
<number> Enter an interval in seconds to wait after the delay period ends before executing the submitted commands (Default: 5; Range: 1-60)
exec mobile-device-manager aerohive status-change <string>
exec Execute a command to initiate a task immediately
mobile-device-manager Set the mobile device manager parameters
aerohive Aerohive MDM notifies client status change to AP
status-change Set status notification body as parameter
<string> MDM status notification body(1-256 chars)
exec ssh-client server <string> user <string>
exec Execute a command to initiate a task immediately
ssh-client Secure Shell client
server Set the domain name or IP address of the SSH server and, optionally, its port number
<string> Enter the domain name (1-64 chars) or IP address and, optionally, the port number (Default port: 22; Range: 1024-65535; Format: name:port or ip:port)
user Set the user name for logging in to the SSH server
<string> Enter the user name (1-32 chars)
exec user-group <string> psk-to-pmk
exec Execute a command to initiate a task immediately
user-group Execute a user-group command
<string> Enter the user group name (1-32 chars)
psk-to-pmk Regenerate all users' PMKs (pairwise master keys) based on their PSKs (preshared keys)
exec {jss-check|airwatch-check|aerohive-check} mobile-device <mac_addr> enroll-status
exec Execute a command to initiate a task immediately
jss-check Check the enrollment status of a mobile device on the JSS (JAMF software server)
airwatch-check Check the enrollment status of a mobile device on the AirWatch
aerohive-check Check the enrollment status of a mobile device on the Aerohive MDM server
mobile-device Set the MAC address or ID of a mobile device
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
enroll-status Retrieve the enrollment status of the mobile device
exit
exit Exit from the current mode
filter <number> l2 [ {data|ctl|mgmt} ] [ subtype <hex> ] [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ] [ bssid <mac_addr> ] [ tx-mac <mac_addr> ] [ rx-mac <mac_addr> ] [ error {crc|decrypt|mic|all|no} ] [ etype <hex> ]
filter Set packet capture filter parameters
<number> Enter a filter ID (Range: 1-64)
l2 Set packet capture filter for layer 2 parameters
data Filter by data traffic
ctl Filter by ctl traffic
mgmt Filter by mgmt traffic
subtype Filter by frame subtype
<hex> Enter frame subtype value
src-mac Filter by source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Filter by destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
bssid Filter by BSSID
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Filter by transmitter MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
rx-mac Filter by receiver MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
error Filter by error condition
crc Filter by crc error
decrypt Filter by decrypt error
mic Filter by mic error
all Filter by all error
no Filter by no error
etype Filter by Ethernet value
<hex> Enter the value indicating an ethernet type (ARP:0806; IP:0800; IPX:8137; RARP:8035)
filter <number> l3 [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ protocol <number> ] [ src-port <number> ] [ dst-port <number> ]
filter Set packet capture filter parameters
<number> Enter a filter ID (Range: 1-64)
l3 Set packet capture filter for layer 3 parameters
src-ip Filter by source IP address
<ip_addr> Enter a source IP address
dst-ip Filter by destination IP address
<ip_addr> Enter a destination IP address
protocol Filter by protocol number in IP header
<number> Enter a protocol value (UDP:17; TCP:6 ICMP:1)
src-port Filter by source port filter
<number> Enter a source port number
dst-port Filter by destination port
<number> Enter a destination port number (HTTP:80; FTP:21; TELNET:23; DHCP:67; TFTP:79)
filter [ <number> ] [ direction bidirectional ]
filter Set packet capture filter parameters
<number> Enter a filter ID (Range: 1-64)
direction Set filter traffic flowing direction
bidirectional Filter traffic flowing in both directions
forwarding-engine drop {ip-fragmented-packets|to-self-non-management-traffic}
forwarding-engine Set parameters to shape the behavior of the forwarding engine
drop Set parameters for dropping packets
ip-fragmented-packets Drop fragmented IP packets
to-self-non-management-traffic Drop all non-management traffic destined to the HiveAP itself
forwarding-engine log {firewall-dropped-packets|to-self-sessions}
forwarding-engine Set parameters to shape the behavior of the forwarding engine
log Set logging parameters for packets
firewall-dropped-packets Log dropped packets that are denied by IP or MAC firewall policies (Default: Do not log dropped packets)
to-self-sessions Log the first packets of sessions destined for the HiveAP itself (Default: Do not log first packets)
forwarding-engine mac-sessions sync-vlan
forwarding-engine Set parameters to shape the behavior of the forwarding engine
mac-sessions Set MAC session parameters
sync-vlan Enable the local AP to inform its neighbors of the VLAN ID assigned to a client that initially connected it (Default: Disabled; Note: Enabling this option allows neighbors to do a Layer 2 default route lookup based on VLAN.)
forwarding-engine max-ip-sessions-per-station <number>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
max-ip-sessions-per-station Set the maximum number of IP sessions that can be created to or from a station
<number> Enter the maximum IP sessions number per station (Range: 1-8000; Note: By default, IP session limiting is disabled.)
forwarding-engine max-mac-sessions-per-station <number>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
max-mac-sessions-per-station Set the maximum number of MAC sessions that can be created to or from a station
<number> Enter the maximum MAC sessions number per station (Range: 1-8000; Note: By default, MAC session limiting is disabled.)
forwarding-engine proxy-arp enable
forwarding-engine Set parameters to shape the behavior of the forwarding engine
proxy-arp Set ARP proxying parameters
enable Enable learning MAC addresses and proxy replies to ARP requests
forwarding-engine tunnel selective-multicast-forward allow-all except <ip_addr|ip_addr/mask>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
selective-multicast-forward Selective multicast forwarding through GRE tunnels
allow-all Allow the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
except Block specific IP multicast traffic through tunnels
<ip_addr> Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
<ip_addr/netmask> Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
forwarding-engine tunnel selective-multicast-forward block-all
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
selective-multicast-forward Selective multicast forwarding through GRE tunnels
block-all Block the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
forwarding-engine tunnel selective-multicast-forward block-all except <ip_addr|ip_addr/mask>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
selective-multicast-forward Selective multicast forwarding through GRE tunnels
block-all Block the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
except Allow specific IP multicast traffic through tunnels
<ip_addr> Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
<ip_addr/netmask> Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
forwarding-engine tunnel tcp-mss-threshold enable
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
tcp-mss-threshold Set TCP MSS (Maximum Segment Size) parameters
enable Enable the TCP MSS threshold feature
forwarding-engine tunnel tcp-mss-threshold threshold-size <number>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
tcp-mss-threshold Set TCP MSS (Maximum Segment Size) parameters
threshold-size Set the TCP MSS threshold size
<number> Enter the TCP MSS size in bytes(GRE Tunnel Range: 64-1414; GRE-over-IPSec Tunnel Range: 64-1336)
history <number>
history Set the capacity for command history
<number> Enter the max number of commands to store in command history (Default: 20; Range: 1-50)
hive <string>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
hive <string> frag-threshold <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
frag-threshold Set fragment threshold parameters for the hive
<number> Enter the fragment threshold in bytes for the hive (Default: 2346; Range: 256-2346)
hive <string> manage all
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
manage Set management service parameters
all Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through wireless backhaul interfaces in this hive (Defaults: ping enabled, SNMP disabled, SSH enabled, Telnet disabled)
hive <string> manage {Telnet|SSH|SNMP|ping}
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
manage Set management service parameters
Telnet Enable Telnet manageability of mgt0 through wireless backhaul interfaces in this hive (Default: Disabled)
SSH Enable SSH manageability of mgt0 through wireless backhaul interfaces in this hive (Default: Enabled)
SNMP Enable SNMP manageability of mgt0 through wireless backhaul interfaces in this hive (Default: Disabled)
ping Enable mgt0 to respond to pings through subinterfaces bound to this SSID (Default: Enabled)
hive <string> neighbor connecting-threshold <number> polling-interval <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
neighbor Set the threshold parameters for connecting wirelessly with neighboring hive members
connecting-threshold Set the minimum signal strength threshold required for connecting with a neighboring hive member
<number> Enter a minimum signal strength value in dBm (Default: -80; Range: -90~-55)
polling-interval Set the time interval in minutes for polling the signal strength of neighboring hive members
<number> Enter the polling time interval (Default: 1 minute; range: 1-60)
hive <string> neighbor connecting-threshold {low|medium|high} polling-interval <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
neighbor Set the threshold parameters for connecting wirelessly with neighboring hive members
connecting-threshold Set the minimum signal strength threshold required for connecting with a neighboring hive member
low Set a relatively low minimum signal strength threshold (-85dBm)
medium Set a relatively moderate minimum signal strength threshold (-80dBm)
high Set a relatively high minimum signal strength threshold (-75dBm)
polling-interval Set the time interval in minutes for polling the signal strength of neighboring hive members
<number> Enter the polling time interval (Default: 1 minute; range: 1-60)
hive <string> password <string>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
password Set a key for hive member authentication
<string> Enter a string (8-63 chars) for hive member authentication (Default: a default password is derived from the hive name)
hive <string> rts-threshold <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
rts-threshold Set the RTS (request to send) threshold for the hive
<number> Enter the packet size for the RTS threshold for the hive (Default: 2346 bytes; Range: 1-2346)
hive <string> security mac-filter <string>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
security Set hive security parameters
mac-filter Assign a filter for MAC addresses or OUIs (organizational unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (organizational unique identifiers)
hiveui cas client server name <string>
hiveui Enable the NetConfig UI for defining network settings, configuring settings to connect to HiveManager, and uploading a new HiveOS image
cas Set client and server parameters for CAS (Central Authentication Service) to authenticate users such as teachers accessing TeacherView
client Set parameters for the local AP to act as a CAS client
server Set parameters for communicating with the CAS server
name Set the IP address or resolvable domain name for the CAS server
<string> Enter the IP address or domain name (max 32 chars) of the CAS server
hiveui cas client server port <number>
hiveui Enable the NetConfig UI for defining network settings, configuring settings to connect to HiveManager, and uploading a new HiveOS image
cas Set client and server parameters for CAS (Central Authentication Service) to authenticate users such as teachers accessing TeacherView
client Set parameters for the local AP to act as a CAS client
server Set parameters for communicating with the CAS server
port Set the destination TCP port number for the CAS server
<number> [1~65535]Enter the TCP port number (Default: 443; Range: 1-65535)
hostname <string>
hostname Set the hostname of the AP
<string> Enter the hostname of the AP (1-32 chars)
interface <ethx/y> agg <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
agg agg::Set aggregation parameters
<number> Enter the aggregation number(Range: 1-30)
interface <ethx/y> auto-mdix enable
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
auto-mdix Set the auto MDI/MDIX (medium dependent interface/MDI crossover)
enable Enable auto MDI/MDIX (Default: enable)
interface <ethx/y> cavc
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
cavc Enable avc in the interface
interface <ethx/y> ip <ip_addr/netmask>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
ip Set an IP address and netmask for the interface
<ip_addr/netmask> Enter the interface IP address and netmask
interface <ethx/y> link-debounce <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
link-debounce Set the debounce timer for the interface
<number> Enter the debounce timer for the interface (default is 0, means disable; Range:0-5)
interface <ethx/y> link-discovery cdp receive enable
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
link-discovery Set the exchange of network-related information with neighboring network devices through the interface
cdp Set CDP (Cisco Discovery Protocol) parameters on the interface
receive Set the ability to receive CDP packets on the interface
enable Enable the reception of CDP packets on the interface (Default: Enable)
interface <ethx/y> link-discovery lldp {transmit|receive} enable
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
link-discovery Set the exchange of network-related information with neighboring network devices through the interface
lldp Set LLDP (Link Layer Discovery Protocol) parameters on the interface
transmit Set the ability to transmit LLDP packets on the interface
receive Set the ability to receive LLDP packets on the interface
enable Enable the transmission or reception of LLDP packets on the interface (Default: Enable)
interface <ethx/y> mode wan
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
mode Set the operational mode for the interface (Default: switchport access except wan in case of usbnet)
wan Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
interface <ethx/y> pppoe auth-method {pap|chap|any}
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
pppoe Set PPPoE (Point-to-Point Protocol over Ethernet) parameters for the WAN interface (Note: This command only applies to a device functioning as a router.)
auth-method Set the type of authentication protocol that the ISP requires clients to use (Default: any)
pap Use PAP (Password Authentication Protocol) as the method for sending authentication requests between the device and ISP
chap Use CHAP (Challenge Handshake Authentication Protocol) as the method for sending authentication requests between the device and ISP
any Use either PAP or CHAP
interface <ethx/y> pppoe enable
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
pppoe Set PPPoE (Point-to-Point Protocol over Ethernet) parameters for the WAN interface (Note: This command only applies to a device functioning as a router.)
enable Enable PPPoE
interface <ethx/y> pppoe username <string> password <string>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
pppoe Set PPPoE (Point-to-Point Protocol over Ethernet) parameters for the WAN interface (Note: This command only applies to a device functioning as a router.)
username Set the user name that the device sends to the ISP to authenticate itself when establishing a PPPoE session with the access concentrator
<string> Enter the user name (1-64 chars)
password Set the password that the device uses to authenticate itself to the ISP
<string> Enter the password (1-64 chars)
interface <ethx/y> pse profile <string>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
pse Set PSE(power source equipment) port power management parameters
profile Set PSE port power management profile
<string> Enter a name for the PSE port power management profile (1-32 chars)
interface <ethx/y> pse shutdown [ delay ]
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
pse Set PSE(power source equipment) port power management parameters
shutdown Shutdown PSE for this port
delay Delay 2s to make sure the port power shutdown completely
interface <ethx/y> security-object <string>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
security-object Assign a security object to control network access through this interface
<string> Enter the security object name (1-32 chars)
interface <ethx/y> switchport trunk voice-vlan <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
switchport Set switching mode characteristics
trunk Set trunking characteristics of the interface
voice-vlan Set voice vlan characteristics
<number> Enter a numeric value for a voice VLAN ID(Range: 1-4094)
interface <ethx/y> switchport user-profile-attribute <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
switchport Set switching mode characteristics
user-profile-attribute Map a switch port to the user profile
<number> Enter the user-profile-attribute ID in the range (Range: 0-4095)
interface <ethx/y|aggx> client-report enable
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
client-report Set client report parameters
enable Enable client report
interface <ethx/y|aggx> description <string>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
description Set the description for the interface
<string> Add a description for the interface
interface <ethx/y|aggx> duplex {full|half|auto}
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
duplex Set the duplex mode of the interface
full Set the duplex mode of ethernet interface to full (Default: auto)
half Set the duplex mode of ethernet interface to half (Default: auto)
auto Negotiate the duplex mode of the interface with its connecting device automatically (Default: auto)
interface <ethx/y|aggx> flow-control {auto|enable|disable}
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
flow-control Set the flow control for the interface
auto Negotiate the flow control of the interface with its connecting device automatically (Default: disable)
enable Set the flow control of ethernet interface to enable (Default: disable)
disable Set the flow control of ethernet interface to disable (Default: disable)
interface <ethx/y|aggx> qos-classifier <string>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
qos-classifier Assign a QoS classification profile (classifier) to the interface
<string> Enter the QoS classifier profile name (1 to 32 chars)
interface <ethx/y|aggx> qos-marker <string>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
qos-marker Assign a QoS marker profile to the interface
<string> Enter the QoS marker profile name (1 to 32 chars)
interface <ethx/y|aggx> qos-shaper <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
qos-shaper Assign a QoS shaper value to the interface
<number> Enter the QoS shaper value (Range: 1~10,000,000 Kbps, copper port max valid value is 1,000,000Kbps)
interface <ethx/y|aggx> shutdown
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
shutdown Disable the interface
interface <ethx/y|aggx> spanning-tree
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
spanning-tree Set spanning tree protocol related parameters
interface <ethx/y|aggx> spanning-tree bpdu-protection {bpdu-guard|bpdu-filter}
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
spanning-tree Set spanning tree protocol related parameters
bpdu-protection Set spanning tree bpdu proctection related parameters
bpdu-guard Use BPDU guard
bpdu-filter Use BPDU filter
interface <ethx/y|aggx> spanning-tree edge-port
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
spanning-tree Set spanning tree protocol related parameters
edge-port Set interface as edge-port mode
interface <ethx/y|aggx> spanning-tree enable
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
spanning-tree Set spanning tree protocol related parameters
enable Enable spanning tree protocol
interface <ethx/y|aggx> spanning-tree mst-instance <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
spanning-tree Set spanning tree protocol related parameters
mst-instance Set mst instance related parameters
<number> instance id between 1~63
interface <ethx/y|aggx> spanning-tree mst-instance <number> path-cost <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
spanning-tree Set spanning tree protocol related parameters
mst-instance Set mst instance related parameters
<number> instance id between 1~63
path-cost Set path cost for an interface
<number> Enter the number of the path cost in range 1-200000000 (lower path cost indicates greater likelihood of becoming root)
interface <ethx/y|aggx> spanning-tree mst-instance <number> priority <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
spanning-tree Set spanning tree protocol related parameters
mst-instance Set mst instance related parameters
<number> instance id between 1~63
priority Set bridge priority for the instance
<number> Enter the number of the priority in increments of 16 between 0-240 (Default: 128)
interface <ethx/y|aggx> spanning-tree path-cost <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
spanning-tree Set spanning tree protocol related parameters
path-cost Set path cost for a port
<number> Enter the number of the path cost in range 1-200000000 (lower path cost indicates greater likelihood of becoming root)
interface <ethx/y|aggx> spanning-tree priority <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
spanning-tree Set spanning tree protocol related parameters
priority Set bridge priority for the common instance
<number> Enter the number of the priority in increments of 16 between 0-240 (Default: 128)
interface <ethx/y|aggx> speed {10|100|1000|10000|auto}
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
speed Set the speed for the interface
10 Set the speed of ethernet interface to 10 Mbps (Default: auto)
100 Set the speed of ethernet interface to 100 Mbps (Default: auto)
1000 Set the speed of ethernet interface to 1000 Mbps (Default: auto)
10000 Set the speed of ethernet interface to 10000 Mbps (Default: auto)
auto Negotiate the speed of the interface with its connecting device automatically (Default: auto)
interface <ethx/y|aggx> storm-control rate-limit kbps <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
storm-control Set the traffic storm control parameters
rate-limit Set the rate limit of traffic storm control parameters
kbps Set the maximum allowed rate of storm or flood traffic on the specified interface in kilobits per second
<number> Enter the maximum allowed storm or flood traffic rate value (Range: 0 - 10000000)
interface <ethx/y|aggx> storm-control rate-limit percentage <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
storm-control Set the traffic storm control parameters
rate-limit Set the rate limit of traffic storm control parameters
percentage Set the maximum allowed percentage of storm or flood traffic on the specified interface (Note: Here, percentage means the percentage of the total port capacity, and refers only to traffic exiting the port.)
<number> Enter a percentage (Default: 20; Range: 0-100; Note: If percentage is set to 20, then the device restricts the amount of storm or flood traffic exiting the port to 20 percent of the port capacity. For example, on a gigabit Ethernet port, 20 percent is 200 Mbps.)
interface <ethx/y|aggx> storm-control rate-limit pps <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
storm-control Set the traffic storm control parameters
rate-limit Set the rate limit of traffic storm control parameters
pps Set the maximum allowed rate of storm or flood traffic on the specified interface in packets per second
<number> Enter the maximum allowed storm or flood traffic rate value (Default: 200000; Range: 0 - 1000000000)
interface <ethx/y|aggx> storm-control type {all|unknown-unicast|multicast|broadcast|tcp-syn}
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
storm-control Set the traffic storm control parameters
type Set the type of traffic storm control
all Enable storm control on unknown unicast, multicast, broadcast and TCP SYN traffic (Default: disabled)
unknown-unicast Enable storm control on unknown unicast traffic (Default: disabled)
multicast Enable storm control on multicast traffic (Default: disabled)
broadcast Enable storm control on broadcast traffic (Default: disabled)
tcp-syn Enable storm control on TCP SYN traffic (Default: disabled)
interface <ethx/y|aggx> switchport access vlan <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
switchport Set switching mode characteristics
access Set access characteristics of the interface
vlan Set vlan parameters
<number> Enter a numeric value for a VLAN ID(Range: 1-4094)
interface <ethx/y|aggx> switchport mode {access|trunk}
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
switchport Set switching mode characteristics
mode Set mode of port
access Set mode of switchport (Default: access)
trunk Set mode of switchport (Default: access)
interface <ethx/y|aggx> switchport trunk allow vlan <number> [ - <number> ]
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
switchport Set switching mode characteristics
trunk Set trunking characteristics of the interface
allow Set allowed characteristics when interface is in trunking mode
vlan Set vlan parameters
<number> Enter the start VLAN ID to be allowed in the range (Range: 1-4094). For example: 10 - 20;
- Set a range of allowed VLAN IDs
<number> Enter the last VLAN ID in the range (Range: 1-4094)
interface <ethx/y|aggx> switchport trunk allow vlan all
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
switchport Set switching mode characteristics
trunk Set trunking characteristics of the interface
allow Set allowed characteristics when interface is in trunking mode
vlan Set vlan parameters
all All VLANs
interface <ethx/y|aggx> switchport trunk native vlan <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
switchport Set switching mode characteristics
trunk Set trunking characteristics of the interface
native Set trunking native characteristics when interface is in trunking mode
vlan Set vlan parameters
<number> Enter a numeric value for a VLAN ID(Range: 1-4094)
interface <ethx/y|usbnetx> mode wan nat
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<usbnetx> Enter the name of the wireless USB modem interface, where x = 0
mode Set the operational mode for the interface (Default: switchport access except wan in case of usbnet)
wan Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
nat Enable NAT (network address translation) on the interface to translate the source IP address and port number in from-access packets to the IP address of the Ethernet interface and a randomly chosen port number (Default: Enabled)
interface <ethx/y|usbnetx> mode wan nat-policy <string>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<usbnetx> Enter the name of the wireless USB modem interface, where x = 0
mode Set the operational mode for the interface (Default: switchport access except wan in case of usbnet)
wan Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
nat-policy Enable NAT (network address translation) policy on the interface
<string> Enter ip nat policy name (1-32 chars)
interface <ethx/y|usbnetx> mode wan priority <number>
interface Set interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<usbnetx> Enter the name of the wireless USB modem interface, where x = 0
mode Set the operational mode for the interface (Default: switchport access except wan in case of usbnet)
wan Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
priority Set wan priority for the interface
<number> Enter the priority, where a smaller number means a higher priority (Default: eth1/x - x * 10 | usbnet0 - 600 ; Range: 1 - 9999)
interface <ethx> client-monitor-policy <string>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
client-monitor-policy Assign a Client Monitor policy to automatically detect, analyze and report problems about the clients which access network through the specified Ethernet interface
<string> Enter the Client Monitor policy name (1-32 chars)
interface <mgtx.y> manage ping
interface Set interface parameters
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
manage Set management service parameters
ping Enable the virtual management interface to respond to pings (Default: Enabled)
interface <mgtx> default-ip-prefix <ip_addr/netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
default-ip-prefix Set the network address to combine with the automatically generated host IP address to make a complete IP address (The netmask for the default IP address is 255.255.0.0)
<ip_addr/netmask> Enter the network address/netmask (Default: 192.168.0.0/16; Note: Only 8, 16, and 24-bit netmasks are supported.)
interface <mgtx> default-ip-prefix <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
default-ip-prefix Set the network address to combine with the automatically generated host IP address to make a complete IP address (The netmask for the default IP address is 255.255.0.0)
<ip_addr> Enter the network address (Default: 192.168.0.0)
interface <mgtx> dhcp client fallback-to-static-ip
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
client Set DHCP client parameters
fallback-to-static-ip Assign the static IP address to mgt0 when it does not receive an address through DHCP by the end of the timeout interval
interface <mgtx> dhcp keepalive enable
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
enable Enable the checking of network connectivity to DHCP servers in the specified VLAN range and also in VLANs set in user profile definitions or assigned by RADIUS servers, the native VLAN, and the management interface VLAN (Default: Disabled)
interface <mgtx> dhcp keepalive interval <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
interval Set the interval between periodic connectivity status checks
<number> Enter the interval in seconds (Range: 60-86400; Default: 3600)
interface <mgtx> dhcp keepalive retry <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
retry Set the number of times to retry sending a probe that does not elicit a response from a DHCP server
<number> Enter the retry value (Range: 1-10; Default: 2)
interface <mgtx> dhcp keepalive timeout <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
timeout Set the timeout for waiting for a response to a DHCP probe
<number> Enter the timeout value in seconds (Range: 1-60; Default:10)
interface <mgtx> dhcp keepalive vlan <number> [ <number> ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
vlan Set the range of VLANs in which to probe for DHCP servers
<number> Enter the start of the VLAN range (Range: 1-4094)
<number> Enter the end of the VLAN range (Range: 1-4094)
interface <mgtx> dhcp-probe vlan-range <number> <number> [ timeout <number> ] [ retries <number> ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp-probe Probe for DHCP servers in one or more VLANs
vlan-range Set the range of VLANs in which to probe for a DHCP server
<number> Enter the start of the VLAN range (Range: 1-4094)
<number> Enter the end of the VLAN range (Range: 1-4094)
timeout Set the timeout for waiting for a response to a probe
<number> Enter the timeout value (Default: 10 secs; Range: 1-60)
retries Set the number of times to retry sending a probe that does not elicit a response from a DHCP server
<number> Enter the retry value (Default: 1; Range: 1-10)
interface <mgtx> hive <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
hive Set the hive profile to the mgt0 interface or enable/disable the wifi interface used for hive communications
<string> Enter a hive profile name (1-32 chars)
interface <mgtx> ip <ip_addr/netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
ip Set mgt0 IP address
<ip_addr/netmask> Enter mgt0 IP address/netmask
interface <mgtx> ip <ip_addr> <netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
ip Set mgt0 IP address
<ip_addr> Enter mgt0 IP address
<netmask> Enter mgt0 netmask
interface <mgtx> mtu <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
mtu Set the MTU (maximum transmission unit) to determine when to start fragmenting packets
<number> Enter the MTU value in bytes (Default: 1500; Range: 100-1500)
interface <mgtx> native-vlan <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
native-vlan Set the native (untagged) VLAN that the switch infrastructure in the surrounding wired and wireless backhaul network uses
<number> Enter the native (untagged) VLAN (Default: 1; Range: 1-4094)
interface <mgtx> vlan <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
vlan Set the VLAN for administrative access to the HiveAP, management traffic between HiveAPs and HiveManager, and control traffic among hive members
<number> Enter the VLAN ID for the interface (Default: 1; Range: 1-4094)
interface <mgtx|ethx/y> dhcp client
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
dhcp Set DHCP parameters
client Set DHCP client parameters
interface <mgtx|ethx/y> dhcp client address-only
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
dhcp Set DHCP parameters
client Set DHCP client parameters
address-only Set the AP to use only the IP address, netmask, and gateway received through DHCP instead of all TCP/IP settings (Default: Use all TCP/IP settings received through DHCP)
interface <mgtx|ethx/y> dhcp client option custom ppsk-server-ip <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
ppsk-server-ip Set a custom DHCP option ID for a private PSK server
<number> Enter the custom DHCP option ID (Range: 1-255; Suggested ID numbers: private PSK = 229)
interface <mgtx|ethx/y> dhcp client option custom radius-server-ip <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
radius-server-ip Set a custom DHCP option ID for a RADIUS authentication or accounting server
<number> Enter the custom DHCP option ID for a RADIUS authentication server (Range: 1-255; Suggested ID numbers: RADIUS authentication = 230)
interface <mgtx|ethx/y> dhcp client option custom radius-server-ip accounting <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
radius-server-ip Set a custom DHCP option ID for a RADIUS authentication or accounting server
accounting Set a custom DHCP option ID for a RADIUS accounting server
<number> Enter the custom DHCP option ID for a RADIUS accounting server (Range: 1-255; Suggested ID numbers: RADIUS accounting = 231)
interface <mgtx|ethx/y> dhcp client option custom {syslog-server-ip|hivemanager-ip|backup-hivemanager-ip} <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
syslog-server-ip Set a custom DHCP option ID for a syslog server ip
hivemanager-ip Set a custom DHCP option ID for HiveManager ip
backup-hivemanager-ip Set a custom DHCP option ID for Backup HiveManager ip
<number> Enter the custom DHCP option ID (Range: 1-255; Suggested ID numbers: HiveManager ip = 226; Syslog server ip = 228; Backup Hivemanager ip = 233)
interface <mgtx|ethx/y> dhcp client option custom {syslog-server|hivemanager|backup-hivemanager} <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
syslog-server Set a custom DHCP option ID for a syslog server name
hivemanager Set a custom DHCP option ID for HiveManager name
backup-hivemanager Set a custom DHCP option ID for Backup HiveManager name
<number> Enter the custom DHCP option ID (ID Range: 1-255; Suggested ID numbers : HiveManager name= 225; Syslog server name= 227; Backup HiveManager name=232)
interface <mgtx|ethx/y> dhcp client prefer-subnet <ip_addr/netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
dhcp Set DHCP parameters
client Set DHCP client parameters
prefer-subnet Set prefer subnet for DHCP client
<ip_addr/netmask> Enter prefer subnet for DHCP client
interface <mgtx|ethx/y> dhcp client timeout <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
dhcp Set DHCP parameters
client Set DHCP client parameters
timeout Set the interval to wait for a response from the DHCP server before applying the admin-defined or default network settings
<number> Enter the timeout value in seconds (Default: 20; Range: 0-3600)
interface <mgtx|vlanx> dhcp-server enable
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
enable Enable the DHCP server on the interface
interface <mgtx|vlanx> dhcp-server ip-pool <ip_addr> <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
ip-pool Set the IP address pool from which the DHCP server draws addresses when making assignments
<ip_addr> Enter the first address in the range that makes up the IP address pool
<ip_addr> Enter the last address in the range that makes up the IP address pool
interface <mgtx|vlanx> dhcp-server options custom <number> hex <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Number 43 is reserved for Vendor specific; Numbers 225 and 226 are reserved for HiveManager.)
hex Set the custom option data type as a hexadecimal digit
<string> Enter the hexadecimal digit (1-254 chars; Note: For option 46, which sets the NetBIOS over TCP/IP node type, the string must be 1, 2, 4, or 8.)
interface <mgtx|vlanx> dhcp-server options custom <number> integer <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Number 43 is reserved for Vendor specific; Numbers 225 and 226 are reserved for HiveManager.)
integer Set the custom option data type as an integer
<number> Enter the integer (Range: 0-2147483647)
interface <mgtx|vlanx> dhcp-server options custom <number> ip <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Number 43 is reserved for Vendor specific; Numbers 225 and 226 are reserved for HiveManager.)
ip Set the custom option data type as an IP address
<ip_addr> Enter the IP address
interface <mgtx|vlanx> dhcp-server options custom <number> string <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Number 43 is reserved for Vendor specific; Numbers 225 and 226 are reserved for HiveManager.)
string Set the custom option data type as a string
<string> Enter the string (1-255 chars)
interface <mgtx|vlanx> dhcp-server options default-gateway <ip_addr> [ {nat-support} ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
default-gateway Set the default gateway for DHCP clients
<ip_addr> Enter the default gateway (Note: The gateway IP address cannot be the same as that of the interface.)
nat-support Enable NAT support(Note: AP will automatically generates ARP response for default gateway specified in DHCP server options.)
interface <mgtx|vlanx> dhcp-server options domain-name <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
domain-name Set the domain name for DHCP clients
<string> Enter the domain name (1-32 chars)
interface <mgtx|vlanx> dhcp-server options hivemanager <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
hivemanager Set the IP address or domain name of the HiveManager that you want APs to contact
<ip_addr> Enter the IP address (Note: Use DHCP option 226.)
interface <mgtx|vlanx> dhcp-server options hivemanager <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
hivemanager Set the IP address or domain name of the HiveManager that you want APs to contact
<string> Enter the domain name (Length: 1-64 chars; Note: Use DHCP option 225.)
interface <mgtx|vlanx> dhcp-server options lease-time <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
lease-time Set the length of the DHCP lease
<number> Enter the lease time in seconds (Default: 86400; Range: 60-86400000)
interface <mgtx|vlanx> dhcp-server options mtu <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
mtu Set the path MTU (maximum transmission unit)
<number> Enter the MTU value (Range: 68-8192)
interface <mgtx|vlanx> dhcp-server options netmask <netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
netmask Set the netmask for DHCP clients
<netmask> Enter the netmask (Default: The same as the interface netmask.)
interface <mgtx|vlanx> dhcp-server options vendor-specific VCI <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
vendor-specific Set the vendor-specific parameter
VCI Set vendor class identifier
<string> Enter the VCI name (1-32 chars)(Note: VCI of aerohive is AEROHIVE)
interface <mgtx|vlanx> dhcp-server options vendor-specific VCI <string> <number> hex <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
vendor-specific Set the vendor-specific parameter
VCI Set vendor class identifier
<string> Enter the VCI name (1-32 chars)(Note: VCI of aerohive is AEROHIVE)
<number> Enter the DHCP vendor-specific sub-option ID(Ranges: 1-255; Suggested ID numbers and types: HiveManager: 225 string, 226 IP; syslog: 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231 IP; Backup HiveManager: 232 string, 233 IP)
hex Set the custom option data type as a hexadecimal digit
<string> Enter the hexadecimal digit (1-256 chars; Note: For option 46, which sets the NetBIOS over TCP/IP node type, the string must be 1, 2, 4, or 8.)
interface <mgtx|vlanx> dhcp-server options vendor-specific VCI <string> <number> integer <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
vendor-specific Set the vendor-specific parameter
VCI Set vendor class identifier
<string> Enter the VCI name (1-32 chars)(Note: VCI of aerohive is AEROHIVE)
<number> Enter the DHCP vendor-specific sub-option ID(Ranges: 1-255; Suggested ID numbers and types: HiveManager: 225 string, 226 IP; syslog: 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231 IP; Backup HiveManager: 232 string, 233 IP)
integer Set the custom option data type as an integer
<number> Enter the integer (Range: 0-2147483647)
interface <mgtx|vlanx> dhcp-server options vendor-specific VCI <string> <number> ip <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
vendor-specific Set the vendor-specific parameter
VCI Set vendor class identifier
<string> Enter the VCI name (1-32 chars)(Note: VCI of aerohive is AEROHIVE)
<number> Enter the DHCP vendor-specific sub-option ID(Ranges: 1-255; Suggested ID numbers and types: HiveManager: 225 string, 226 IP; syslog: 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231 IP; Backup HiveManager: 232 string, 233 IP)
ip Set the custom option data type as an IP address
<ip_addr> Enter the IP address
interface <mgtx|vlanx> dhcp-server options vendor-specific VCI <string> <number> string <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
vendor-specific Set the vendor-specific parameter
VCI Set vendor class identifier
<string> Enter the VCI name (1-32 chars)(Note: VCI of aerohive is AEROHIVE)
<number> Enter the DHCP vendor-specific sub-option ID(Ranges: 1-255; Suggested ID numbers and types: HiveManager: 225 string, 226 IP; syslog: 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231 IP; Backup HiveManager: 232 string, 233 IP)
string Set the vendor-specific sub-option data type as a string
<string> Enter the string (1-253 chars)
interface <mgtx|vlanx> dhcp-server options {dns1|dns2|dns3} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
dns1 Set the IP address of the primary DNS (Domain Name System) server that you want DHCP clients to use
dns2 Set the IP address of the secondary DNS server
dns3 Set the IP address of the tertiary DNS server
<ip_addr> Enter the IP address (Note: The DNS server IP address cannot be the same as that of the interface.)
interface <mgtx|vlanx> dhcp-server options {logsrv|pop3|smtp} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
logsrv Set the IP address of the log server that is available for DHCP clients
pop3 Set the IP address of the POP3 (Post Office Protocol v3) server that you want DHCP clients to use
smtp Set the IP address of the SMTP (Simple Mail Transfer Protocol) server that you want DHCP clients to use
<ip_addr> Enter the IP address
interface <mgtx|vlanx> dhcp-server options {ntp1|ntp2} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
ntp1 Set the IP address of the primary NTP (Network Time Protocol) server with which DHCP clients can synchronize their clocks
ntp2 Set the IP address of the secondary NTP (Network Time Protocol) server with which DHCP clients can synchronize their clocks
<ip_addr> Enter the IP address
interface <mgtx|vlanx> dhcp-server options {wins1|wins2} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
wins1 Set the IP address of the primary WINS (Windows Internet Name Service) server for NetBIOS name-to-address resolution
wins2 Set the IP address of the secondary WINS (Windows Internet Name Service) server for NetBIOS name-to-address resolution
<ip_addr> Enter the IP address
interface <mgtx|vlanx> dhcp-server {arp-check|authoritative-flag}
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dhcp-server Set DHCP server parameters
arp-check Use ARP to check that an IP address is not already in use on the network before assigning it to a DHCP client (Default: Enabled)
authoritative-flag Set the DHCP server as authoritative (Default: Authoritative; Note: An authoritative DHCP server can send NAKs in response to DHCP requests for addresses in a different subnet from those in the configured IP pool.)
interface <mgtx|vlanx> dns-server enable
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dns-server Set DNS server parameters
enable Enable the DNS server on the interface
interface <mgtx|vlanx> dns-server ext-resolve {dns1|dns2|dns3} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dns-server Set DNS server parameters
ext-resolve Set the external DNS servers used to resolve all domain names not specified for resolution by internal DNS servers
dns1 Set the IP address of the primary external DNS server
dns2 Set the IP address of the secondary external DNS server
dns3 Set the IP address of the tertiary external DNS server dns3
<ip_addr> Enter the IP address of the external DNS server
interface <mgtx|vlanx> dns-server int-domain-name <string> [ <ip_addr> ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dns-server Set DNS server parameters
int-domain-name Set a domain name for resolution by internal DNS servers
<string> Enter the domain name (Max 32 chars; Note: Domain names are matched with implicit wildcards at the left end of the string; for example, both "www.aerohive.com" and "www.my-hive.com" match the domain name string "hive.com".)
<ip_addr> Enter the IP address of the internal DNS server to use for this domain name
interface <mgtx|vlanx> dns-server int-resolve {dns1|dns2|dns3} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dns-server Set DNS server parameters
int-resolve Set the DNS servers on the internal network used to resolve domain names in the match list
dns1 Set the IP address of the primary internal DNS server
dns2 Set the IP address of the secondary internal DNS server
dns3 Set the IP address of the tertiary internal DNS server dns3
<ip_addr> Enter the IP address of the internal DNS server
interface <mgtx|vlanx> dns-server mode {split|nonsplit}
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dns-server Set DNS server parameters
mode Set the mode for responding to domain name resolution queries (Default: split)
split Forward queries only for domain names in a match list to internal DNS servers and forward queries for everything else to external DNS servers
nonsplit Forward all queries to internal DNS servers
interface <mgtx|vlanx> dns-server opendns-device-id <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
dns-server Set DNS server parameters
opendns-device-id Set the device ID to use with OpenDNS
<string> Enter the device ID (16-char hex string)
interface <mgtx|vlanx> ip-helper address <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
ip-helper Forward DHCP broadcast packets to a DHCP server
address Set the DHCP server IP address
<ip_addr> Enter the IP address
interface <mgtx|vlanx> ip-helper max-hops <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Enter the name of a logical interface (Range: 1-4094)
ip-helper Forward DHCP broadcast packets to a DHCP server
max-hops Set the DHCP relay max Hops, default hops is 4
<number> Enter the integer (Range: 1-16)
interface <vlanx> ip <ip_addr/netmask>
interface Set interface parameters
<vlanx> Enter the name of a logical interface (Range: 1-4094)
ip Set IP address for the virtual management interface
<ip_addr/netmask> Enter the virtual management interface IP address and netmask
interface manage {Telnet|SSH|SNMP|ping|all}
interface Set interface parameters
manage Set management service parameters
Telnet Enable Telnet manageability of mgt0 through any physical interface (Default: Disabled)
SSH Enable SSH manageability of mgt0 through any physical interface (Default: Enabled)
SNMP Enable SNMP manageability of mgt0 through any physical interface (Default: Disabled)
ping Enable mgt0 to respond to pings through any physical interface (Default: Enabled)
all Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through any physical interface
interface mtu <number>
interface Set interface parameters
mtu Set the MTU (maximum transmission unit) for all interfaces
<number> Enter the MTU for the interface (Default: 1500; Range: 1500-9600)
interface vlan <number>
interface Set interface parameters
vlan Set the VLAN ID for the interface
<number> Enter the VLAN ID (Default: 1; Range: 1-4094)
ip igmp snooping
ip Set IP parameters
igmp Set IGMP parameters
snooping Global IGMP Snooping enable for all VLANs
ip igmp snooping [ vlan <number> ] immediate-leave
ip Set IP parameters
igmp Set IGMP parameters
snooping Global IGMP Snooping enable for all VLANs
vlan IGMP Snooping enable for specified VLAN
<number> Enter a numeric value for a VLAN ID(Range: 1-4094)
immediate-leave IGMP immediate leave configuration
ip igmp snooping [ vlan <number> ] last-member-query-count <number>
ip Set IP parameters
igmp Set IGMP parameters
snooping Global IGMP Snooping enable for all VLANs
vlan IGMP Snooping enable for specified VLAN
<number> Enter a numeric value for a VLAN ID(Range: 1-4094)
last-member-query-count Last member query count configuration
<number> Enter a numeric value for count(Range: 1-7, Defaut: 2)
ip igmp snooping [ vlan <number> ] last-member-query-interval <number>
ip Set IP parameters
igmp Set IGMP parameters
snooping Global IGMP Snooping enable for all VLANs
vlan IGMP Snooping enable for specified VLAN
<number> Enter a numeric value for a VLAN ID(Range: 1-4094)
last-member-query-interval Last member query interval configuration
<number> Enter a numeric value for interval in seconds(Range: 1-25, Defaut: 1)
ip igmp snooping [ vlan <number> ] robustness-variable <number>
ip Set IP parameters
igmp Set IGMP parameters
snooping Global IGMP Snooping enable for all VLANs
vlan IGMP Snooping enable for specified VLAN
<number> Enter a numeric value for a VLAN ID(Range: 1-4094)
robustness-variable IGMP Robustness Variable configuration
<number> Enter a numeric value for count(Range: 1-3, Defaut: 2)
ip igmp snooping [ vlan <number> ] router-aging-time <number>
ip Set IP parameters
igmp Set IGMP parameters
snooping Global IGMP Snooping enable for all VLANs
vlan IGMP Snooping enable for specified VLAN
<number> Enter a numeric value for a VLAN ID(Range: 1-4094)
router-aging-time Router port aging time configuration
<number> Enter a numeric value for aging time(Range: 30-1000, Defaut: 250)
ip igmp snooping report-suppression
ip Set IP parameters
igmp Set IGMP parameters
snooping Global IGMP Snooping enable for all VLANs
report-suppression Enable/disable report suppression
ip igmp snooping static <ip_addr> vlan <number> interface <ethx/y|aggx>
ip Set IP parameters
igmp Set IGMP parameters
snooping Global IGMP Snooping enable for all VLANs
static Set an L2 port as a member of a group
<ip_addr> Enter IP address of the group
vlan Specify a VLAN statically configured
<number> Enter a numeric value for a VLAN ID(Range: 1-4094)
interface Specify an interface statically configured
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
ip igmp snooping vlan <number>
ip Set IP parameters
igmp Set IGMP parameters
snooping Global IGMP Snooping enable for all VLANs
vlan IGMP Snooping enable for specified VLAN
<number> Enter a numeric value for a VLAN ID(Range: 1-4094)
ip nat-policy <string> type match-net inside <ip_addr/netmask> outside <ip_addr/netmask>
ip Set IP parameters
nat-policy Set IP nat policy parameters
<string> Enter IP nat policy name (1-32 chars)
type Set the IP nat policy type
match-net Set the IP nat policy type match-net
inside Set the match-net inside subnet
<ip_addr/netmask> Enter the IP address and netmask for the match-net inside subnet
outside Set the match-net outside subnet
<ip_addr/netmask> Enter the IP address and netmask for the match-net outside subnet
ip nat-policy <string> type virtual-host inside-host <ip_addr> inside-port <number> outside-port <number> protocol {tcp|udp}
ip Set IP parameters
nat-policy Set IP nat policy parameters
<string> Enter IP nat policy name (1-32 chars)
type Set the IP nat policy type
virtual-host Set the IP nat policy type virtual-host
inside-host Set the virtual-host inside host
<ip_addr> Enter the IP address for the virtual-host inside host
inside-port Set the virtual-host inside port
<number> Enter the port number
outside-port Set the virtual-host outside port
<number> Enter the port number
protocol Set the virtual-host service protocol
tcp Choose tcp protocol for virtual host
udp Choose udp protocol for virtual host
ip path-mtu-discovery enable
ip Set IP parameters
path-mtu-discovery Set Path MTU (Maximum Transmission Unit) Discovery parameters on a device functioning as a router or VPN gateway
enable Enable Path MTU Discovery to learn the maximum packet size that can be sent across the network between two hosts without fragmentation (Default: Enabled)
ip route default gateway <ip_addr> [ metric <number> ]
ip Set IP parameters
route Set a routing entry
default Set a default route entry
gateway Set the network gateway
<ip_addr> Enter the gateway IP address
metric Set metric parameter
<number> Enter a metric for an IP route (Default: 0; Range: 0-32766)
ip route host <ip_addr> [ gateway <ip_addr> ] [ metric <number> ]
ip Set IP parameters
route Set a routing entry
host Set a route to a host
<ip_addr> Enter target IP address
gateway Set the network gateway
<ip_addr> Enter the gateway IP address
metric Set metric parameter
<number> Enter a metric for an IP route (Default: 0; Range: 0-32766)
ip route net <ip_addr> <netmask> [ gateway <ip_addr> ] [ metric <number> ]
ip Set IP parameters
route Set a routing entry
net Set a route to a net
<ip_addr> Enter target IP address
<netmask> Enter target netmask
gateway Set the network gateway
<ip_addr> Enter the gateway IP address
metric Set metric parameter
<number> Enter a metric for an IP route (Default: 0; Range: 0-32766)
ip tcp-mss-threshold enable
ip Set IP parameters
tcp-mss-threshold Set TCP Maximum Segment Size parameters (Note: This setting only applies to a device functioning as a router or VPN gateway.)
enable Enable the monitoring of the MSS option in TCP SYN and SYN-ACK messagesand, if necessary, reduce the MSS value as determined by the TCP MSS threshold (Default: Enabled; Note: If no TCP MSS threshold value is specified, TCP MSS clamping uses the Path MTU- 40 bytes for the IP and TCP headers.)
ip tcp-mss-threshold l3-vpn-threshold-size <number>
ip Set IP parameters
tcp-mss-threshold Set TCP Maximum Segment Size parameters (Note: This setting only applies to a device functioning as a router or VPN gateway.)
l3-vpn-threshold-size Set the TCP MSS threshold for TCP connections that pass through a Layer 3 VPN tunnel
<number> Enter the TCP MSS threshold in bytes for tunneled traffic (Range: 64-1460; Note: If not set, the device uses the TCP MSS threshold.)
ip tcp-mss-threshold threshold-size <number>
ip Set IP parameters
tcp-mss-threshold Set TCP Maximum Segment Size parameters (Note: This setting only applies to a device functioning as a router or VPN gateway.)
threshold-size Set the TCP MSS threshold for all TCP connections passing through the device
<number> Enter the TCP MSS threshold in bytes (Range: 64-1460; Default: Path MTU - 40 bytes for the IP and TCP headers)
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop|redirect} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
permit Set the action to permit (Default: deny)
deny Set the action to deny (Default: deny)
nat Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
inter-station-traffic-drop Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
redirect redirect http traffic to specified url(Default: deny)
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action deny log packet-drop
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
deny Set the action to deny (Default: deny)
log Set logging options for packets and sessions that match the IP firewall policy
packet-drop Log dropped packets that the IP firewall policy denies
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action inter-station-traffic-drop log [ {initiate-session|terminate-session|packet-drop} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
inter-station-traffic-drop Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
log Set logging options for packets and sessions that match IP FW policy
initiate-session Log the creation of sessions that are permitted by the policy
terminate-session Log the termination of sessions that are permitted by the policy
packet-drop Log dropped packets that are denied by the policy
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action permit log [ {initiate-session|terminate-session} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
permit Set the action to permit (Default: deny)
log Set logging options for packets and sessions that match the IP firewall policy
initiate-session Log session details when a session is created after passing a IP firewall policy lookup
terminate-session Log session details when a session matching a IP firewall policy is terminated
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] to local-subnet [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop|redirect} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
local-subnet Set the subnet of the mgt0 interface as the destination
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
permit Set the action to permit (Default: deny)
deny Set the action to deny (Default: deny)
nat Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
inter-station-traffic-drop Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
redirect redirect http traffic to specified url(Default: deny)
iperf client <ip_addr> [ {port} <number> ] [ {udp} ] [ {interval} <number> ] [ {no-delay} ] [ {dual-test} ] [ {tradeoff} ] [ {listen-port} <number> ] [ {window} <number> ] [ {mss} <number> ] [ {bandwidth} <number> ] [ {time} <number> ] [ {parallel} <number> ]
iperf Set parameters for Iperf, a tool for testing and measuring network performance
client Set Iperf to run in client mode
<ip_addr> Enter the server IP address with which the HiveSwitch connects as an Iperf client
port Set the port on which the client connects to the server
<number> Enter the port number (Range: 1024-65535; Default: 5001)
udp Set the transport protocol as UDP (Default: TCP)
interval Set the interval between periodic bandwidth, jitter, and loss reports
<number> Enter the interval in seconds (Range: 1-60; Default: 0, which means that the report is not made periodically)
no-delay Transmit small logical packets individually without the delay incurred by putting them in batches within a single larger physical packet (Default: Smaller packets are transmitted without delay)
dual-test Set the Iperf tool to do bidirectional upstream and downstream performance testing between the client and server concurrently
tradeoff Set the Iperf tool to do bidirectional upstream and downstream performance testing at different times so downstream testing only begins after upstream testing is complete
listen-port Set the port on which the server connects to the client
<number> Enter the port number (Range: 1024-65535; Default: The same port on which the client connects to the server)
window Set the TCP window size (socket buffer size)
<number> Enter the TCP window size in kilobytes (Range: 2-65535; Default: 83.5)
mss Set the maximum TCP segment size (MTU: 40 bytes)
<number> Enter the maximum TCP segment size in bytes (Range: 40-65535; Default: 4160)
bandwidth Set the amount of UDP bandwidth to send
<number> Enter the bandwidth in megabits per second (Range: 1-1000; Default: 1)
time Set the length of transmission time
<number> Enter the time in seconds (Range: 1-65535; Default: 10)
parallel Set the client to make multiple connections to the server concurrently (Note: This option requires multiple thread support on both the client and server.)
<number> Enter the number of parallel client threads to run (Range: 1-10; Default: 1)
iperf server [ {port} <number> ] [ {udp} ] [ {single-udp} ] [ {interval} <number> ] [ {no-delay} ] [ {window} <number> ] [ {mss} <number> ] [ {bind} <ip_addr> ]
iperf Set parameters for Iperf, a tool for testing and measuring network performance
server Set Iperf to run in server mode
port Set the port on which the server listen on
<number> Enter the port number (Range: 1024-65535; Default: 5001)
udp Set the transport protocol as UDP (Default: TCP)
single-udp Set the Iperf tool to run in single-threaded UDP mode
interval Set the interval between periodic bandwidth, jitter, and loss reports
<number> Enter the interval in seconds (Range: 1-60; Default: 0, which means that the report is not made periodically)
no-delay Transmit small logical packets individually without the delay incurred by putting them in batches within a single larger physical packet (Default: Smaller packets are transmitted without delay)
window Set the TCP window size (socket buffer size)
<number> Enter the TCP window size in kilobytes (Range: 2-65535; Default: 83.5)
mss Set the maximum TCP segment size (MTU: 40 bytes)
<number> Enter the maximum TCP segment size in bytes (Range: 40-65535; Default: 4160)
bind Bind and join the HiveSwitch to a multicast group
<ip_addr> Enter the IP address of the multicast group (Range: 224.0.0.0-239.255.255.255)
ipv6 dhcpv6-shield enable
ipv6 Set IPv6 parameters
dhcpv6-shield Set the DHCPv6 shield to block the forwarding of DHCPv6 server messages received on any access interface
enable Enable the DHCPv6 shield on access interfaces
ipv6 ra-guard stateless enable
ipv6 Set IPv6 parameters
ra-guard Set the IPv6 RA guard (router advertisement guard) to block router advertisements on access interfaces
stateless Set the IPv6 RA guard as stateless, meaning that incoming router advertisements are examined and then either blocked or forwarded based only on the information of the received frame; specifically, the port on which the frame was received
enable Enable the IPv6 RA guard on access interfaces
library-sip-policy <string> default user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
library-sip-policy Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
<string> Enter a library SIP policy name (1-32 chars)
default Set the default rule to apply to unregistered library patrons
user-group Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
<string> Enter the user group name (1-32 chars)
action Set the action that the library SIP policy rule applies
permit Notify users assigned to the user group that they are permitted network access
restricted Notify users assigned to the user group that they are given restricted network access
deny Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
additional-display-message Set a message to display when a user attempts to access the network
<string> Enter a message string (up to 256 chars)
library-sip-policy <string> id <number> field <string> {equal|greater-than|less-than} <number> user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
library-sip-policy Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
<string> Enter a library SIP policy name (1-32 chars)
id Set an ID number for a rule to add it to the library SIP policy
<number> Enter an ID number (Range: 1-64)
field Set the two-letter character code that identifies the field name of a specific library SIP value
<string> Enter the two-letter character code(2 char)
equal Check if the field value that the SIP server returns equals the number entered in the local AP RADIUS server
greater-than Check if the field value that the SIP server returns is greater than the number entered in the local AP RADIUS server
less-than Check if the field value that the SIP server returns is less than the number entered in the local AP RADIUS server
<number> Enter the number that the AP RADIUS server uses when checking the field values that the SIP server returns (Range: 0-65535)
user-group Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
<string> Enter the user group name (1-32 chars)
action Set the action that the library SIP policy rule applies
permit Notify users assigned to the user group that they are permitted network access
restricted Notify users assigned to the user group that they are given restricted network access
deny Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
additional-display-message Set a message to display when a user attempts to access the network
<string> Enter a message string (up to 256 chars)
library-sip-policy <string> id <number> field <string> {matches|differs-from|starts-with|occurs-after|occurs-before|contains} <string> user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
library-sip-policy Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
<string> Enter a library SIP policy name (1-32 chars)
id Set an ID number for a rule to add it to the library SIP policy
<number> Enter an ID number (Range: 1-64)
field Set the two-letter character code that identifies the field name of a specific library SIP value
<string> Enter the two-letter character code(2 char)
matches Check if the field value that the SIP server returns matches the string entered in the local AP RADIUS server
differs-from Check if the field value that the SIP server returns differs-from the string entered in the local AP RADIUS server
starts-with Check if the field value that the SIP server returns starts-with the string entered in the local AP RADIUS server
occurs-after Check if the field value that the SIP server returns occurs-after the string entered in the local AP RADIUS server
occurs-before Check if the field value that the SIP server returns occurs-before the string entered in the local AP RADIUS server
contains Check if the field value that the SIP server returns contains the string entered in the local AP RADIUS server
<string> Enter the string that the AP RADIUS server uses when checking the field values that the SIP server returns (1-32 chars; Note: Date format must be YYYY-MM-DD; Example: 2010-01-01.)
user-group Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
<string> Enter the user group name (1-32 chars)
action Set the action that the library SIP policy rule applies
permit Notify users assigned to the user group that they are permitted network access
restricted Notify users assigned to the user group that they are given restricted network access
deny Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
additional-display-message Set a message to display when a user attempts to access the network
<string> Enter a message string (up to 256 chars)
library-sip-policy <string> id <number> {after|before} id <number>
library-sip-policy Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
<string> Enter a library SIP policy name (1-32 chars)
id Set an ID number for a rule to add it to the library SIP policy
<number> Enter an ID number (Range: 1-64)
after Move the library SIP rule after another rule in the policy
before Move the library SIP rule before another rule in the policy
id Set an ID number for a rule to add it to the library SIP policy
<number> Enter an ID number (Range: 1-64)
license <string> <string>
license Set license parameters
<string> Enter registration license
<string> Enter registration key
lldp enable
lldp Set LLDP (Link Layer Discovery Protocol) parameters
enable Enable globally
lldp fast-start repeat-count <number>
lldp Set LLDP (Link Layer Discovery Protocol) parameters
fast-start Set the LLDP-MED (Link Layer Discovery Protocol for Media End Point Devices) fast start parameters
repeat-count Set the LLDP-MED fast start repeat count
<number> Enter the number of LLDP-MED PDU (protocol data units) that the device sends (Default: 3; Range: 1-10)
lldp holdtime <number>
lldp Set LLDP (Link Layer Discovery Protocol) parameters
holdtime Set the length of time that the neighboring network devices to retain the LLDP advertisements that it sends to them
<number> Enter the length of time in seconds that the neighboring network devices to hold LLDP advertisements (Default: 90; Range: 0-65535)
lldp max-entries <number>
lldp Set LLDP (Link Layer Discovery Protocol) parameters
max-entries Set the maximum number of entries to cache in the neighbor table
<number> Enter the maximum number of entries to cache (Default: 64; Range: 1-128)
lldp reinit <number>
lldp Set LLDP (Link Layer Discovery Protocol) parameters
reinit Set the delay time in seconds that the device waits for LLDP to initialize
<number> Enter the delay time in seconds that the device waits for LLDP to initialize (Default: 2; Range: 2-5)
lldp timer <number>
lldp Set LLDP (Link Layer Discovery Protocol) parameters
timer Set the interval between LLDP advertisements to neighboring network device
<number> Enter the interval in seconds between LLDP advertisements (Default: 30; Range: 5-65534)
load config {current|backup|bootstrap|default}
load Load a configuration file
config Specify which configuration file to load after rebooting
current Load the current configuration file after rebooting
backup Load the backup configuration file after rebooting
bootstrap Load the bootstrap configuration file after rebooting
default Load the default configuration file after rebooting
logging buffered level {emergency|alert|critical|error|warning|notification|info|debug}
logging Set logging parameters
buffered Set logging buffer
level Set logging level
emergency Send emergency-level log entries (Default: debug)
alert Send log entries from alert to emergency levels (Default: debug)
critical Send log entries from critical to emergency levels (Default: debug)
error Send log entries from error to emergency levels (Default: debug)
warning Send log entries from warning to emergency levels (Default: debug)
notification Send log entries from notification to emergency levels (Default: debug)
info Send log entries from info to emergency levels (Default: debug)
debug Send log entries for all severity levels (Default: debug)
logging debug
logging Set logging parameters
debug Enable debug messages
logging facility {local0|local1|local2|local3|local4|local5|local6|local7|auth|authpriv|security|user}
logging Set logging parameters
facility Set logging facility
local0 Set log facility to local0 (Default: local6)
local1 Set log facility to local1 (Default: local6)
local2 Set log facility to local2 (Default: local6)
local3 Set log facility to local3 (Default: local6)
local4 Set log facility to local4 (Default: local6)
local5 Set log facility to local5 (Default: local6)
local6 Set log facility to local6 (Default: local6)
local7 Set log facility to local7 (Default: local6)
auth Set log facility to auth (Default: local6)
authpriv Set log facility to authpriv (Default: local6)
security Set log facility to security (Default: local6)
user Set log facility to user (Default: local6)
logging flash level {emergency|alert|critical|error|warning|notification|info|debug}
logging Set logging parameters
flash Set logging flash
level Set logging level
emergency Send emergency-level log entries (Default: error)
alert Send log entries from alert to emergency levels (Default: error)
critical Send log entries from critical to emergency levels (Default: error)
error Send log entries from error to emergency levels (Default: error)
warning Send log entries from warning to emergency levels (Default: error)
notification Send log entries from notification to emergency levels (Default: error)
info Send log entries from info to emergency levels (Default: error)
debug Send log entries for all severity levels (Default: error)
logging server <string> [ level {emergency|alert|critical|error|warning|notification|info|debug} ] [ {via-vpn-tunnel} ]
logging Set logging parameters
server Set parameters for a syslog server
<string> Set the IP address or domain name (1-32 chars) for the syslog server
level Set the severity level for the log messages you want to send
emergency Send emergency-level log entries
alert Send log entries from alert to emergency levels
critical Send log entries from critical to emergency levels
error Send log entries from error to emergency levels
warning Send log entries from warning to emergency levels
notification Send log entries from notification to emergency levels
info Send log entries from info to emergency levels
debug Send log entries for all severity levels
via-vpn-tunnel Send all logging traffic through a VPN tunnel (Note: Set this option on VPN clients when the logging server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
logging trap all [ {emerg|alert|crit|err|warning|notice|info} ]
logging Set logging parameters
trap Set logging trap parameters
all Set logging trap level for all trap categorys
emerg Set logging SNMP trap level to emerg (Default: info)
alert Set logging SNMP trap level to alert (Default: info)
crit Set logging SNMP trap level to crit (Default: info)
err Set logging SNMP trap level to err (Default: info)
warning Set logging SNMP trap level to warning (Default: info)
notice Set logging SNMP trap level to notice (Default: info)
info Set logging SNMP trap level to info (Default: info)
logging trap level [ {emerg|alert|crit|err|warning|notice|info} ]
logging Set logging parameters
trap Set logging trap parameters
level Set logging trap level
emerg Set logging trap level to emerg (Default: info)
alert Set logging trap level to alert (Default: info)
crit Set logging trap level to crit (Default: info)
err Set logging trap level to err (Default: info)
warning Set logging trap level to warning (Default: info)
notice Set logging trap level to notice (Default: info)
info Set logging trap level to info (Default: info)
logging trap white-list category {failure|threshold|statechange|connectionchange|idp|powerinfo|channelpower|mitigate|clientinfo|interferencealert|bwsentinel|alarmalert} [ {emerg|alert|crit|err|warning|notice|info} ]
logging Set logging parameters
trap Set logging trap parameters
white-list Set logging trap white list
category Set logging trap white list for trap category
failure Enable the trap category failure send to SNMP server
threshold Enable the trap category threshold send to SNMP server
statechange Enable the trap category statechange send to SNMP server
connectionchange Enable the trap category connectionchange send to SNMP server
idp Enable the trap category idp send to SNMP server
powerinfo Enable the trap category powerinfo send to SNMP server
channelpower Enable the trap category channelpower send to SNMP server
mitigate Enable the trap category mitigate send to SNMP server
clientinfo Enable the trap category clientinfo send to SNMP server
interferencealert Enable the trap category interferencealert send to SNMP server
bwsentinel Enable the trap category bwsentinel send to SNMP server
alarmalert Enable the trap category alarmalert send to SNMP server
emerg Set category trap level to emerg (Default: info)
alert Set category trap level to alert (Default: info)
crit Set category trap level to crit (Default: info)
err Set category trap level to err (Default: info)
warning Set category trap level to warning (Default: info)
notice Set category trap level to notice (Default: info)
info Set category trap level to info (Default: info)
login banner <string>
login Set parameters fot the CLI login
banner Set the banner that appears after logging in to the CLI
<string> Enter the banner text (Default: 'Aerohive Networks Inc.\n Copyright (C) 2006-2010\n'; Max: 256 chars; Notes: Use '\n' to indicate a line break.)
mac-address-table idle-timeout <number>
mac-address-table Set the MAC address table
idle-timeout Set the length of time to keep dynamically learned MAC addresses that have been inactive in the MAC address table
<number> Enter the timeout value in seconds (Range: 0, 10-650; Default: 300)
mac-address-table learning vlan <number>
mac-address-table Set the MAC address table
learning Enable the device to learn MAC addresses dynamically
vlan Enable MAC address learning per VLAN
<number> Enter the VLAN ID (Range: 1-4094)
mac-address-table learning vlan all
mac-address-table Set the MAC address table
learning Enable the device to learn MAC addresses dynamically
vlan Enable MAC address learning per VLAN
all Enable MAC address learning on all VLANs
mac-address-table static <mac_addr> vlan <number> interface <ethx/y|aggx>
mac-address-table Set the MAC address table
static Set a static unicast MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
vlan Specify the VLAN for the manually entered MAC address
<number> Enter the VLAN ID (Range: 1-4094)
interface Specify the interface through which the manually entered MAC address is located
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
mac-object <string> mac-range <mac_addr> - <mac_addr>
mac-object Set parameters for an MAC object that the HiveAP can use to assign a client with a matching MAC address to a user profile (Max: 128 MAC objects per HiveAP.)
<string> Enter the MAC object name (1-32 chars)
mac-range Set a range of MAC addresses for the MAC object (Max: 255 MAC address ranges per MAC object)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
- Set a range of MAC addresses
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] [ action {permit|deny} ]
mac-policy Set MAC policy parameters
<string> Enter a MAC policy name (1-32 chars)
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
before Set the before parameters for a MAC policy
after Set the after parameters for a MAC policy
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
from Set the source MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
to Set the destination MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
action Set action for a MAC policy (Default: deny)
permit Set the action to permit (Default: deny)
deny Set the action to deny (Default: deny)
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action deny log packet-drop
mac-policy Set MAC policy parameters
<string> Enter a MAC policy name (1-32 chars)
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
before Set the before parameters for a MAC policy
after Set the after parameters for a MAC policy
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
from Set the source MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
to Set the destination MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
action Set action for a MAC policy (Default: deny)
deny Set the action to deny (Default: deny)
log Set logging options for packets and sessions that match the MAC firewall policy
packet-drop Log dropped packets that the MAC firewall policy denies
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action permit log [ {initiate-session|terminate-session} ]
mac-policy Set MAC policy parameters
<string> Enter a MAC policy name (1-32 chars)
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
before Set the before parameters for a MAC policy
after Set the after parameters for a MAC policy
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
from Set the source MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
to Set the destination MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
action Set action for a MAC policy (Default: deny)
permit Set the action to permit (Default: deny)
log Set logging options for packets and sessions that match the MAC firewall policy
initiate-session Log session details when a session is created after passing a MAC firewall policy lookup
terminate-session Log session details when a session matching a MAC firewall policy is terminated
management telnet port <number>
management Set management service parameters
telnet Set Telnet service parameters
port Set the port number on which the local device listens for Telnet connections
<number> (Default: 23; Range: 1-65535; Note: When changing the port from the default, choosing a port number higher than 1024 is recommended to avoid conflicts with other well-known service ports)
mdm-object <string> [ enroll-status {enrolled|non-enrolled|unknown} ] [ compliance-status {compliant|non-compliant|unknown} ] [ client-tag <string> ]
mdm-object Set the MDM (mobile device management) object
<string> Enter an MDM object name (1-32 chars)
enroll-status Set the enrollment status of the managed mobile device
enrolled Set the MDM enrollment status of the device as enrolled
non-enrolled Set the MDM enrollment status of the device as non-enrolled
unknown Set the MDM enrollment status of the device as unknown
compliance-status Set a compliance status
compliant Set the compliance status as compliant
non-compliant Set the compliance status as non-compliant
unknown Set the compliance status as unknown
client-tag Set an MDM client tag name to indicate the ownership of the managed mobile device (Note: BYOD and CID are common ownership tags that describe bring-your-own-device and corporate-issues-device situations.)
<string> Enter a tag name (1-32 chars)
mobile-device-policy <string> [ rule <number> ] [ original-user-profile <string> ] device-group <string> reassigned-user-profile-attr <number>
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
rule Add a rule to the mobile device policy
<number> Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the HiveAP automatically assigns one.)
original-user-profile Specify the user profile that the HiveAP first assigns to traffic before it completes the device classification process
<string> Enter the original user profile (1-32 chars)
device-group Set the device group that the policy rule references to classify the type of client device in use
<string> Enter a device group name (1-32 chars)
reassigned-user-profile-attr Reassign the client to a different user profile if it belongs to the specified device group or was initially assigned to the specified original user profile
<number> Enter the attribute of the user profile to assign in place of the originally assigned one (Range: 0-4095)
mobile-device-policy <string> apply {once|multiple-times}
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
apply Set the method for applying mobile device policy rules
once Apply a policy rule once if a client match is found after finishing the complete device type classification process(Default: Once)
multiple-times Apply a policy rule if a client match is found at any point during the device type detection process (Default: Once)(Note: Different rules might be applied at different times as the HiveAP collects more information about a client.)
mobile-device-policy <string> client-classification [ {mac} ] [ {domain} ] [ {os} ]
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
client-classification Set the client device classification methods that you want to use
mac Use the client classification method that is based on the MAC address of the device
domain Use the client classification method that is based on the computer domain to which a client belongs in the database
os Use the client classification method that is based on the OS running on the device
mobile-device-policy <string> rule <number> {before|after} rule <number>
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
rule Add a rule to the mobile device policy
<number> Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the HiveAP automatically assigns one.)
before Move the mobile device policy rule before another rule in the policy
after Move the mobile device policy rule after another rule in the policy
rule Set a rule before or after another rule in the mobile device policy
<number> Enter a rule ID number (Range: 1-65535)
mobility-policy <string> dnxp
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
dnxp Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring hive members)
mobility-policy <string> dnxp nomadic-roaming
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
dnxp Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring hive members)
nomadic-roaming Enable fast roaming support on nonneighboring hive members in different subnets (Default: predictive-roaming)
mobility-policy <string> dnxp unroam-threshold <number> <number>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
dnxp Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring hive members)
unroam-threshold Set the minimum traffic level required to continue tunneling traffic back to the original subnet of a L3 roaming client. (Note: If the volume of client traffic dips below the threshold, it is disassociated.)
<number> Enter the minimum number of packets/minute to and from the client required to continue tunneling its traffic back to its original subnet (Default: 0; Range: 0-2147483647; Note: The value "0" disables the unroaming feature.)
<number> Enter the interval in seconds for polling traffic statistics (Default: 60 seconds; Range: 10-600)
mobility-policy <string> inxp gre-tunnel from <ip_addr/netmask> password <string>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
inxp Assign INXP (Identity Network eXtension Protocol) for the mobility policy
gre-tunnel Set the INXP gre-tunnel parameters
from Set the INXP gre-tunnel source parameters
<ip_addr/netmask> Enter subnet for INXP gre-tunnel source
password Set password for INXP gre-tunnel
<string> Enter password for INXP gre-tunnel (1-64 chars)
mobility-policy <string> inxp gre-tunnel to <ip_addr> <ip_addr> password <string>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
inxp Assign INXP (Identity Network eXtension Protocol) for the mobility policy
gre-tunnel Set the INXP gre-tunnel parameters
to Set the INXP gre-tunnel destination parameters
<ip_addr> Enter start IP address for INXP gre-tunnel destination
<ip_addr> Enter end IP address for INXP gre-tunnel destination
password Set password for INXP gre-tunnel
<string> Enter password for INXP gre-tunnel (1-64 chars)
mobility-policy <string> inxp gre-tunnel to <ip_addr> password <string>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
inxp Assign INXP (Identity Network eXtension Protocol) for the mobility policy
gre-tunnel Set the INXP gre-tunnel parameters
to Set the INXP gre-tunnel destination parameters
<ip_addr> Enter start IP address for INXP gre-tunnel destination
password Set password for INXP gre-tunnel
<string> Enter password for INXP gre-tunnel (1-64 chars)
mobility-threshold gre-tunnel permitted-load {low|medium|high}
mobility-threshold Set parameters for tunneling mobile user traffic
gre-tunnel Set the volume of traffic that the local AP will accept through GRE (Generic Routing Encapsulation) tunnels (Note: Only set this option on portals.)
permitted-load Set a level determining the amount of traffic the local AP will accept through GRE tunnels
low Accept a relatively low number of tunnels (Default: high)
medium Accept a relatively moderate number of tunnels (Default: high)
high Accept a relatively high number of tunnels (Default: high)
monitor session <string>
monitor Set monitor parameters
session Set monitor session parameters
<string> Enter a monitor session name (1-32 chars)
monitor session <string> destination interface <ethx/y>
monitor Set monitor parameters
session Set monitor session parameters
<string> Enter a monitor session name (1-32 chars)
destination Set monitor destination interface
interface Set the destination interface on
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
monitor session <string> enable
monitor Set monitor parameters
session Set monitor session parameters
<string> Enter a monitor session name (1-32 chars)
enable Enable session
monitor session <string> source interface <ethx/y|aggx> [ - <ethx/y|aggx> ] {ingress|egress|both}
monitor Set monitor parameters
session Set monitor session parameters
<string> Enter a monitor session name (1-32 chars)
source Set monitor session source parameters
interface Set monitor session source interface parameters
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
- Set a range of interfaces
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
ingress Monitor received traffic
egress Monitor transmitted traffic
both Monitor both received and transmitted traffic
monitor session <string> source vlan <number> [ - <number> ] ingress
monitor Set monitor parameters
session Set monitor session parameters
<string> Enter a monitor session name (1-32 chars)
source Set monitor session source parameters
vlan Set the source vlan on
<number> Enter the VLAN ID to be allowed (Range: 1-4094)
- Set a range of allowed VLAN IDs
<number> Enter the last VLAN ID in the range (Range: 1-4094)
ingress direction::Monitor received traffic
network-firewall name <string> [ from {any|vpn} ] [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
any Apply the rule regardless of the traffic source
vpn Apply the rule if the traffic comes from a VPN tunnel
to Apply the rule based on the traffic destination (Default: any)
any Apply the rule regardless of the traffic destination
vpn Apply the rule if the traffic destination is a VPN tunnel
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> [ from {any|vpn} ] to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
any Apply the rule regardless of the traffic source
vpn Apply the rule if the traffic comes from a VPN tunnel
to Apply the rule based on the traffic destination (Default: any)
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter a host or domain name (1-32 chars)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> [ from {any|vpn} ] to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
any Apply the rule regardless of the traffic source
vpn Apply the rule if the traffic comes from a VPN tunnel
to Apply the rule based on the traffic destination (Default: any)
ip-range Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> [ from {any|vpn} ] to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
any Apply the rule regardless of the traffic source
vpn Apply the rule if the traffic comes from a VPN tunnel
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
<mask> Enter a netmask
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> [ from {any|vpn} ] to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
any Apply the rule regardless of the traffic source
vpn Apply the rule if the traffic comes from a VPN tunnel
to Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from ip-range <ip_addr> <ip_addr> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
ip-range Set a range of IP addresses as the traffic source
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
to Apply the rule based on the traffic destination (Default: any)
any Apply the rule regardless of the traffic destination
vpn Apply the rule if the traffic destination is a VPN tunnel
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
ip-range Set a range of IP addresses as the traffic source
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
to Apply the rule based on the traffic destination (Default: any)
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter a host or domain name (1-32 chars)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
ip-range Set a range of IP addresses as the traffic source
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
to Apply the rule based on the traffic destination (Default: any)
ip-range Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
ip-range Set a range of IP addresses as the traffic source
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
<mask> Enter a netmask
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from ip-range <ip_addr> <ip_addr> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
ip-range Set a range of IP addresses as the traffic source
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
to Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from network <ip_addr> <mask> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
any Apply the rule regardless of the traffic destination
vpn Apply the rule if the traffic destination is a VPN tunnel
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from network <ip_addr> <mask> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter a host or domain name (1-32 chars)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from network <ip_addr> <mask> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
ip-range Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from network <ip_addr> <mask> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
<mask> Enter a netmask
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from network <ip_addr> <mask> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from user-profile <string> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
user-profile Apply the rule if the HiveAP assigns a user profile to the traffic
<string> Enter the user profile name (1-32 chars)
to Apply the rule based on the traffic destination (Default: any)
any Apply the rule regardless of the traffic destination
vpn Apply the rule if the traffic destination is a VPN tunnel
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from user-profile <string> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
user-profile Apply the rule if the HiveAP assigns a user profile to the traffic
<string> Enter the user profile name (1-32 chars)
to Apply the rule based on the traffic destination (Default: any)
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter a host or domain name (1-32 chars)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from user-profile <string> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
user-profile Apply the rule if the HiveAP assigns a user profile to the traffic
<string> Enter the user profile name (1-32 chars)
to Apply the rule based on the traffic destination (Default: any)
ip-range Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from user-profile <string> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
user-profile Apply the rule if the HiveAP assigns a user profile to the traffic
<string> Enter the user profile name (1-32 chars)
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
<mask> Enter a netmask
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from user-profile <string> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
user-profile Apply the rule if the HiveAP assigns a user profile to the traffic
<string> Enter the user profile name (1-32 chars)
to Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from wildcard <ip_addr> <mask> [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
any Apply the rule regardless of the traffic destination
vpn Apply the rule if the traffic destination is a VPN tunnel
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from wildcard <ip_addr> <mask> to hostname <string> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter a host or domain name (1-32 chars)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from wildcard <ip_addr> <mask> to ip-range <ip_addr> <ip_addr> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
ip-range Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from wildcard <ip_addr> <mask> to network <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
<mask> Enter a netmask
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
network-firewall name <string> from wildcard <ip_addr> <mask> to wildcard <ip_addr> <mask> [ service <string> ] [ action {permit|deny} ] logging {on|off}
network-firewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (1-32 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
<ip_addr> Enter an IP address
<mask> Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all addresses matching only the first and fourth octets.)
service Apply the rule if the traffic uses a specific service (Default: any, which applies the rule regardless of the service type)
<string> Enter the service name (1-32 chars)
action Set the action the HiveAP takes when traffic matches the specified source, destination, and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
on Log all matching packets that are dropped or the first packet in a permitted session (Note: A session is defined by the 5-part tuple: source and destination IP address, source and destination port number, and protocol)
off Do not log packets
ntp enable
ntp Set NTP (Network Time Protocol) parameters
enable Enable the local AP to act as an NTP client
ntp interval <number>
ntp Set NTP (Network Time Protocol) parameters
interval Set the interval for synchronizing the internal clock with an NTP server
<number> Enter the interval in minutes (Default: 180; Range: 60-10080)
ntp server <string> [ {second|third|fourth} ] [ {via-vpn-tunnel} ]
ntp Set NTP (Network Time Protocol) parameters
server Set NTP server parameters
<string> Enter the IP address or domain name of an NTP server (1-32 chars)
second Set the priority of the NTP server as second
third Set its priority as third
fourth Set its priority as fourth
via-vpn-tunnel Send all NTP traffic through a VPN tunnel (Note: Set this option on VPN clients when the NTP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
os-detection enable
os-detection Set the OS (Operating System) detection parameters
enable Enable OS detection to learn client station operating systems (Default: Enabled)
os-detection method dhcp-option55
os-detection Set the OS (Operating System) detection parameters
method Set the OS detection method (Note: HiveAPs can detect the OS of client stations using option 55 in the DHCP packets or by parsing the HTTP headers to find the User-Agent field.)
dhcp-option55 Detect client station operating systems by parsing option 55 in DHCP messages from clients (Default: Enabled)
os-detection method user-agent
os-detection Set the OS (Operating System) detection parameters
method Set the OS detection method (Note: HiveAPs can detect the OS of client stations using option 55 in the DHCP packets or by parsing the HTTP headers to find the User-Agent field.)
user-agent Detect client station operating systems by parsing the User-Agent field in HTTP packets (Default: Disabled)
os-object <string> os-version <string>
os-object Set parameters for an OS object that the HiveAP can use to assign a client running a matching OS to a user profile (Max: 64 OS objects per HiveAP.)
<string> Enter an OS object name (1-32 chars; Note: The object name is an admin-defined name and does not have to be the name of an operating system.)
os-version Set the name and version of an operating system version (Max: 32 OS versions per OS object)
<string> Enter the exact text string that identifies an operating system as it appears in the user agent ID field in HTTP headers (1-32 chars; Note: Use quotation marks if spaces are required. Examples: "Windows NT 5.1", "Mac OS X", "Linux i686")
os-version <string> option55 <string>
os-version Set the OS (operating system) version you want to detect in the DHCP packets
<string> Enter the OS version name (1-32 chars; Note: The OS version name can be in any form you choose; for example, "Windows XP" or "WinXP".)
option55 Set the option 55 string for the type of operating system you want to detect
<string> Enter the DHCP option 55 string (1-256 chars)
performance-sentinel notification-interval <number>
performance-sentinel Set performance sentinel parameters to moderate client throughput
notification-interval Set the interval for sending SNMP traps to HiveManager to update the performance sentinel log
<number> Enter the performance sentinel log update interval in seconds (Default: 600; Range: 30-1800)
ping <ip_addr> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
ping Perform a ping
<ip_addr> Enter the destination IP address
count Stop pinging after sending the specified number of ICMP echo requests
<number> Enter a number after sending the number of ICMP echo requests the pinging stop (Default: 5, Range: 1-65535)
size Set the size of the ICMP packets
<number> Enter the packet size in bytes (Default: 56, Range: 1-1024)
ttl Set the TTL (time to live)
<number> Enter the TTL (Range: 1-255)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 10; Range: 1-60)
ping <string> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
ping Perform a ping
<string> Enter the destination domain name (1-63 chars)
count Set the number of ICMP echo requests to send
<number> Enter the number of ICMP echo requests (Default: 5, Range: 1-65535)
size Set the size of the ICMP packets
<number> Enter the packet size in bytes (Default: 56, Range: 1-1024)
ttl Set the TTL (time to live)
<number> Enter the TTL (Range: 1-255)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 10; Range: 1-60)
probe <ip_addr|mac_addr> [ size <number> ] [ src-mac <mac_addr> ] [ wait-time <number> ] [ ttl <number> ] [ count <number> ]
probe Set the probe parameters
<ip_addr> Enter the target IP or MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
size Set the probe request packet size (default: 512 bytes)
<number> Enter a packet size (range: 256-1400 bytes)
src-mac Set the Source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
wait-time Set the timeout value (default: 1 second)
<number> Enter an timeout value (range: 1-30 seconds)
ttl Set the TTL value (default 32)
<number> Enter an TTL value (range: 1-255)
count Set probe request count (default: 5)
<number> Enter the probe request count (range: 1-64)
probe portal [ size <number> ] [ src-mac <mac_addr> ] [ wait-time <number> ] [ ttl <number> ] [ count <number> ]
probe Set the probe parameters
portal Set the target of the probe as the MAC address of the HiveAP acting as portal
size Set the probe request packet size (default: 512 bytes)
<number> Enter a packet size (range: 256-1400 bytes)
src-mac Set the Source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
wait-time Set the timeout value (default: 1 second)
<number> Enter an timeout value (range: 1-30 seconds)
ttl Set the TTL value (default 32)
<number> Enter an TTL value (range: 1-255)
count Set probe request count (default: 5)
<number> Enter the probe request count (range: 1-64)
pse enable
pse Set PSE(power source equipment) power management parameters
enable Enable the entire PSE system (default)
pse guard-band <number>
pse Set PSE(power source equipment) power management parameters
guard-band Set PSE guard band attributes. The guard band is a reserve amount of the total power budget. When configured, PSE only connects a PD if the total consumed power is less than the total power budget minus the guard band.
<number> Enter the amount of power in Watts(Default: 22; Range: 2-25)
pse legacy enable
pse Set PSE(power source equipment) power management parameters
legacy Set to support the legacy PD(Default: disable.)
enable Enable to support the legacy PD
pse max-power-source <number>
pse Set PSE(power source equipment) power management parameters
max-power-source Set the maximum amount of power the PSE can receive from the board power source
<number> Enter the amount of power in Watts (for SR2024, Default: 195; Range: 0-195; for SR2124P, Default: 408; Range: 0-408; for SR2148P, Default: 779; Range 0-779)
pse power-management-type {static|dynamic}
pse Set PSE(power source equipment) power management parameters
power-management-type Set the power management type(Default: Dynamic.)
static Use static power management where PoE power for the port is shut down if the power threshold for the port is exceeded
dynamic Use dynamic power management where each PSE consumes power on demand
pse profile <string>
pse Set PSE(power source equipment) power management parameters
profile Set PSE port power management profile
<string> Enter a name for the PSE port power management profile. (1-32 chars)
pse profile <string> power-mode {802.3af|802.3at} [ power-limit <number> ]
pse Set PSE(power source equipment) power management parameters
profile Set PSE port power management profile
<string> Enter a name for the PSE port power management profile. (1-32 chars)
power-mode Set port power mode (802.3at/802.3af)
802.3af Use PSE as defined in the IEEE 802.3af standard on this port
802.3at Use PSE as defined in the IEEE 802.3at standard on this port(default)
power-limit Set a user defined power threshold for the port
<number> Enter power in milliwatts, the granularity is 100mW. 802.3af - Range: 100-16000 mW, Default: 15400 mW; 802.3at - Range: 100-32000 mW, Default: 32000 mW
pse profile <string> priority {low|high|critical}
pse Set PSE(power source equipment) power management parameters
profile Set PSE port power management profile
<string> Enter a name for the PSE port power management profile. (1-32 chars)
priority Set the priority of the PSE port
low Set the priority to low(default)
high Set the priority to high
critical Set the priority to critical
pse {reset|restart}
pse Set PSE(power source equipment) power management parameters
reset Reset the PSE to the default parameters
restart Restart only the PSE chip, (the configuration will not be reset)
qos classifier-map 8021p <number> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
8021p Map IEEE 802.1p priority markers on incoming packets to Aerohive QoS classes
<number> Enter IEEE 802.1p Priority (Range: 0-7)
<number> Enter Aerohive QoS class (Range: 0-7)
qos classifier-map diffserv <number> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
diffserv Map diffserv DSCP (Differentiated Services Code Point) values on incoming packets to Aerohive QoS classes
<number> Enter the DSCP class (Range: 0-63)
<number> Enter the Aerohive QoS class (Range: 0-7)
qos classifier-map interface <ethx/y|aggx> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
interface Map incoming Ethernet traffic to Aerohive QoS classes by its ingress interface
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<aggx> Enter the name of an aggregation port (Range: 1-30)
<number> Enter the Aerohive QoS class (Range: 0-7)
qos classifier-profile <string> [ {8021p|diffserv} ]
qos Set QoS (Quality of Service) parameters
classifier-profile Set a QoS classification profile
<string> Enter a classifier profile name (1-32 chars)
8021p Classify incoming packets by 802.1p priority markers present in Layer2 frame headers
diffserv Classify incoming packets by DiffServ DSCP values present in Layer3 packet headers
qos enable
qos Set QoS (Quality of Service) parameters
enable Enable QoS (Quality of Service)
qos l3-police interface <string> enable
qos Set QoS (Quality of Service) parameters
l3-police Set parameters for simplified Layer 3 (VoIP QoS) policing
interface Set simplified Layer 3 (VoIP QoS) parameters for the specified interface
<string> Interface name
enable Enable Layer 3 policing for the specified interface
qos l3-police interface <string> max-download-bw <number>
qos Set QoS (Quality of Service) parameters
l3-police Set parameters for simplified Layer 3 (VoIP QoS) policing
interface Set simplified Layer 3 (VoIP QoS) parameters for the specified interface
<string> Interface name
max-download-bw Set the maximum download bandwidth in Kbps
<number> The maximum download bandwidth in Kbps (Default: 100 Kbps; Range: 0~20000 Kbps)
qos l3-police interface <string> max-upload-bw <number>
qos Set QoS (Quality of Service) parameters
l3-police Set parameters for simplified Layer 3 (VoIP QoS) policing
interface Set simplified Layer 3 (VoIP QoS) parameters for the specified interface
<string> Interface name
max-upload-bw Set the maximum upload bandwidth in Kbps
<number> The maximum upload bandwidth in Kbps (Default: 100 Kbps; Range: 0~20000 Kbps)
qos l3-police voip-detect-timeout <number>
qos Set QoS (Quality of Service) parameters
l3-police Set parameters for simplified Layer 3 (VoIP QoS) policing
voip-detect-timeout Sets timeout used to turn off VoIP QoS policing after VoIP media traffic detection stops
<number> The timeout duration in seconds (Default: 10 seconds; Range: 2~100 seconds)
qos marker-map 8021p <number> <number>
qos Set QoS (Quality of Service) parameters
marker-map Map Aerohive QoS classes to QoS priority markers on outgoing packets
8021p Map Aerohive QoS classes to IEEE 802.1p priority markers on outgoing packets
<number> Enter Aerohive QoS class (Range: 0-7)
<number> Enter IEEE 802.1p Priority (Range: 0-7)
qos marker-map diffserv <number> <number>
qos Set QoS (Quality of Service) parameters
marker-map Map Aerohive QoS classes to QoS priority markers on outgoing packets
diffserv Map Aerohive QoS classes to diffserv DSCP (Differentiated Services Code Point) values on outgoing packets
<number> Enter the Aerohive QoS class (Range: 0-7)
<number> Enter the DSCP class (Range: 0-63)
qos marker-profile <string> [ {8021p|diffserv} ]
qos Set QoS (Quality of Service) parameters
marker-profile Set a QoS marker profile
<string> Enter the marker profile name (1-32 chars)
8021p Use 802.1p priority markers in Layer 2 frame headers as the marking method
diffserv Use DiffServ DSCP values in Layer 3 packet headers as the marking method
quit
quit Quit CLI (Command Line Interface)
radsec-proxy server-num-limit <number>
radsec-proxy Set parameters for RadSec proxy servers which communicate with ID Manager over a secure TLS tunnel
server-num-limit Set the number of RadSec proxy servers that can be elected for a hive
<number> Enter the maximum number of RadSec proxy server in a hive (Range: 2~16; Default: 2)
reboot
reboot Reboot the system
reboot date <date> time <time>
reboot Reboot the system
date Schedule the system to reboot at a specific date and time
<date> Enter the date when you want the system to reboot (Format: yyyy-mm-dd; Default: The current date provided by HiveOS)
time Set the time when you want the system to reboot
<time> Enter the time (Format: hh:mm:ss; Default: 00:00:00)
reboot offset <time>
reboot Reboot the system
offset Schedule the system to reboot at a time relative to the moment you enter the command
<time> Enter the length of time after which the system will reboot (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss; Default:00:00:00)
reboot schedule daily every <number> day(s) time <time> [ variable <number> ]
reboot Reboot the system
schedule Schedule a reboot
daily Reboot daily
every Reboot every X days
<number> Enter number of days interval (Default: 1; Range: 1-365)
day(s) Reboot every X days
time Set the time when you want the system to reboot
<time> Enter the time (Format: hh:mm:ss; Default: 00:00:00)
variable Reboot the system in a time range randomly
<number> Minutes range(Default: 1; Range: 1-300)
reboot schedule weekly every <number> week(s) {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} time <time> [ variable <number> ]
reboot Reboot the system
schedule Schedule a reboot
weekly Reboot weekly
every Reboot every X weeks
<number> Enter number of weeks interval (Default: 1; Range: 1-52)
week(s) Reboot every X weeks
Monday Reboot when Moday
Tuesday Reboot when Tuesday
Wednesday Reboot when Wednesday
Thursday Reboot when Thursday
Friday Reboot when Friday
Saturday Reboot when Saturday
Sunday Reboot when Sunday
time Set the time when you want the system to reboot
<time> Enter the time (Format: hh:mm:ss; Default: 00:00:00)
variable Reboot the system in a time range randomly
<number> Minutes range(Default: 1; Range: 1-300)
reboot {backup|current}
reboot Reboot the system
backup Load the backup HiveOS image when rebooting (Default image to load when rebooting after saving a new image: backup; Default image to load when rebooting at all other times: current)
current Load the currently running HiveOS image when rebooting
reboot {backup|current} date <date> time <time>
reboot Reboot the system
backup Load the backup HiveOS image when rebooting (Default image to load when rebooting after saving a new image: backup; Default image to load when rebooting at all other times: current)
current Load the currently running HiveOS image when rebooting
date Schedule the system to reboot at a specific date and time
<date> Enter the date when you want the system to reboot (Format: yyyy-mm-dd; Default: The current date provided by HiveOS)
time Set the time when you want the system to reboot
<time> Enter the time (Format: hh:mm:ss; Default: 00:00:00)
reboot {backup|current} offset <time>
reboot Reboot the system
backup Load the backup HiveOS image when rebooting (Default image to load when rebooting after saving a new image: backup; Default image to load when rebooting at all other times: current)
current Load the currently running HiveOS image when rebooting
offset Schedule the system to reboot at a time relative to the moment you enter the command
<time> Enter the length of time after which the system will reboot (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss; Default:00:00:00)
report statistic alarm-threshold client {tx-drop-rate|rx-drop-rate|tx-retry-rate|airtime-consumption} <number>
report Set the parameters for gathering traffic statistics and reporting them to HiveManager
statistic Set the periodic reporting of interface-level and client-level traffic statistics
alarm-threshold Set the alarm threshold for the CRC error rate, Tx/Rx drop rate, and Tx retry rate(Note: If the rate exceeds the threshold, the HiveAP sends an alarm to HiveManager.)
client Set the Tx/Rx drop rate, Tx retry rate, and airtime consumption alarm threshold of clients
tx-drop-rate Set the Tx drop rate alarm threshold for clients (Default: 40%)
rx-drop-rate Set the Rx drop rate alarm threshold for clients (Default: 40%)
tx-retry-rate Set the Tx retry rate alarm threshold for clients (Default: 40%)
airtime-consumption Set the airtime consumption (Tx airtime percentage + Rx airtime percentage) alarm threshold for clients (Default: 30%)
<number> Enter the alarm threshold (Range: 1-100)
report statistic alarm-threshold interface {crc-error-rate|tx-drop-rate|rx-drop-rate|tx-retry-rate|airtime-consumption} <number>
report Set the parameters for gathering traffic statistics and reporting them to HiveManager
statistic Set the periodic reporting of interface-level and client-level traffic statistics
alarm-threshold Set the alarm threshold for the CRC error rate, Tx/Rx drop rate, and Tx retry rate(Note: If the rate exceeds the threshold, the HiveAP sends an alarm to HiveManager.)
interface Set the CRC error rate, Tx/Rx drop rate, Tx retry rate, and airtime consumption alarm threshold of wifi interfaces
crc-error-rate Set CRC error rate alarm threshold for the wifi interfaces (Default: 30%)
tx-drop-rate Set the Tx drop rate alarm threshold for the wifi interfaces (Default: 40%)
rx-drop-rate Set the Rx drop rate alarm threshold for the wifi interfaces (Default: 40%)
tx-retry-rate Set the Tx retry rate alarm threshold for the wifi interfaces (Default: 40%)
airtime-consumption Set the airtime consumption (Tx airtime percentage + Rx airtime percentage) alarm threshold for the wifi interfaces (Default: 50%)
<number> Enter the alarm threshold (Range: 1-100)
report statistic enable
report Set the parameters for gathering traffic statistics and reporting them to HiveManager
statistic Set the periodic reporting of interface-level and client-level traffic statistics
enable Enable the creation of traffic statistics reports
report statistic period <number>
report Set the parameters for gathering traffic statistics and reporting them to HiveManager
statistic Set the periodic reporting of interface-level and client-level traffic statistics
period Set the time interval for gathering traffic statistics and calculating percentages
<number> Enter the time interval (Default: 10 minutes; Supported: 1, 5, 10, 30 or 60 minutes)
reset config [ {bootstrap} ]
reset Return the configuration to its default settings or the files in a web directory to the default file set
config Reset the configuration to the factory default settings and reboot
bootstrap Clear bootstrap configuration
reset web-directory [ <string> [ {save-to-flash} ] ]
reset Return the configuration to its default settings or the files in a web directory to the default file set
web-directory Reset the files in all web directories, in a specific directory, or in directories referenced by SSIDs to the default file set
<string> Enter the web directory name to reset files in the directory to the default file set (1-32 chars)
save-to-flash Save the default set of files in the specified directory to flash memory
reset web-directory all-running-ssid
reset Return the configuration to its default settings or the files in a web directory to the default file set
web-directory Reset the files in all web directories, in a specific directory, or in directories referenced by SSIDs to the default file set
all-running-ssid Reset the web directories for all SSIDs to the default file set
reset-button reset-config-enable
reset-button Enable the reset button on the AP chassis to reset the AP config
reset-config-enable Enable the reset button to reset the AP to its factory default settings or, if set, to a bootstrap config (Default: enabled)
roaming cache update-interval <number> ageout <number>
roaming Set roaming parameter
cache Set the interval between updates and the number of times to update station's roaming cache
update-interval Set the interval for sending roaming cache updates to neighbors
<number> Enter the roaming cache update interval in seconds (Default: 60; Range: 10-36000)
ageout Set how many times an entry must be absent from a neighbors updates before removing it from the roaming cache
<number> Enter the number of absences required to remove an entry (Default:60; Range: 1-1000)
roaming cache-broadcast neighbor-type access enable
roaming Set roaming parameter
cache-broadcast Set parameters for broadcasting roaming cache data to hive neighbors
neighbor-type Set the type of neighbor to which you want to broadcast roaming cache data
access Broadcast roaming cache data to hive neighbors discovered through wireless access links
enable Enable the broadcasting of roaming cache data to hive neighbors over wireless access links (Default: Enabled)
roaming cache-broadcast neighbor-type backhaul enable
roaming Set roaming parameter
cache-broadcast Set parameters for broadcasting roaming cache data to hive neighbors
neighbor-type Set the type of neighbor to which you want to broadcast roaming cache data
backhaul Broadcast roaming cache data to hive neighbors discovered through Ethernet and wireless backhaul links
enable Enable the broadcasting of roaming cache data to hive neighbors over backhaul links (Default: Enabled)
roaming hop <number>
roaming Set roaming parameter
hop Set the number of HiveAPs away from the source HiveAP to which it sends station authentication information
<number> Set roaming hop value (Defaule: 1, Range: 0-16)
roaming neighbor exclude ip <ip_addr>
roaming Set roaming parameter
neighbor Set which HiveAPs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
exclude Exclude dynamic roaming neighbor
ip Set IP address parameter for static roaming neighbor
<ip_addr> Enter IP address for static roaming neighbor
roaming neighbor include ip <ip_addr> <netmask>
roaming Set roaming parameter
neighbor Set which HiveAPs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
include Include dynamic roaming neighbor
ip Set IP address parameter for static roaming neighbor
<ip_addr> Enter IP address for static roaming neighbor
<netmask> Enter netmask for static roaming neighbor
roaming neighbor query-interval <number> query-times <number>
roaming Set roaming parameter
neighbor Set which HiveAPs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
query-interval Set roaming neighbor query interval
<number> Enter roaming neighbor query interval (Default: 10 secs; Min: 5; Max: 360000)
query-times Set roaming neighbor query times
<number> Enter roaming neighbor query times (Default: 5; Min: 2; Max: 1000)
roaming port <number>
roaming Set roaming parameter
port Set the port number that hive members use when sending roaming control data to each other
<number> Enter the port number for L3 roaming control traffic (Default: 3000; Range: 1500-65000; Note: The new setting must be at least 50 more or 50 less than the current setting.)
route <mac_addr> outgoing-interface <string> next-hop <mac_addr>
route Set a MAC address route
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
outgoing-interface Set outgoing interface
<string> Enter interface name
next-hop Set the MAC address of the next hop in the L2 forwarding route
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
routing internal-sub-network <ip_addr/netmask> [ {tunnel-dist-only} ]
routing Set routing parameters
internal-sub-network Set an internal subnetwork to be used in branch offices
<ip_addr/netmask> Enter the IP address and netmask for the internal subnetwork
tunnel-dist-only Do not advertise the route to the internal subnetwork via dynamic routing protocols
routing match-map <string> from {any} to {any|private}
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
any Apply the policy regardless of the traffic source
to Apply the policy based on the traffic destination prefix
any Apply the policy regardless of the traffic destination
private Private internet
routing match-map <string> from {any} to {hostname} <string>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
any Apply the policy regardless of the traffic source
to Apply the policy based on the traffic destination prefix
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter an destination hostname
routing match-map <string> from {any} to {iprange} <ip_addr> <ip_addr>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
any Apply the policy regardless of the traffic source
to Apply the policy based on the traffic destination prefix
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter a start IP address
<ip_addr> Enter an end IP address
routing match-map <string> from {any} to {network} <ip_addr/netmask>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
any Apply the policy regardless of the traffic source
to Apply the policy based on the traffic destination prefix
network Set a network as the traffic destination
<ip_addr/netmask> Enter an destination IP address
routing match-map <string> from {iprange} <ip_addr> <ip_addr> to {any|private}
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
iprange Set a range of IP addresses as the traffic source
<ip_addr> Entry start source IP address
<ip_addr> Entry end source IP address
to Apply the policy based on the traffic destination prefix
any Apply the policy regardless of the traffic destination
private Private internet
routing match-map <string> from {iprange} <ip_addr> <ip_addr> to {hostname} <string>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
iprange Set a range of IP addresses as the traffic source
<ip_addr> Entry start source IP address
<ip_addr> Entry end source IP address
to Apply the policy based on the traffic destination prefix
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter an destination hostname
routing match-map <string> from {iprange} <ip_addr> <ip_addr> to {iprange} <ip_addr> <ip_addr>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
iprange Set a range of IP addresses as the traffic source
<ip_addr> Entry start source IP address
<ip_addr> Entry end source IP address
to Apply the policy based on the traffic destination prefix
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter a start IP address
<ip_addr> Enter an end IP address
routing match-map <string> from {iprange} <ip_addr> <ip_addr> to {network} <ip_addr/netmask>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
iprange Set a range of IP addresses as the traffic source
<ip_addr> Entry start source IP address
<ip_addr> Entry end source IP address
to Apply the policy based on the traffic destination prefix
network Set a network as the traffic destination
<ip_addr/netmask> Enter an destination IP address
routing match-map <string> from {network} <ip_addr/netmask> to {any|private}
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
network Set a network as the traffic source
<ip_addr/netmask> Entry source IP address
to Apply the policy based on the traffic destination prefix
any Apply the policy regardless of the traffic destination
private Private internet
routing match-map <string> from {network} <ip_addr/netmask> to {hostname} <string>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
network Set a network as the traffic source
<ip_addr/netmask> Entry source IP address
to Apply the policy based on the traffic destination prefix
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter an destination hostname
routing match-map <string> from {network} <ip_addr/netmask> to {iprange} <ip_addr> <ip_addr>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
network Set a network as the traffic source
<ip_addr/netmask> Entry source IP address
to Apply the policy based on the traffic destination prefix
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter a start IP address
<ip_addr> Enter an end IP address
routing match-map <string> from {network} <ip_addr/netmask> to {network} <ip_addr/netmask>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
from Apply the policy based on the traffic source prefix
network Set a network as the traffic source
<ip_addr/netmask> Entry source IP address
to Apply the policy based on the traffic destination prefix
network Set a network as the traffic destination
<ip_addr/netmask> Enter an destination IP address
routing match-map <string> {iif} <ethx/y> to {any|private}
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
iif Apply the policy based on the traffic incoming LAN interface
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
to Apply the policy based on the traffic destination prefix
any Apply the policy regardless of the traffic destination
private Private internet
routing match-map <string> {iif} <ethx/y> to {hostname} <string>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
iif Apply the policy based on the traffic incoming LAN interface
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
to Apply the policy based on the traffic destination prefix
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter an destination hostname
routing match-map <string> {iif} <ethx/y> to {iprange} <ip_addr> <ip_addr>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
iif Apply the policy based on the traffic incoming LAN interface
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
to Apply the policy based on the traffic destination prefix
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter a start IP address
<ip_addr> Enter an end IP address
routing match-map <string> {iif} <ethx/y> to {network} <ip_addr/netmask>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
iif Apply the policy based on the traffic incoming LAN interface
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
to Apply the policy based on the traffic destination prefix
network Set a network as the traffic destination
<ip_addr/netmask> Enter an destination IP address
routing match-map <string> {user-profile} <string> to {any|private}
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
user-profile Apply the policy if the HiveAP assigns a user profile to the traffic
<string> Set user-profile name (1-32 chars)
to Apply the policy based on the traffic destination prefix
any Apply the policy regardless of the traffic destination
private Private internet
routing match-map <string> {user-profile} <string> to {hostname} <string>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
user-profile Apply the policy if the HiveAP assigns a user profile to the traffic
<string> Set user-profile name (1-32 chars)
to Apply the policy based on the traffic destination prefix
hostname Set the domain name of a specific host as the traffic destination (Note: Wildcard domain names are not supported.)
<string> Enter an destination hostname
routing match-map <string> {user-profile} <string> to {iprange} <ip_addr> <ip_addr>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
user-profile Apply the policy if the HiveAP assigns a user profile to the traffic
<string> Set user-profile name (1-32 chars)
to Apply the policy based on the traffic destination prefix
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter a start IP address
<ip_addr> Enter an end IP address
routing match-map <string> {user-profile} <string> to {network} <ip_addr/netmask>
routing Set routing parameters
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
user-profile Apply the policy if the HiveAP assigns a user profile to the traffic
<string> Set user-profile name (1-32 chars)
to Apply the policy based on the traffic destination prefix
network Set a network as the traffic destination
<ip_addr/netmask> Enter an destination IP address
routing policy <string> id <number> match-map <string> route-map <string>
routing Set routing parameters
policy Set parameters for a routing policy
<string> Enter routing policy name (1-32 chars)
id Assign a routing policy ID (range: 1 - 128)
<number> Enter a routing policy ID (range: 1 - 128)
match-map Set match-map parameters for a routing policy
<string> Enter match map name (1-32 chars)
route-map Set route-map parameters for a routing policy
<string> Enter route map name (1-32 chars)
routing route-map <string> via <ethx/y|usbnetx>
routing Set routing parameters
route-map Set route-map parameters for a routing policy
<string> Enter route map name (1-32 chars)
via Specify the nexthop of traffic
<ethx/y> Enter the name of a Ethernet interface (Ranges: x: 1; y: 1-28)
<usbnetx> Enter the name of the wireless USB modem interface, where x = 0
routing route-map <string> via {encrypted|blackhole}
routing Set routing parameters
route-map Set route-map parameters for a routing policy
<string> Enter route map name (1-32 chars)
via Specify the nexthop of traffic
encrypted encryped
blackhole via blackhole
routing route-request enable
routing Set routing parameters
route-request Set parameters for requesting routing information from route authorities
enable Enable the device to request routing information (Default: disabled)
routing route-request interval <number>
routing Set routing parameters
route-request Set parameters for requesting routing information from route authorities
interval Set the time interval for requesting routing information
<number> Enter the interval in seconds (Default: 60; Range: 30-600)
save config <location> bootstrap
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
bootstrap Save a configuration to the bootstrap configuration
save config <location> current
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
save config <location> current <time> [ <date> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
save config <location> current now
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
now Save the configuration and reboot the system immediately
save config <location> current offset <time>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
save config <url> bootstrap [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
bootstrap Save the config file for the HiveSwitch to use as its bootstrap configuration, which is the one it loads if it fails to load the current and backup config files or if you enter the 'reset config' command
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config <url> current <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
current Save the config file for the HiveSwitch to use as its current configuration, which is the one it loads when booting u
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config <url> current [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
current Save the config file for the HiveSwitch to use as its current configuration, which is the one it loads when booting u
now Save the configuration and reboot the system immediately
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config <url> current offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
current Save the config file for the HiveSwitch to use as its current configuration, which is the one it loads when booting u
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config [ running current ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
running Save a configuration from the running configuration
current Save a configuration to the current configuration
save config bootstrap <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
bootstrap Save the bootstrap configuration to a remote server
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save config current <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
current Save the current configuration to a remote server or to the bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save config current bootstrap
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
current Save the current configuration to a remote server or to the bootstrap config
bootstrap Save a configuration to the bootstrap configuration
save config running bootstrap
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
running Save a configuration from the running configuration
bootstrap Save a configuration to the bootstrap configuration
save config users [ bootstrap ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
users Save private PSK user accounts to the current or bootstrap configuration
bootstrap Save private PSK user accounts to the bootstrap configuration
save config {current|bootstrap} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveSwitch to a remote server, from a remote server to the HiveSwitch, or from DRAM to flash as the current or bootstrap config
current Save the current configuration to a remote server or to the bootstrap config
bootstrap Save the bootstrap configuration to a remote server
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save dhcp-fingerprint {option55} <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
dhcp-fingerprint Save a fingerprint file of DHCP options for client OS detection
option55 Save a fingerprint file of various parameter request lists mapped to client operating systems (Note: DHCP clients include unique lists in DHCP option 55 when sending DHCPDISCOVER messages. By comparing those lists with the fingerprints in the file, client operating systems can be detected.)
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save dhcp-fingerprint {option55} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
dhcp-fingerprint Save a fingerprint file of DHCP options for client OS detection
option55 Save a fingerprint file of various parameter request lists mapped to client operating systems (Note: DHCP clients include unique lists in DHCP option 55 when sending DHCPDISCOVER messages. By comparing those lists with the fingerprints in the file, client operating systems can be detected.)
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save image <location> <time> [ <date> ] [ limit <number> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveSwitch
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
save image <location> [ {now} ] [ limit <number> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveSwitch
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
now Save the image and reboot the system immediately
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
save image <location> offset <time> [ limit <number> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveSwitch
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
save image <url> <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveSwitch
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save image <url> [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveSwitch
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
now Save the image and reboot the system immediately
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save image <url> offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveSwitch
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save radius-server-key {radius-server|ldap-client} <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
radius-server-key Save certificate files for the local Aerohive RADIUS server to use
radius-server Save certificates that the local HiveSwitch uses when functioning as a RADIUS server
ldap-client Save certificates that the local HiveSwitch uses when functioning as an LDAP client
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save radius-server-key {radius-server|ldap-client} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
radius-server-key Save certificate files for the local Aerohive RADIUS server to use
radius-server Save certificates that the local HiveSwitch uses when functioning as a RADIUS server
ldap-client Save certificates that the local HiveSwitch uses when functioning as an LDAP client
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save server-files
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
server-files Save certificate and private key files used by the internal web and RADIUS servers and VPN from DRAM to flash memory for persistent storage after reboots (Note: For security reasons, these files are saved only in DRAM by default.)
save signature-file <location> [ limit <number> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
signature-file Remote image used for L7 application
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
save signature-file <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
signature-file Remote image used for L7 application
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save ssid <string> mac-bind <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
ssid Save a locally stored file to a remote server
<string> Enter the file name to upload to a remote server
mac-bind Save auth-ppsk mac-binding file
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save users <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
users Save private PSK (preshared key) configurations
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save users <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
users Save private PSK (preshared key) configurations
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save vpn {ca-cert|ee-cert|private-key} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
vpn Save a VPN certificate or private key file
ca-cert Save a CA (certificate authority) certificate for the HiveSwitch to verify its IKE peer's certificate
ee-cert Save an end-entity certificate for the HiveSwitch to use when authenticating itself to an IKE peer
private-key Save the private key for the HiveSwitch to use when creating its RSA signature
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save vpn {ee-cert|private-key|ca-cert} <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
vpn Save a VPN certificate or private key file
ee-cert Save an end-entity certificate for the HiveSwitch to use when authenticating itself to an IKE peer
private-key Save the private key for the HiveSwitch to use when creating its RSA signature
ca-cert Save a CA (certificate authority) certificate for the HiveSwitch to verify its IKE peer's certificate
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save web-page [ ppsk-self-reg ] web-directory <string> <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-page Save a file for use with the internal web server
ppsk-self-reg Save a file to the private PSK self-registration web directory (Note: The HiveSwitch, as a private PSK server, uses these files to respond to self-registration requests.)
web-directory Save a file to a specific web directory
<string> Enter the web directory name
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save web-page [ ppsk-self-reg ] web-directory <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-page Save a file for use with the internal web server
ppsk-self-reg Save a file to the private PSK self-registration web directory (Note: The HiveSwitch, as a private PSK server, uses these files to respond to self-registration requests.)
web-directory Save a file to a specific web directory
<string> Enter the web directory name
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save web-server-key <number> <location> [ comment <string> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-server-key Save certificate files for the internal web server to use
<number> Enter key file index for the internal web server (Range : 0-15)
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
comment Enter a comment
<string> Enter a comment (max 64 chars)
save web-server-key <number> <url> [ comment <string> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-server-key Save certificate files for the internal web server to use
<number> Enter key file index for the internal web server (Range : 0-15)
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
comment Set a comment about the certificate file
<string> Enter the comment (1-64 chars)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save {capture} local <string> <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
capture Save a packet capture file stored locally to a remote server
local Save a locally stored packet capture file to a remote server
<string> Enter the file name to upload to a remote server
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save {capture} local <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
capture Save a packet capture file stored locally to a remote server
local Save a locally stored packet capture file to a remote server
<string> Enter the file name to upload to a remote server
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
schedule <string> once <date> <time> to <date> <time> [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 chars)
once Set a one-time schedule
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
to Set a date and time range
<date> Enter an end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter an end time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
schedule <string> ppsk once <date> <time> to <date> <time> [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 chars)
ppsk Set a schedule to determine the validity period for the private PSK users to which the schedule is applied
once Set a one-time schedule
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
to Set a date and time range
<date> Enter an end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter an end time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
schedule <string> ppsk recurrent [ date-range <date> [ to <date> ] ] [ weekday <string> ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 chars)
ppsk Set a schedule to determine the validity period for the private PSK users to which the schedule is applied
recurrent Set a recurrent schedule
date-range Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
to Set a date range (If you do not want to set an end date, do not use this option.)
<date> Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
weekday Set the weekdays during which private PSK users are valid
<string> Enter one or more numbers to indicate which days the schedule is applied (1=Sunday, 2=Monday, ... 7=Saturday; Examples: 246=Monday, Wednesday, Friday; 23456=Monday-Friday; 1234567=everyday)
time-range Set a time range during which the schedule will be applied on each scheduled day
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
to Set a time range
<time> Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
time-range Set a second time range for the schedule
<time> Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
to Set a time range
<time> Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
schedule <string> recurrent [ date-range <date> [ to <date> ] ] [ weekday-range {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} [ to {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} ] ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 chars)
recurrent Set a recurrent schedule
date-range Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
to Set a date range (If you do not want to set an end date, do not use this option.)
<date> Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
weekday-range Apply the schedule on specific days of the week (To apply the schedule everyday, do not use this option.)
Monday Apply the schedule on every Monday within the date range
Tuesday Apply the schedule on every Tuesday within the date range
Wednesday Apply the schedule on every Wednesday within the date range
Thursday Apply the schedule on every Thursday within the date range
Friday Apply the schedule on every Friday within the date range
Saturday Apply the schedule on every Saturday within the date range
Sunday Apply the schedule on every Sunday within the date range
to Set a range of weekdays during which the schedule will be applied (Example: monday to friday)
Monday Apply the schedule on every Monday within the date range
Tuesday Apply the schedule on every Tuesday within the date range
Wednesday Apply the schedule on every Wednesday within the date range
Thursday Apply the schedule on every Thursday within the date range
Friday Apply the schedule on every Friday within the date range
Saturday Apply the schedule on every Saturday within the date range
Sunday Apply the schedule on every Sunday within the date range
time-range Set a time range during which the schedule will be applied on each scheduled day
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
to Set a time range
<time> Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
time-range Set a second time range for the schedule
<time> Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
to Set a time range
<time> Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
security mac-filter <string> address <mac_addr> {permit|deny} [ comment <string> ]
security Set the security parameters
mac-filter Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (1-32 chars)
address Set MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
permit Set the action of the specified MAC to permit
deny Set the action of the specified MAC to deny
comment Enter a comment
<string> Enter a comment (max 64 chars)
security mac-filter <string> default {permit|deny}
security Set the security parameters
mac-filter Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (1-32 chars)
default Set MAC-filter default action
permit Set MAC-filter default action to permit (Default: permit)
deny Set MAC-filter default action to deny (Default: permit)
security mac-filter <string> oui <oui> {permit|deny} [ comment <string> ]
security Set the security parameters
mac-filter Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (1-32 chars)
oui Set the OUI used to identify a vendor
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
permit Set the action of the specified OUI to permit
deny Set the action of the specified OUI to deny
comment Enter a comment
<string> Enter a comment (max 64 chars)
security-object <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security-object <string> default-user-profile-attr <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
default-user-profile-attr Set the attribute of the user profile to apply to user traffic by default
<number> Enter the default user profile attribute for the security object (Default: 0; Range: 0-4095)
security-object <string> dhcp-server lease-time <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
dhcp-server Set DHCP-server parameters
lease-time Set the lease time
<number> Enter the lease time in seconds (Default: 10; Range: 5-36000)
security-object <string> dhcp-server renewal-response {renew-nak-unicast|keep-silent}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
dhcp-server Set DHCP-server parameters
renewal-response Set the response to a DHCP lease renewal request for a nonexistent lease
renew-nak-unicast Respond to a DHCP lease renewal request for a nonexistent lease with a unicast DHCP-NAK message (Default: Broadcast a DHCP-NAK message)
keep-silent Do not respond to a DHCP lease renewal request for a nonexistent lease (Default: Broadcast a DHCP-NAK message)
security-object <string> mobile-device-policy <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile and the MAC OUI, domain, and OS of the user's client
<string> Enter a mobile device policy name (1-32 chars)
security-object <string> ppsk-web-server auth-user
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
auth-user Send credentials submitted by users during private PSK self-registration to a RADIUS server for authentication before issuing private PSKs to them
security-object <string> ppsk-web-server bind-to-ppsk-ssid <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
bind-to-ppsk-ssid Bind the SSID referencing this security object, which must be set with open authentication and an external captive web portal, to an SSID using private PSKs so the PSKs can be assigned to users automatically
<string> Enter the name of the SSID using private PSK authentication (1-32 chars)
security-object <string> ppsk-web-server https
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
https Use HTTPS for redirection from the private PSK authenticator to the private PSK server (Default: HTTP)
security-object <string> ppsk-web-server login-page <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
login-page Specify the .cgi file on the private PSK web server through which the user registers (Default: ppsk-index.cgi)
<string> Enter the .cgi file name for the registration page (1-32 chars; Note: The file name cannot be index.cgi.)
security-object <string> ppsk-web-server login-script <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
login-script Specify the .cgi file that the private PSK web server uses for processing user registration requests (Default: ppsk-login.cgi)
<string> Enter the script name (1-32 chars)
security-object <string> ppsk-web-server web-directory <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
web-directory Set the name of the web directory containing the login page and script files that the private PSK web server uses
<string> Enter the web directory name (1-32 chars)
security-object <string> security aaa radius-server [ first-retry-interval <number> ] [ max-retries <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
first-retry-interval Set the initial interval to wait for a RADIUS auth or accounting server to reply before resending a request(Note: A NAS makes repeated requests before failing over to a backup server, and the interval for each successive attempt is double that of the previous one. Example: If an initial interval is 3 secs, 3 retry intervals are 3-6-12.)
<number> Enter the initial retry interval in seconds (Range: 1-5; Default: 3)
max-retries Set the maximum number of retries to elicit a response from the RADIUS server before failing over to a backup RADIUS server (if a backup server is configured)
<number> Enter the maximum number of retries (Range: 1-5; Default: 3)
security-object <string> security aaa radius-server account-interim-interval <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
account-interim-interval Set the interval in seconds for sending RADIUS accounting updates
<number> Enter the interval in seconds for sending RADIUS accounting updates (Default: 600 secs; Range: 10-100000000)
security-object <string> security aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
accounting Set parameters for a RADIUS accounting server
primary Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets first
backup1 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the primary server does not respond
backup2 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup1 server does not respond
backup3 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup2 server does not respond
<ip_addr> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
<string> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
shared-secret Set the shared secret for securing communications with RADIUS accounting servers
<string> Enter the shared secret (1-64 chars)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
security-object <string> security aaa radius-server dynamic-auth-extension
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
dynamic-auth-extension Enable the HiveAP acting as a NAS to accept unsolicited messages from the RADIUS authentication server (Default: Disabled)
security-object <string> security aaa radius-server idm [ pri ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
idm Set ID Manager as RADIUS server
pri Set the ID Manager RADIUS server to have the highest priority
security-object <string> security aaa radius-server idm acct-disable
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
idm Set ID Manager as RADIUS server
acct-disable Disable the accounting function in the AP when using ID Manager authentication (Default: Enabled)
security-object <string> security aaa radius-server inject Operator-Name
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
inject Set injection parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
security-object <string> security aaa radius-server retry-interval <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
retry-interval Set RADIUS server retry interval
<number> Enter RADIUS server retry interval (Default: 600 secs; Range: 60-100000000)
security-object <string> security aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
primary Set the RADIUS server that is first queried when authenticating users
backup1 Set the RADIUS server that is queried if the primary server stops responding
backup2 Set the RADIUS server that is queried if the backup1 server stops responding
backup3 Set the RADIUS server that is queried if the backup2 server stops responding
<ip_addr> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
<string> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
auth-port Set the RADIUS authentication port number
<number> Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
security-object <string> security aaa user-profile-mapping attribute-id <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
user-profile-mapping Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
attribute-id Set an ID for a RADIUS attribute that contains the text that maps to the user profile (Default: 11; Note: Attribute ID 11 corresponds to the Filter-ID RADIUS attribute.)
<number> Enter the RADIUS attribute ID number (Range: 1-255)
security-object <string> security aaa user-profile-mapping enable
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
user-profile-mapping Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
enable Enable the mapping of attribute values to user profile attributes (Default: Disabled)
security-object <string> security aaa user-profile-mapping vendor-id <number> attribute-id <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
user-profile-mapping Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
vendor-id Set a vendor ID RADIUS attribute
<number> Enter the vendor ID number (Range: 1-65535)
attribute-id Set an ID for a private RADIUS attribute
<number> Enter the private RADIUS attribute ID number to be combined with the vendor ID number (Range: 1-255)
security-object <string> security additional-auth-method captive-web-portal [ reg-user-profile-attr <number> ] [ auth-user-profile-attr <number> ] [ timeout <number> ] [ timer-display ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
reg-user-profile-attr Set the registered user profile attribute
<number> Enter the registered user profile attribute (Default: 0; Range: 0-4095)
auth-user-profile-attr Set the default authenticated user profile
<number> Enter the default authenticated user profile (Default: 0; Range: 0-4095)
timeout Set the default timeout for a registered user's session (Note: A timeout provided by an external authentication server overrides this setting.)
<number> Enter the timeout in minutes (Default: 720 mins; Range: 1-120960)
timer-display Enable timer-display windows to communicate login and session information
security-object <string> security additional-auth-method captive-web-portal anonymous-access
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
anonymous-access Enable anonymous access which will indicate users to read and accept the network use policy and apply a time and data usage limit to the client (Default: Disabled)
security-object <string> security additional-auth-method captive-web-portal apple-wispr-bypass
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
apple-wispr-bypass Set AP bypass the WISPr from apple devices(Default: Disabled)
security-object <string> security additional-auth-method captive-web-portal auth-method [ {pap|chap|ms-chap-v2} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
auth-method Set the CWP (captive web portal) user authentication method
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
security-object <string> security additional-auth-method captive-web-portal check-use-policy
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
check-use-policy Check if users select the check box on the login page to indicate they have read and accepted the network use policy (Note: This option only applies to captive web portals that require user authentication and use policy acceptance.)
security-object <string> security additional-auth-method captive-web-portal cloud-cwp api-key <string> api-nonce <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
cloud-cwp Set a cloud captive web portal for additional user authentication or registration
api-key Set the API key used to encrypt traffic between the Aerohive device and the cloud services
<string> Enter the API key (16 chars)
api-nonce Set the API nonce
<string> Enter the API nonce (1-64 chars)
security-object <string> security additional-auth-method captive-web-portal cloud-cwp customer-id <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
cloud-cwp Set a cloud captive web portal for additional user authentication or registration
customer-id Set customer ID for cloud captive web portal
<string> Enter the customer ID (1-16 chars)
security-object <string> security additional-auth-method captive-web-portal cloud-cwp enable
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
cloud-cwp Set a cloud captive web portal for additional user authentication or registration
enable Enable cloud captive web portal
security-object <string> security additional-auth-method captive-web-portal cloud-cwp service-id <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
cloud-cwp Set a cloud captive web portal for additional user authentication or registration
service-id Set the service ID for cloud captive web portal
<number> Enter service ID number(Range: 1-255)
security-object <string> security additional-auth-method captive-web-portal cloud-cwp url-root-path <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
cloud-cwp Set a cloud captive web portal for additional user authentication or registration
url-root-path Set the root URL path to register CWP portal service
<string> Enter the HTTP protocol, remote server domain name, port, directory path(Range: 1-256 chars, Format: https://domain/path)
security-object <string> security additional-auth-method captive-web-portal default-language {chinese-simple|chinese-traditional|dutch|english|french|german|italian|korean|spanish|portuguese|swedish|japanese|norwegian|danish}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
default-language Set the default language for the captive web portal web pages
chinese-simple Set Simple Chinese as the default language
chinese-traditional Set Traditional Chinese as the default language
dutch Set Dutch as the default language
english Set English as the default language
french Set French as default language
german Set German as the default language
italian Set Italian as the default language
korean Set Korean as the default language
spanish Set Spanish as the default language
portuguese Set Portuguese as default language
swedish Set Swedish as the default language
japanese Set Japanese as the default language
norwegian Set Norwegian as the default language
danish Set Danish as the default language
security-object <string> security additional-auth-method captive-web-portal external-server {primary} login-page <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
login-page Set the login page to which the HiveAP redirects traffic from unregistered users
<string> Enter the login page URL (1-256 chars; Format: http:///.php/; Example: http://10.1.1.20/weblogin.php/5)
security-object <string> security additional-auth-method captive-web-portal external-server {primary} password-encryption uam-basic
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
password-encryption Set the method for encrypting the user password that the HiveAP forwards to the RADIUS server
uam-basic Set the encryption method as UAM (User Authentication Module)-Basic (Note: The HiveAP uses XOR to recover the password encrypted by the external CWP and sends it to the RADIUS server. PAP, CHAP, or MSCHAPv2 can be used. Default: No encryption)
security-object <string> security additional-auth-method captive-web-portal external-server {primary} password-encryption uam-shared <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
password-encryption Set the method for encrypting the user password that the HiveAP forwards to the RADIUS server
uam-shared Set the encryption method as UAM-Shared (Note: The HiveAP sends the user password encrypted by the external CWP and the means for the RADIUS server to perform the same operation and validate the user's password by comparing results. CHAP must be used. Default: No encryption)
<string> Enter the shared secret (1-128 chars)
security-object <string> security additional-auth-method captive-web-portal external-server {primary} {success-register|no-roaming-at-login|no-radius-auth}
security-object Set parameters fo