Aerohive CLI Guide for HiveOS 6.4r1 release ( CVG)

The following is a complete list of commands available in the HiveOS 6.4r1 release for the CVG along with explanations of every keyword. Click a command to see its keyword explanations. Then click the Back Arrow in your browser to return to the list of commands. For an introduction to the Aerohive CLI, explaining different ways to access it, some keyboard shortcuts, and usage tips, click here.

aaa attribute NAS-Identifier <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
NAS-Identifier Set the RADIUS Access-Request and Accounting-Request packets NAS-Identifier parameter (Note: The NAS identifier contains a string that identifies the NAS that is originating the access or accounting request.)
<string> Enter the custom NAS-Identifier (Default: HiveAP host name; 1-64 chars)
aaa attribute Operator-Name namespace-id <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
namespace-id Set the namespace ID parameter of the Operator-Name (Default: realm)
<number> Enter a number used for namespace ID (Range: 4-206; Note: These namespace ID values anticipate future additions to the list of namespaces as defined by IANA and reference in RFC 5580.)
aaa attribute Operator-Name namespace-id {TADIG|REALM|E212|ICC}
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
namespace-id Set the namespace ID parameter of the Operator-Name (Default: realm)
TADIG Set the Namespace-ID parameter to TADIG (Transferred Account Data Interchange Group; Note: TADIG namespaces include a country code and a company code, and are used in cellular telephone networks.)
REALM Set the Namespace-ID parameter to REALM (Note: Realm namespaces must be globally unique, so administrators commonly use device fully qualified domain name.)
E212 Set the Namespace-ID parameter to E212 (Note: The E.212 standard is defined in the ITU (International Telecommunication Union) standard. E.212 namespaces include a mobile country code and a mobile network code, and are used in cellular telephone networks.)
ICC Set the Namespace-ID parameter to ICC (ITU carrier code; Note: ICC namespaces consist of a country code and the carrier code, and are used in cellular telephone networks.)
aaa attribute Operator-Name value <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
value Set the value for the operator name attribute
<string> Enter a string for Operator-Name(1-64 chars)
aaa attribute user-profile-attribute vendor-id <number> attribute-id <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
attribute Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
user-profile-attribute Map a RADIUS attribute to the user profile
vendor-id Set a vendor ID RADIUS attribute
<number> Enter the vendor ID number (Range: 1-65535; Note: Aerohive recommends a vendor ID of 26928, which identifies Aerohive as the vendor.)
attribute-id Set an ID for a private RADIUS attribute
<number> Enter the private RADIUS attribute ID number to be combined with the vendor ID number(Range: 1-255; Note: Aerohive recommends an attribute ID of 6, which corresponds to the user profile attribute.)
aaa mac-format case-sensitivity {lower-case|upper-case}
aaa Set parameters for AAA (authentication, authorization, accounting)
mac-format Set the MAC address format to use when sending client MAC addresses to an external authentication server
case-sensitivity Set the letter case to use when formatting MAC addresses
lower-case Use lowercase formatting (Example: 01ab23cd45ef; Default: lower-case)
upper-case Use uppercase formatting (Example: 01AB23CD45EF; Default: lower-case)
aaa mac-format delimiter {dash|dot|colon}
aaa Set parameters for AAA (authentication, authorization, accounting)
mac-format Set the MAC address format to use when sending client MAC addresses to an external authentication server
delimiter Set the type of delimiter to use when formatting MAC addresses
dash Set a dash ( - ) as the MAC address delimiter (Default: colon)
dot Set a dot ( . ) as the MAC address delimiter (Default: colon)
colon Set a colon ( : ) as the MAC address delimiter (Default: colon)
aaa mac-format style {two-delimiter|five-delimiter|no-delimiter}
aaa Set parameters for AAA (authentication, authorization, accounting)
mac-format Set the MAC address format to use when sending client MAC addresses to an external authentication server
style Set the number of delimiters to use when grouping the hexadecimal digits in a MAC address
two-delimiter Set the number of delimiters in a MAC address as two (Example: 0123.4567.89ab; Default: no-delimiter)
five-delimiter Set the number of delimiters in a MAC address as five (Example: 01-23-45-67-89-ab; Default: no-delimiter)
no-delimiter Set the number of delimiters in a MAC address as none (Example: 0123456789ab; Default: no-delimiter)
aaa ppsk-server auto-save-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
ppsk-server Set parameters for the local HiveAP when it is acting as a private PSK server
auto-save-interval Set the length of time to save the list of private PSK-to-client MAC address bindings to flash memory
<number> Enter the interval in seconds(Default: 600 sec; Range: 60-3600)
aaa ppsk-server radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ via-vpn-tunnel ]
aaa Set parameters for AAA (authentication, authorization, accounting)
ppsk-server Set parameters for the local HiveAP when it is acting as a private PSK server
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
primary Set the RADIUS server that is first queried when authenticating users
backup1 Set the RADIUS server that is queried if the primary server stops responding
backup2 Set the RADIUS server that is queried if the backup1 server stops responding
backup3 Set the RADIUS server that is queried if the backup2 server stops responding
<ip_addr> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
<string> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
auth-port Set the RADIUS authentication port number
<number> Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
aaa radius-server account-interim-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
account-interim-interval Set the interval in seconds for sending RADIUS accounting updates
<number> Enter the interval in seconds for sending RADIUS accounting updates (Default: 20; Range: 10-100000000)
aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
accounting Set parameters for a RADIUS accounting server
primary Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets first
backup1 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the primary server does not respond
backup2 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup1 server does not respond
backup3 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup2 server does not respond
<ip_addr> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
<string> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
shared-secret Set the shared secret for securing communications with RADIUS accounting servers
<string> Enter the shared secret (1-64 chars; Note: The RADIUS shared secret is case sensitive and can contain spaces.)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
aaa radius-server dynamic-auth-extension
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
dynamic-auth-extension Enable the HiveAP acting as a NAS to accept unsolicited messages from the RADIUS authentication server (Default: Disabled)
aaa radius-server inject Operator-Name
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
inject Set injection parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
aaa radius-server keepalive enable
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
enable Set parameters for periodically checking network connectivity to RADIUS servers
aaa radius-server keepalive interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
interval Set the interval between periodic connectivity status checks
<number> Enter the interval in seconds (Default: 60; Range: 60-86400)
aaa radius-server keepalive retry <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
retry Set the number of times to retry sending an Access-Request or Accounting-Request that does not elicit a response from a RADIUS authentication or accounting server
<number> Enter the retry value (Default: 3; Range: 1-10)
aaa radius-server keepalive retry-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
retry-interval Set the interval between retries if no response is received from the RADIUS server
<number> Enter the retry interval value in seconds (Default: 10; Range: 1-60)
aaa radius-server keepalive username <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
username Set the user name to submit in Access-Request messages when checking the connectivity to RADIUS authentication servers
<string> Enter the user name (1-32 chars)
password Set the password to submit in Access-Request messages
<string> Enter the password (1-64 chars)
aaa radius-server local attr-map group-attr-name <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
attr-map Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
group-attr-name Set the user group attribute name that is defined on the LDAP server
<string> Enter the attribute name (1-32 chars; Note: The attribute type must be "string". Default attribute in AD: memberOf; in OD: apple-group-realname; in LDAP server: radiusGroupName)
aaa radius-server local attr-map reauth-attr-name <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
attr-map Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
reauth-attr-name Set the user reauthentication time attribute name that is defined on the LDAP server
<string> Enter the attribute name (1-32 chars; Note: The attribute type must be "integer". Default attribute in AD: msRADIUSServiceType; in LDAP server: radiusServiceType)
aaa radius-server local attr-map user-profile-attr-name <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
attr-map Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
user-profile-attr-name Set the user group ID attribute name that is defined on the LDAP server
<string> Enter the attribute name (1-32 chars; Note: The attribute type must be "string". Default attribute in AD: msRADIUSCallbackNumber; in LDAP server: radiusCallbackNumber)
aaa radius-server local attr-map vlan-attr-name <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
attr-map Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
vlan-attr-name Set the VLAN ID attribute that is defined on the LDAP server
<string> Enter the attribute name (1-32 chars; Note: The attribute type must be "string". Default attribute in AD: msRASSavedCallbackNumber; in LDAP server: radiusCallbackId)
aaa radius-server local cache lifetime <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
cache Set parameters for caching user-authentication responses from external LDAP servers
lifetime Set the lifetime for entries in the RADIUS server cache
<number> Enter the lifetime for keeping entries in the RADIUS server cache (Default: 86400 seconds; Range: 3600-2592000)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} computer-ou <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
computer-ou Set the OU (organizational unit) used on the Active Directory server where the AP RADIUS server admin has privileges to add the AP as a computer in the domain
<string> Enter the OU (Max: 256 chars; Format: ou/sub-ou/sub-ou; Note: If there are any spaces, enclose the entire string in quotation marks.)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> binddn <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
domain Set the domain name of the AD domain controller
<string> Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
binddn Set the bindDN (distinguished name) under which LDAP searches are done (Note: bindDN must be set if want to get attributes from AD server or want to check TLS username against LDAP server.)
<string> Enter the bindDN name (1-256 chars)
password Set the password which authenticate the bindDN
<string> Enter the password (1-64 chars)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> fullname <string> [ default ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
domain Set the domain name of the AD domain controller
<string> Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
fullname Set the full DNS name of the domain to which the RADIUS server (local AP) and AD server both belong
<string> Enter the full DNS name of the domain (1-64 chars)
default Set the domain as the default domain, which will be added to the RADIUS request if no domain name appears in the request
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> server <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
domain Set the domain name of the AD domain controller
<string> Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
server Set the IP address or resolvable domain name for the AD server (Note: The AD server is the same as the domain controller.)
<string> Enter the IP address or domain name (1-64 chars)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} login admin-user <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
login Set admin user name and password that the local AP will use to access the AD server
admin-user Set the admin user name
<string> Enter the user name (1-32 chars)
password Set the password which authenticate the login user
<string> Enter the password (1-64 chars)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} {server} <string> [ {via-vpn-tunnel} ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
server Set the IP address or resolvable domain name for the AD server
<string> Enter the IP address or domain name (1-64 chars)
via-vpn-tunnel Send all traffic from the AP RADIUS authentication server to the AD server through a VPN tunnel (Note: Set this option on VPN clients when the AD server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} {tls-enable|global-catalog}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
tls-enable Enable TLS authentication that the local AP, as an LDAP client, uses with the AD server (Default: Disabled)
global-catalog Set the AP to use TCP port 3268 when doing an LDAP search on an AD global catalog server (Default: Disabled)
aaa radius-server local db-type ldap-server sub-type edirectory
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
sub-type Set the type of LDAP server
edirectory Set the user database on an eDirectory LDAP server
aaa radius-server local db-type ldap-server sub-type edirectory acct-policy-check
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
sub-type Set the type of LDAP server
edirectory Set the user database on an eDirectory LDAP server
acct-policy-check Enable the Novell eDirectory account policy check and intruder detection for RADIUS users (Default: Disabled)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} basedn <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
basedn Set the base DN (distinguished name) where the user profiles are located in the LDAP tree structure
<string> Enter the base DN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} binddn <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
binddn Set the bind DN (distinguished name) under which LDAP searches are done
<string> Enter the bind DN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
password Set the password which authenticate the bindDN
<string> Enter the password (1-64 chars)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} filter-attr <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
filter-attr Set the LDAP search filter to locate user objects using the name the client supplies during RADIUS authentication
<string> Enter the filter attribute used to search for the user (Default: "cn"; 1-32 chars)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} no-strip-filter
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
no-strip-filter Do not strip the realm name
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} port <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
port Set the destination port number for communicating with the LDAP server
<number> Enter the destination port number (Default: 389, 636 for LDAPS; Range: 1-65535)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} protocol {ldap|ldaps}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
protocol Set the protocol for communicating with the LDAP server
ldap Set LDAP as the protocol for communicating with the LDAP server (Default: LDAP)
ldaps Set LDAPS (Secure LDAP) as the protocol for communicating with the LDAP server (Default: LDAP)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} {server} <string> [ {via-vpn-tunnel} ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
server Set the IP address or resolvable domain name for the LDAP server
<string> Enter the IP address or domain name (1-32 chars)
via-vpn-tunnel Send all traffic from the AP RADIUS authentication server to the LDAP server through a VPN tunnel(Note: Set this option on VPN clients when the LDAP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
aaa radius-server local db-type library-sip-server {primary} institution-id <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
institution-id Set institution ID that the local RADIUS server provides when exchanging messages with the library SIP server
<string> Enter the institution ID (1-64 chars)
aaa radius-server local db-type library-sip-server {primary} login-enable
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
login-enable Enable the AP, acting as a library SIP client, to log in when connecting to the library SIP server (Default: Disabled)
aaa radius-server local db-type library-sip-server {primary} login-user <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
login-user Set the user name that the local RADIUS server submits when logging in to the library SIP server
<string> Enter the user name (1-32 chars)
password Set the password that the local AP RADIUS server submits when logging in to the library SIP server
<string> Enter the password (1-32 chars)
aaa radius-server local db-type library-sip-server {primary} port <port>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
port Set the library SIP server port number
<port> [1~65535]Enter the port number (Default: 6001; Range: 1-65535)
aaa radius-server local db-type library-sip-server {primary} separator <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
separator Set the character that the library SIP server uses to separate multiple field name + value entries
<string> Enter the separator (1 char; Default: '|')
aaa radius-server local db-type library-sip-server {primary} {server} <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
server Set IP address or domain name of the library SIP server
<string> Enter the IP address or domain name (Domain name: 1-32 chars)
aaa radius-server local db-type local
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
local Set the user database on the local AP
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} admin-user <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
admin-user Set the admin user name that the local AP uses when logging in to the OD server
<string> Enter the user name (1-32 chars)
password Set the password that the local AP uses when logging in to the OD server
<string> Enter the password (1-64 chars)
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} domain <string> binddn <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
domain Set the domain name of the OD domain controller
<string> Enter the name of the domain (1-64 chars)
binddn Set the bindDN (distinguished name) under which LDAP searches are done
<string> Enter the bindDN name (1-256 chars)
password Set the password which authenticate the bindDN
<string> Enter the password (1-64 chars)
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} domain <string> fullname <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
domain Set the domain name of the OD domain controller
<string> Enter the name of the domain (1-64 chars)
fullname Set the full DNS name of the OD domain server
<string> Enter the full DNS name of the domain (1-64 chars)
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} filter-attr <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
filter-attr Set the LDAP search filter to locate user objects using the name the client supplies during RADIUS authentication
<string> Enter the filter attribute used to search for the user (Default: "uid"; 1-32 chars)
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} no-strip-filter
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
no-strip-filter Do not strip the realm name
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} tls-enable
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
tls-enable Enable TLS authentication that the local AP, as an LDAP client, uses with the OD server (Default: Disabled)
aaa radius-server local ldap-auth {primary|backup1|backup2|backup3} type tls ca-cert <string> [ client-cert <string> private-key <string> [ private-key-password <string> ] ] [ verify-server {never|try|demand} ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
ldap-auth Set the authentication method that the local AP, as an LDAP client, uses with the LDAP server
primary Set the authentication method for the first LDAP server
backup1 Set the authentication method for the second LDAP server
backup2 Set the authentication method for the third LDAP server
backup3 Set the authentication method for the fourth LDAP server
type Set the authentication type to use for LDAP communications
tls Set the authentication type as TLS (Transport Layer Security)
ca-cert Set the CA certificate that the local AP uses when authenticating itself as an LDAP client to an LDAP server
<string> Enter the file name of the CA certificate (1-32 chars)
client-cert Set the client certificate that the local AP uses when authenticating itself to an LDAP server
<string> Enter the file name of the client certificate (1-32 chars)
private-key Set the private key that the local AP uses to authenticate itself to an LDAP server
<string> Enter the name of the private key file (1-32 chars)
private-key-password Set the password for the private key that is used when forming a TLS tunnel
<string> Enter the password (1-32 chars)
verify-server Set options for verifying the LDAP server (Default: LDAP server verification is try.)
never never verify the identity of the LDAP server (Default: try)
try try verify the identity of the LDAP server (Default: try)
demand demand verify the identity of the LDAP server (Default: try)
aaa radius-server local library-sip-policy <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
library-sip-policy Set a library SIP policy to enforce when the local RADIUS server acts as a library SIP client
<string> Enter the library SIP policy name (1-32 chars)
aaa radius-server local local-check-period <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
local-check-period Set the length of time that the local AP RADIUS server checks just its cache of user-authentication responses and its own database before retrying previously unresponsive LDAP servers
<number> Enter the interval for checking the local RADIUS cache and database (Default: 300 secs; Min: 30; Max: 3600)
aaa radius-server local nas <string> shared-key <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
nas Set parameters for communicating with other hive members acting as the RADIUS NAS (Network Access Server) devices
<string> Enter the IP address or resolvable domain name (1-32 chars) for a single NAS device or the subnet for multiple devices
shared-key Set the shared secret for authenticating communications with the RADIUS NAS
<string> Enter the shared secret (1-31 chars)
aaa radius-server local nas <string> tls
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
nas Set parameters for communicating with other hive members acting as the RADIUS NAS (Network Access Server) devices
<string> Enter the IP address or resolvable domain name (1-32 chars) for a single NAS device or the subnet for multiple devices
tls Set TLS (Transport Layer Security) encryption for securing communications with the RADIUS NAS devices
aaa radius-server local port <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
port Set the local RADIUS port number
<number> Enter the RADIUS port number (Default: 1812; Range: 1-65535)
aaa radius-server local remote-check-period <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
remote-check-period Set the length of time that the local AP RADIUS server will repeatedly try contacting an unresponsive LDAP server before giving up
<number> Enter the LDAP server retry interval (Default: 30 secs; Min: 10; Max: 3600)
aaa radius-server local retry-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
retry-interval Set the interval after which the AP RADIUS server tries to contact a previously unresponsive primary LDAP server (even if a backup server is currently responding)
<number> Enter the interval for retrying the primary LDAP server (Default: 600 secs; Min: 60; Max: 200000000)
aaa radius-server local shared-secret-auto-gen
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
shared-secret-auto-gen Enable the automatic generation of shared secrets when static entries are not found (Default: Enabled)
aaa radius-server local sta-auth ca-cert <string> server-cert <string> private-key <string> [ private-key-password <string> ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
sta-auth Set the authentication type and certificate parameters for authenticating users
ca-cert Set the CA certificate for a TLS (Transport Layer Security) tunnel
<string> Enter the file name of the CA certificate (1-32 chars)
server-cert Set the server certificate used when forming a TLS tunnel
<string> Enter the file name of the server certificate (1-32 chars)
private-key Set the private key used when forming a TLS tunnel
<string> Enter the name of the private key file (1-32 chars)
private-key-password Set the password for encrypting the private key used when forming a TLS tunnel
<string> Enter a password (1-64 chars)
aaa radius-server local sta-auth default-type {leap|peap|tls|ttls|md5}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
sta-auth Set the authentication type and certificate parameters for authenticating users
default-type Set the default RADIUS authentication type
leap Set LEAP (Lightweight Extensible Authentication Protocol) as the default RADIUS authentication type (Default: peap)
peap Set PEAP (Protected Extensible Authentication Protocol) as the default RADIUS authentication type (Default: peap)
tls Set TLS (Transport Layer Security) as the default RADIUS authentication type (Default: peap)
ttls Set TTLS (Tunneled TLS) as the default RADIUS authentication type (Default: peap)
md5 Set MD5 as the default RADIUS authentication type (Default: peap)
aaa radius-server local sta-auth type tls {check-cert-cn|check-in-db}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
sta-auth Set the authentication type and certificate parameters for authenticating users
type Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
tls Set TLS (Transport Layer Security) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
check-cert-cn Check the CN (common name) in the certificate against the user name (Default: Disabled)
check-in-db Query databases to check if the user exists (Default: Disabled)
aaa radius-server local sta-auth type {leap|peap|tls|ttls|md5}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
sta-auth Set the authentication type and certificate parameters for authenticating users
type Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
leap Set LEAP (Lightweight Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
peap Set PEAP (Protected Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
tls Set TLS (Transport Layer Security) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
ttls Set TTLS (Tunneled TLS) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
md5 Set MD5 as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
aaa radius-server local sta-auth type {peap|ttls} check-in-db
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
sta-auth Set the authentication type and certificate parameters for authenticating users
type Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
peap Set PEAP (Protected Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
ttls Set TTLS (Tunneled TLS) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
check-in-db Enable the local RADIUS server to query the Active Directory database to check that user accounts are stored under the proper baseDN before authenticating them (Default: Disabled)
aaa radius-server local user-group <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
user-group Add a user group on the local RADIUS server
<string> Enter the user group name (1-32 chars)
aaa radius-server local {enable|cache}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
enable Enable RADIUS server functionality on the local AP
cache Set parameters for caching user-authentication responses from external LDAP servers
aaa radius-server name <string> acct-port <port>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
name Set the name for the RADIUS server
<string> Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
acct-port Set the RADIUS accounting port number
<port> [1~65535]Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
aaa radius-server name <string> auth-port <port>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
name Set the name for the RADIUS server
<string> Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
auth-port Set the RADIUS authentication port number
<port> [1~65535]Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
aaa radius-server name <string> server <string> shared-secret <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
name Set the name for the RADIUS server
<string> Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
server Set the IP address or resolvable domain name for the RADIUS server
<string> Enter the IP address or domain name (max 32 chars)
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret (1-64 chars; Note: The RADIUS shared secret is case sensitive and can contain spaces.)
aaa radius-server name <string> server <string> tls
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
name Set the name for the RADIUS server
<string> Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
server Set the IP address or resolvable domain name for the RADIUS server
<string> Enter the IP address or domain name (max 32 chars)
tls Set TLS (Transport Layer Security) encryption for authenticating communications with the RADIUS server
aaa radius-server name <string> tls-port <port>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
name Set the name for the RADIUS server
<string> Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
tls-port Set the TLS (Transport Layer Security) port number
<port> [1~65535]Enter the TLS port number (Range: 1-65535; Default: 2083)
aaa radius-server proxy dead-time <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
dead-time Set the interval after which the AP tries to contact a previously unresponsive RADIUS server
<number> Enter the interval in seconds (Default: 300; Range: 30-3600)
aaa radius-server proxy inject operator-name
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
inject Set injection parameters for RADIUS Access-Request and Accounting-Request packets
operator-name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
aaa radius-server proxy radsec acct-port <port>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
radsec Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
acct-port Set the RadSec proxy accounting port number
<port> [1~65535]Enter the RadSec proxy accounting port number (Range: 1-65535; Default: 1813)
aaa radius-server proxy radsec auth-port <port>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
radsec Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
auth-port Set the RadSec proxy authentication port number
<port> [1~65535]Enter the RadSec proxy authentication port number (Range: 1-65535; Default: 1812)
aaa radius-server proxy radsec dynamic-auth-extension
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
radsec Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
dynamic-auth-extension Enable the RadSec proxy to accept unsolicited messages from the RADIUS authentication server (Default: Disabled)
aaa radius-server proxy radsec enable
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
radsec Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
enable Enable RadSec proxy functionality on the Aerohive device
aaa radius-server proxy radsec realm <string> {primary|backup} <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
radsec Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
realm Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
<string> Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
primary Assign a primary RADIUS server to the realm
backup Assign a backup RADIUS server to the realm
<string> Enter the RADIUS server name (1-32 chars)
aaa radius-server proxy radsec tls-port <port>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
radsec Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
tls-port Set the auth proxy TLS port number (Max: 8 ports per Aerohive device)
<port> [1~65535]Enter the auth proxy TLS port number (Range: 1-65535; Default: 80,443)
aaa radius-server proxy realm <string> no-strip
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
realm Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
<string> Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
no-strip Do not strip the realm name from a submitted user name when proxying requests to the RADIUS server (Default: The realm name is stripped from proxied requests.)
aaa radius-server proxy realm <string> {primary|backup} <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
realm Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
<string> Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
primary Assign a primary RADIUS server to the realm
backup Assign a backup RADIUS server to the realm
<string> Enter the RADIUS server name (1-32 chars)
aaa radius-server proxy realm format {nai|nt-domain}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
realm Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
format Set the format in which a realm name is appended to a user's name in request packets
nai Set NAI (network access identifier) as the realm name format: user@realm (Default: NAI)
nt-domain Set Windows NT domain as the realm name format: realm\user (Default: NAI)
aaa radius-server proxy retry-delay <number> retry-count <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
retry-delay Set the interval to wait for a response from the RADIUS server before resending a proxied request
<number> Enter the interval between retries in seconds (Default: 5; Range: 3-10)
retry-count Set the number of times to retry proxying a request to the RADIUS server
<number> Enter the number of retries (Default: 3; Range: 1-10)
aaa radius-server retry-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
retry-interval Set RADIUS server retry interval
<number> Enter RADIUS server retry interval (Default: 600 secs; Range: 60-100000000)
aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
primary Set the RADIUS server that is first queried when authenticating users
backup1 Set the RADIUS server that is queried if the primary server stops responding
backup2 Set the RADIUS server that is queried if the backup1 server stops responding
backup3 Set the RADIUS server that is queried if the backup2 server stops responding
<ip_addr> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
<string> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
auth-port Set the RADIUS authentication port number
<number> Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
access-console custom-ssid <string>
access-console Set access console parameters
custom-ssid Set custom SSID profile name for the access console
<string> Enter an SSID profile name (1-32 chars)
access-console hide-ssid
access-console Set access console parameters
hide-ssid Hide the SSID in beacons and ignore broadcast probe requests(Default: disabled)
access-console max-client <number>
access-console Set access console parameters
max-client Set the maximum number of clients that can associate with the access console SSID
<number> Enter the maximum number of clients that can associate (Default: 2; Range: 1-64)
access-console mode {auto|disable|enable}
access-console Set access console parameters
mode Set the mode for the access console (Note: 'auto' enables the access console only when there is no Ethernet or wireless backhaul connection. 'enable' and 'disable' set the mode manually.)
auto Set the mode as auto (Default: auto)
disable Set the mode as disable (Default: auto)
enable Set the mode as enable (Default: auto)
access-console security mac-filter <string>
access-console Set access console parameters
security Set the security parameters for the access console
mac-filter Assign a MAC filter to the access console to restrict access only to those MAC addresses and OUIs (organizational unique identifiers) specified in the filter
<string> Enter the filter name (1-32 chars)
access-console security protocol-suite open
access-console Set access console parameters
security Set the security parameters for the access console
protocol-suite Set the security protocol suite for the access console
open Set the security protocol suite as open
access-console security protocol-suite {wpa-aes-psk|wpa-tkip-psk|wpa2-aes-psk|wpa2-tkip-psk|wpa-auto-psk} ascii-key <string>
access-console Set access console parameters
security Set the security parameters for the access console
protocol-suite Set the security protocol suite for the access console
wpa-aes-psk Set the security protocol suite as wpa-aes-psk
wpa-tkip-psk Set the security protocol suite as wpa-tkip-psk
wpa2-aes-psk Set the security protocol suite as wpa2-aes-psk
wpa2-tkip-psk Set the security protocol suite as wpa2-tkip-psk
wpa-auto-psk Set the security protocol suite as wpa-auto-psk
ascii-key Set key type as an ASCII string
<string> Enter the ASCII key value (8-63 chars)
access-console telnet
access-console Set access console parameters
telnet Enable Telnet manageability of the access console (Default: enabled)
admin auth radius-method [ {pap|chap|ms-chap-v2} ]
admin Set the administrator parameters
auth Set the administrators authentication method
radius-method Authenticate admins by checking accounts stored on an external RADIUS server
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the AP and RADIUS server (Default: PAP)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the AP and RADIUS server (Default: PAP)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the AP and RADIUS server (Default: PAP)
admin auth {local|radius|both}
admin Set the administrator parameters
auth Set the administrators authentication method
local Authenticate admins by checking accounts stored on the local database (Default: local)
radius Authenticate admins by checking accounts stored on an external RADIUS server
both Authenticate admins by checking accounts on an external RADIUS server first and the local database second
admin manager-ip <ip_addr/netmask>
admin Set the administrator parameters
manager-ip Allow administrative access from a host or subnet (By default, access from all addresses are allowed.)
<ip_addr/netmask> Enter an IP address and netmask
admin min-password-length <number>
admin Set the administrator parameters
min-password-length Set the minimum password length
<number> Enter the minimum password length (Default: 8; Range: 8-32)
admin root-admin <string> password <string>
admin Set the administrator parameters
root-admin The root-admin has complete privileges, including the ability to add, modify, and delete other admins
<string> Enter root-admin name (3-20 chars)
password Set password for the root-admin
<string> Set password for the root-admin ([min-password-length]-32 chars, use CLI "show min-password-length" to get value of min-password-length, default: 8)
admin {read-write|read-only} <string> password <string>
admin Set the administrator parameters
read-write The read-write admin has the ability to view, set commands and modify his or her own password, but not the ability to reset the configuration or add, modify, and delete other admins
read-only The read-only admin has the ability to view settings
<string> Enter an admin user's name (3-20 chars)
password Set password for the user
<string> Set password for the user ([min-password-length]-32 chars, use CLI "show min-password-length" to get value of min-password-length, default: 8)
alg {ftp|tftp|sip|dns|http} enable
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
dns Set a DNS (Domain Name System) ALG
http Set an HTTP ALG
enable Enable ALG functionality
alg {ftp|tftp|sip|dns} qos <number>
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
dns Set a DNS (Domain Name System) ALG
qos Set an Aerohive QoS class for ALG data traffic
<number> Enter an Aerohive QoS class (Default: 0 for FTP, 0 for TFTP, 6 for SIP, 0 for DNS; Range: 0-7)
alg {ftp|tftp|sip} inactive-data-timeout <number>
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
inactive-data-timeout Set a timeout to close an inactive gate
<number> Enter an inactive gateway timeout value in seconds (Default: 30 for FTP, 30 for TFTP, 60 for SIP; Range: 1-1800s)
alg {ftp|tftp|sip} max-duration <number>
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
max-duration Set the maximum duration for the ALG
<number> Enter the maximum duration in minutes (Default: 60 for FTP, 60 for TFTP, 720 for SIP; Range: 1-7200(min))
amrp interface <ethx|redx|aggx> priority <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
interface Set AMRP parameters per interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<redx> Enter the name of the redundant interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
priority Set a priority for the AP to be elected as a DA (designated AP) on the Ethernet link to which the interface connects
<number> Enter the priority value (Range: 0-255; Default: 0; Note: The greater the number is, the higher its priority, and the more preferred the AP will be during the DA election process. For example, 100 has a higher priority than 50.)
amrp l2-neighbor-keepalive-count <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
l2-neighbor-keepalive-count Number of keepalive packet loss allowed before mesh failover
<number> [1~255] Packet number N. Failover delay time is about 2sec * N (Default: 16; Min: 1; Max: 255)
amrp metric poll-interval <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
metric Set route metric parameters for the backhaul link (Ethernet and wireless)
poll-interval Set the interval for polling neighbors to determine current route metrics
<number> Enter the poll-interval value (Default: 60 secs; Range: 10-300)
amrp metric type {aggressive|conservative|normal}
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
metric Set route metric parameters for the backhaul link (Ethernet and wireless)
type Set the type of behavior governing dynamic changes to route metrics
aggressive Change route metrics to aggressive (Default: normal)
conservative Change route metrics to conservative (Default: normal)
normal Change route metrics to normal (Default: normal)
amrp neighbor <mac_addr> metric min <number> max <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
neighbor Specify the neighbor to which you want to set AMRP parameters
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
metric Set route metric parameters for the backhaul link (Ethernet and wireless) to the neighbor
min Set the minimum metric value
<number> Enter the minimum metric value (Default: 67; Range: 8-1200)
max Set the maximum metric value equal to or greater than the minimum value
<number> Enter the maximum metric value (Default: 67; Range: 8-1200)
amrp vpn-tunnel heartbeat interval <number> retry <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
vpn-tunnel Set parameters for VPN tunneling
heartbeat Set AMRP (Advanced Mobility Routing Protocol) heartbeat parameters for VPN tunnel
interval Set the interval for sending AMRP heartbeats through the tunnel
<number> Enter the heartbeat interval in seconds (Range: 0-65535; Default: 10; Note: 0 disables AMRP heartbeats.)
retry Set the number of times to retry sending a heartbeat when it does not elicit a response
<number> Enter the number of heartbeats to retry sending (Range: 1-255; Default: 10)
bonjour-gateway enable
bonjour-gateway Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
enable Enable Bonjour gateway functionality (Default: Enabled)
bonjour-gateway filter rule <number> [ from <string> ] <string> [ to <string> ] [ metric <number> ]
bonjour-gateway Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
filter Set a filter to control which Bonjour services the local gateway transmits to remote gateways
rule Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
<number> Enter the ID for the rule (Range 1-128)
from Set the source from which services are advertised
<string> Enter the source VLAN group name (1-32 chars)
<string> Enter the text string to filter which services are advertised (1-64 chars; Note: A service is advertised if its name matches the string in a rule. You can use asterisks as wildcards)
to Set the VLAN group to which services are advertised
<string> Enter the destination VLAN group name (1-32 chars)
metric Set the maximum number of hops away from the local BDD to accept service advertisements (Note: An immediately neighboring BDD is one hop away, a neighbor of that neighbor is two hops away, and so on.)
<number> Enter the maximum distance from which service advertisements are acceptable (Range: 0-100; Default: 0; Note: A value of 0 means that there is no maximum distance.)
bonjour-gateway filter rule <number> {before|after} rule <number>
bonjour-gateway Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
filter Set a filter to control which Bonjour services the local gateway transmits to remote gateways
rule Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
<number> Enter the ID for the rule (Range 1-128)
before Move the rule before another rule in the Bonjour Gateway filter
after Move the rule after another rule in the Bonjour Gateway filter
rule Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
<number> Enter the ID for the rule (Range 1-128)
bonjour-gateway neighbor <ip_addr|string>
bonjour-gateway Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
neighbor Set an AP or CVG as a remote BDD (Bonjour Dedicated Device)
<ip_addr> Enter the IP address or resolvable domain name (1-32 chars) of the remote BDD
<string> Enter the IP address or resolvable domain name (1-32 chars) of the remote BDD
bonjour-gateway priority <number>
bonjour-gateway Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
priority Set the priority of the local device to be elected as the BDD (Bonjour Designated Device)
<number> Enter the BDD election priority (Range: 0-255; Defaults: SR series=50, BR200 series=40, VG-VA/VG-1U=25, AP370/AP390=23, AP230=21, AP330/AP350=20, AP320/AP340=15, AP120/AP121/AP141/AP170/AP1130=10, AP110=5; Note: Values closer to 255 have higher priority.)
bonjour-gateway realm <string>
bonjour-gateway Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
realm Set the name of the Bonjour realm to which the local device belongs
<string> Enter the Bonjour realm name (1-128 chars)
bonjour-gateway vlan <number> [ <number> ]
bonjour-gateway Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
vlan Set the VLAN or range of VLANs in which to probe for DHCP servers
<number> Enter the VLAN ID to be probed (Range: 1-4094; Note: If you are defining a range of VLANs, this is the starting point of that range.)
<number> Enter the last VLAN ID in the range (Range: 1-4094)
cac airtime-per-second <number>
cac Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP calls
airtime-per-second Set airtime reserved for VoIP calls
<number> Enter the airtime for VoIP calls (Default: 500ms; Range: 100ms-1000ms)
cac enable
cac Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP calls
enable Enable CAC protection of VoIP traffic
cac roaming airtime-percentage <number>
cac Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP calls
roaming Set parameters for VoIP calls when a client roams
airtime-percentage Set the percentage of airtime reserved for VoIP calls during roaming
<number> Enter the percentage of reserved airtime (Default: 20; Range: 0-100)
capwap client HTTP proxy name <string> port <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
HTTP Set HTTP as the application-level protocol using TCP as the transport mode
proxy Set parameters for the HTTP proxy server
name Set the HTTP proxy server name
<string> Enter the IP address or domain name of the HTTP proxy server (1-32 chars)
port Set the HTTP proxy server port number
<number> Enter the port number (Range: 1-65535)
capwap client HTTP proxy user <string> password <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
HTTP Set HTTP as the application-level protocol using TCP as the transport mode
proxy Set parameters for the HTTP proxy server
user Set the user name for authenticating the HiveAP with the HTTP proxy server
<string> Enter the authentication user name (1-32 chars)
password Set the user password for authenticating the HiveAP with the HTTP proxy server
<string> Enter the password (1-32 chars)
capwap client default-server-name <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
default-server-name Set the default IP address or domain name for the CAPWAP server
<string> Enter IP address or name for CAPWAP server (1-32 chars)
capwap client discovery interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
discovery Set CAPWAP client discovery parameters
interval Set CAPWAP discovery interval
<number> Enter the CAPWAP discovery interval (Default: 5 secs; Range:1-999)
capwap client discovery maximum interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
discovery Set CAPWAP client discovery parameters
maximum Set the max time in seconds to wait for a response to a Discovery Request message
interval Set the max time in seconds to wait for a response to a Discovery Request message
<number> Enter the max time to wait for a response to a Discovery Request message (Default: 10 secs; Range: 2-180)
capwap client discovery method {broadcast}
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
discovery Set CAPWAP client discovery parameters
method Set the CAPWAP discovery method
broadcast Enable the broadcast of CAPWAP Discovery Request messages in the local Layer 2 domain as part of the CAPWAP server discovery process (Default: Enabled)
capwap client dtls accept-bootstrap-passphrase
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
accept-bootstrap-passphrase Always accept the bootstrap passphrase proposed by HiveManager
capwap client dtls bootstrap-passphrase <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
bootstrap-passphrase Set a passphrase for initial and recovery CAPWAP connections
<string> Enter the bootstrap passphrase (16-32 chars)
capwap client dtls enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
enable Enable CAPWAP client dtls feature
capwap client dtls handshake-wait-time <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
handshake-wait-time Set the maximum time to wait for a DTLS handshake message from the CAPWAP server
<number> Enter the maximum wait time in seconds (Default: 60; Range: 30-120)
capwap client dtls hm-defined-passphrase <string> key-id <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
hm-defined-passphrase Use the HiveManager-defined passphrase to secure CAPWAP communications
<string> Enter a passphrase for the HiveAP to use when making a secure CAPWAP connection (16-32 chars)
key-id Set the key ID for the passphrase
<number> Enter the key ID (Range: 1-255)
capwap client dtls max-retries <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
max-retries Set the maximum number of times to retry making a DTLS connection
<number> Enter the maximum number of retries (Default: 3; Range: 1-65535)
capwap client dtls negotiation enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
negotiation Set the HiveAP to auto-negotiate the use of DTLS with HiveManager
enable Enable DTLS auto-negotiation
capwap client dtls psk <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
psk Set the DTLS preshared key manually (instead of deriving it from a passphrase)
<string> Enter the DTLS preshared key in ASCII hex format (1-64 chars)
capwap client dtls session-delete-wait-time <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
session-delete-wait-time Set the minimum time to wait for DTLS session deletion
<number> Enter the wait time in seconds (Default: 5; Range: 1-65535)
capwap client enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
enable Enable CAPWAP client
capwap client join timeout <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
join Set the interval that the HiveAP waits for a CAPWAP Join Response message
timeout Set the interval that the HiveAP waits for a CAPWAP Join Response message
<number> Enter join interval in seconds to wait for Join Response message (Default: 60 secs; Range: 30-999)
capwap client neighbor dead interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
neighbor Set CAPWAP client neighbor parameters
dead Set the dead interval for CAPWAP neighbors
interval Set the interval in seconds to wait for ping responses before considering a CAPWAP neighbor dead
<number> Enter interval to wait for responses before considering a neighbor dead (Default: 105 secs; Range: 60-240)
capwap client neighbor heartbeat interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
neighbor Set CAPWAP client neighbor parameters
heartbeat Set the heartbeat parameters for a CAPWAP neighbor
interval Set the heartbeat interval for a CAPWAP neighbor
<number> Enter the heartbeat interval for a CAPWAP neighbor (Default: 30; Range: 30-120)
capwap client pci-alert enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
pci-alert Report PCI (Payment Card Infrastructure) compliance information to HiveManager
enable Enable the reporting of PCI compliance information
capwap client server [ {backup} ] name <string> [ connect-delay <number> ] [ via-vpn-tunnel ]
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
server Set parameters for communicating with the CAPWAP server
backup Set the backup CAPWAP server
name Set the IP address or domain name of the CAPWAP server
<string> Enter IP address or name for CAPWAP server (1-32 chars)
connect-delay Schedule a connection to the specified CAPWAP server at a time relative to the moment the HiveAP receives the command
<number> Enter the interval in seconds after which the CAPWAP client connects (Range: 0-65535)
via-vpn-tunnel Send all CAPWAP traffic through a VPN tunnel (Note: Set this option on VPN clients when the CAPWAP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
capwap client server port <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
server Set parameters for communicating with the CAPWAP server
port Set the destination port number for communicating with the CAPWAP server
<number> Enter the port number (Default: 12222; Range: 1-65535)
capwap client silent interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
silent Set an interval to wait after failing to receive Discovery Request responses before sending more requests
interval Set an interval to wait after failing to receive Discovery Request responses before sending more requests
<number> Enter an interval to wait after failing to receive Discovery Request responses (Default: 15 secs; Range: 1-999)
capwap client transport HTTP
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
transport Set the packet transport mode for CAPWAP communications
HTTP Set HTTP as the application-level protocol using TCP as the transport mode
capwap client vhm-name <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
vhm-name Set the name of the virtual HiveManager system
<string> Enter the name of the virtual HiveManager system (1-64 chars)
capwap max-discoveries counter <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
max-discoveries Set the max number of CAPWAP Discovery Request messages
counter Set the max number of CAPWAP Discovery Request messages
<number> Enter the max number of CAPWAP Discovery Request messages (Default: 3; Range: 1-999)
capwap ping <string> [ port <number> ] [ count <number> ] [ size <number> ] [ timeout <number> ]
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
ping Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
<string> Enter the IP address or domain name of the CAPWAP server (1-32 chars)
port Set the destination UDP port number for communicating with the CAPWAP server
<number> Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
count Set the number of CAPWAP UDP packets to send
<number> Enter the number of packets to send (Default: 5; Range: 1-65535)
size Set the size of the UDP packets
<number> Enter the packet size in bytes (Default: 56; Range:1-1300)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 5; Range: 1-60)
capwap ping <string> [ port <number> ] flood <number> [ size <number> ] [ timeout <number> ]
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
ping Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
<string> Enter the IP address or domain name of the CAPWAP server (1-32 chars)
port Set the destination UDP port number for communicating with the CAPWAP server
<number> Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
flood Set the number of batches, each consisting of 100 CAPWAP UDP packets, to send at one time
<number> Enter the number of batches of packets(Range: 1-65535)
size Set the size of the UDP packets
<number> Enter the packet size in bytes (Default: 56; Range:1-1300)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 5; Range: 1-60)
clear aaa radius-server cache [ username <string> ]
clear Clear dynamic system information or remove all web directories
aaa Clear parameters for AAA (authentication, authorization, accounting)
radius-server Clear RADIUS server parameters
cache Clear all RADIUS server caches or one cache
username Clear the RADIUS server cache by username
<string> Enter the username (1-32 chars)
clear aaa radius-server-key [ {radius-server|ldap-client} ] [ <string> ]
clear Clear dynamic system information or remove all web directories
aaa Clear parameters for AAA (authentication, authorization, accounting)
radius-server-key Clear all certificates that the local Aerohive device uses as a RADIUS server and LDAP client
radius-server Clear certificates that the local AP uses as a RADIUS server
ldap-client Clear certificates that the local AP uses as a LDAP client
<string> Enter the name of the certificate
clear aaa radius-server-key radsec ca
clear Clear dynamic system information or remove all web directories
aaa Clear parameters for AAA (authentication, authorization, accounting)
radius-server-key Clear all certificates that the local Aerohive device uses as a RADIUS server and LDAP client
radsec Clear certificates that the local Aerohive device uses as a RadSec proxy server (Note: A RadSec proxy server can forward RADIUS requests over a secure TLS tunnel between RadSec peers.)
ca Clear the CA (certificate authority) certificate that the local Aerohive device uses as a RadSec proxy server
clear arp-cache
clear Clear dynamic system information or remove all web directories
arp-cache Clear the ARP cache
clear auth roaming-cache mac <mac_addr> {hive-neighbors|hive-all}
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
mac Set the MAC address of the station whose cached authentication information you want to clear
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
hive-neighbors Clear all entries from the local roaming cache and from the roaming caches of all neighboring hive members
hive-all Clear the MAC address from the local roaming cache and from the roaming caches of all hive members
clear auth roaming-cache {hive-neighbors}
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
hive-neighbors Clear all entries from the local roaming cache and from the roaming caches of all neighboring hive members
clear auth username <string>
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
username Clear dynamic authentication information by user name
<string> Enter a user name (1-32 chars)
clear auth {local-cache|roaming-cache|station} [ mac <mac_addr> ]
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
local-cache Clear all entries from the local cache, which contains authentication information for stations currently connected to the local HiveAP
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
station Clear authentication information for a specific station
mac Set the MAC address of the station whose cached authentication information you want to clear
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear auth {local-cache|roaming-cache|station} ssid <string>
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
local-cache Clear all entries from the local cache, which contains authentication information for stations currently connected to the local HiveAP
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
station Clear authentication information for a specific station
ssid Clear cached authentication information based on the SSID with which stations associated
<string> Enter a user name (1-32 chars)
clear cac station-airtime [ mac <mac_addr> ]
clear Clear dynamic system information or remove all web directories
cac Clear CAC (Call Admission Control) statistics
station-airtime Clear airtime statistics for a specific station
mac Set the specific destination MAC
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear capture local [ <string> ]
clear Clear dynamic system information or remove all web directories
capture Clear packet capture parameters
local Clear one or all locally stored packet capture files
<string> Enter the file name to clear
clear capwap client counter
clear Clear dynamic system information or remove all web directories
capwap Clear CAPWAP (Control and Provisioning of Wireless Access Points) statistics
client Clear CAPWAP client statistics
counter Clear CAPWAP client keepalive packet counters
clear config rollback
clear Clear dynamic system information or remove all web directories
config Clear the configuration rollback settings
rollback Clear the current configuration rollback point and related settings
clear forwarding-engine counters [ interface <wifix|wifix.y|ethx|mgtx|aggx|redx> ] [ station <mac_addr> ] [ drop ] [ tunnel ] [ policy ]
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
counters Clear forwarding engine counter statistics
interface Clear forwarding engine counter by interface
<wifix> Enter the name of a Wi-Fi radio interface(Note: The local device does not support Wi-Fi radio interfaces)
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<mgtx> Enter the name of the management interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
station Clear forwarding engine counter by station MAC
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
drop Clear the drop packet counter
tunnel Clear the counter on tunnels
policy Clear the counter on policies
clear forwarding-engine ip-sessions [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ src-port <number> ] [ dst-port <number> ] [ protocol <number> ]
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
ip-sessions Clear IP sessions
src-ip Clear IP sessions by source IP address
<ip_addr> Source IP address
dst-ip Clear IP sessions by destination IP address
<ip_addr> Destination IP address
src-port Clear IP essions by source port number
<number> source IP port (Range: 1-65535)
dst-port Clear IP sessions by destination port number
<number> destination IP port (Range: 1-65535)
protocol Clear IP sessions by protocol type
<number> source IP port (Range: 1-255)
clear forwarding-engine ip-sessions id <number>
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
ip-sessions Clear IP sessions
id Clear IP sessions by session ID number
<number> Enter the IP session ID (Range: 1-9999)
clear forwarding-engine mac-sessions [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ]
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
mac-sessions Clear MAC sessions
src-mac Clear MAC sessions by source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Clear MAC sessions by destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear forwarding-engine mac-sessions id <number>
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
mac-sessions Clear MAC sessions
id Clear MAC sessions by session ID number
<number> Enter the MAC session ID (Range: 1-9999)
clear gre-tunnel counters tunnel
clear Clear dynamic system information or remove all web directories
gre-tunnel Clear GRE (Generic Routing Encapsulation) tunnel information
counters Clear GRE tunnel counter statistics
tunnel Clear the counter on tunnels
clear hive <string> counter neighbor [ <mac_addr> ]
clear Clear dynamic system information or remove all web directories
hive Clear hive info
<string> Enter a hive profile name (1-32 chars)
counter Clear counters for neighboring hive members
neighbor Clear counters for all neighbors or a specific neighbor in this hive
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear interface <ethx|aggx|redx> mac-learning dynamic <mac_addr>
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
mac-learning Clear entries in the MAC address learning table
dynamic Clear dynamically learned MAC address entries
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear interface <ethx|aggx|redx> mac-learning dynamic all
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
mac-learning Clear entries in the MAC address learning table
dynamic Clear dynamically learned MAC address entries
all Clear all dynamically learned MAC address entries
clear interface <ethx|wifix|wifix.y|aggx|redx> counter
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<wifix> Enter the name of a Wi-Fi radio interface(Note: The local device does not support Wi-Fi radio interfaces)
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
counter Clear all counters for the interface
clear interface <mgtx|mgtx.y> dhcp-server lease all
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Clear the DHCP server lease
lease Clear a specific DHCP lease or all leases
all Clear all DHCP leases
clear interface <mgtx|mgtx.y> dhcp-server lease ip <ip_addr>
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Clear the DHCP server lease
lease Clear a specific DHCP lease or all leases
ip Clear the DHCP lease that uses a specific IP address
<ip_addr> Enter the IP address
clear interface <mgtx|mgtx.y> dhcp-server lease mac <mac_addr>
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Clear the DHCP server lease
lease Clear a specific DHCP lease or all leases
mac Clear the DHCP lease assigned to a client with a specific MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear lldp [ {cdp} ] table
clear Clear dynamic system information or remove all web directories
lldp Set LLDP (Link Layer Discovery Protocol) parameters
cdp Set CDP (Cisco Discovery Protocol) parameters
table Clear LLDP or CDP neighbor table
clear location {aeroscout|tzsp} counter
clear Clear dynamic system information or remove all web directories
location Clear parameters for location tracking
aeroscout Clear parameters for the aeroscout location processing engine
tzsp Clear parameters for the tzsp location processing engine
counter Clear statistics for location reports sent to the location processing engine
clear log [ {buffered|debug|flash|all} ]
clear Clear dynamic system information or remove all web directories
log Clear logging messages
buffered Clear buffered log messages
debug Clear debug log messages
flash Clear flash log messages
all Clear all log messages
clear qos counter
clear Clear dynamic system information or remove all web directories
qos Clear dynamic QoS information
counter Clear dynamic QoS statistics counters
clear service [ <string> ] counter
clear Clear dynamic system information or remove all web directories
service Clear dynamically generated information for all services or for a specific service
<string> Enter the name of the service whose counters you want to clear
counter Clear the counter statistics for all services or for a specific service
clear ssh known_host <string>
clear Clear dynamic system information or remove all web directories
ssh Secure Shell
known_host List of known saved hosts
<string> Enter the domain name (1-64 chars) or IP address
clear ssid <string> counter station [ <mac_addr> ]
clear Clear dynamic system information or remove all web directories
ssid Clear SSID info
<string> Enter an SSID profile name (1-32 chars)
counter Clear counters for stations (wireless clients) associated with the SSID
station Clear counters for all stations or a specific station associated with the SSID
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear user-and-group all
clear Clear dynamic system information or remove all web directories
user-and-group Clear all users and user-groups
all Clear all users and user-groups
clear vpn certificate-key
clear Clear dynamic system information or remove all web directories
vpn Clear VPN information
certificate-key Clear all certificates that the local HiveAP uses when authenticating its identity to a VPN peer and when verifying the identity of a VPN peer
clear vpn {ike|ipsec} sa
clear Clear dynamic system information or remove all web directories
vpn Clear VPN information
ike Clear IKE SA information established during IKE phase 1 negotiations
ipsec Clear IPsec SA information established during IKE phase 2 negotiations
sa Clear SA (security association) information
clear web-directory [ {ppsk-self-reg} ]
clear Clear dynamic system information or remove all web directories
web-directory Remove all web directories
ppsk-self-reg Remove all self-registration web directories from the private PSK server
client-monitor enable
client-monitor Set parameters for Client Monitor
enable Enable client monitor to detect client issues and report client connection activities and problems to HiveManager (Default: Enabled)
client-monitor policy <string> problem-type {association|authentication|networking} [ trigger-times <number> ] [ report-interval <number> ] [ quiet-time <number> ]
client-monitor Set parameters for Client Monitor
policy Set parameters for a Client Monitor policy
<string> Enter the Client Monitor policy name (1-32 chars)
problem-type Set the problem type which specifies a category of client-centric problems
association Detect, analyze and report the client association problem
authentication Detect, analyze and report the client authentication problem
networking Detect, analyze and report the client networking problem
trigger-times Set how many times the problem type is detected to trigger reporting the problem and related logs
<number> Enter trigger times for the problem type (Range: 1-10; Default: 1)
report-interval Set the interval to report the problem and related logs
<number> Enter a report interval in seconds for the problem type (Range: 0 or 30-3600; Default: 0; Note: The default value of 0 reports every instance of the problem)
quiet-time Set the time period after which the problem elapses
<number> Enter quiet time in seconds for the problem type (Range: 60-86400; Default: 300)
client-tracing <mac_addr>
client-tracing Test client tracing
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clock date-time <date> <time>
clock Set the internal clock
date-time Set the date and time for the internal clock
<date> Enter the date for the internal clock, (Format: YYYY-MM-DD, Range: 1970-01-01 to 2035-12-31)
<time> Enter the time for the internal clock, (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
clock time-zone <number> [ {30|45} ]
clock Set the internal clock
time-zone Set the time zone for the internal clock
<number> Enter the time zone for the internal clock (Default: 0; Range: from -12 to 12)
30 Add 30 minutes to the specified time zone
45 Add 45 minutes to the specified time zone
clock time-zone daylight-saving-time <date> <time> <date> <time>
clock Set the internal clock
time-zone Set the time zone for the internal clock
daylight-saving-time Set the daylight saving time parameters
<date> Enter the start date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
<time> Enter the start time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
<date> Enter the end date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
<time> Enter the end time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
config rollback enable
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
enable Enable the configuration rollback feature
config rollback manual [ wait-time <number> ]
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
manual Perform the configuration rollback after the defined length of time elapses regardless of its CAPWAP connectivity (Note: This option is useful when accessing the CLI remotely and you are concerned that some commands might cause the AP to lose its network connection.)
wait-time Set the length of time that the AP must be disconnected from the CAPWAP server before rolling back the configuration
<number> Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 0-60000: Note: 0 means that the rollback point persists indefinitely until the 'config rollback now' command is entered.)
config rollback now
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
now Return the configuration to a previously set rollback point immediately
config rollback {capwap-disconnect|next-reboot} [ wait-time <number> ]
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
capwap-disconnect Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time (Note: This is useful when uploading a delta configuration, which does not require the AP to reboot, and you are concerned that some changes might disrupt network connectivity for the AP.)
next-reboot Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time after the AP reboots (Note: This is useful when uploading a full configuration, which requires the AP to reboot, and you are concerned that the new config might disrupt network connectivity for the AP.)
wait-time Set the length of time that the AP must be disconnected from the CAPWAP server before rolling back the configuration
<number> Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 2-60000)
config version <number>
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
version Set the version number for the current configuration file
<number> Enter the version number (Range: 1-4294967295)
console echo obscure-passwords
console Set console parameters
echo Set parameters for the display of data in the terminal window
obscure-passwords Display passwords and sensitive networking keys as asterisks (***) in the CLI (Default: Passwords and keys are replaced by asterisks instead of displaying original text)
console page <number>
console Set console parameters
page Set the maximum number of lines of data displayed as a batch when retrieved from a device (Note: If the number of retrieved lines exceeds the maximum, press TAB to return the next batch or ENTER to retrieve the next single line. Press the Q key to cancel the display of all further requested data and return to the command prompt.)
<number> Set the maximum number of lines to display at a time (Default: 22, Range: 10-100, Disable: 0, which means that there is no maximum limit)
console serial-port enable
console Set console parameters
serial-port Set administrative access to the serial port
enable Enable access to the console serial port
console timeout <number>
console Set console parameters
timeout Set the amount of time required to close a console connection due to inactivity
<number> Set the console timeout value in minutes (Default: 10, Range: 0-60, Disable: 0)
data-collection collect interval <number>
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
collect Set parameters for collecting data
interval Set the interval for collecting data about devices and their network usage
<number> Enter the amount of time in hours during which the HiveAP collects data (Default: 1; Range: 1-48)
data-collection enable
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
enable Enable the local HiveAP to collect data about types and capabilities of devices on the network and their network usage (Default: Disabled)
data-collection report interval <number>
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
report Set parameters for reporting data to HiveManager
interval Set the interval for reporting data to HiveManager
<number> Enter the amount of time in hours between data reports to HiveManager (Default: 6; Range: 0-48; Note: 0 disables sending reports to HiveManager.)
data-collection {max-collect} <number>
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
max-collect Set the maximum number of collection times that must elapse before clearing data that cannot be reported to HiveManager (Note: The default collection interval is 1 hour and the default report interval is 6 hours.)
<number> Enter the maximum number of times to collect data before clearing it if it cannot be reported to HiveManager (Default: 24; Range: Range:1-48)
debug console [ {all} ]
debug Enable debug messages
console Show debug messages on the console
all Show all messages on the console
debug console level {emergency|alert|critical|error|warning|notification|info|debug}
debug Enable debug messages
console Show debug messages on the console
level Specify a logging level
emergency Show emergency-level log entries (Default: debug)
alert Show log entries from alert to emergency levels (Default: debug)
critical Show log entries from critical to emergency levels (Default: debug)
error Show log entries from error to emergency levels (Default: debug)
warning Show log entries from warning to emergency levels (Default: debug)
notification Show log entries from notification to emergency levels (Default: debug)
info Show log entries from info to emergency levels (Default: debug)
debug Show log entries for all severity levels (Default: debug)
debug console timestamp
debug Enable debug messages
console Show debug messages on the console
timestamp Show debug messages timestamp
designated-server idm-proxy announce
designated-server Set parameters for a dynamic server
idm-proxy Set parameters for a dynamic proxy server to forward RADIUS requests over a secure TLS tunnel between the local device and ID Manager
announce Enable the designated proxy server on the Aerohive device and announce the server information to all devices in a DA domain (Default: Disabled)
designated-server idm-proxy dynamic
designated-server Set parameters for a dynamic server
idm-proxy Set parameters for a dynamic proxy server to forward RADIUS requests over a secure TLS tunnel between the local device and ID Manager
dynamic Enable the Aerohive device acting as a NAS to send RADIUS requests to the designated proxy server (Default: Disabled)
device-group <string> [ mac-object <string> ] [ domain-object <string> ] [ os-object <string> ]
device-group Set a device group containing various objects that the HiveAP can use to classify client devices (Max: 64 groups)
<string> Enter a device group name (1-32 chars)
mac-object Add a MAC object to the device group
<string> Enter the MAC object name (1-32 chars)
domain-object Add a domain object to the device group
<string> Enter the domain object name (1-32 chars)
os-object Add an OS object to the device group
<string> Enter the OS object name (1-32 chars)
device-group <string> ownership {cid|byod}
device-group Set a device group containing various objects that the HiveAP can use to classify client devices (Max: 64 groups)
<string> Enter a device group name (1-32 chars)
ownership Set an attribute for the client device group identifying its devices as user-owned (BYOD=bring your own device) or company-issued (CID=company-issued device)
cid Set the devices in the device group as company-issued
byod Set the devices in the device group as user-owned
device-location <string>
device-location Set the device location
<string> Enter a device location (1-128 chars)
dns domain-name <string>
dns Set DNS (Domain Name System) parameters
domain-name Set the domain name suffix for the local AP
<string> Enter the domain name suffix for the local AP (1-32 chars)
dns server-ip <ip_addr> [ {second|third} ]
dns Set DNS (Domain Name System) parameters
server-ip Set the IP address of the primary, secondary, or tertiary DNS server
<ip_addr> Enter the IP address of the primary, secondary, or tertiary DNS server
second Assign the IP address to a secondary DNS server
third Assign the IP address to a tertiary DNS server
domain-object <string> domain <string>
domain-object Set parameters for a domain object that the HiveAP can use to assign a client that belongs to a matching device domain to a user profile (Max: 64 domain objects per HiveAP)
<string> Enter a domain object name (1-32 chars; Note: The object name is an admin-defined name and does not have to be the name of a device domain.)
domain Add a device domain to the domain object (Note: Specify the domain to which devices in an LDAP-structured database belong.)
<string> Enter an domain name (1-64 chars)
exec aaa idm-test auth username <string> password <string> [ {pap|ms-chap-v2} ] [ proxy <string> ] [ bind-ssid <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
idm-test Test TLS connectivity from the Aerohive device acting as the RadSec or AUTH proxy to the ID Manager gateway
auth Send a RADIUS Access-Request message from the Aerohive device to the ID Manager
username Set the user name belonging to an account on the ID Manager
<string> Enter the user name (1-32 chars)
password Set the password that belongs to the same account as the user name on the ID Manager
<string> Enter the password (1-64 chars)
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the Aerohive device and ID Manager (Default: MS-CHAP-v2)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the Aerohive device and ID Manager (Default: MS-CHAP-v2)
proxy Set parameters for connecting to an ID Manager proxy server
<string> Enter the IP address or domain name of the ID Manager proxy server (1-32 chars)
bind-ssid Set the SSID to which the user name binds for ID Manager testing (Note: By default, wired links use the user name-password pair for testing ID Manager accounts, so the user name does not need to bind to an SSID.)
<string> Enter the name of the SSID to which you want to bind the user name (1-32 chars)
exec aaa idm-test {radsec-proxy|auth-proxy}
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
idm-test Test TLS connectivity from the Aerohive device acting as the RadSec or AUTH proxy to the ID Manager gateway
radsec-proxy Test TLS connectivity from the RadSec proxy to the ID Manager gateway
auth-proxy Test TLS connectivity from the AUTH proxy to the ID Manager gateway
exec aaa ldap-search server-type {active-directory|ldap-server|open-directory} server <string> basedn <string> binddn <string> password <string> [ {attributes} [ <string> ] ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
ldap-search Execute a search of the LDAP database
server-type Set the type of LDAP server whose database you want to search
active-directory Set the server type as an Active Directory server
ldap-server Set the server type as an OpenLDAP server
open-directory Set the server type as an Open Directory server
server Set the IP address or resolvable domain name of the LDAP server
<string> Enter the IP address or domain name (up to 32 chars)
basedn Set a node in the LDAP tree structure as the baseDN (distinguished name) from which to search for nodes one level below it or for information about one or all of its attributes
<string> Enter the baseDN (up to 256 chars) (Note: If there are any spaces, enclose the whole string in quotation marks.)
binddn Set the bindDN name and password for the user that has permission to search the LDAP directory
<string> Enter the bindDN name (up to 256 chars)
password Set the bindDN password
<string> Enter the password (1-64 chars)
attributes Search for attributes of the node specified as the baseDN
<string> Enter the name of a specific attribute for which to search (Note: To see the user group attribute of the baseDN node when the default group attribute name is being used, do not enter anything.)
exec aaa ldap-search username <string> [ basedn <string> ] [ domain <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
ldap-search Execute a search of the LDAP database
username Set the user name to search for in the LDAP database
<string> Enter a user name (1-32 chars)
basedn Set the baseDN (distinguished name) where the user profiles are located in the LDAP tree structure
<string> Enter the baseDN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
domain Set the domain name of the domain controller
<string> Enter a NT domain name (1-64 chars)
exec aaa library-sip-test primary username <string> password <string>
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
library-sip-test Test a simulated authentication process for a library patron on a library SIP (Standard Interchange Protocol) server
primary Test the authentication process on the primary library SIP server
username Set the library patron's user name to submit to the library SIP server
<string> Enter the user name (1-32 chars)
password Set the library patron's password to submit to the library SIP server
<string> Enter the password (1-64 chars)
exec aaa net-ads-info <string>
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
net-ads-info Retrieve information from the Active Directory server such as its IP address, Active Directory domain name, root BaseDN, and realm name
<string> Enter the name of the realm to which the Active Directory server belongs (Example: corp123.com; Note: The realm name is not case sensitive; Range: 1-64 chars)
exec aaa net-join [ {primary|backup1|backup2|backup3} username <string> password <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
net-join Join the local AP RADIUS server to the domain controller
primary Join the local AP RADIUS server to the primary domain controller
backup1 Join the local AP RADIUS server to the backup1 domain controller
backup2 Join the local AP RADIUS server to the backup2 domain controller
backup3 Join the local AP RADIUS server to the backup3 domain controller
username Set the admin user name for the local AP RADIUS server (Note: For the AP RADIUS server to join the domain, its user account must have domain admin privileges or higher.)
<string> Enter a user name (1-32 chars)
password Set the password for the user name
<string> Enter a password (1-64 chars)
exec aaa net-join domain <string> fullname <string> server <string> username <string> password <string> [ computer-ou <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
net-join Join the local AP RADIUS server to the domain controller
domain Set the domain name of the AD domain controller
<string> Enter the NetBIOS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
fullname Set the full name of the domain to which the RADIUS server (local AP) and AD server both belong
<string> Enter the full domain name (1-64 chars)
server Set the IP address or resolvable domain name for the AD server (Note: The AD server is the same as the domain controller.)
<string> Enter the IP address or domain name (up to 32 chars)
username Set the admin user name that the local AP RADIUS server submits to the AD server (Note: For the AP RADIUS server to join the domain, its user account must have domain admin privileges or higher.)
<string> Enter a user name (1-32 chars)
password Set the password for the user name
<string> Enter a password (1-64 chars)
computer-ou Set the OU (organizational unit) used on the Active Directory server where the AP RADIUS server admin has privileges to add the AP as a computer in the domain
<string> Enter the OU (Max: 256 chars; Format: ou/sub-ou/sub-ou; Note: If there are any spaces, enclose the entire string in quotation marks.)
exec aaa ntlm-auth username <string> password <string> [ domain <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
ntlm-auth Initiate NTLM (NT LAN Manager) authentication between the AP RADIUS server and the domain controller
username Set the user name that the AP RADIUS server uses when authenticating itself to the domain controller
<string> Enter a user name (1-32 chars)
password Set the password that the AP RADIUS server uses when authenticating itself to the domain controller
<string> Enter a password (1-64 chars)
domain Set the domain name of the domain controller
<string> Enter a NT domain name (1-64 chars)
exec aaa radius-test <string> accounting
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-test Send a RADIUS Access-Request message from the HiveAP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
<string> Enter the IP address or domain name of the RADIUS server (1-32 chars)
accounting Check the network connectivity status of a RADIUS accounting server (Default: Check the status of a RADIUS authentication server.)
exec aaa radius-test <string> username <string> password <string> [ {pap|chap|ms-chap-v2} ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-test Send a RADIUS Access-Request message from the HiveAP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
<string> Enter the IP address or domain name of the RADIUS server (1-32 chars)
username Set the user name belonging to an account on the RADIUS server
<string> Enter the user name (1-32 chars)
password Set the password that belongs to the same account as the user name on the RADIUS server
<string> Enter the password (1-64 chars)
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
exec active-alarms-resending
exec Execute a command to initiate a task immediately
active-alarms-resending Make device resend all active alarms to HiveManager
exec bypass-wan-hardening
exec Execute a command to initiate a task immediately
bypass-wan-hardening Disable WAN hardening to allow SSH, Telnet, and the remote sniffer tool to access the device over the WAN interface (Note: Execute this command to allow remote access for troubleshooting. To restore WAN hardening, enter "no exec bypass-wan-hardening" or reboot the device.)
exec capture remote-sniffer [ user <string> <string> ] [ host-allowed <string> ] [ local-port <number> ] [ promiscuous ]
exec Execute a command to initiate a task immediately
capture Initiate packet capturing
remote-sniffer Set parameters for a remote packet sniffer
user Set user name and password that the remote sniffer uses when authenticating itself to the HiveAP
<string> Enter the user name (1-32 chars)
<string> Enter the password (1-32 chars)
host-allowed Set the IP address or domain name of the remote packet sniffer that is allowed to connect to the HiveAP
<string> Enter the IP address or domain name (1-32 chars)
local-port Set the port number on which the HiveAP listens for connection requests from the remote sniffer
<number> Enter the port number (Default: 2002; Range: 1024-65535)
promiscuous Enable the wifi interfaces to operate in promiscuous mode during packet capturing (Default: Disabled)
exec client-monitor <mac_addr>
exec Execute a command to initiate a task immediately
client-monitor Monitor the activities of a client
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
exec data-collection {push|clear}
exec Execute a command to initiate a task immediately
data-collection Perform an action on the data collected about the types and capabilities of devices on the network and the types of applications and IP protocols they use
push Push all collected data to HiveManager
clear Clear all collected data that is currently stored in the local HiveAP
exec delay-execute [ <number> ]
exec Execute a command to initiate a task immediately
delay-execute Delay the execution of commands for a period of time (Note: The delay period starts the moment you enter this command and ends when you enter the "no exec delay-execute" command. This does not affect "show" commands.)
<number> Enter an interval in seconds to wait after the delay period ends before executing the submitted commands (Default: 5; Range: 1-60)
exec mobile-device-manager aerohive status-change <string>
exec Execute a command to initiate a task immediately
mobile-device-manager Set the mobile device manager parameters
aerohive Aerohive MDM notifies client status change to AP
status-change Set status notification body as parameter
<string> MDM status notification body(1-256 chars)
exec ssh-client server <string> user <string>
exec Execute a command to initiate a task immediately
ssh-client Secure Shell client
server Set the domain name or IP address of the SSH server and, optionally, its port number
<string> Enter the domain name (1-64 chars) or IP address and, optionally, the port number (Default port: 22; Range: 1024-65535; Format: name:port or ip:port)
user Set the user name for logging in to the SSH server
<string> Enter the user name (1-32 chars)
exec user-group <string> psk-to-pmk
exec Execute a command to initiate a task immediately
user-group Execute a user-group command
<string> Enter the user group name (1-32 chars)
psk-to-pmk Regenerate all users' PMKs (pairwise master keys) based on their PSKs (preshared keys)
exec {jss-check|airwatch-check|aerohive-check} mobile-device <mac_addr> enroll-status
exec Execute a command to initiate a task immediately
jss-check Check the enrollment status of a mobile device on the JSS (JAMF software server)
airwatch-check Check the enrollment status of a mobile device on the AirWatch
aerohive-check Check the enrollment status of a mobile device on the Aerohive MDM server
mobile-device Set the MAC address or ID of a mobile device
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
enroll-status Retrieve the enrollment status of the mobile device
exit
exit Exit from the current mode
filter <number> l2 [ {data|ctl|mgmt} ] [ subtype <hex> ] [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ] [ bssid <mac_addr> ] [ tx-mac <mac_addr> ] [ rx-mac <mac_addr> ] [ error {crc|decrypt|mic|all|no} ] [ etype <hex> ]
filter Set packet capture filter parameters
<number> Enter a filter ID (Range: 1-64)
l2 Set packet capture filter for layer 2 parameters
data Filter by data traffic
ctl Filter by ctl traffic
mgmt Filter by mgmt traffic
subtype Filter by frame subtype
<hex> Enter frame subtype value
src-mac Filter by source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Filter by destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
bssid Filter by BSSID
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Filter by transmitter MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
rx-mac Filter by receiver MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
error Filter by error condition
crc Filter by crc error
decrypt Filter by decrypt error
mic Filter by mic error
all Filter by all error
no Filter by no error
etype Filter by Ethernet value
<hex> Enter the value indicating an ethernet type (ARP:0806; IP:0800; IPX:8137; RARP:8035)
filter <number> l3 [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ protocol <number> ] [ src-port <number> ] [ dst-port <number> ]
filter Set packet capture filter parameters
<number> Enter a filter ID (Range: 1-64)
l3 Set packet capture filter for layer 3 parameters
src-ip Filter by source IP address
<ip_addr> Enter a source IP address
dst-ip Filter by destination IP address
<ip_addr> Enter a destination IP address
protocol Filter by protocol number in IP header
<number> Enter a protocol value (UDP:17; TCP:6 ICMP:1)
src-port Filter by source port filter
<number> Enter a source port number
dst-port Filter by destination port
<number> Enter a destination port number (HTTP:80; FTP:21; TELNET:23; DHCP:67; TFTP:79)
filter [ <number> ] [ direction bidirectional ]
filter Set packet capture filter parameters
<number> Enter a filter ID (Range: 1-64)
direction Set filter traffic flowing direction
bidirectional Filter traffic flowing in both directions
forwarding-engine drop {ip-fragmented-packets|to-self-non-management-traffic}
forwarding-engine Set parameters to shape the behavior of the forwarding engine
drop Set parameters for dropping packets
ip-fragmented-packets Drop fragmented IP packets
to-self-non-management-traffic Drop all non-management traffic destined to the HiveAP itself
forwarding-engine inter-ssid-flood enable
forwarding-engine Set parameters to shape the behavior of the forwarding engine
inter-ssid-flood Forward multicast and broadcast traffic between access interfaces to protect SSIDs from flooding (Default: Enabled)
enable Enable the protection of SSIDs from multicast and broadcast flooding
forwarding-engine l2-default-route interface <ethx> vlan <number> [ - <number> ]
forwarding-engine Set parameters to shape the behavior of the forwarding engine
l2-default-route Set the default Layer 2 route for VLANs that must use an interface other than eth0 (Note: Do not set for the eth0 interface.)
interface Set the Ethernet interface that connects to the VLANs for which you want to create default routes (Note: Do not set this command for the eth0 interface.)
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
vlan Set a range of VLAN IDs that use the default Layer 2 route for the specified interface
<number> Enter the VLAN ID (Range: 1-4094)
- Set a range of VLAN IDs
<number> Enter the last VLAN ID in the range (Range: 1-4094; Note: The end of the VLAN ID range must be equal to or greater than the VLAN ID at the start.)
forwarding-engine log {firewall-dropped-packets|to-self-sessions}
forwarding-engine Set parameters to shape the behavior of the forwarding engine
log Set logging parameters for packets
firewall-dropped-packets Log dropped packets that are denied by IP or MAC firewall policies (Default: Do not log dropped packets)
to-self-sessions Log the first packets of sessions destined for the HiveAP itself (Default: Do not log first packets)
forwarding-engine mac-sessions sync-vlan
forwarding-engine Set parameters to shape the behavior of the forwarding engine
mac-sessions Set MAC session parameters
sync-vlan Enable the local AP to inform its neighbors of the VLAN ID assigned to a client that initially connected it (Default: Disabled; Note: Enabling this option allows neighbors to do a Layer 2 default route lookup based on VLAN.)
forwarding-engine max-ip-sessions-per-station <number>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
max-ip-sessions-per-station Set the maximum number of IP sessions that can be created to or from a station
<number> Enter the maximum IP sessions number per station (Range: 1-8000; Note: By default, IP session limiting is disabled.)
forwarding-engine max-mac-sessions-per-station <number>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
max-mac-sessions-per-station Set the maximum number of MAC sessions that can be created to or from a station
<number> Enter the maximum MAC sessions number per station (Range: 1-8000; Note: By default, MAC session limiting is disabled.)
forwarding-engine proxy-arp enable
forwarding-engine Set parameters to shape the behavior of the forwarding engine
proxy-arp Set ARP proxying parameters
enable Enable learning MAC addresses and proxy replies to ARP requests
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> dst-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
drop Drop packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
drop Drop packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
src-mac Set the source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
drop Drop packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
src-oui Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action drop in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
drop Drop packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action drop in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
drop Drop packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
src-mac Set the source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action drop in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
drop Drop packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
src-oui Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> dst-mac <mac_addr> out-if <ethx|aggx|redx>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
rx-mac Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr> out-if <ethx|aggx|redx>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
src-mac Set the source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
src-mac Set the source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
rx-mac Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr> out-if <ethx|aggx|redx>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
src-oui Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
src-oui Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
rx-mac Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action pass in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwarding-engine static-rule <string> action pass in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
rx-mac Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
src-mac Set the source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
src-mac Set the source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
rx-mac Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
src-oui Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
src-oui Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
rx-mac Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine tunnel selective-multicast-forward allow-all except <ip_addr|ip_addr/mask>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
selective-multicast-forward Selective multicast forwarding through GRE tunnels
allow-all Allow the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
except Block specific IP multicast traffic through tunnels
<ip_addr> Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
<ip_addr/netmask> Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
forwarding-engine tunnel selective-multicast-forward block-all
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
selective-multicast-forward Selective multicast forwarding through GRE tunnels
block-all Block the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
forwarding-engine tunnel selective-multicast-forward block-all except <ip_addr|ip_addr/mask>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
selective-multicast-forward Selective multicast forwarding through GRE tunnels
block-all Block the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
except Allow specific IP multicast traffic through tunnels
<ip_addr> Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
<ip_addr/netmask> Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
forwarding-engine tunnel tcp-mss-threshold enable
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
tcp-mss-threshold Set TCP MSS (Maximum Segment Size) parameters
enable Enable the TCP MSS threshold feature
forwarding-engine tunnel tcp-mss-threshold threshold-size <number>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
tcp-mss-threshold Set TCP MSS (Maximum Segment Size) parameters
threshold-size Set the TCP MSS threshold size
<number> Enter the TCP MSS size in bytes(GRE Tunnel Range: 64-1414; GRE-over-IPSec Tunnel Range: 64-1336)
history <number>
history Set the capacity for command history
<number> Enter the max number of commands to store in command history (Default: 20; Range: 1-50)
hive <string>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
hive <string> frag-threshold <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
frag-threshold Set fragment threshold parameters for the hive
<number> Enter the fragment threshold in bytes for the hive (Default: 2346; Range: 256-2346)
hive <string> manage all
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
manage Set management service parameters
all Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through wireless backhaul interfaces in this hive (Defaults: ping enabled, SNMP disabled, SSH enabled, Telnet disabled)
hive <string> manage {Telnet|SSH|SNMP|ping}
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
manage Set management service parameters
Telnet Enable Telnet manageability of mgt0 through wireless backhaul interfaces in this hive (Default: Disabled)
SSH Enable SSH manageability of mgt0 through wireless backhaul interfaces in this hive (Default: Enabled)
SNMP Enable SNMP manageability of mgt0 through wireless backhaul interfaces in this hive (Default: Disabled)
ping Enable mgt0 to respond to pings through subinterfaces bound to this SSID (Default: Enabled)
hive <string> neighbor connecting-threshold <number> polling-interval <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
neighbor Set the threshold parameters for connecting wirelessly with neighboring hive members
connecting-threshold Set the minimum signal strength threshold required for connecting with a neighboring hive member
<number> Enter a minimum signal strength value in dBm (Default: -80; Range: -90~-55)
polling-interval Set the time interval in minutes for polling the signal strength of neighboring hive members
<number> Enter the polling time interval (Default: 1 minute; range: 1-60)
hive <string> neighbor connecting-threshold {low|medium|high} polling-interval <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
neighbor Set the threshold parameters for connecting wirelessly with neighboring hive members
connecting-threshold Set the minimum signal strength threshold required for connecting with a neighboring hive member
low Set a relatively low minimum signal strength threshold (-85dBm)
medium Set a relatively moderate minimum signal strength threshold (-80dBm)
high Set a relatively high minimum signal strength threshold (-75dBm)
polling-interval Set the time interval in minutes for polling the signal strength of neighboring hive members
<number> Enter the polling time interval (Default: 1 minute; range: 1-60)
hive <string> password <string>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
password Set a key for hive member authentication
<string> Enter a string (8-63 chars) for hive member authentication (Default: a default password is derived from the hive name)
hive <string> rts-threshold <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
rts-threshold Set the RTS (request to send) threshold for the hive
<number> Enter the packet size for the RTS threshold for the hive (Default: 2346 bytes; Range: 1-2346)
hive <string> security mac-filter <string>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
security Set hive security parameters
mac-filter Assign a filter for MAC addresses or OUIs (organizational unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (organizational unique identifiers)
hive <string> security wlan dos station-level frame-type {assoc-req|auth|eapol} ban <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
security Set hive security parameters
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
assoc-req Specify WLAN DoS frame type assoc-req
auth Specify WLAN DoS frame type auth
eapol Specify WLAN DoS frame type eapol
ban Set the period of time to ignore frames after a theshold has been crossed
<number> Enter the period of time in seconds to ignore frames after a theshold has been crossed (Default: 60; Min: 0 Max: None)
hive <string> security wlan dos station-level frame-type {assoc-req|auth|eapol} ban forever
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
security Set hive security parameters
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
assoc-req Specify WLAN DoS frame type assoc-req
auth Specify WLAN DoS frame type auth
eapol Specify WLAN DoS frame type eapol
ban Set the period of time to ignore frames after a theshold has been crossed
forever Set ban forever
hive <string> security wlan dos {hive-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all}
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
security Set hive security parameters
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
hive-level Set DoS parameters at hive-level
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
probe-req Specify WLAN DoS frame type probe-req
probe-resp Specify WLAN DoS frame type probe-resp
assoc-req Specify WLAN DoS frame type assoc-req
assoc-resp Specify WLAN DoS frame type assoc-resp
disassoc Specify WLAN DoS frame type disassoc
auth Specify WLAN DoS frame type auth
deauth Specify WLAN DoS frame type deauth
eapol Specify WLAN DoS frame type eapol
all Specify WLAN DoS frame type all
hive <string> security wlan dos {hive-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all} alarm <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
security Set hive security parameters
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
hive-level Set DoS parameters at hive-level
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
probe-req Specify WLAN DoS frame type probe-req
probe-resp Specify WLAN DoS frame type probe-resp
assoc-req Specify WLAN DoS frame type assoc-req
assoc-resp Specify WLAN DoS frame type assoc-resp
disassoc Specify WLAN DoS frame type disassoc
auth Specify WLAN DoS frame type auth
deauth Specify WLAN DoS frame type deauth
eapol Specify WLAN DoS frame type eapol
all Specify WLAN DoS frame type all
alarm Set the interval in seconds between alarms to indicate continuous DoS conditions
<number> Enter the interval in seconds between alarms to indicate continuous DoS conditions (Default: 60 secs; Min: 0 Max: None)
hive <string> security wlan dos {hive-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all} threshold <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (1-32 chars)
security Set hive security parameters
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
hive-level Set DoS parameters at hive-level
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
probe-req Specify WLAN DoS frame type probe-req
probe-resp Specify WLAN DoS frame type probe-resp
assoc-req Specify WLAN DoS frame type assoc-req
assoc-resp Specify WLAN DoS frame type assoc-resp
disassoc Specify WLAN DoS frame type disassoc
auth Specify WLAN DoS frame type auth
deauth Specify WLAN DoS frame type deauth
eapol Specify WLAN DoS frame type eapol
all Specify WLAN DoS frame type all
threshold Set the frame threshold in ppm (packets per minute) that must be crossed to trigger an alarm
<number> Enter threshold in ppm (Default: hive-level probe-req 12000, probe-resp 24000, eapol 6000, auth 6000, assoc-req 6000, assoc-resp 2400, all others 1200; sta-level probe-req 1200 ppm, probe-resp 2400, eapol 600, auth 600, assoc-req 600, assoc-resp 240, all others 120; Min: 0 Max: None)
hiveui cas client server name <string>
hiveui Enable the NetConfig UI for defining network settings, configuring settings to connect to HiveManager, and uploading a new HiveOS image
cas Set client and server parameters for CAS (Central Authentication Service) to authenticate users such as teachers accessing TeacherView
client Set parameters for the local AP to act as a CAS client
server Set parameters for communicating with the CAS server
name Set the IP address or resolvable domain name for the CAS server
<string> Enter the IP address or domain name (max 32 chars) of the CAS server
hiveui cas client server port <number>
hiveui Enable the NetConfig UI for defining network settings, configuring settings to connect to HiveManager, and uploading a new HiveOS image
cas Set client and server parameters for CAS (Central Authentication Service) to authenticate users such as teachers accessing TeacherView
client Set parameters for the local AP to act as a CAS client
server Set parameters for communicating with the CAS server
port Set the destination TCP port number for the CAS server
<number> [1~65535]Enter the TCP port number (Default: 443; Range: 1-65535)
hiveui enable
hiveui Enable the NetConfig UI for defining network settings, configuring settings to connect to HiveManager, and uploading a new HiveOS image
enable Enable the HiveUI
hostname <string>
hostname Set the hostname of the AP
<string> Enter the hostname of the AP (1-32 chars)
interface <ethx> bind <aggx>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
bind Bind the Ethernet interface to a redundant or aggregate interface
<aggx> Enter the name of the aggregate interface, where x = 0
interface <ethx> bind <redx> [ primary ]
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
bind Bind the Ethernet interface to a redundant or aggregate interface
<redx> Enter the name of the redundant interface, where x = 0
primary Set the Ethernet interface as the primary interface of the redundant or aggregate interface (Default: eth0 is picked as the primary)
interface <ethx> client-monitor-policy <string>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
client-monitor-policy Assign a Client Monitor policy to automatically detect, analyze and report problems about the clients which access network through the specified Ethernet interface
<string> Enter the Client Monitor policy name (1-32 chars)
interface <ethx> duplex {full|half|auto}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
duplex Set the duplex for the interface
full Set the duplex of ethernet interface to full (Default: auto)
half Set the duplex of ethernet interface to half (Default: auto)
auto Set the duplex of ethernet interface to auto (Default: auto)
interface <ethx> ip <ip_addr/netmask>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
ip Set an IP address and netmask for the interface
<ip_addr/netmask> Enter the interface IP address and netmask
interface <ethx> mode wan
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
mode Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
wan Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
interface <ethx> mode wan nat
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
mode Set the operational mode for the interface (Default: backhaul)
wan Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
nat Enable NAT (network address translation) on the interface to translate the source IP address and port number in from-access packets to the IP address of the Ethernet interface and a randomly chosen port number (Default: Enabled)
interface <ethx> native-vlan <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
native-vlan Set the native (untagged) VLAN used by the switch infrastructure in the surrounding Ethernet network
<number> Enter the native (untagged) VLAN (Range: 1-4094)
interface <ethx> security-object <string>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
security-object Assign a security object to control network access through this interface
<string> Enter the security object name (1-32 chars)
interface <ethx> speed {10|100|1000|auto}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
speed Set the speed for the interface
10 Set the speed of ethernet interface to 10 Mbps (Default: auto)
100 Set the speed of ethernet interface to 100 Mbps (Default: auto)
1000 Set the speed of ethernet interface to 1000 Mbps (Default: auto)
auto Set the speed of ethernet interface to auto Mbps (Default: auto)
interface <ethx|aggx|redx> allowed-vlan <number> [ - <number> ]
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
allowed-vlan Set a list of VLAN IDs by which traffic allowed to cross the interface can be filtered
<number> Enter the VLAN ID to be allowed (Range: 1-4094)
- Set a range of allowed VLAN IDs
<number> Enter the last VLAN ID in the range (Range: 1-4094; Note: The end of the VLAN ID range must be equal to or greater than the VLAN ID at the start.)
interface <ethx|aggx|redx> allowed-vlan {all|auto}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
allowed-vlan Set a list of VLAN IDs by which traffic allowed to cross the interface can be filtered
all Allow traffic tagged with any VLAN ID
auto Allow traffic whose VLAN ID matches that of the management interface, virtual management interface, native VLAN, or the default VLAN configured in user profiles
interface <ethx|aggx|redx> inter-station-traffic
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
inter-station-traffic Set the HiveAP to permit traffic between stations connected to one or more of its access interfaces (Default: Enabled)
interface <ethx|aggx|redx> link-discovery {lldp|cdp}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
link-discovery Enable the communication of network-related information with neighboring network devices through the interface (Default: LLDP enabled; CDP enabled)
lldp Set LLDP (Link Layer Discovery Protocol) parameters on the interface
cdp Set CDP (Cisco Discovery Protocol) parameters on the interface
interface <ethx|aggx|redx> mac-learning enable
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
mac-learning Set parameters for MAC address learning
enable Enable MAC address learning on the Ethernet interface
interface <ethx|aggx|redx> mac-learning idle-timeout <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
mac-learning Set parameters for MAC address learning
idle-timeout Set the timeout for automatically clearing an inactive dynamically learned MAC address from the MAC learning table
<number> Enter the timeout value in seconds (Default: 180; Range: 10-3600)
interface <ethx|aggx|redx> mac-learning static <mac_addr>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
mac-learning Set parameters for MAC address learning
static Set statically defined MAC address entries
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
interface <ethx|aggx|redx> manage {Telnet|SSH|SNMP|ping|all}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
manage Set management service parameters
Telnet Enable Telnet manageability of mgt0 through this interface (Default: Disabled)
SSH Enable SSH manageability of mgt0 through this interface (Default: Enabled)
SNMP Enable SNMP manageability of mgt0 through this interface (Default: Disabled)
ping Enable mgt0 to respond to pings through this interface (Default: Enabled)
all Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through this interface
interface <ethx|aggx|redx> mode bridge-802.1q user-profile-attribute <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
mode Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
bridge-802.1q Set the interface in bridge-802.1Q mode, making it a VLAN-aware layer 2 interface to enable the bridging of traffic between 802.1Q VLAN-capable devices in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
user-profile-attribute Map a RADIUS attribute to the user profile
<number> Enter a numeric value for a single RADIUS attribute (Default:0; Range: 0-4095)
interface <ethx|aggx|redx> mode {bridge-802.1q|backhaul}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
mode Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
bridge-802.1q Set the interface in bridge-802.1Q mode, making it a VLAN-aware layer 2 interface to enable the bridging of traffic between 802.1Q VLAN-capable devices in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
backhaul Set the interface in backhaul mode, making it a VLAN-aware layer 2 interface through which the default MAC route for traffic to and from the main LAN passes
interface <ethx|aggx|redx> qos-classifier <string>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
qos-classifier Assign a QoS classification profile (classifier) to the interface
<string> Enter the QoS classifier profile name (1 to 32 chars)
interface <ethx|aggx|redx> qos-marker <string>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
qos-marker Assign a QoS marker profile to the interface
<string> Enter the QoS marker profile name (1 to 32 chars)
interface <ethx|aggx|redx> rate-limit broadcast <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
rate-limit Set parameter for interface-based rate limiting
broadcast Set broadcast traffic rate limiting
<number> Enter the maximum rate for incoming broadcast traffic for the interface (Default: 10000 Kbps; Range: 0-20000)
interface <ethx|aggx|redx> rate-limit multicast <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
rate-limit Set parameter for interface-based rate limiting
multicast Set multicast traffic rate limiting
<number> Enter the maximum rate for incoming multicast traffic for the interface (Default: 20000 Kbps; Range: 0-20000)
interface <ethx|aggx|redx> rate-limit unicast <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
rate-limit Set parameter for interface-based rate limiting
unicast Set unicast traffic rate limiting
<number> Enter the maximum rate for incoming unicast traffic for the interface (Default: 1000000 Kbps; Range: 0-1000000)
interface <ethx|aggx|redx> rate-limit {multicast|broadcast|unicast} enable
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
rate-limit Set parameter for interface-based rate limiting
multicast Set multicast traffic rate limiting
broadcast Set broadcast traffic rate limiting
unicast Set unicast traffic rate limiting
enable Enable rate limiting on the interface for this type of traffic (Default: multicast/broadcast Enable,unicast Disable)
interface <ethx|aggx|redx> shutdown
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
shutdown Disable the interface
interface <ethx|redx|aggx> mode bridge-access [ user-profile-attribute <number> ]
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<redx> Enter the name of the redundant interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
mode Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
bridge-access Set the interface in bridge-access mode, making it a layer 2 interface to enable the bridging of traffic between devices in a single VLAN in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
user-profile-attribute Map a RADIUS attribute to the user profile
<number> Enter a numeric value for a single RADIUS attribute (Default:0; Range: 0-4095)
interface <mgtx.y> ip <ip_addr/netmask>
interface Set interface parameters
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
ip Set IP address for the virtual management interface
<ip_addr/netmask> Enter the virtual management interface IP address and netmask
interface <mgtx.y> manage ping
interface Set interface parameters
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
manage Set management service parameters
ping Enable the virtual management interface to respond to pings (Default: Enabled)
interface <mgtx.y> vlan <number>
interface Set interface parameters
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
vlan Set the VLAN ID for the interface
<number> Enter the VLAN ID (Default: 1; Range: 1-4094)
interface <mgtx> default-ip-prefix <ip_addr/netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
default-ip-prefix Set the network address to combine with the automatically generated host IP address to make a complete IP address (The netmask for the default IP address is 255.255.0.0)
<ip_addr/netmask> Enter the network address/netmask (Default: 192.168.0.0/16; Note: Only 8, 16, and 24-bit netmasks are supported.)
interface <mgtx> default-ip-prefix <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
default-ip-prefix Set the network address to combine with the automatically generated host IP address to make a complete IP address (The netmask for the default IP address is 255.255.0.0)
<ip_addr> Enter the network address (Default: 192.168.0.0)
interface <mgtx> dhcp client fallback-to-static-ip
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
client Set DHCP client parameters
fallback-to-static-ip Assign the static IP address to mgt0 when it does not receive an address through DHCP by the end of the timeout interval
interface <mgtx> dhcp keepalive enable
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
enable Enable the checking of network connectivity to DHCP servers in the specified VLAN range and also in VLANs set in user profile definitions or assigned by RADIUS servers, the native VLAN, and the management interface VLAN (Default: Disabled)
interface <mgtx> dhcp keepalive interval <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
interval Set the interval between periodic connectivity status checks
<number> Enter the interval in seconds (Range: 60-86400; Default: 3600)
interface <mgtx> dhcp keepalive retry <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
retry Set the number of times to retry sending a probe that does not elicit a response from a DHCP server
<number> Enter the retry value (Range: 1-10; Default: 2)
interface <mgtx> dhcp keepalive timeout <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
timeout Set the timeout for waiting for a response to a DHCP probe
<number> Enter the timeout value in seconds (Range: 1-60; Default:10)
interface <mgtx> dhcp keepalive vlan <number> [ <number> ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
vlan Set the range of VLANs in which to probe for DHCP servers
<number> Enter the start of the VLAN range (Range: 1-4094)
<number> Enter the end of the VLAN range (Range: 1-4094)
interface <mgtx> dhcp-probe vlan-range <number> <number> [ timeout <number> ] [ retries <number> ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp-probe Probe for DHCP servers in one or more VLANs
vlan-range Set the range of VLANs in which to probe for a DHCP server
<number> Enter the start of the VLAN range (Range: 1-4094)
<number> Enter the end of the VLAN range (Range: 1-4094)
timeout Set the timeout for waiting for a response to a probe
<number> Enter the timeout value (Default: 10 secs; Range: 1-60)
retries Set the number of times to retry sending a probe that does not elicit a response from a DHCP server
<number> Enter the retry value (Default: 1; Range: 1-10)
interface <mgtx> hive <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
hive Set the hive profile to the mgt0 interface or enable/disable the wifi interface used for hive communications
<string> Enter a hive profile name (1-32 chars)
interface <mgtx> ip <ip_addr/netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
ip Set mgt0 IP address
<ip_addr/netmask> Enter mgt0 IP address/netmask
interface <mgtx> ip <ip_addr> <netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
ip Set mgt0 IP address
<ip_addr> Enter mgt0 IP address
<netmask> Enter mgt0 netmask
interface <mgtx> mtu <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
mtu Set the MTU (maximum transmission unit) to determine when to start fragmenting packets
<number> Enter the MTU value in bytes (Default: 1500; Range: 100-1500)
interface <mgtx> native-vlan <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
native-vlan Set the native (untagged) VLAN that the switch infrastructure in the surrounding wired and wireless backhaul network uses
<number> Enter the native (untagged) VLAN (Default: 1; Range: 1-4094)
interface <mgtx> vlan <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
vlan Set the VLAN for administrative access to the HiveAP, management traffic between HiveAPs and HiveManager, and control traffic among hive members
<number> Enter the VLAN ID for the interface (Default: 1; Range: 1-4094)
interface <mgtx|ethx> dhcp client
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
dhcp Set DHCP parameters
client Set DHCP client parameters
interface <mgtx|ethx> dhcp client address-only
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
dhcp Set DHCP parameters
client Set DHCP client parameters
address-only Set the AP to use only the IP address, netmask, and gateway received through DHCP instead of all TCP/IP settings (Default: Use all TCP/IP settings received through DHCP)
interface <mgtx|ethx> dhcp client option custom ppsk-server <number> ip
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
ppsk-server Set a custom DHCP option ID and ID type for a private PSK server
<number> Enter the custom DHCP option ID (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
ip Set the type of the custom DHCP option as IP
interface <mgtx|ethx> dhcp client option custom radius-server <number> ip
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
radius-server Set a custom DHCP option ID and ID type for a RADIUS authentication or accounting server
<number> Enter the custom DHCP option ID for a RADIUS authentication server (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
ip Set the type of the custom DHCP option as IP
interface <mgtx|ethx> dhcp client option custom radius-server accounting <number> ip
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
radius-server Set a custom DHCP option ID and ID type for a RADIUS authentication or accounting server
accounting Set a custom DHCP option ID and ID type for a RADIUS accounting server
<number> Enter the custom DHCP option ID for a RADIUS accounting server (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
ip Set the type of the custom DHCP option as IP
interface <mgtx|ethx> dhcp client option custom {syslog-server|hivemanager} <number> {string|ip}
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
syslog-server Set a custom DHCP option ID and ID type for a syslog server
hivemanager Set a custom DHCP option ID and ID type for HiveManager
<number> Enter the custom DHCP option ID (Default ID numbers and types: HiveManager = 225 string, 226 IP; Syslog server = 227 string, 228 IP)
string Set the type of the custom DHCP option as a string
ip Set the type of the custom DHCP option as an IP address
interface <mgtx|ethx> dhcp client prefer-subnet <ip_addr/netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
dhcp Set DHCP parameters
client Set DHCP client parameters
prefer-subnet Set prefer subnet for DHCP client
<ip_addr/netmask> Enter prefer subnet for DHCP client
interface <mgtx|ethx> dhcp client timeout <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
dhcp Set DHCP parameters
client Set DHCP client parameters
timeout Set the interval to wait for a response from the DHCP server before applying the admin-defined or default network settings
<number> Enter the timeout value in seconds (Default: 20; Range: 0-3600)
interface <mgtx|mgtx.y> dhcp-server enable
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
enable Enable the DHCP server on the interface
interface <mgtx|mgtx.y> dhcp-server ip-pool <ip_addr> <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
ip-pool Set the IP address pool from which the DHCP server draws addresses when making assignments
<ip_addr> Enter the first address in the range that makes up the IP address pool
<ip_addr> Enter the last address in the range that makes up the IP address pool
interface <mgtx|mgtx.y> dhcp-server options custom <number> hex <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
hex Set the custom option data type as a hexadecimal digit
<string> Enter the hexadecimal digit (1-254 chars; Note: For option 46, which sets the NetBIOS over TCP/IP node type, the string must be 1, 2, 4, or 8.)
interface <mgtx|mgtx.y> dhcp-server options custom <number> integer <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
integer Set the custom option data type as an integer
<number> Enter the integer (Range: 0-2147483647)
interface <mgtx|mgtx.y> dhcp-server options custom <number> ip <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
ip Set the custom option data type as an IP address
<ip_addr> Enter the IP address
interface <mgtx|mgtx.y> dhcp-server options custom <number> string <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
string Set the custom option data type as a string
<string> Enter the string (1-255 chars)
interface <mgtx|mgtx.y> dhcp-server options default-gateway <ip_addr> [ {nat-support} ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
default-gateway Set the default gateway for DHCP clients
<ip_addr> Enter the default gateway (Note: The gateway IP address cannot be the same as that of the interface.)
nat-support Enable NAT support(Note: AP will automatically generates ARP response for default gateway specified in DHCP server options.)
interface <mgtx|mgtx.y> dhcp-server options domain-name <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
domain-name Set the domain name for DHCP clients
<string> Enter the domain name (1-32 chars)
interface <mgtx|mgtx.y> dhcp-server options hivemanager <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
hivemanager Set the IP address or domain name of the HiveManager that you want APs to contact
<ip_addr> Enter the IP address (Note: Use DHCP option 226.)
interface <mgtx|mgtx.y> dhcp-server options hivemanager <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
hivemanager Set the IP address or domain name of the HiveManager that you want APs to contact
<string> Enter the domain name (Length: 1-64 chars; Note: Use DHCP option 225.)
interface <mgtx|mgtx.y> dhcp-server options lease-time <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
lease-time Set the length of the DHCP lease
<number> Enter the lease time in seconds (Default: 86400; Range: 60-86400000)
interface <mgtx|mgtx.y> dhcp-server options mtu <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
mtu Set the path MTU (maximum transmission unit)
<number> Enter the MTU value (Range: 68-8192)
interface <mgtx|mgtx.y> dhcp-server options netmask <netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
netmask Set the netmask for DHCP clients
<netmask> Enter the netmask (Default: The same as the interface netmask.)
interface <mgtx|mgtx.y> dhcp-server options {dns1|dns2|dns3} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
dns1 Set the IP address of the primary DNS (Domain Name System) server that you want DHCP clients to use
dns2 Set the IP address of the secondary DNS server
dns3 Set the IP address of the tertiary DNS server
<ip_addr> Enter the IP address (Note: The DNS server IP address cannot be the same as that of the interface.)
interface <mgtx|mgtx.y> dhcp-server options {logsrv|pop3|smtp} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
logsrv Set the IP address of the log server that is available for DHCP clients
pop3 Set the IP address of the POP3 (Post Office Protocol v3) server that you want DHCP clients to use
smtp Set the IP address of the SMTP (Simple Mail Transfer Protocol) server that you want DHCP clients to use
<ip_addr> Enter the IP address
interface <mgtx|mgtx.y> dhcp-server options {ntp1|ntp2} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
ntp1 Set the IP address of the primary NTP (Network Time Protocol) server with which DHCP clients can synchronize their clocks
ntp2 Set the IP address of the secondary NTP (Network Time Protocol) server with which DHCP clients can synchronize their clocks
<ip_addr> Enter the IP address
interface <mgtx|mgtx.y> dhcp-server options {wins1|wins2} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
wins1 Set the IP address of the primary WINS (Windows Internet Name Service) server for NetBIOS name-to-address resolution
wins2 Set the IP address of the secondary WINS (Windows Internet Name Service) server for NetBIOS name-to-address resolution
<ip_addr> Enter the IP address
interface <mgtx|mgtx.y> dhcp-server {arp-check|authoritative-flag}
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dhcp-server Set DHCP server parameters
arp-check Use ARP to check that an IP address is not already in use on the network before assigning it to a DHCP client (Default: Enabled)
authoritative-flag Set the DHCP server as authoritative (Default: Authoritative; Note: An authoritative DHCP server can send NAKs in response to DHCP requests for addresses in a different subnet from those in the configured IP pool.)
interface <mgtx|mgtx.y> dns-server enable
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dns-server Set DNS server parameters
enable Enable the DNS server on the interface
interface <mgtx|mgtx.y> dns-server ext-resolve {dns1|dns2|dns3} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dns-server Set DNS server parameters
ext-resolve Set the external DNS servers used to resolve all domain names not specified for resolution by internal DNS servers
dns1 Set the IP address of the primary external DNS server
dns2 Set the IP address of the secondary external DNS server
dns3 Set the IP address of the tertiary external DNS server dns3
<ip_addr> Enter the IP address of the external DNS server
interface <mgtx|mgtx.y> dns-server int-domain-name <string> [ <ip_addr> ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dns-server Set DNS server parameters
int-domain-name Set a domain name for resolution by internal DNS servers
<string> Enter the domain name (Max 32 chars; Note: Domain names are matched with implicit wildcards at the left end of the string; for example, both "www.aerohive.com" and "www.my-hive.com" match the domain name string "hive.com".)
<ip_addr> Enter the IP address of the internal DNS server to use for this domain name
interface <mgtx|mgtx.y> dns-server int-resolve {dns1|dns2|dns3} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dns-server Set DNS server parameters
int-resolve Set the DNS servers on the internal network used to resolve domain names in the match list
dns1 Set the IP address of the primary internal DNS server
dns2 Set the IP address of the secondary internal DNS server
dns3 Set the IP address of the tertiary internal DNS server dns3
<ip_addr> Enter the IP address of the internal DNS server
interface <mgtx|mgtx.y> dns-server mode {split|nonsplit}
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dns-server Set DNS server parameters
mode Set the mode for responding to domain name resolution queries (Default: split)
split Forward queries only for domain names in a match list to internal DNS servers and forward queries for everything else to external DNS servers
nonsplit Forward all queries to internal DNS servers
interface <mgtx|mgtx.y> dns-server opendns-device-id <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
dns-server Set DNS server parameters
opendns-device-id Set the device ID to use with OpenDNS
<string> Enter the device ID (16-char hex string)
interface <mgtx|mgtx.y> ip-helper address <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
ip-helper Forward DHCP broadcast packets to a DHCP server
address Set the DHCP server IP address
<ip_addr> Enter the IP address
interface <mgtx|mgtx.y> ip-helper max-hops <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
ip-helper Forward DHCP broadcast packets to a DHCP server
max-hops Set the DHCP relay max Hops, default hops is 4
<number> Enter the integer (Range: 1-16)
ip path-mtu-discovery enable
ip Set IP parameters
path-mtu-discovery Set Path MTU (Maximum Transmission Unit) Discovery parameters on a device functioning as a router or VPN gateway
enable Enable Path MTU Discovery to learn the maximum packet size that can be sent across the network between two hosts without fragmentation (Default: Enabled)
ip route default gateway <ip_addr> [ metric <number> ]
ip Set IP parameters
route Set a routing entry
default Set a default route entry
gateway Set the network gateway
<ip_addr> Enter the gateway IP address
metric Set metric parameter
<number> Enter a metric for an IP route (Default: 0; Range: 0-32766)
ip route host <ip_addr> [ gateway <ip_addr> ] [ metric <number> ]
ip Set IP parameters
route Set a routing entry
host Set a route to a host
<ip_addr> Enter target IP address
gateway Set the network gateway
<ip_addr> Enter the gateway IP address
metric Set metric parameter
<number> Enter a metric for an IP route (Default: 0; Range: 0-32766)
ip route net <ip_addr> <netmask> [ gateway <ip_addr> ] [ metric <number> ]
ip Set IP parameters
route Set a routing entry
net Set a route to a net
<ip_addr> Enter target IP address
<netmask> Enter target netmask
gateway Set the network gateway
<ip_addr> Enter the gateway IP address
metric Set metric parameter
<number> Enter a metric for an IP route (Default: 0; Range: 0-32766)
ip tcp-mss-threshold enable
ip Set IP parameters
tcp-mss-threshold Set TCP Maximum Segment Size parameters (Note: This setting only applies to a device functioning as a router or VPN gateway.)
enable Enable the monitoring of the MSS option in TCP SYN and SYN-ACK messagesand, if necessary, reduce the MSS value as determined by the TCP MSS threshold (Default: Enabled; Note: If no TCP MSS threshold value is specified, TCP MSS clamping uses the Path MTU- 40 bytes for the IP and TCP headers.)
ip tcp-mss-threshold l3-vpn-threshold-size <number>
ip Set IP parameters
tcp-mss-threshold Set TCP Maximum Segment Size parameters (Note: This setting only applies to a device functioning as a router or VPN gateway.)
l3-vpn-threshold-size Set the TCP MSS threshold for TCP connections that pass through a Layer 3 VPN tunnel
<number> Enter the TCP MSS threshold in bytes for tunneled traffic (Range: 64-1460; Note: If not set, the device uses the TCP MSS threshold.)
ip tcp-mss-threshold threshold-size <number>
ip Set IP parameters
tcp-mss-threshold Set TCP Maximum Segment Size parameters (Note: This setting only applies to a device functioning as a router or VPN gateway.)
threshold-size Set the TCP MSS threshold for all TCP connections passing through the device
<number> Enter the TCP MSS threshold in bytes (Range: 64-1460; Default: Path MTU - 40 bytes for the IP and TCP headers)
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop|redirect} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
permit Set the action to permit (Default: deny)
deny Set the action to deny (Default: deny)
nat Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
inter-station-traffic-drop Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
redirect redirect http traffic to specified url(Default: deny)
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action deny log packet-drop
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
deny Set the action to deny (Default: deny)
log Set logging options for packets and sessions that match the IP firewall policy
packet-drop Log dropped packets that the IP firewall policy denies
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action inter-station-traffic-drop log [ {initiate-session|terminate-session|packet-drop} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
inter-station-traffic-drop Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
log Set logging options for packets and sessions that match IP FW policy
initiate-session Log the creation of sessions that are permitted by the policy
terminate-session Log the termination of sessions that are permitted by the policy
packet-drop Log dropped packets that are denied by the policy
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action permit log [ {initiate-session|terminate-session} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
permit Set the action to permit (Default: deny)
log Set logging options for packets and sessions that match the IP firewall policy
initiate-session Log session details when a session is created after passing a IP firewall policy lookup
terminate-session Log session details when a session matching a IP firewall policy is terminated
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] to local-subnet [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop|redirect} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-64 chars)
<string> Enter an IP or domain name (1-64 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
local-subnet Set the subnet of the mgt0 interface as the destination
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
permit Set the action to permit (Default: deny)
deny Set the action to deny (Default: deny)
nat Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
inter-station-traffic-drop Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
redirect redirect http traffic to specified url(Default: deny)
iperf client <ip_addr> [ {port} <number> ] [ {udp} ] [ {interval} <number> ] [ {no-delay} ] [ {dual-test} ] [ {tradeoff} ] [ {listen-port} <number> ] [ {window} <number> ] [ {mss} <number> ] [ {bandwidth} <number> ] [ {time} <number> ] [ {parallel} <number> ]
iperf Set parameters for Iperf, a tool for testing and measuring network performance
client Set Iperf to run in client mode
<ip_addr> Enter the server IP address with which the HiveAP connects as an Iperf client
port Set the port on which the client connects to the server
<number> Enter the port number (Range: 1024-65535; Default: 5001)
udp Set the transport protocol as UDP (Default: TCP)
interval Set the interval between periodic bandwidth, jitter, and loss reports
<number> Enter the interval in seconds (Range: 1-60; Default: 0, which means that the report is not made periodically)
no-delay Transmit small logical packets individually without the delay incurred by putting them in batches within a single larger physical packet (Default: Smaller packets are transmitted without delay)
dual-test Set the Iperf tool to do bidirectional upstream and downstream performance testing between the client and server concurrently
tradeoff Set the Iperf tool to do bidirectional upstream and downstream performance testing at different times so downstream testing only begins after upstream testing is complete
listen-port Set the port on which the server connects to the client
<number> Enter the port number (Range: 1024-65535; Default: The same port on which the client connects to the server)
window Set the TCP window size (socket buffer size)
<number> Enter the TCP window size in kilobytes (Range: 2-65535; Default: 83.5)
mss Set the maximum TCP segment size (MTU: 40 bytes)
<number> Enter the maximum TCP segment size in bytes (Range: 40-65535; Default: 4160)
bandwidth Set the amount of UDP bandwidth to send
<number> Enter the bandwidth in megabits per second (Range: 1-1000; Default: 1)
time Set the length of transmission time
<number> Enter the time in seconds (Range: 1-65535; Default: 10)
parallel Set the client to make multiple connections to the server concurrently (Note: This option requires multiple thread support on both the client and server.)
<number> Enter the number of parallel client threads to run (Range: 1-10; Default: 1)
iperf server [ {port} <number> ] [ {udp} ] [ {single-udp} ] [ {interval} <number> ] [ {no-delay} ] [ {window} <number> ] [ {mss} <number> ] [ {bind} <ip_addr> ]
iperf Set parameters for Iperf, a tool for testing and measuring network performance
server Set Iperf to run in server mode
port Set the port on which the server listen on
<number> Enter the port number (Range: 1024-65535; Default: 5001)
udp Set the transport protocol as UDP (Default: TCP)
single-udp Set the Iperf tool to run in single-threaded UDP mode
interval Set the interval between periodic bandwidth, jitter, and loss reports
<number> Enter the interval in seconds (Range: 1-60; Default: 0, which means that the report is not made periodically)
no-delay Transmit small logical packets individually without the delay incurred by putting them in batches within a single larger physical packet (Default: Smaller packets are transmitted without delay)
window Set the TCP window size (socket buffer size)
<number> Enter the TCP window size in kilobytes (Range: 2-65535; Default: 83.5)
mss Set the maximum TCP segment size (MTU: 40 bytes)
<number> Enter the maximum TCP segment size in bytes (Range: 40-65535; Default: 4160)
bind Bind and join the HiveAP to a multicast group
<ip_addr> Enter the IP address of the multicast group (Range: 224.0.0.0-239.255.255.255)
ipv6 dhcpv6-shield enable
ipv6 Set IPv6 parameters
dhcpv6-shield Set the DHCPv6 shield to block the forwarding of DHCPv6 server messages received on any access interface
enable Enable the DHCPv6 shield on access interfaces
ipv6 ra-guard stateless enable
ipv6 Set IPv6 parameters
ra-guard Set the IPv6 RA guard (router advertisement guard) to block router advertisements on access interfaces
stateless Set the IPv6 RA guard as stateless, meaning that incoming router advertisements are examined and then either blocked or forwarded based only on the information of the received frame; specifically, the port on which the frame was received
enable Enable the IPv6 RA guard on access interfaces
library-sip-policy <string> default user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
library-sip-policy Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
<string> Enter a library SIP policy name (1-32 chars)
default Set the default rule to apply to unregistered library patrons
user-group Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
<string> Enter the user group name (1-32 chars)
action Set the action that the library SIP policy rule applies
permit Notify users assigned to the user group that they are permitted network access
restricted Notify users assigned to the user group that they are given restricted network access
deny Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
additional-display-message Set a message to display when a user attempts to access the network
<string> Enter a message string (up to 256 chars)
library-sip-policy <string> id <number> field <string> {equal|greater-than|less-than} <number> user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
library-sip-policy Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
<string> Enter a library SIP policy name (1-32 chars)
id Set an ID number for a rule to add it to the library SIP policy
<number> Enter an ID number (Range: 1-64)
field Set the two-letter character code that identifies the field name of a specific library SIP value
<string> Enter the two-letter character code(2 char)
equal Check if the field value that the SIP server returns equals the number entered in the local AP RADIUS server
greater-than Check if the field value that the SIP server returns is greater than the number entered in the local AP RADIUS server
less-than Check if the field value that the SIP server returns is less than the number entered in the local AP RADIUS server
<number> Enter the number that the AP RADIUS server uses when checking the field values that the SIP server returns (Range: 0-65535)
user-group Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
<string> Enter the user group name (1-32 chars)
action Set the action that the library SIP policy rule applies
permit Notify users assigned to the user group that they are permitted network access
restricted Notify users assigned to the user group that they are given restricted network access
deny Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
additional-display-message Set a message to display when a user attempts to access the network
<string> Enter a message string (up to 256 chars)
library-sip-policy <string> id <number> field <string> {matches|differs-from|starts-with|occurs-after|occurs-before|contains} <string> user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
library-sip-policy Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
<string> Enter a library SIP policy name (1-32 chars)
id Set an ID number for a rule to add it to the library SIP policy
<number> Enter an ID number (Range: 1-64)
field Set the two-letter character code that identifies the field name of a specific library SIP value
<string> Enter the two-letter character code(2 char)
matches Check if the field value that the SIP server returns matches the string entered in the local AP RADIUS server
differs-from Check if the field value that the SIP server returns differs-from the string entered in the local AP RADIUS server
starts-with Check if the field value that the SIP server returns starts-with the string entered in the local AP RADIUS server
occurs-after Check if the field value that the SIP server returns occurs-after the string entered in the local AP RADIUS server
occurs-before Check if the field value that the SIP server returns occurs-before the string entered in the local AP RADIUS server
contains Check if the field value that the SIP server returns contains the string entered in the local AP RADIUS server
<string> Enter the string that the AP RADIUS server uses when checking the field values that the SIP server returns (1-32 chars; Note: Date format must be YYYY-MM-DD; Example: 2010-01-01.)
user-group Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
<string> Enter the user group name (1-32 chars)
action Set the action that the library SIP policy rule applies
permit Notify users assigned to the user group that they are permitted network access
restricted Notify users assigned to the user group that they are given restricted network access
deny Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
additional-display-message Set a message to display when a user attempts to access the network
<string> Enter a message string (up to 256 chars)
library-sip-policy <string> id <number> {after|before} id <number>
library-sip-policy Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
<string> Enter a library SIP policy name (1-32 chars)
id Set an ID number for a rule to add it to the library SIP policy
<number> Enter an ID number (Range: 1-64)
after Move the library SIP rule after another rule in the policy
before Move the library SIP rule before another rule in the policy
id Set an ID number for a rule to add it to the library SIP policy
<number> Enter an ID number (Range: 1-64)
license <string> <string>
license Set license parameters
<string> Enter registration license
<string> Enter registration key
lldp [ {cdp|receive-only} ]
lldp Set LLDP (Link Layer Discovery Protocol) parameters
cdp Set CDP (Cisco Discovery Protocol) parameters
receive-only Enable the HiveAP to receive and cache LLDP advertisements from neighboring network devices but not send them
lldp [ {cdp} ] max-entries <number>
lldp Set LLDP (Link Layer Discovery Protocol) parameters
cdp Set CDP (Cisco Discovery Protocol) parameters
max-entries Set the maximum number of entries to cache in the LLDP or CDP neighbor table
<number> Enter the maximum number of entries to cache (Default: 64; Range: 1-128)
lldp holdtime <number>
lldp Set LLDP (Link Layer Discovery Protocol) parameters
holdtime Set the length of time that the neighboring network devices to retain the LLDP advertisements that it sends to them
<number> Enter the length of time in seconds that the neighboring network devices to hold LLDP advertisements (Default: 90; Range: 0-65535)
lldp max-power <number>
lldp Set LLDP (Link Layer Discovery Protocol) parameters
max-power Set the maximum power that can be requested when transmitting LLDP advertisements
<number> Enter the maximum power in watts to be requested (Default: 154; Range: 1-250; Note: 154 = 15.4 watts)
lldp timer <number>
lldp Set LLDP (Link Layer Discovery Protocol) parameters
timer Set the interval between LLDP advertisements to neighboring network device
<number> Enter the interval in seconds between LLDP advertisements (Default: 30; Range: 5-65534)
load config {current|backup|bootstrap|default}
load Load a configuration file
config Specify which configuration file to load after rebooting
current Load the current configuration file after rebooting
backup Load the backup configuration file after rebooting
bootstrap Load the bootstrap configuration file after rebooting
default Load the default configuration file after rebooting
location aerohive enable
location Set parameters for location tracking
aerohive Set parameters for the Aerohive location processing engine
enable Enable client location tracking (Default: Disabled)
location aerohive list-match enable
location Set parameters for location tracking
aerohive Set parameters for the Aerohive location processing engine
list-match Track a station if its MAC address is in the track list
enable Enable track list checking before tracking a station (Default: Enabled)
location aerohive mac <mac_addr>
location Set parameters for location tracking
aerohive Set parameters for the Aerohive location processing engine
mac Add a MAC entry to the track list
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
location aerohive oui <oui>
location Set parameters for location tracking
aerohive Set parameters for the Aerohive location processing engine
oui Add an OUI (organizationally unique identifier) entry to the track list
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
location aerohive report-interval <number>
location Set parameters for location tracking
aerohive Set parameters for the Aerohive location processing engine
report-interval Set the interval between reports of RSSI readings
<number> Enter the report interval in seconds (Default: 60; Range: 15-1200)
location aerohive rssi-hold-time <number>
location Set parameters for location tracking
aerohive Set parameters for the Aerohive location processing engine
rssi-hold-time Set the number of times that the local HiveAP, as an owner AP, can include the same client RSSI report from another HiveAP in its aggregate report to HiveManager before determining the data to be stale and omitting it from future reports (Note: The owner AP is the one to which the client is associated)
<number> Enter the number of times to reuse a client RSSI report that has not been updated (Default: 0; Range: 0-10)
location aerohive rssi-update-threshold <number>
location Set parameters for location tracking
aerohive Set parameters for the Aerohive location processing engine
rssi-update-threshold Set the change in RSSI required to trigger an update
<number> Enter the update threshold in dB (Default: 3; Range: 1-5)
location aerohive rssi-valid-period <number>
location Set parameters for location tracking
aerohive Set parameters for the Aerohive location processing engine
rssi-valid-period Set the period of time that an RSSI reading remains valid (Note: After this period elapses, an updated report is generated even if the RSSI value has not crossed the update threshold)
<number> Enter the validity period in seconds (Default: 60; Range: 15-1200)
location aerohive suppress-report <number>
location Set parameters for location tracking
aerohive Set parameters for the Aerohive location processing engine
suppress-report Set the number of consecutive reports that can be suppressed when a client's RSSI has not changed significantly
<number> Enter the number of consecutive RSSI reports to suppress (Default: 0; Range: 0-80)
location rate-threshold {tag|station|rogue-ap} <number>
location Set parameters for location tracking
rate-threshold Set the rate limit threshold for location tracking
tag Set the rate limit threshold for tags
station Set the rate limit threshold for stations
rogue-ap Set the rate limit threshold for rogue-aps
<number> Enter the rate limit threshold in packets per second (Default: 1000 for tags, 200 for stations, 50 for rogue APs; Range: 1-100000)
location {aeroscout|tzsp} enable
location Set parameters for location tracking
aeroscout Set parameters for the aeroscout location processing engine
tzsp Set parameters for the location processing engine that supports TZSP (Tazmen Sniffer Protocol) for packet encapsulation
enable Enable location tracking and reporting to the location processing engine
location {aeroscout} server <string>
location Set parameters for location tracking
aeroscout Set parameters for the aeroscout location processing engine
server Set the IP address or domain name of the location processing engine to which the HiveAP sends tracking reports
<string> Enter the IP address or domain name of the location processing engine (1-64 chars)
location {aeroscout} {tag|station|rogue-ap}
location Set parameters for location tracking
aeroscout Set parameters for the aeroscout location processing engine
tag Track and report the location of tags to the location processing engine
station Track and report the location of stations to the location processing engine
rogue-ap Track and report the location of rogue APs to the location processing engine
location {tzsp} mcast-mac <mac_addr>
location Set parameters for location tracking
tzsp Set parameters for the location processing engine that supports TZSP (Tazmen Sniffer Protocol) for packet encapsulation
mcast-mac Set the multicast MAC address to which the HiveAP transmits captured multicast frames encapsulated with TZSP (Default: 01:18:8e:00:00:00)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
location {tzsp} server-config server <string> port <number>
location Set parameters for location tracking
tzsp Set parameters for the location processing engine that supports TZSP (Tazmen Sniffer Protocol) for packet encapsulation
server-config Set the IP address or domain name and port number of the location server to which the HiveAP sends TZSP-encapsulated multicast frames captured from RFID tags
server Set the IP address or domain name of the location server
<string> Enter the IP address or domain name (1-64 chars)
port Set the port number on which the location server listens for tracking reports
<number> Enter the port number (Range: 1-65535)
logging buffered level {emergency|alert|critical|error|warning|notification|info|debug}
logging Set logging parameters
buffered Set logging buffer
level Set logging level
emergency Send emergency-level log entries (Default: debug)
alert Send log entries from alert to emergency levels (Default: debug)
critical Send log entries from critical to emergency levels (Default: debug)
error Send log entries from error to emergency levels (Default: debug)
warning Send log entries from warning to emergency levels (Default: debug)
notification Send log entries from notification to emergency levels (Default: debug)
info Send log entries from info to emergency levels (Default: debug)
debug Send log entries for all severity levels (Default: debug)
logging debug
logging Set logging parameters
debug Enable debug messages
logging facility {local0|local1|local2|local3|local4|local5|local6|local7|auth|authpriv|security|user}
logging Set logging parameters
facility Set logging facility
local0 Set log facility to local0 (Default: local6)
local1 Set log facility to local1 (Default: local6)
local2 Set log facility to local2 (Default: local6)
local3 Set log facility to local3 (Default: local6)
local4 Set log facility to local4 (Default: local6)
local5 Set log facility to local5 (Default: local6)
local6 Set log facility to local6 (Default: local6)
local7 Set log facility to local7 (Default: local6)
auth Set log facility to auth (Default: local6)
authpriv Set log facility to authpriv (Default: local6)
security Set log facility to security (Default: local6)
user Set log facility to user (Default: local6)
logging flash level {emergency|alert|critical|error|warning|notification|info|debug}
logging Set logging parameters
flash Set logging flash
level Set logging level
emergency Send emergency-level log entries (Default: error)
alert Send log entries from alert to emergency levels (Default: error)
critical Send log entries from critical to emergency levels (Default: error)
error Send log entries from error to emergency levels (Default: error)
warning Send log entries from warning to emergency levels (Default: error)
notification Send log entries from notification to emergency levels (Default: error)
info Send log entries from info to emergency levels (Default: error)
debug Send log entries for all severity levels (Default: error)
logging server <string> [ level {emergency|alert|critical|error|warning|notification|info|debug} ] [ {via-vpn-tunnel} ]
logging Set logging parameters
server Set parameters for a syslog server
<string> Set the IP address or domain name (1-32 chars) for the syslog server
level Set the severity level for the log messages you want to send
emergency Send emergency-level log entries
alert Send log entries from alert to emergency levels
critical Send log entries from critical to emergency levels
error Send log entries from error to emergency levels
warning Send log entries from warning to emergency levels
notification Send log entries from notification to emergency levels
info Send log entries from info to emergency levels
debug Send log entries for all severity levels
via-vpn-tunnel Send all logging traffic through a VPN tunnel (Note: Set this option on VPN clients when the logging server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
logging trap level [ {emerg|alert|crit|err|warning|notice|info} ]
logging Set logging parameters
trap Set logging trap parameters
level Set logging trap level
emerg Set logging trap level to emerg (Default: info)
alert Set logging trap level to alert (Default: info)
crit Set logging trap level to crit (Default: info)
err Set logging trap level to err (Default: info)
warning Set logging trap level to warning (Default: info)
notice Set logging trap level to notice (Default: info)
info Set logging trap level to info (Default: info)
login banner <string>
login Set parameters fot the CLI login
banner Set the banner that appears after logging in to the CLI
<string> Enter the banner text (Default: 'Aerohive Networks Inc.\n Copyright (C) 2006-2010\n'; Max: 256 chars; Notes: Use '\n' to indicate a line break.)
mac-object <string> mac-range <mac_addr> - <mac_addr>
mac-object Set parameters for an MAC object that the HiveAP can use to assign a client with a matching MAC address to a user profile (Max: 128 MAC objects per HiveAP.)
<string> Enter the MAC object name (1-32 chars)
mac-range Set a range of MAC addresses for the MAC object (Max: 255 MAC address ranges per MAC object)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
- Set a range of MAC addresses
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] [ action {permit|deny} ]
mac-policy Set MAC policy parameters
<string> Enter a MAC policy name (1-32 chars)
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
before Set the before parameters for a MAC policy
after Set the after parameters for a MAC policy
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
from Set the source MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
to Set the destination MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
action Set action for a MAC policy (Default: deny)
permit Set the action to permit (Default: deny)
deny Set the action to deny (Default: deny)
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action deny log packet-drop
mac-policy Set MAC policy parameters
<string> Enter a MAC policy name (1-32 chars)
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
before Set the before parameters for a MAC policy
after Set the after parameters for a MAC policy
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
from Set the source MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
to Set the destination MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
action Set action for a MAC policy (Default: deny)
deny Set the action to deny (Default: deny)
log Set logging options for packets and sessions that match the MAC firewall policy
packet-drop Log dropped packets that the MAC firewall policy denies
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action permit log [ {initiate-session|terminate-session} ]
mac-policy Set MAC policy parameters
<string> Enter a MAC policy name (1-32 chars)
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
before Set the before parameters for a MAC policy
after Set the after parameters for a MAC policy
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
from Set the source MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
to Set the destination MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
action Set action for a MAC policy (Default: deny)
permit Set the action to permit (Default: deny)
log Set logging options for packets and sessions that match the MAC firewall policy
initiate-session Log session details when a session is created after passing a MAC firewall policy lookup
terminate-session Log session details when a session matching a MAC firewall policy is terminated
mdm-object <string> [ enroll-status {enrolled|non-enrolled|unknown} ] [ compliance-status {compliant|non-compliant|unknown} ] [ client-tag <string> ]
mdm-object Set the MDM (mobile device management) object
<string> Enter an MDM object name (1-32 chars)
enroll-status Set the enrollment status of the managed mobile device
enrolled Set the MDM enrollment status of the device as enrolled
non-enrolled Set the MDM enrollment status of the device as non-enrolled
unknown Set the MDM enrollment status of the device as unknown
compliance-status Set a compliance status
compliant Set the compliance status as compliant
non-compliant Set the compliance status as non-compliant
unknown Set the compliance status as unknown
client-tag Set an MDM client tag name to indicate the ownership of the managed mobile device (Note: BYOD and CID are common ownership tags that describe bring-your-own-device and corporate-issues-device situations.)
<string> Enter a tag name (1-32 chars)
mobile-device-policy <string> [ rule <number> ] [ original-user-profile <string> ] device-group <string> reassigned-user-profile-attr <number>
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
rule Add a rule to the mobile device policy
<number> Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the HiveAP automatically assigns one.)
original-user-profile Specify the user profile that the HiveAP first assigns to traffic before it completes the device classification process
<string> Enter the original user profile (1-32 chars)
device-group Set the device group that the policy rule references to classify the type of client device in use
<string> Enter a device group name (1-32 chars)
reassigned-user-profile-attr Reassign the client to a different user profile if it belongs to the specified device group or was initially assigned to the specified original user profile
<number> Enter the attribute of the user profile to assign in place of the originally assigned one (Range: 0-4095)
mobile-device-policy <string> apply {once|multiple-times}
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
apply Set the method for applying mobile device policy rules
once Apply a policy rule once if a client match is found after finishing the complete device type classification process(Default: Once)
multiple-times Apply a policy rule if a client match is found at any point during the device type detection process (Default: Once)(Note: Different rules might be applied at different times as the HiveAP collects more information about a client.)
mobile-device-policy <string> client-classification [ {mac} ] [ {domain} ] [ {os} ]
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
client-classification Set the client device classification methods that you want to use
mac Use the client classification method that is based on the MAC address of the device
domain Use the client classification method that is based on the computer domain to which a client belongs in the database
os Use the client classification method that is based on the OS running on the device
mobile-device-policy <string> rule <number> {before|after} rule <number>
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
rule Add a rule to the mobile device policy
<number> Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the HiveAP automatically assigns one.)
before Move the mobile device policy rule before another rule in the policy
after Move the mobile device policy rule after another rule in the policy
rule Set a rule before or after another rule in the mobile device policy
<number> Enter a rule ID number (Range: 1-65535)
mobility-policy <string> dnxp
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
dnxp Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring hive members)
mobility-policy <string> dnxp nomadic-roaming
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
dnxp Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring hive members)
nomadic-roaming Enable fast roaming support on nonneighboring hive members in different subnets (Default: predictive-roaming)
mobility-policy <string> dnxp unroam-threshold <number> <number>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
dnxp Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring hive members)
unroam-threshold Set the minimum traffic level required to continue tunneling traffic back to the original subnet of a L3 roaming client. (Note: If the volume of client traffic dips below the threshold, it is disassociated.)
<number> Enter the minimum number of packets/minute to and from the client required to continue tunneling its traffic back to its original subnet (Default: 0; Range: 0-2147483647; Note: The value "0" disables the unroaming feature.)
<number> Enter the interval in seconds for polling traffic statistics (Default: 60 seconds; Range: 10-600)
mobility-policy <string> inxp gre-tunnel from <ip_addr/netmask> password <string>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
inxp Assign INXP (Identity Network eXtension Protocol) for the mobility policy
gre-tunnel Set the INXP gre-tunnel parameters
from Set the INXP gre-tunnel source parameters
<ip_addr/netmask> Enter subnet for INXP gre-tunnel source
password Set password for INXP gre-tunnel
<string> Enter password for INXP gre-tunnel (1-64 chars)
mobility-policy <string> inxp gre-tunnel to <ip_addr> <ip_addr> password <string>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
inxp Assign INXP (Identity Network eXtension Protocol) for the mobility policy
gre-tunnel Set the INXP gre-tunnel parameters
to Set the INXP gre-tunnel destination parameters
<ip_addr> Enter start IP address for INXP gre-tunnel destination
<ip_addr> Enter end IP address for INXP gre-tunnel destination
password Set password for INXP gre-tunnel
<string> Enter password for INXP gre-tunnel (1-64 chars)
mobility-policy <string> inxp gre-tunnel to <ip_addr> password <string>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1-32 chars)
inxp Assign INXP (Identity Network eXtension Protocol) for the mobility policy
gre-tunnel Set the INXP gre-tunnel parameters
to Set the INXP gre-tunnel destination parameters
<ip_addr> Enter start IP address for INXP gre-tunnel destination
password Set password for INXP gre-tunnel
<string> Enter password for INXP gre-tunnel (1-64 chars)
mobility-threshold gre-tunnel permitted-load {low|medium|high}
mobility-threshold Set parameters for tunneling mobile user traffic
gre-tunnel Set the volume of traffic that the local AP will accept through GRE (Generic Routing Encapsulation) tunnels (Note: Only set this option on portals.)
permitted-load Set a level determining the amount of traffic the local AP will accept through GRE tunnels
low Accept a relatively low number of tunnels (Default: high)
medium Accept a relatively moderate number of tunnels (Default: high)
high Accept a relatively high number of tunnels (Default: high)
ntp enable
ntp Set NTP (Network Time Protocol) parameters
enable Enable the local AP to act as an NTP client
ntp interval <number>
ntp Set NTP (Network Time Protocol) parameters
interval Set the interval for synchronizing the internal clock with an NTP server
<number> Enter the interval in minutes (Default: 1440; Range: 60-10080)
ntp server <string> [ {second|third|fourth} ] [ {via-vpn-tunnel} ]
ntp Set NTP (Network Time Protocol) parameters
server Set NTP server parameters
<string> Enter the IP address or domain name of an NTP server (1-32 chars)
second Set the priority of the NTP server as second
third Set its priority as third
fourth Set its priority as fourth
via-vpn-tunnel Send all NTP traffic through a VPN tunnel (Note: Set this option on VPN clients when the NTP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
os-detection enable
os-detection Set the OS (Operating System) detection parameters
enable Enable OS detection to learn client station operating systems (Default: Enabled)
os-detection method dhcp-option55
os-detection Set the OS (Operating System) detection parameters
method Set the OS detection method (Note: HiveAPs can detect the OS of client stations using option 55 in the DHCP packets or by parsing the HTTP headers to find the User-Agent field.)
dhcp-option55 Detect client station operating systems by parsing option 55 in DHCP messages from clients (Default: Enabled)
os-detection method user-agent
os-detection Set the OS (Operating System) detection parameters
method Set the OS detection method (Note: HiveAPs can detect the OS of client stations using option 55 in the DHCP packets or by parsing the HTTP headers to find the User-Agent field.)
user-agent Detect client station operating systems by parsing the User-Agent field in HTTP packets (Default: Disabled)
os-object <string> os-version <string>
os-object Set parameters for an OS object that the HiveAP can use to assign a client running a matching OS to a user profile (Max: 64 OS objects per HiveAP.)
<string> Enter an OS object name (1-32 chars; Note: The object name is an admin-defined name and does not have to be the name of an operating system.)
os-version Set the name and version of an operating system version (Max: 32 OS versions per OS object)
<string> Enter the exact text string that identifies an operating system as it appears in the user agent ID field in HTTP headers (1-32 chars; Note: Use quotation marks if spaces are required. Examples: "Windows NT 5.1", "Mac OS X", "Linux i686")
os-version <string> option55 <string>
os-version Set the OS (operating system) version you want to detect in the DHCP packets
<string> Enter the OS version name (1-32 chars; Note: The OS version name can be in any form you choose; for example, "Windows XP" or "WinXP".)
option55 Set the option 55 string for the type of operating system you want to detect
<string> Enter the DHCP option 55 string (1-256 chars)
performance-sentinel notification-interval <number>
performance-sentinel Set performance sentinel parameters to moderate client throughput
notification-interval Set the interval for sending SNMP traps to HiveManager to update the performance sentinel log
<number> Enter the performance sentinel log update interval in seconds (Default: 600; Range: 30-1800)
ping <ip_addr> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
ping Perform a ping
<ip_addr> Enter the destination IP address
count Stop pinging after sending the specified number of ICMP echo requests
<number> Enter a number after sending the number of ICMP echo requests the pinging stop (Default: 5, Range: 1-65535)
size Set the size of the ICMP packets
<number> Enter the packet size in bytes (Default: 56, Range: 1-1024)
ttl Set the TTL (time to live)
<number> Enter the TTL (Range: 1-255)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 10; Range: 1-60)
ping <string> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
ping Perform a ping
<string> Enter the destination domain name (1-32 chars)
count Set the number of ICMP echo requests to send
<number> Enter the number of ICMP echo requests (Default: 5, Range: 1-65535)
size Set the size of the ICMP packets
<number> Enter the packet size in bytes (Default: 56, Range: 1-1024)
ttl Set the TTL (time to live)
<number> Enter the TTL (Range: 1-255)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 10; Range: 1-60)
probe <ip_addr|mac_addr> [ size <number> ] [ src-mac <mac_addr> ] [ wait-time <number> ] [ ttl <number> ] [ count <number> ]
probe Set the probe parameters
<ip_addr> Enter the target IP or MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
size Set the probe request packet size (default: 512 bytes)
<number> Enter a packet size (range: 256-1400 bytes)
src-mac Set the Source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
wait-time Set the timeout value (default: 1 second)
<number> Enter an timeout value (range: 1-30 seconds)
ttl Set the TTL value (default 32)
<number> Enter an TTL value (range: 1-255)
count Set probe request count (default: 5)
<number> Enter the probe request count (range: 1-64)
probe portal [ size <number> ] [ src-mac <mac_addr> ] [ wait-time <number> ] [ ttl <number> ] [ count <number> ]
probe Set the probe parameters
portal Set the target of the probe as the MAC address of the HiveAP acting as portal
size Set the probe request packet size (default: 512 bytes)
<number> Enter a packet size (range: 256-1400 bytes)
src-mac Set the Source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
wait-time Set the timeout value (default: 1 second)
<number> Enter an timeout value (range: 1-30 seconds)
ttl Set the TTL value (default 32)
<number> Enter an TTL value (range: 1-255)
count Set probe request count (default: 5)
<number> Enter the probe request count (range: 1-64)
qos airtime enable
qos Set QoS (Quality of Service) parameters
airtime Set QoS parameters based on the amount of airtime that wireless client traffic uses
enable Enable dynamic airtime scheduling
qos airtime rate-preference-weight {none|moderate|high}
qos Set QoS (Quality of Service) parameters
airtime Set QoS parameters based on the amount of airtime that wireless client traffic uses
rate-preference-weight Set a preference for forwarding traffic to and from wireless clients that are capable of fast data transfer rates
none Set no preference for clients with a fast data rate (Default: high)
moderate Set a moderate preference for clients with a fast data rate (Default: high)
high Set a high preference for clients with a fast data rate (Default: high)
qos classifier-map 80211e <number> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
80211e Map IEEE 802.11e user priority markers on incoming packets to Aerohive QoS classes
<number> Enter IEEE 802.11e user priority (Range: 0-7)
<number> Enter Aerohive QoS class (Range: 0-7)
qos classifier-map 8021p <number> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
8021p Map IEEE 802.1p priority markers on incoming packets to Aerohive QoS classes
<number> Enter IEEE 802.1p Priority (Range: 0-7)
<number> Enter Aerohive QoS class (Range: 0-7)
qos classifier-map diffserv <number> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
diffserv Map diffserv DSCP (Differentiated Services Code Point) values on incoming packets to Aerohive QoS classes
<number> Enter the DSCP class (Range: 0-63)
<number> Enter the Aerohive QoS class (Range: 0-7)
qos classifier-map interface <ethx|aggx|redx> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
interface Map incoming Ethernet traffic to Aerohive QoS classes by its ingress interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
<number> Enter the Aerohive QoS class (Range: 0-7)
qos classifier-map oui <oui> [ qos <number> ] [ action {permit|deny|log} ] [ comment <string> ]
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
oui Set a MAC OUI (Organizational Unique Identifier) classification table
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
qos Set an Aerohive QoS class to the MAC
<number> Enter Aerohive QoS class (Range: 0-7)
action Set an action to the MAC OUI
permit permit the packet
deny deny the packet
log log the packet
comment Add a comment to the MAC OUI
<string> Enter a comment (Maximum:32 chars) to the MAC
qos classifier-map service <string> [ qos <number> ] [ action {permit|deny|log} ]
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
service Set service-based classification table
<string> Enter service name (1-32 chars)
qos Set an Aerohive QoS class to the service
<number> Enter the Aerohive QoS class (Range: 0-7)
action Set the action to take when receiving a packet for this service
permit permit the packet
deny deny the packet
log log the packet
qos classifier-map ssid <string> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Aerohive QoS classes
ssid Map incoming wireless traffic to Aerohive QoS classes by SSID
<string> Enter an SSID name
<number> Enter the Aerohive QoS class (Range: 0-7)
qos classifier-profile <string> [ {interface/ssid-only|8021p|80211e|diffserv|interface/ssid|mac|service} ]
qos Set QoS (Quality of Service) parameters
classifier-profile Set a QoS classification profile
<string> Enter a classifier profile name (1-32 chars)
interface/ssid-only Classify all incoming and outgoing packets using the interface or SSID bound to this classifier profile (Note: The interface/ssid-only method cannot be combined with other methods in the same classifier profile or applied to more than one profile. This profile has precedence over all others.)
8021p Classify incoming packets by 802.1p priority markers present in Layer2 frame headers
80211e Classify incoming packets by 802.11e priority markers present in wireless frame headers
diffserv Classify incoming packets by DiffServ DSCP values present in Layer3 packet headers
interface/ssid Classify packets by the interface or SSID that they traverse (Note: If two interface/SSID classifier profiles apply to the same session, the one providing better QoS is used.)
mac Classify packets by the OUI (organizationally unique identifier) of the session participants (Note: If two OUI classifier profiles apply to the same session, the one providing better QoS is used.)
service Classify incoming packets by network service type
qos enable
qos Set QoS (Quality of Service) parameters
enable Enable QoS (Quality of Service)
qos l3-police interface <string> enable
qos Set QoS (Quality of Service) parameters
l3-police Set parameters for simplified Layer 3 (VoIP QoS) policing
interface Set simplified Layer 3 (VoIP QoS) parameters for the specified interface
<string> Interface name
enable Enable Layer 3 policing for the specified interface
qos l3-police interface <string> max-download-bw <number>
qos Set QoS (Quality of Service) parameters
l3-police Set parameters for simplified Layer 3 (VoIP QoS) policing
interface Set simplified Layer 3 (VoIP QoS) parameters for the specified interface
<string> Interface name
max-download-bw Set the maximum download bandwidth in Kbps
<number> The maximum download bandwidth in Kbps (Default: 100 Kbps; Range: 0~20000 Kbps)
qos l3-police interface <string> max-upload-bw <number>
qos Set QoS (Quality of Service) parameters
l3-police Set parameters for simplified Layer 3 (VoIP QoS) policing
interface Set simplified Layer 3 (VoIP QoS) parameters for the specified interface
<string> Interface name
max-upload-bw Set the maximum upload bandwidth in Kbps
<number> The maximum upload bandwidth in Kbps (Default: 100 Kbps; Range: 0~20000 Kbps)
qos l3-police voip-detect-timeout <number>
qos Set QoS (Quality of Service) parameters
l3-police Set parameters for simplified Layer 3 (VoIP QoS) policing
voip-detect-timeout Sets timeout used to turn off VoIP QoS policing after VoIP media traffic detection stops
<number> The timeout duration in seconds (Default: 10 seconds; Range: 2~100 seconds)
qos marker-map 80211e <number> <number>
qos Set QoS (Quality of Service) parameters
marker-map Map Aerohive QoS classes to QoS priority markers on outgoing packets
80211e Map Aerohive QoS classes to IEEE 802.11e user priority markers on outgoing packets
<number> Enter the Aerohive QoS class (Range: 0-7)
<number> Enter the IEEE 802.11e user priority (Range: 0-7)
qos marker-map 8021p <number> <number>
qos Set QoS (Quality of Service) parameters
marker-map Map Aerohive QoS classes to QoS priority markers on outgoing packets
8021p Map Aerohive QoS classes to IEEE 802.1p priority markers on outgoing packets
<number> Enter Aerohive QoS class (Range: 0-7)
<number> Enter IEEE 802.1p Priority (Range: 0-7)
qos marker-map 8021p <string> [ <number> <number> ]
qos Set QoS (Quality of Service) parameters
marker-map Map Aerohive QoS classes to QoS priority markers on outgoing packets
8021p Map Aerohive QoS classes to IEEE 802.1p priority markers on outgoing packets
<string> Enter marker name (1-32 chars)
<number> Enter Aerohive QoS class (Range: 0-7)
<number> Enter IEEE 802.1p Priority (Range: 0-7)
qos marker-map diffserv <number> <number>
qos Set QoS (Quality of Service) parameters
marker-map Map Aerohive QoS classes to QoS priority markers on outgoing packets
diffserv Map Aerohive QoS classes to diffserv DSCP (Differentiated Services Code Point) values on outgoing packets
<number> Enter the Aerohive QoS class (Range: 0-7)
<number> Enter the DSCP class (Range: 0-63)
qos marker-map diffserv <string> [ <number> <number> ]
qos Set QoS (Quality of Service) parameters
marker-map Map Aerohive QoS classes to QoS priority markers on outgoing packets
diffserv Map Aerohive QoS classes to diffserv DSCP (Differentiated Services Code Point) values on outgoing packets
<string> Enter marker name (1-32 chars)
<number> Enter the Aerohive QoS class (Range: 0-7)
<number> Enter the DSCP class (Range: 0-63)
qos marker-profile <string> [ {8021p|80211e|diffserv} ]
qos Set QoS (Quality of Service) parameters
marker-profile Set a QoS marker profile
<string> Enter the marker profile name (1-32 chars)
8021p Use 802.1p priority markers in Layer 2 frame headers as the marking method
80211e Use 802.11e priority markers in wireless frame headers as the marking method
diffserv Use DiffServ DSCP values in Layer 3 packet headers as the marking method
qos policy <string> [ user-profile <number> <number> ] [ user <number> ] [ qos <number> {strict|wrr} <number> <number> ]
qos Set QoS (Quality of Service) parameters
policy Set a QoS policy to control traffic forwarding
<string> Enter the policy name (1-32 chars)
user-profile Set QoS policy parameters at the user profile level
<number> Enter the user profile rate limit in kbps (Range: 0-2000000)
<number> Enter the scheduling weight for the user profile (Range: 0-1000)
user Set QoS parameters at the user level
<number> Enter the user rate limit in kbps (Range: 0-2000000)
qos Set QoS parameters at the Aerohive QoS class level
<number> Enter the Aerohive QoS class (Range: 0-7)
strict Set the scheduling mode as strict to forward traffic without queuing it
wrr Set the scheduling mode as WRR (weighted round robin) to queue traffic and use rate limits and weights to prioritize forwarding
<number> Enter the class rate limit in kbps (Range: 0-2000000)
<number> Enter the scheduling weight (Range: 0-1000; Note: If the scheduling mode is strict, its weight must be zero.)
quit
quit Quit CLI (Command Line Interface)
reboot
reboot Reboot the system
reboot date <date> time <time>
reboot Reboot the system
date Schedule the system to reboot at a specific date and time
<date> Enter the date when you want the system to reboot (Format: yyyy-mm-dd; Default: The current date provided by HiveOS)
time Set the time when you want the system to reboot
<time> Enter the time (Format: hh:mm:ss; Default: 00:00:00)
reboot offset <time>
reboot Reboot the system
offset Schedule the system to reboot at a time relative to the moment you enter the command
<time> Enter the length of time after which the system will reboot (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss; Default:00:00:00)
reboot {backup|current}
reboot Reboot the system
backup Load the backup HiveOS image when rebooting (Default image to load when rebooting after saving a new image: backup; Default image to load when rebooting at all other times: current)
current Load the currently running HiveOS image when rebooting
reboot {backup|current} date <date> time <time>
reboot Reboot the system
backup Load the backup HiveOS image when rebooting (Default image to load when rebooting after saving a new image: backup; Default image to load when rebooting at all other times: current)
current Load the currently running HiveOS image when rebooting
date Schedule the system to reboot at a specific date and time
<date> Enter the date when you want the system to reboot (Format: yyyy-mm-dd; Default: The current date provided by HiveOS)
time Set the time when you want the system to reboot
<time> Enter the time (Format: hh:mm:ss; Default: 00:00:00)
reboot {backup|current} offset <time>
reboot Reboot the system
backup Load the backup HiveOS image when rebooting (Default image to load when rebooting after saving a new image: backup; Default image to load when rebooting at all other times: current)
current Load the currently running HiveOS image when rebooting
offset Schedule the system to reboot at a time relative to the moment you enter the command
<time> Enter the length of time after which the system will reboot (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss; Default:00:00:00)
report statistic alarm-threshold client {tx-drop-rate|rx-drop-rate|tx-retry-rate|airtime-consumption} <number>
report Set the parameters for gathering traffic statistics and reporting them to HiveManager
statistic Set the periodic reporting of interface-level and client-level traffic statistics
alarm-threshold Set the alarm threshold for the CRC error rate, Tx/Rx drop rate, and Tx retry rate(Note: If the rate exceeds the threshold, the HiveAP sends an alarm to HiveManager.)
client Set the Tx/Rx drop rate, Tx retry rate, and airtime consumption alarm threshold of clients
tx-drop-rate Set the Tx drop rate alarm threshold for clients (Default: 40%)
rx-drop-rate Set the Rx drop rate alarm threshold for clients (Default: 40%)
tx-retry-rate Set the Tx retry rate alarm threshold for clients (Default: 40%)
airtime-consumption Set the airtime consumption (Tx airtime percentage + Rx airtime percentage) alarm threshold for clients (Default: 30%)
<number> Enter the alarm threshold (Range: 1-100)
report statistic alarm-threshold interface {crc-error-rate|tx-drop-rate|rx-drop-rate|tx-retry-rate|airtime-consumption} <number>
report Set the parameters for gathering traffic statistics and reporting them to HiveManager
statistic Set the periodic reporting of interface-level and client-level traffic statistics
alarm-threshold Set the alarm threshold for the CRC error rate, Tx/Rx drop rate, and Tx retry rate(Note: If the rate exceeds the threshold, the HiveAP sends an alarm to HiveManager.)
interface Set the CRC error rate, Tx/Rx drop rate, Tx retry rate, and airtime consumption alarm threshold of wifi interfaces
crc-error-rate Set CRC error rate alarm threshold for the wifi interfaces (Default: 30%)
tx-drop-rate Set the Tx drop rate alarm threshold for the wifi interfaces (Default: 40%)
rx-drop-rate Set the Rx drop rate alarm threshold for the wifi interfaces (Default: 40%)
tx-retry-rate Set the Tx retry rate alarm threshold for the wifi interfaces (Default: 40%)
airtime-consumption Set the airtime consumption (Tx airtime percentage + Rx airtime percentage) alarm threshold for the wifi interfaces (Default: 50%)
<number> Enter the alarm threshold (Range: 1-100)
report statistic enable
report Set the parameters for gathering traffic statistics and reporting them to HiveManager
statistic Set the periodic reporting of interface-level and client-level traffic statistics
enable Enable the creation of traffic statistics reports
report statistic period <number>
report Set the parameters for gathering traffic statistics and reporting them to HiveManager
statistic Set the periodic reporting of interface-level and client-level traffic statistics
period Set the time interval for gathering traffic statistics and calculating percentages
<number> Enter the time interval (Default: 10 minutes; Supported: 1, 5, 10, 30 or 60 minutes)
reset config [ {bootstrap} ]
reset Return the configuration to its default settings or the files in a web directory to the default file set
config Reset the configuration to the factory default settings and reboot
bootstrap Clear bootstrap configuration
reset web-directory [ <string> [ {save-to-flash} ] ]
reset Return the configuration to its default settings or the files in a web directory to the default file set
web-directory Reset the files in all web directories, in a specific directory, or in directories referenced by SSIDs to the default file set
<string> Enter the web directory name to reset files in the directory to the default file set (1-32 chars)
save-to-flash Save the default set of files in the specified directory to flash memory
reset web-directory all-running-ssid
reset Return the configuration to its default settings or the files in a web directory to the default file set
web-directory Reset the files in all web directories, in a specific directory, or in directories referenced by SSIDs to the default file set
all-running-ssid Reset the web directories for all SSIDs to the default file set
reset-button reset-config-enable
reset-button Enable the reset button on the AP chassis to reset the AP config
reset-config-enable Enable the reset button to reset the AP to its factory default settings or, if set, to a bootstrap config (Default: enabled)
roaming cache update-interval <number> ageout <number>
roaming Set roaming parameter
cache Set the interval between updates and the number of times to update station's roaming cache
update-interval Set the interval for sending roaming cache updates to neighbors
<number> Enter the roaming cache update interval in seconds (Default: 60; Range: 10-36000)
ageout Set how many times an entry must be absent from a neighbors updates before removing it from the roaming cache
<number> Enter the number of absences required to remove an entry (Default:60; Range: 1-1000)
roaming cache-broadcast neighbor-type access enable
roaming Set roaming parameter
cache-broadcast Set parameters for broadcasting roaming cache data to hive neighbors
neighbor-type Set the type of neighbor to which you want to broadcast roaming cache data
access Broadcast roaming cache data to hive neighbors discovered through wireless access links
enable Enable the broadcasting of roaming cache data to hive neighbors over wireless access links (Default: Enabled)
roaming cache-broadcast neighbor-type backhaul enable
roaming Set roaming parameter
cache-broadcast Set parameters for broadcasting roaming cache data to hive neighbors
neighbor-type Set the type of neighbor to which you want to broadcast roaming cache data
backhaul Broadcast roaming cache data to hive neighbors discovered through Ethernet and wireless backhaul links
enable Enable the broadcasting of roaming cache data to hive neighbors over backhaul links (Default: Enabled)
roaming hop <number>
roaming Set roaming parameter
hop Set the number of HiveAPs away from the source HiveAP to which it sends station authentication information
<number> Set roaming hop value (Defaule: 1, Range: 0-16)
roaming neighbor exclude ip <ip_addr>
roaming Set roaming parameter
neighbor Set which HiveAPs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
exclude Exclude dynamic roaming neighbor
ip Set IP address parameter for static roaming neighbor
<ip_addr> Enter IP address for static roaming neighbor
roaming neighbor include ip <ip_addr> <netmask>
roaming Set roaming parameter
neighbor Set which HiveAPs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
include Include dynamic roaming neighbor
ip Set IP address parameter for static roaming neighbor
<ip_addr> Enter IP address for static roaming neighbor
<netmask> Enter netmask for static roaming neighbor
roaming neighbor query-interval <number> query-times <number>
roaming Set roaming parameter
neighbor Set which HiveAPs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
query-interval Set roaming neighbor query interval
<number> Enter roaming neighbor query interval (Default: 10 secs; Min: 5; Max: 360000)
query-times Set roaming neighbor query times
<number> Enter roaming neighbor query times (Default: 5; Min: 2; Max: 1000)
roaming port <number>
roaming Set roaming parameter
port Set the port number that hive members use when sending roaming control data to each other
<number> Enter the port number for L3 roaming control traffic (Default: 3000; Range: 1500-65000; Note: The new setting must be at least 50 more or 50 less than the current setting.)
route <mac_addr> outgoing-interface <string> next-hop <mac_addr>
route Set a MAC address route
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
outgoing-interface Set outgoing interface
<string> Enter interface name
next-hop Set the MAC address of the next hop in the L2 forwarding route
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
routing internal-sub-network <ip_addr/netmask> [ {tunnel-dist-only} ]
routing Set routing parameters
internal-sub-network Set an internal subnetwork to be used in branch offices
<ip_addr/netmask> Enter the IP address and netmask for the internal subnetwork
tunnel-dist-only Do not advertise the route to the internal subnetwork via dynamic routing protocols
routing protocol bgp auth-mode md5 key <string>
routing Set the routing protocol that the VPN gateway uses to map the network topology dynamically
protocol Set the dynamic routing protocol type and its parameters
bgp Use BGP (Border Gateway Protocol) for routing
auth-mode Set parameters for authenticating BGP packets received from neighbors (Default: Authentication is disabled)
md5 Set MD5 as the authentication algorithm
key Set the MD5 key string
<string> Enter the 32-character hexadecimal key string
routing protocol bgp keepalive <number>
routing Set the routing protocol that the VPN gateway uses to map the network topology dynamically
protocol Set the dynamic routing protocol type and its parameters
bgp Use BGP (Border Gateway Protocol) for routing
keepalive Set the interval between keepalive transmissions
<number> Enter the number of seconds between 0-21845 (Default: 60)
routing protocol bgp neighbor <ip_addr>
routing Set the routing protocol that the VPN gateway uses to map the network topology dynamically
protocol Set the dynamic routing protocol type and its parameters
bgp Use BGP (Border Gateway Protocol) for routing
neighbor Specify a BGP neighbor with which the VPN gateway can communicate and exchange routing information
<ip_addr> Enter the BGP neighbor number in dotted decimal notation like an IPv4 address (For example, enter a router ID of 5 as 0.0.0.05)
routing protocol bgp router-id <ip_addr>
routing Set the routing protocol that the VPN gateway uses to map the network topology dynamically
protocol Set the dynamic routing protocol type and its parameters
bgp Use BGP (Border Gateway Protocol) for routing
router-id Set the BGP router ID number (Default: The VPN gateway uses the highest IP address configured on its network interfaces as the router ID.)
<ip_addr> Enter the router ID number in dotted decimal notation like an IPv4 address (For example, enter a router ID of 5 as 0.0.0.05)
routing protocol bgp system-number <number>
routing Set the routing protocol that the VPN gateway uses to map the network topology dynamically
protocol Set the dynamic routing protocol type and its parameters
bgp Use BGP (Border Gateway Protocol) for routing
system-number Specify the AS (autonomous system) number to identify the administrative and authoritative domain of the network
<number> Enter a number between 1-65535 (Note: For public systems, enter the number allocated by an entity such as ARIN, RIPE, or APNIC. For private systems, enter a number from 64512 to 65535.)
routing protocol enable
routing Set the routing protocol that the VPN gateway uses to map the network topology dynamically
protocol Set the dynamic routing protocol type and its parameters
enable Enable dynamic routing
routing protocol ospf advertise <ethx>
routing Set the routing protocol that the VPN gateway uses to map the network topology dynamically
protocol Set the dynamic routing protocol type and its parameters
ospf Use OSPF (Open Shortest Path First) for routing
advertise Set the Ethernet interface on which the VPN gateway advertises routing information
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
routing protocol ospf area <ip_addr>
routing Set the routing protocol that the VPN gateway uses to map the network topology dynamically
protocol Set the dynamic routing protocol type and its parameters
ospf Use OSPF (Open Shortest Path First) for routing
area Set the OSPF area for which the VPN gateway maintains routing information in its link-state database
<ip_addr> Enter the 32-bit number identifying the OSPF area in dotted decimal notation like an IPv4 address (For example, enter an area of 10 as 0.0.0.10)
routing protocol ospf auth-mode md5 key <string>
routing Set the routing protocol that the VPN gateway uses to map the network topology dynamically
protocol Set the dynamic routing protocol type and its parameters
ospf Use OSPF (Open Shortest Path First) for routing
auth-mode Set parameters for authenticating OSPF packets received from neighbors (Default: Authentication is disabled)
md5 Set MD5 as the authentication algorithm
key Set the MD5 key string
<string> Enter the 32-character hexadecimal key string
routing protocol ospf router-id <ip_addr>
routing Set the routing protocol that the VPN gateway uses to map the network topology dynamically
protocol Set the dynamic routing protocol type and its parameters
ospf Use OSPF (Open Shortest Path First) for routing
router-id Set the OSPF router ID (Default: The VPN gateway uses the highest IP address configured on its network interfaces as the router ID.)
<ip_addr> Enter the router ID number in dotted decimal notation like an IPv4 address (For example, enter a router ID of 5 as 0.0.0.05)
routing protocol ripv2 advertise <ethx>
routing Set the routing protocol that the VPN gateway uses to map the network topology dynamically
protocol Set the dynamic routing protocol type and its parameters
ripv2 Use RIPv2 (Routing Information Protocol version 2) for routing
advertise Set the Ethernet interface on which the VPN gateway advertises routing information
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
routing protocol ripv2 auth-mode md5 key <string>
routing Set the routing protocol that the VPN gateway uses to map the network topology dynamically
protocol Set the dynamic routing protocol type and its parameters
ripv2 Use RIPv2 (Routing Information Protocol version 2) for routing
auth-mode Set parameters for authenticating RIP packets received from neighbors (Default: Authentication is disabled)
md5 Set MD5 as the authentication algorithm
key Set the MD5 key string
<string> Enter the 32-character hexadecimal key string
routing protocol type {ripv2|ospf|bgp}
routing Set the routing protocol that the VPN gateway uses to map the network topology dynamically
protocol Set the dynamic routing protocol type and its parameters
type Select the dynamic routing protocol to use
ripv2 Use RIPv2 (Routing Information Protocol version 2) for routing
ospf Use OSPF (Open Shortest Path First) for routing
bgp Use BGP (Border Gateway Protocol) for routing
save config <location> bootstrap
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
bootstrap Save a configuration to the bootstrap configuration
save config <location> current
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
save config <location> current <time> [ <date> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
save config <location> current now
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
now Save the configuration and reboot the system immediately
save config <location> current offset <time>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
save config <url> bootstrap [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
bootstrap Save the config file for the HiveAP to use as its bootstrap configuration, which is the one it loads if it fails to load the current and backup config files or if you enter the 'reset config' command
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config <url> current <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
current Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config <url> current [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
current Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
now Save the configuration and reboot the system immediately
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config <url> current offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
current Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config [ running current ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
running Save a configuration from the running configuration
current Save a configuration to the current configuration
save config bootstrap <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
bootstrap Save the bootstrap configuration to a remote server
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save config current <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
current Save the current configuration to a remote server or to the bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save config current bootstrap
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
current Save the current configuration to a remote server or to the bootstrap config
bootstrap Save a configuration to the bootstrap configuration
save config running bootstrap
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
running Save a configuration from the running configuration
bootstrap Save a configuration to the bootstrap configuration
save config users [ bootstrap ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
users Save private PSK user accounts to the current or bootstrap configuration
bootstrap Save private PSK user accounts to the bootstrap configuration
save config {current|bootstrap} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
current Save the current configuration to a remote server or to the bootstrap config
bootstrap Save the bootstrap configuration to a remote server
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save dhcp-fingerprint {option55} <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
dhcp-fingerprint Save a fingerprint file of DHCP options for client OS detection
option55 Save a fingerprint file of various parameter request lists mapped to client operating systems (Note: DHCP clients include unique lists in DHCP option 55 when sending DHCPDISCOVER messages. By comparing those lists with the fingerprints in the file, client operating systems can be detected.)
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save dhcp-fingerprint {option55} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
dhcp-fingerprint Save a fingerprint file of DHCP options for client OS detection
option55 Save a fingerprint file of various parameter request lists mapped to client operating systems (Note: DHCP clients include unique lists in DHCP option 55 when sending DHCPDISCOVER messages. By comparing those lists with the fingerprints in the file, client operating systems can be detected.)
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save image <location> <time> [ <date> ] [ limit <number> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
save image <location> [ {now} ] [ limit <number> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
now Save the image and reboot the system immediately
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
save image <location> offset <time> [ limit <number> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
save image <url> <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save image <url> [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
now Save the image and reboot the system immediately
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save image <url> offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save radius-server-key radsec {cert|ca} <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
radius-server-key Save certificate files for the local Aerohive RADIUS server to use
radsec Save certificates that the local Aerohive device uses when functioning as a RadSec proxy server (Note: A RadSec proxy server can forward RADIUS requests over a secure TLS tunnel between RadSec peers.)
cert Save an end-entity certificate for the Aerohive device to use when authenticating itself to a RadSec peer
ca Save a CA (certificate authority) certificate for the Aerohive device to verify the certificate of its RadSec peer
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save radius-server-key radsec {cert|ca} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
radius-server-key Save certificate files for the local Aerohive RADIUS server to use
radsec Save certificates that the local Aerohive device uses when functioning as a RadSec proxy server (Note: A RadSec proxy server can forward RADIUS requests over a secure TLS tunnel between RadSec peers.)
cert Save an end-entity certificate for the Aerohive device to use when authenticating itself to a RadSec peer
ca Save a CA (certificate authority) certificate for the Aerohive device to verify the certificate of its RadSec peer
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name that the local device uses to log in to the HTTP server
<string> Enter the login name (1-32 chars)
password Set the password to enter during the login process
<string> Enter the password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for connecting to an HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domain_name, ip_addr, domain_name:port, or ip_addr:port)
proxy-admin Set the name that the local device uses to log in to the HTTP proxy server
<string> Enter the login name (1-32 chars)
password Set the password to enter during the login process
<string> Enter the password (1-64 chars)
save radius-server-key {radius-server|ldap-client} <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
radius-server-key Save certificate files for the local Aerohive RADIUS server to use
radius-server Save certificates that the local HiveAP uses when functioning as a RADIUS server
ldap-client Save certificates that the local HiveAP uses when functioning as an LDAP client
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save radius-server-key {radius-server|ldap-client} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
radius-server-key Save certificate files for the local Aerohive RADIUS server to use
radius-server Save certificates that the local HiveAP uses when functioning as a RADIUS server
ldap-client Save certificates that the local HiveAP uses when functioning as an LDAP client
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save server-files
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
server-files Save certificate and private key files used by the internal web and RADIUS servers and VPN from DRAM to flash memory for persistent storage after reboots (Note: For security reasons, these files are saved only in DRAM by default.)
save signature-file <location> [ limit <number> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
signature-file Remote image used for L7 application
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
save signature-file <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
signature-file Remote image used for L7 application
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save ssid <string> mac-bind <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
ssid Save a locally stored file to a remote server
<string> Enter the file name to upload to a remote server
mac-bind Save auth-ppsk mac-binding file
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save users <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
users Save private PSK (preshared key) configurations
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save users <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
users Save private PSK (preshared key) configurations
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save vpn {ca-cert|ee-cert|private-key} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
vpn Save a VPN certificate or private key file
ca-cert Save a CA (certificate authority) certificate for the HiveAP to verify its IKE peer's certificate
ee-cert Save an end-entity certificate for the HiveAP to use when authenticating itself to an IKE peer
private-key Save the private key for the HiveAP to use when creating its RSA signature
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save vpn {ee-cert|private-key|ca-cert} <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
vpn Save a VPN certificate or private key file
ee-cert Save an end-entity certificate for the HiveAP to use when authenticating itself to an IKE peer
private-key Save the private key for the HiveAP to use when creating its RSA signature
ca-cert Save a CA (certificate authority) certificate for the HiveAP to verify its IKE peer's certificate
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save web-page [ ppsk-self-reg ] web-directory <string> <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-page Save a file for use with the internal web server
ppsk-self-reg Save a file to the private PSK self-registration web directory (Note: The HiveAP, as a private PSK server, uses these files to respond to self-registration requests.)
web-directory Save a file to a specific web directory
<string> Enter the web directory name
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save web-page [ ppsk-self-reg ] web-directory <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-page Save a file for use with the internal web server
ppsk-self-reg Save a file to the private PSK self-registration web directory (Note: The HiveAP, as a private PSK server, uses these files to respond to self-registration requests.)
web-directory Save a file to a specific web directory
<string> Enter the web directory name
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save web-server-key <number> <location> [ comment <string> ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-server-key Save certificate files for the internal web server to use
<number> Enter key file index for the internal web server (Range : 0-15)
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
comment Enter a comment
<string> Enter a comment (max 64 chars)
save web-server-key <number> <url> [ comment <string> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-server-key Save certificate files for the internal web server to use
<number> Enter key file index for the internal web server (Range : 0-15)
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
comment Set a comment about the certificate file
<string> Enter the comment (1-64 chars)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save {capture} local <string> <location>
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
capture Save a packet capture file stored locally to a remote server
local Save a locally stored packet capture file to a remote server
<string> Enter the file name to upload to a remote server
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save {capture} local <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
capture Save a packet capture file stored locally to a remote server
local Save a locally stored packet capture file to a remote server
<string> Enter the file name to upload to a remote server
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
schedule <string> once <date> <time> to <date> <time> [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 chars)
once Set a one-time schedule
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
to Set a date and time range
<date> Enter an end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter an end time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
schedule <string> ppsk once <date> <time> to <date> <time> [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 chars)
ppsk Set a schedule to determine the validity period for the private PSK users to which the schedule is applied
once Set a one-time schedule
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
to Set a date and time range
<date> Enter an end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter an end time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
schedule <string> ppsk recurrent [ date-range <date> [ to <date> ] ] [ weekday <string> ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 chars)
ppsk Set a schedule to determine the validity period for the private PSK users to which the schedule is applied
recurrent Set a recurrent schedule
date-range Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
to Set a date range (If you do not want to set an end date, do not use this option.)
<date> Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
weekday Set the weekdays during which private PSK users are valid
<string> Enter one or more numbers to indicate which days the schedule is applied (1=Sunday, 2=Monday, ... 7=Saturday; Examples: 246=Monday, Wednesday, Friday; 23456=Monday-Friday; 1234567=everyday)
time-range Set a time range during which the schedule will be applied on each scheduled day
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
to Set a time range
<time> Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
time-range Set a second time range for the schedule
<time> Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
to Set a time range
<time> Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
schedule <string> recurrent [ date-range <date> [ to <date> ] ] [ weekday-range {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} [ to {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} ] ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 chars)
recurrent Set a recurrent schedule
date-range Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
to Set a date range (If you do not want to set an end date, do not use this option.)
<date> Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
weekday-range Apply the schedule on specific days of the week (To apply the schedule everyday, do not use this option.)
Monday Apply the schedule on every Monday within the date range
Tuesday Apply the schedule on every Tuesday within the date range
Wednesday Apply the schedule on every Wednesday within the date range
Thursday Apply the schedule on every Thursday within the date range
Friday Apply the schedule on every Friday within the date range
Saturday Apply the schedule on every Saturday within the date range
Sunday Apply the schedule on every Sunday within the date range
to Set a range of weekdays during which the schedule will be applied (Example: monday to friday)
Monday Apply the schedule on every Monday within the date range
Tuesday Apply the schedule on every Tuesday within the date range
Wednesday Apply the schedule on every Wednesday within the date range
Thursday Apply the schedule on every Thursday within the date range
Friday Apply the schedule on every Friday within the date range
Saturday Apply the schedule on every Saturday within the date range
Sunday Apply the schedule on every Sunday within the date range
time-range Set a time range during which the schedule will be applied on each scheduled day
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
to Set a time range
<time> Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
time-range Set a second time range for the schedule
<time> Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
to Set a time range
<time> Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
security mac-filter <string> address <mac_addr> {permit|deny} [ comment <string> ]
security Set the security parameters
mac-filter Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (1-32 chars)
address Set MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
permit Set the action of the specified MAC to permit
deny Set the action of the specified MAC to deny
comment Enter a comment
<string> Enter a comment (max 64 chars)
security mac-filter <string> default {permit|deny}
security Set the security parameters
mac-filter Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (1-32 chars)
default Set MAC-filter default action
permit Set MAC-filter default action to permit (Default: permit)
deny Set MAC-filter default action to deny (Default: permit)
security mac-filter <string> oui <oui> {permit|deny} [ comment <string> ]
security Set the security parameters
mac-filter Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (1-32 chars)
oui Set the OUI used to identify a vendor
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
permit Set the action of the specified OUI to permit
deny Set the action of the specified OUI to deny
comment Enter a comment
<string> Enter a comment (max 64 chars)
security-object <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security-object <string> default-user-profile-attr <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
default-user-profile-attr Set the attribute of the user profile to apply to user traffic by default
<number> Enter the default user profile attribute for the security object (Default: 0; Range: 0-4095)
security-object <string> dhcp-server lease-time <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
dhcp-server Set DHCP-server parameters
lease-time Set the lease time
<number> Enter the lease time in seconds (Default: 10; Range: 5-36000)
security-object <string> dhcp-server renewal-response {renew-nak-unicast|keep-silent}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
dhcp-server Set DHCP-server parameters
renewal-response Set the response to a DHCP lease renewal request for a nonexistent lease
renew-nak-unicast Respond to a DHCP lease renewal request for a nonexistent lease with a unicast DHCP-NAK message (Default: Broadcast a DHCP-NAK message)
keep-silent Do not respond to a DHCP lease renewal request for a nonexistent lease (Default: Broadcast a DHCP-NAK message)
security-object <string> mobile-device-policy <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile and the MAC OUI, domain, and OS of the user's client
<string> Enter a mobile device policy name (1-32 chars)
security-object <string> ppsk-web-server auth-user
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
auth-user Send credentials submitted by users during private PSK self-registration to a RADIUS server for authentication before issuing private PSKs to them
security-object <string> ppsk-web-server bind-to-ppsk-ssid <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
bind-to-ppsk-ssid Bind the SSID referencing this security object, which must be set with open authentication and an external captive web portal, to an SSID using private PSKs so the PSKs can be assigned to users automatically
<string> Enter the name of the SSID using private PSK authentication (1-32 chars)
security-object <string> ppsk-web-server https
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
https Use HTTPS for redirection from the private PSK authenticator to the private PSK server (Default: HTTP)
security-object <string> ppsk-web-server login-page <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
login-page Specify the .cgi file on the private PSK web server through which the user registers (Default: ppsk-index.cgi)
<string> Enter the .cgi file name for the registration page (1-32 chars; Note: The file name cannot be index.cgi.)
security-object <string> ppsk-web-server login-script <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
login-script Specify the .cgi file that the private PSK web server uses for processing user registration requests (Default: ppsk-login.cgi)
<string> Enter the script name (1-32 chars)
security-object <string> ppsk-web-server web-directory <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
web-directory Set the name of the web directory containing the login page and script files that the private PSK web server uses
<string> Enter the web directory name (1-32 chars)
security-object <string> security aaa radius-server account-interim-interval <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
account-interim-interval Set the interval in seconds for sending RADIUS accounting updates
<number> Enter the interval in seconds for sending RADIUS accounting updates (Default: 20 secs; Range: 10-100000000)
security-object <string> security aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
accounting Set parameters for a RADIUS accounting server
primary Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets first
backup1 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the primary server does not respond
backup2 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup1 server does not respond
backup3 Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup2 server does not respond
<ip_addr> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
<string> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
shared-secret Set the shared secret for securing communications with RADIUS accounting servers
<string> Enter the shared secret (1-64 chars)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
security-object <string> security aaa radius-server dynamic-auth-extension
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
dynamic-auth-extension Enable the HiveAP acting as a NAS to accept unsolicited messages from the RADIUS authentication server (Default: Disabled)
security-object <string> security aaa radius-server idm [ pri ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
idm Set ID Manager as RADIUS server
pri Set the ID Manager RADIUS server to have the highest priority
security-object <string> security aaa radius-server inject Operator-Name
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
inject Set injection parameters for RADIUS Access-Request and Accounting-Request packets
Operator-Name Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
security-object <string> security aaa radius-server retry-interval <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
retry-interval Set RADIUS server retry interval
<number> Enter RADIUS server retry interval (Default: 600 secs; Range: 60-100000000)
security-object <string> security aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
primary Set the RADIUS server that is first queried when authenticating users
backup1 Set the RADIUS server that is queried if the primary server stops responding
backup2 Set the RADIUS server that is queried if the backup1 server stops responding
backup3 Set the RADIUS server that is queried if the backup2 server stops responding
<ip_addr> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
<string> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
auth-port Set the RADIUS authentication port number
<number> Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
security-object <string> security aaa user-profile-mapping attribute-id <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
user-profile-mapping Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
attribute-id Set an ID for a RADIUS attribute that contains the text that maps to the user profile (Default: 11; Note: Attribute ID 11 corresponds to the Filter-ID RADIUS attribute.)
<number> Enter the RADIUS attribute ID number (Range: 1-255)
security-object <string> security aaa user-profile-mapping enable
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
user-profile-mapping Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
enable Enable the mapping of attribute values to user profile attributes (Default: Disabled)
security-object <string> security aaa user-profile-mapping vendor-id <number> attribute-id <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
user-profile-mapping Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
vendor-id Set a vendor ID RADIUS attribute
<number> Enter the vendor ID number (Range: 1-65535)
attribute-id Set an ID for a private RADIUS attribute
<number> Enter the private RADIUS attribute ID number to be combined with the vendor ID number (Range: 1-255)
security-object <string> security additional-auth-method captive-web-portal [ reg-user-profile-attr <number> ] [ auth-user-profile-attr <number> ] [ timeout <number> ] [ timer-display ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
reg-user-profile-attr Set the registered user profile attribute
<number> Enter the registered user profile attribute (Default: 0; Range: 0-4095)
auth-user-profile-attr Set the default authenticated user profile
<number> Enter the default authenticated user profile (Default: 0; Range: 0-4095)
timeout Set the default timeout for a registered user's session (Note: A timeout provided by an external authentication server overrides this setting.)
<number> Enter the timeout in minutes (Default: 720 mins; Range: 1-120960)
timer-display Enable timer-display windows to communicate login and session information
security-object <string> security additional-auth-method captive-web-portal anonymous-access
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
anonymous-access Enable anonymous access which will indicate users to read and accept the network use policy and apply a time and data usage limit to the client (Default: Disabled)
security-object <string> security additional-auth-method captive-web-portal auth-method [ {pap|chap|ms-chap-v2} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
auth-method Set the CWP (captive web portal) user authentication method
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
security-object <string> security additional-auth-method captive-web-portal check-use-policy
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
check-use-policy Check if users select the check box on the login page to indicate they have read and accepted the network use policy (Note: This option only applies to captive web portals that require user authentication and use policy acceptance.)
security-object <string> security additional-auth-method captive-web-portal cloud-cwp api-key <string> api-nonce <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
cloud-cwp Set a cloud captive web portal for additional user authentication or registration
api-key Set the API key used to encrypt traffic between the Aerohive device and the cloud services
<string> Enter the API key (16 chars)
api-nonce Set the API nonce
<string> Enter the API nonce (1-64 chars)
security-object <string> security additional-auth-method captive-web-portal cloud-cwp customer-id <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
cloud-cwp Set a cloud captive web portal for additional user authentication or registration
customer-id Set customer ID for cloud captive web portal
<string> Enter the customer ID (1-16 chars)
security-object <string> security additional-auth-method captive-web-portal cloud-cwp enable
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
cloud-cwp Set a cloud captive web portal for additional user authentication or registration
enable Enable cloud captive web portal
security-object <string> security additional-auth-method captive-web-portal cloud-cwp service-id <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
cloud-cwp Set a cloud captive web portal for additional user authentication or registration
service-id Set the service ID for cloud captive web portal
<number> Enter service ID number(Range: 1-255)
security-object <string> security additional-auth-method captive-web-portal cloud-cwp url-root-path <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
cloud-cwp Set a cloud captive web portal for additional user authentication or registration
url-root-path Set the root URL path to register CWP portal service
<string> Enter the HTTP protocol, remote server domain name, port, directory path(Range: 1-256 chars, Format: https://domain/path)
security-object <string> security additional-auth-method captive-web-portal default-language {chinese-simple|chinese-traditional|dutch|english|french|german|italian|korean|spanish}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
default-language Set the default language for the captive web portal web pages
chinese-simple Set Simple Chinese as the default language
chinese-traditional Set Traditional Chinese as the default language
dutch Set Dutch as the default language
english Set English as the default language
french Set French as default language
german Set German as the default language
italian Set Italian as the default language
korean Set Korean as the default language
spanish Set Spanish as the default language
security-object <string> security additional-auth-method captive-web-portal external-server {primary} login-page <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
login-page Set the login page to which the HiveAP redirects traffic from unregistered users
<string> Enter the login page URL (1-256 chars; Format: http:///.php/; Example: http://10.1.1.20/weblogin.php/5)
security-object <string> security additional-auth-method captive-web-portal external-server {primary} password-encryption uam-basic
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
password-encryption Set the method for encrypting the user password that the HiveAP forwards to the RADIUS server
uam-basic Set the encryption method as UAM (User Authentication Module)-Basic (Note: The HiveAP uses XOR to recover the password encrypted by the external CWP and sends it to the RADIUS server. PAP, CHAP, or MSCHAPv2 can be used. Default: No encryption)
security-object <string> security additional-auth-method captive-web-portal external-server {primary} password-encryption uam-shared <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
password-encryption Set the method for encrypting the user password that the HiveAP forwards to the RADIUS server
uam-shared Set the encryption method as UAM-Shared (Note: The HiveAP sends the user password encrypted by the external CWP and the means for the RADIUS server to perform the same operation and validate the user's password by comparing results. CHAP must be used. Default: No encryption)
<string> Enter the shared secret (1-128 chars)
security-object <string> security additional-auth-method captive-web-portal external-server {primary} {success-register|no-roaming-at-login|no-radius-auth}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
success-register Permit network access without first disconnecting the client after it registers on the external captive web portal (Default: Permit network access only after an initial client disconnection)
no-roaming-at-login Disable roaming support for clients while they log in (Default: Enabled)
no-radius-auth Disable RADIUS authentication when the external captive web portal returns an attribute indicating that the user has already been authenticated
security-object <string> security additional-auth-method captive-web-portal failure-redirect external-page <string> [ delay <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
failure-redirect Set options for the page shown to a user after an unsuccessful registration attempt
external-page Display a page stored on an external web server that indicates the login attempt was unsuccessful
<string> Enter the URL for the page on the external web server (1-256 chars; Format: http:///.html or https: ///.html)
delay Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
<number> Enter the length of time in seconds that the HiveAP displays the message (Default: 5; Range: 5-60)
security-object <string> security additional-auth-method captive-web-portal failure-redirect login-page [ delay <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
failure-redirect Set options for the page shown to a user after an unsuccessful registration attempt
login-page Display the login page again
delay Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
<number> Enter the length of time that the HiveAP displays the message (Default: 5 seconds; Range: 5-60 seconds)
security-object <string> security additional-auth-method captive-web-portal internal-pages {no-success-page|no-failure-page}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
internal-pages Set options for showing pages stored internally on the HiveAP
no-success-page Do not display the success page stored on the HiveAP when a registration attempt is successful (Default: Display)
no-failure-page Do not display the failure page stored on the HiveAP when a registration attempt is unsuccessful (Default: Display)
security-object <string> security additional-auth-method captive-web-portal internal-servers
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
internal-servers Enable internal servers to process unregistered users' DHCP and DNS traffic
security-object <string> security additional-auth-method captive-web-portal login-page-method http302
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
login-page-method Set the method to redirect the user to the login page
http302 Use HTTP 302 redirect code as the redirection method (Default: JavaScript)
security-object <string> security additional-auth-method captive-web-portal pass-through vlan <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
pass-through Set the captive web portal to pass DHCP, DNS, and ICMP traffic from unregistered users to external servers
vlan Set the VLAN ID to assign users before and after registration (Note: This setting overrides any VLAN ID set locally or received from a RADIUS server.)
<number> Enter a CWP VLAN ID (Range: 1-4094)
security-object <string> security additional-auth-method captive-web-portal process-sip-info
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
process-sip-info Enable the captive web portal to process library SIP information (Default: Enabled)
security-object <string> security additional-auth-method captive-web-portal process-sip-info block-redirect <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
process-sip-info Enable the captive web portal to process library SIP information (Default: Enabled)
block-redirect Set the page that appears when a library patron logs in but is denied network access because of overdue fines
<string> Enter the URL for the page to which the patron is redirected to submit payment (Max 256 chars; Format: http:///.html or https: ///.html)
security-object <string> security additional-auth-method captive-web-portal report-guest-info
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
report-guest-info Enable the reporting to HiveManager of information that guests enter during registration, such as their first and last names, email address, the person they are visiting, and so on (Default: Disabled)
security-object <string> security additional-auth-method captive-web-portal self-reg-via-idm
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
self-reg-via-idm Enable self register via ID Mananger (Default: Disabled)
security-object <string> security additional-auth-method captive-web-portal self-reg-via-idm api <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
self-reg-via-idm Enable self register via ID Mananger (Default: Disabled)
api Set the URL of the API for register via ID Mananger
<string> Enter the URL of API (1-256 chars)
security-object <string> security additional-auth-method captive-web-portal self-reg-via-idm crl-file <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
self-reg-via-idm Enable self register via ID Mananger (Default: Disabled)
crl-file Set the URL of the CRL file for validate the ID Manager server certificate
<string> Enter the URL of CRL file (1-256 chars)
security-object <string> security additional-auth-method captive-web-portal server-name <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
server-name Set a domain name for the local web server (Default server name: IP address of the interface on which the captive web portal will operate; Note: The authoritative DNS server must be configured to resolve this domain name to the interface IP address.)
<string> Enter the domain name for the web server (1-32 chars)
security-object <string> security additional-auth-method captive-web-portal server-name cert-dn
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
server-name Set a domain name for the local web server (Default server name: IP address of the interface on which the captive web portal will operate; Note: The authoritative DNS server must be configured to resolve this domain name to the interface IP address.)
cert-dn Set the same domain name as the CN value in the certificate that the captive web portal uses for HTTPS (Note: The CN must be a valid domain name that can be resolved to the IP address of the interface hosting the portal. The CN max length is 32 chars.)
security-object <string> security additional-auth-method captive-web-portal success-redirect external-page <string> [ delay <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
success-redirect Set options for displaying the page shown to a user after a successful registration
external-page Display a page stored on an external web server
<string> Enter the URL for the page on the external web server (1-256 chars; Format: http:///.html or https: ///.html)
delay Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
<number> Enter the length of time in seconds that the HiveAP displays the message (Default: 5; Range: 5-60)
security-object <string> security additional-auth-method captive-web-portal success-redirect original-page [ delay <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
success-redirect Set options for displaying the page shown to a user after a successful registration
original-page Display the original page that the user requested
delay Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
<number> Enter the length of time that the HiveAP displays the message (Default: 5 seconds; Range: 5-60 seconds)
security-object <string> security additional-auth-method captive-web-portal timer-display alert <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
timer-display Enable timer-display windows to communicate login and session information
alert Notify users when their session is about to expire
<number> Enter the interval before the session expires in minutes (Default: 5 mins; Range: 1-30)
security-object <string> security additional-auth-method mac-based-auth [ {auth-method} {pap|chap|ms-chap-v2} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mac-based-auth Use client MAC addresses as user names and passwords for RADIUS authentication (Default: Disabled)
auth-method Set user authentication method
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
security-object <string> security additional-auth-method mac-based-auth fallback-to-ecwp
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mac-based-auth Use client MAC addresses as user names and passwords for RADIUS authentication (Default: Disabled)
fallback-to-ecwp Redirect HTTP/HTTPS traffic to an external captive web portal if MAC-based authentication fails on the RADIUS server
security-object <string> security additional-auth-method mobile-device-manager aerohive api-key <string> api-instance-id <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
aerohive Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
api-key Set the API key for location group to enable API access on the aerohive MDM
<string> Enter the API key (16 chars)
api-instance-id Set the API instance ID
<string> Enter the instance ID (1-64 chars)
security-object <string> security additional-auth-method mobile-device-manager aerohive onboard access-ssid <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
aerohive Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
onboard Enable onboard procedures
access-ssid Set SSID for onboard accessing
<string> Enter an SSID profile name (1-32 chars)
security-object <string> security additional-auth-method mobile-device-manager airwatch api-key <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
airwatch Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
api-key Set the API key for location group to enable API access on the AirWatch
<string> Enter the API key for location group
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant disconnect-for-vlan-change
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
airwatch Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
non-compliant Set the non-compliant parameters
disconnect-for-vlan-change Disconnect the station when the VLAN is changed
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant guest-upid <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
airwatch Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
non-compliant Set the non-compliant parameters
guest-upid Set the user profile attribute number for non-compliant device
<number> Enter the default user profile attribute number (Range: 0-4095)
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant send-message content <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
airwatch Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
non-compliant Set the non-compliant parameters
send-message Set the send message parameters
content Set the content of message
<string> Enter the content of the message (1-140 chars)
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant send-message title <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
airwatch Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
non-compliant Set the non-compliant parameters
send-message Set the send message parameters
title Set Set the subject of the message (Note: The title only takes effect when message type is email.)
<string> Enter the subject of the message (1-32 chars)
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant send-message type {email|sms|push|all}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
airwatch Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
non-compliant Set the non-compliant parameters
send-message Set the send message parameters
type Set the message type
email Send message using email
sms Send message using SMS (Short Message Service)
push Send message using push
all Send message using all of push, email and SMS
security-object <string> security additional-auth-method mobile-device-manager airwatch url-enrollment <url>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
airwatch Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
url-enrollment Set the enrollment URL path on the AirWatch
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path or http://domain:port/path; Note: You can substitute "https" for "http".)
security-object <string> security additional-auth-method mobile-device-manager airwatch url-rest-api <url>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
airwatch Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
url-rest-api Set the REST API URL path on the AirWatch
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path or http://domain:port/path; Note: You can substitute "https" for "http".)
security-object <string> security additional-auth-method mobile-device-manager {jss|aerohive} url-root-path <url>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
jss Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
aerohive Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
url-root-path Set the root URL path to the "/enroll" page on the JSS (Note: A JSS always displays the device enrollment page at "/enroll", so enter just the root URL path that precedes "/enroll".)
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path or http://domain:port/path; Note: You can substitute "https" for "http".)
security-object <string> security additional-auth-method mobile-device-manager {jss|airwatch|aerohive} enable
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
jss Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
airwatch Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
aerohive Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
enable Enable client management through MDM
security-object <string> security additional-auth-method mobile-device-manager {jss|airwatch|aerohive} os-object <string> [ {ios|mac-os} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
jss Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
airwatch Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
aerohive Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
os-object Set the name of an OS of clients whose network traffic you want the Aerohive device to redirect to the MDM server for enrollment
<string> Enter the OS object name (1-32 chars)
ios Define the type of OS object as Apple iOS (Default client OS type: iOS; Note: JSS only supports iOSv4 or later.)
mac-os Define the type of OS object as Apple Mac OS (Default client OS type: iOS)
security-object <string> security additional-auth-method mobile-device-manager {jss|airwatch} http-auth user <string> password <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
jss Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
airwatch Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
http-auth Set parameters for HTTP authentication when the HiveAP connects to the MDM server
user Set the user name for HTTP authentication
<string> Enter the user name (1-32 chars)
password Set the password for HTTP authentication
<string> Enter the password (1-32 chars)
security-object <string> security additional-auth-method mobile-device-manager {jss|airwatch} poll-status [ interval <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mobile-device-manager Set the mobile device manager parameters
jss Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
airwatch Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
poll-status Query the station for enrollment and compliance status periodically
interval Set the query interval
<number> Enter the query interval in seconds (Default: 60; Range: 30-600)
security-object <string> security eap retries <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
eap Set parameters for exchanging EAP packets during 802.1X authentication
retries Set the number of times that the HiveAP will resend an EAP packet when it receives no response from a client
<number> Enter the number of retries (Default: 3; Range: 1-5)
security-object <string> security eap timeout <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
eap Set parameters for exchanging EAP packets during 802.1X authentication
timeout Set the interval that the HiveAP waits for a client to respond before resending an EAP packet
<number> Enter the EAP timeout in seconds (Default: 30; Range: 5-300)
security-object <string> security local-cache timeout <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
local-cache Set parameters for storing PMK (pairwise master key) entries in the local cache
timeout Set the length of time to keep PMK entries before deleting them
<number> Enter the timeout in seconds (Default: 86400; that is, 1 day; Range: 60-604800; that is, 1 minute to 7 days)
security-object <string> security mac-white-list bypass-cwp
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
mac-white-list Set parameters for a list of MAC addresses, in which the login station would have some special liberty once its MAC address exists (Note: The whitelist can have up to 8 entries.)
bypass-cwp Enable bypassing CWP(captive web portal) authentication process for the stations which MAC addresses exist in current security object's MAC white list (Default: Disabled)
security-object <string> security mac-white-list mac-object <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
mac-white-list Set parameters for a list of MAC addresses, in which the login station would have some special liberty once its MAC address exists (Note: The whitelist can have up to 8 entries.)
mac-object Add a MAC object to current MAC white list
<string> Enter the MAC object name (1-32 chars)
security-object <string> security preauth [ interface <ethx|wifix.y|redx|aggx> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
preauth Set an interface to accept pre-authenticated 802.1X frames for fast roaming
interface Set an interface to accept pre-authenticated 802.1X frames for fast roaming
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Note: The local device does not support Wi-Fi radio interfaces)
<redx> Enter the name of the redundant interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
security-object <string> security private-psk
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
security-object <string> security private-psk default-psk-disabled
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
default-psk-disabled Disable the default PSK (Default: Enabled)
security-object <string> security private-psk external-server [ {web-portal} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
external-server Look up private PSKs that users submit on an external private PSK server
web-portal Enable the creation of a new private PSK when the current PSK expires (Default: disabled)
security-object <string> security private-psk mac-binding-enable
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
mac-binding-enable Enable the automatic binding of a private PSK to a MAC address (Default: Disabled)
security-object <string> security private-psk ppsk-server <ip_addr>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
ppsk-server Set the HiveAP private PSK server to which other hive members redirect users to self-register and receive private PSK assignments automatically
<ip_addr> Enter the mgt0 IP address of the HiveAP private PSK server
security-object <string> security private-psk radius-auth [ {pap|chap|ms-chap-v2} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
radius-auth Enable the HiveAP to forward authentication checks for private PSKs to an external RADIUS server and set the method for authenticating communications with it (Default: disabled)
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
security-object <string> security private-psk same-user-limit <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
same-user-limit Set a limit for the number of private PSK users that can be authenticated with the same user name and PSK concurrently
<number> Enter the maximum number of private PSK users that can use the same user name and PSK concurrently (Default: 0, which means there is no limit; Range: 0-15)
security-object <string> security private-psk self-reg-enable
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
self-reg-enable Enable support of user self-registration (Default: Enabled)
security-object <string> security protocol-suite open
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
open Set network access as 'open', meaning that user traffic is neither authenticated nor encrypted
security-object <string> security protocol-suite wep-open <number> {hex-key|ascii-key} <string> [ default ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wep-open Set the security protocol suite as preshared-key key management, WEP40/WEP104 encryption, and open authentication
<number> Enter the index to identify one of 4 possible WEP keys (Default: 0; Range: 0-3)
hex-key Set key type as hexadecimal
ascii-key Set key type as ASCII (American Standard Code for Information Interchange)
<string> Enter key value (ascii-key: a 5(WEP40)/13(WEP104) characters key; hex-key: a 10(WEP40)/26(WEP104) digit hex key)
default Set the current key as the default WEP key
security-object <string> security protocol-suite wep-shared <number> {hex-key|ascii-key} <string> [ default ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wep-shared Set the security protocol suite as preshared-key key management, WEP40/WEP104 encryption, and preshared-key authentication
<number> Enter the index to identify one of 4 possible WEP keys (Range: 0-3)
hex-key Set key type as hexadecimal
ascii-key Set key type as ASCII (American Standard Code for Information Interchange)
<string> Enter key value (ascii-key: a 5(WEP40)/13(WEP104) characters key; hex-key: a 10(WEP40)/26(WEP104) digit hex key)
default Set the current key as the default WEP key
security-object <string> security protocol-suite wep104-8021x [ rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wep104-8021x Set the security protocol suite as 104-bit WEP encryption and EAP (802.1x) authentication
rekey-period Set the period after which a new group temporal key replaces the current one
<number> Enter the period after which a new group temporal key replaces current one (Default: 600secs; Min: 600; Max: 50000000)
security-object <string> security protocol-suite wep40-8021x [ rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wep40-8021x Set the security protocol suite as 40-bit WEP encryption and EAP (802.1x) authentication
rekey-period Set the period after which a new group temporal key replaces the current one
<number> Enter the period after which a new group temporal