ArubaOS 6.2 CLI Reference Guide
Page 229
...Base operating system Command Mode Config mode on master and local controllers Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide crypto-local isakmp xauth | 229 If you disable XAuth, then a VPN client that use certificates for Cisco VPN clients using username/password. You must disable XAuth for IKE ... to VPN clients that uses certificates will not be authenticated using CAC Smart Cards. Example This command disables IKE XAuth for Cisco VPN clients using CAC Smart Cards: no crypto-local isakmp xauth command disables IKE XAuth for VPN clients. Usage Guidelines The...
...Base operating system Command Mode Config mode on master and local controllers Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide crypto-local isakmp xauth | 229 If you disable XAuth, then a VPN client that use certificates for Cisco VPN clients using username/password. You must disable XAuth for IKE ... to VPN clients that uses certificates will not be authenticated using CAC Smart Cards. Example This command disables IKE XAuth for Cisco VPN clients using CAC Smart Cards: no crypto-local isakmp xauth command disables IKE XAuth for VPN clients. Usage Guidelines The...
ArubaOS 6.2 CLI Reference Guide
Page 314
...group in out session tunneled-node-port no ... Applies ACL to the interface. - - enabled 314 | interface fastethernet | gigabitethernet Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide Use the ip access-list command to -point allowed vlan []|vlan } Description This command configures a ...full or half-duplex or auto to interface's outbound traffic. - - Enables Power-over-Ethernet (PoE) on the interface. - poe [cisco] port monitor {fastethernet|gigabitethernet} / priority-map shutdown spanning-tree [cost ] [port-priority ] [portfast] speed {10|100|auto} switchport...
...group in out session tunneled-node-port no ... Applies ACL to the interface. - - enabled 314 | interface fastethernet | gigabitethernet Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide Use the ip access-list command to -point allowed vlan []|vlan } Description This command configures a ...full or half-duplex or auto to interface's outbound traffic. - - Enables Power-over-Ethernet (PoE) on the interface. - poe [cisco] port monitor {fastethernet|gigabitethernet} / priority-map shutdown spanning-tree [cost ] [port-priority ] [portfast] speed {10|100|auto} switchport...
ArubaOS 6.2 CLI Reference Guide
Page 315
...VLANs using 802.1q tagging to identify the native VLAN for specific VLANs. You can also use the no trusted Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide interface fastethernet | gigabitethernet | 315 Specify native to mark frames for the trunk mode interface. VLANs - When... and CoS values into high priority traffic queues. A - - For example, If you to access or trunk mode only. Parameter cisco port monitor priority-map shutdown spanning-tree cost port-priority portfast speed switchport access vlan mode trunk trusted vlan Description Range Default Enables...
...VLANs using 802.1q tagging to identify the native VLAN for specific VLANs. You can also use the no trusted Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide interface fastethernet | gigabitethernet | 315 Specify native to mark frames for the trunk mode interface. VLANs - When... and CoS values into high priority traffic queues. A - - For example, If you to access or trunk mode only. Parameter cisco port monitor priority-map shutdown spanning-tree cost port-priority portfast speed switchport access vlan mode trunk trusted vlan Description Range Default Enables...
ArubaOS 6.2 CLI Reference Guide
Page 321
...point, and the 16-byte shared key used to authenticate the controllers to each other networks to which access controls should be trusted. Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide interface port-channel | 321 MAC address of the controller that are trusted and all others become 1-4094...the Extreme Security (xSec) protocol. - - Note the following when setting up a port channel between a controller and a Cisco switch (such as a Catalyst 6500 Series Switch): l There must be the same on a port as untrusted then mark the port itself as untrusted. Specifies the ...
...point, and the 16-byte shared key used to authenticate the controllers to each other networks to which access controls should be trusted. Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide interface port-channel | 321 MAC address of the controller that are trusted and all others become 1-4094...the Extreme Security (xSec) protocol. - - Note the following when setting up a port channel between a controller and a Cisco switch (such as a Catalyst 6500 Series Switch): l There must be the same on a port as untrusted then mark the port itself as untrusted. Specifies the ...
ArubaOS 6.2 CLI Reference Guide
Page 322
... Licensing Command Mode This command is available in the base operating system. cannot begin with a numeric 322 | interface-profile voip-profile Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide acters; l The port-channel mode on ". Config mode on master and local controllers interface-profile voip-... voip-dscp voip-mode [auto-discover | static] voip-vlan Description This command creates a VoIP profile that can be "on the Cisco switch must be applied to any interface or an interface group. Range Default 1-32 char- - The trusted vlan parameter was added...
... Licensing Command Mode This command is available in the base operating system. cannot begin with a numeric 322 | interface-profile voip-profile Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide acters; l The port-channel mode on ". Config mode on master and local controllers interface-profile voip-... voip-dscp voip-mode [auto-discover | static] voip-vlan Description This command creates a VoIP profile that can be "on the Cisco switch must be applied to any interface or an interface group. Range Default 1-32 char- - The trusted vlan parameter was added...
ArubaOS 6.2 CLI Reference Guide
Page 324
interface. Use the ip access-list command to an identical bridge. 0-255 324 | interface range Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide Administrative cost associated with this port. This is useful if ports may contend for forwarding traffic) than ...does a higher setting. duplex {auto|full|half} ip access-group {in|out|session {vlan }} no poe cisco shutdown spanning-tree cost port-priority Description Range Default Range of the interface. Applies session ACL to interface and optionally to automatically adjust transmission...
interface. Use the ip access-list command to an identical bridge. 0-255 324 | interface range Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide Administrative cost associated with this port. This is useful if ports may contend for forwarding traffic) than ...does a higher setting. duplex {auto|full|half} ip access-group {in|out|session {vlan }} no poe cisco shutdown spanning-tree cost port-priority Description Range Default Range of the interface. Applies session ACL to interface and optionally to automatically adjust transmission...
ArubaOS 6.2 CLI Reference Guide
Page 520
beacon generation so that multiple APs on Cisco 7921G telephones by that it cannot hear. When you manage dense deployments and to use a non-default value, you configure this capped maximum EIRP in ... as the primary channel and 161 as the secondary channel. The available channels depend on regulatory domain Default disabled 0 dB - 520 | rf dot11a-radio-profile Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide Enabling this feature is determined by increasing the primary channel number by shrinking an AP's receive coverage area, thereby minimizing cochannel interference...
beacon generation so that multiple APs on Cisco 7921G telephones by that it cannot hear. When you manage dense deployments and to use a non-default value, you configure this capped maximum EIRP in ... as the primary channel and 161 as the secondary channel. The available channels depend on regulatory domain Default disabled 0 dB - 520 | rf dot11a-radio-profile Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide Enabling this feature is determined by increasing the primary channel number by shrinking an AP's receive coverage area, thereby minimizing cochannel interference...
ArubaOS 6.2 CLI Reference Guide
Page 528
... 4 before the AP begins transmitting on Cisco 7921G telephones by IEEE 802.11h, allows an AP to announce that are copied. physical layer. When you enable this parameter, even if the regulatory approved maximum for 20 MHz and 40 MHz modes: 528 | rf dot11g-radio-profile Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide If you...
... 4 before the AP begins transmitting on Cisco 7921G telephones by IEEE 802.11h, allows an AP to announce that are copied. physical layer. When you enable this parameter, even if the regulatory approved maximum for 20 MHz and 40 MHz modes: 528 | rf dot11g-radio-profile Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide If you...
ArubaOS 6.2 CLI Reference Guide
Page 539
...-40mhz parameterwas removed Introduced the single-chain-legacy parameter. See "rf dot11a-radio-profile" on page 519 and "rf dot11g-radio-profile" on master controllers Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide rf ht-radio-profile | 539 The single-chain-legacy parameter was renamed to the 2.4 GHZ and 5 GHZ frequency bands. ... when the AP must be assigned to high throughput (HT) stations are being sent to use must support legacy clients such as Cisco 7921g VoIP phones, or older 802.11g clients (e.g. Most transmissions to a dot11a and/or dot11g-radio-profile.
...-40mhz parameterwas removed Introduced the single-chain-legacy parameter. See "rf dot11a-radio-profile" on page 519 and "rf dot11g-radio-profile" on master controllers Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide rf ht-radio-profile | 539 The single-chain-legacy parameter was renamed to the 2.4 GHZ and 5 GHZ frequency bands. ... when the AP must be assigned to high throughput (HT) stations are being sent to use must support legacy clients such as Cisco 7921g VoIP phones, or older 802.11g clients (e.g. Most transmissions to a dot11a and/or dot11g-radio-profile.
ArubaOS 6.2 CLI Reference Guide
Page 1228
... transmissions between number of clients on the AP, so as the AP transmit power decreases as 1228 | show rf dot11a-radio-profile Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide When you set to zero, the feature will filter out and ignore weak signals that are below the ...Based Channel reuse feature is set the Channel Reuse This feature is 30 seconds. Channel-based load-balancing balances clients across radios on Cisco 7921G telephones by the ARM feature. Spectrum load balancing domain Define a spectrum load balancing domain to balance clients. Spectrum load balancing...
... transmissions between number of clients on the AP, so as the AP transmit power decreases as 1228 | show rf dot11a-radio-profile Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide When you set to zero, the feature will filter out and ignore weak signals that are below the ...Based Channel reuse feature is set the Channel Reuse This feature is 30 seconds. Channel-based load-balancing balances clients across radios on Cisco 7921G telephones by the ARM feature. Spectrum load balancing domain Define a spectrum load balancing domain to balance clients. Spectrum load balancing...
ArubaOS 6.2 CLI Reference Guide
Page 1233
... Assessment (CCA) thresholds are below the channel threshold signal strength. Non 802.11 Interference Show the current value for 802.11 Interference Immunity on Cisco 7921G telephones by the ARM feature. Spectrum load balancing threshold If the spectrum load balancing feature is enabled, this option to work around the AP... The AP will automatically determine an appropriate threshold. For example, if the RX sensitivity threshold was set the Channel Reuse This feature is 30 seconds. Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide show rf dot11g-radio-profile | 1233
... Assessment (CCA) thresholds are below the channel threshold signal strength. Non 802.11 Interference Show the current value for 802.11 Interference Immunity on Cisco 7921G telephones by the ARM feature. Spectrum load balancing threshold If the spectrum load balancing feature is enabled, this option to work around the AP... The AP will automatically determine an appropriate threshold. For example, if the RX sensitivity threshold was set the Channel Reuse This feature is 30 seconds. Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide show rf dot11g-radio-profile | 1233
ArubaOS 6.2 CLI Reference Guide
Page 1396
... rogue are able to the current confidence level (the confident level starts at zero). 1396 | show wms rogue-ap Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide This variable indicates the type of 20%. l External-Wired-MAC: This type of a ... on the rogue AP. l AP classification rules have a configured confidence level. l Eth-Wired-MAC: An Dell AP or AM detected that a single MAC address was classified as rogue using the CLI command ids unauthorized-device...BSSID-Override match type. l Manual: An AP is an Dell AP, a Cisco AP, or an AP from any other manufacturer (generic AP).
... rogue are able to the current confidence level (the confident level starts at zero). 1396 | show wms rogue-ap Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide This variable indicates the type of 20%. l External-Wired-MAC: This type of a ... on the rogue AP. l AP classification rules have a configured confidence level. l Eth-Wired-MAC: An Dell AP or AM detected that a single MAC address was classified as rogue using the CLI command ids unauthorized-device...BSSID-Override match type. l Manual: An AP is an Dell AP, a Cisco AP, or an AP from any other manufacturer (generic AP).
ArubaOS 6.2 CLI Reference Guide
Page 1442
...traffic using the VRRP, LACP, OSPF, PVST and STP protocols. Example The following command adds the MAC address for CDP (Cisco Discovery Protocol) and VTP (Virtual Trunking Protocol to the list of a protocol that are not limited by VLAN bandwidth contracts.... Command History Command introduced in ArubaOS 6.0. Usage Guidelines Bandwidth contracts on master or local controllers 1442 | vlan-bwcontract-explist Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide Command Information Platforms All platforms Licensing Base operating system Command Mode Config mode on a VLAN can...
...traffic using the VRRP, LACP, OSPF, PVST and STP protocols. Example The following command adds the MAC address for CDP (Cisco Discovery Protocol) and VTP (Virtual Trunking Protocol to the list of a protocol that are not limited by VLAN bandwidth contracts.... Command History Command introduced in ArubaOS 6.0. Usage Guidelines Bandwidth contracts on master or local controllers 1442 | vlan-bwcontract-explist Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide Command Information Platforms All platforms Licensing Base operating system Command Mode Config mode on a VLAN can...
ArubaOS 6.2 User Guide
Page 113
...Configuration commands, one per -VLAN bandwidth contract limits on an additional broadcast or multicast protocol, add the MAC address for CDP (Cisco Discovery Protocol) and VTP (Virtual Trunking Protocol to the list of BCMC traffic. NOTE: If BCMC Optimization is disabled. To remove... the VLAN Bandwidth contracts on uplink ports, the controller-generated Layer-2 packets will be dropped. 113 | Network Configuration Parameters Dell PowerConnect W-Series ArubaOS 6.2 | User Guide The command in the example below adds the MAC address for that are connected to prevent flooding...
...Configuration commands, one per -VLAN bandwidth contract limits on an additional broadcast or multicast protocol, add the MAC address for CDP (Cisco Discovery Protocol) and VTP (Virtual Trunking Protocol to the list of BCMC traffic. NOTE: If BCMC Optimization is disabled. To remove... the VLAN Bandwidth contracts on uplink ports, the controller-generated Layer-2 packets will be dropped. 113 | Network Configuration Parameters Dell PowerConnect W-Series ArubaOS 6.2 | User Guide The command in the example below adds the MAC address for that are connected to prevent flooding...
ArubaOS 6.2 User Guide
Page 285
...on creation. This authentication prompts the user for a username and password, with user credentials authenticated with either an IKE preshared key or Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Virtual Private Networks | 285 IKE Phase 1 authentication can be done with either an IKE preshared key ... smart card contains a digital certificate which contains a digital certificate to configure client entries in the WebUI" on the controller for Cisco VPN XAuth clients using IKEv1. (host)(config) #vpdn group l2tp enable ppp authentication pap client dns 101.1.1.245 (host)(config) ...
...on creation. This authentication prompts the user for a username and password, with user credentials authenticated with either an IKE preshared key or Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Virtual Private Networks | 285 IKE Phase 1 authentication can be done with either an IKE preshared key ... smart card contains a digital certificate which contains a digital certificate to configure client entries in the WebUI" on the controller for Cisco VPN XAuth clients using IKEv1. (host)(config) #vpdn group l2tp enable ppp authentication pap client dns 101.1.1.245 (host)(config) ...
ArubaOS 6.2 User Guide
Page 286
... authentication. n the L2TP and XAUTH Parameters section of the Configuration>VPN Services>IPsec tab, enable XAuth to enable prompting for Cisco VPN XAuth clients to the controller's internal database, or to an external RADIUS NOTE: For each client, you need to ... the aggressive mode group name configured in the internal database: (host)(config) #local-userdb add username password 286 | Virtual Private Networks Dell PowerConnect W-Series ArubaOS 6.2 | User Guide digital certificates; or LDAP server. for L2TP/IPsec with the entire Principal name (SubjectAltname in X.509 certificates)...
... authentication. n the L2TP and XAUTH Parameters section of the Configuration>VPN Services>IPsec tab, enable XAuth to enable prompting for Cisco VPN XAuth clients to the controller's internal database, or to an external RADIUS NOTE: For each client, you need to ... the aggressive mode group name configured in the internal database: (host)(config) #local-userdb add username password 286 | Virtual Private Networks Dell PowerConnect W-Series ArubaOS 6.2 | User Guide digital certificates; or LDAP server. for L2TP/IPsec with the entire Principal name (SubjectAltname in X.509 certificates)...
ArubaOS 6.2 User Guide
Page 287
... settings as tunneling or encapsulation so that the PPP frames can be sent across an IP network. Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Virtual Private Networks | 287 Add entries for Cisco VPN XAuth clients to the controller's internal database, For details on configuring an authentication server, see ... database on page 279, while ensuring that the server with the client data is done with IKEv2 in "Configuring a VPN for Cisco VPN XAuth clients using a username and passwords. The IKE policy must have pre-shared authentication. IKE Phase 1 authentication is part ...
... settings as tunneling or encapsulation so that the PPP frames can be sent across an IP network. Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Virtual Private Networks | 287 Add entries for Cisco VPN XAuth clients to the controller's internal database, For details on configuring an authentication server, see ... database on page 279, while ensuring that the server with the client data is done with IKEv2 in "Configuring a VPN for Cisco VPN XAuth clients using a username and passwords. The IKE policy must have pre-shared authentication. IKE Phase 1 authentication is part ...
ArubaOS 6.2 User Guide
Page 305
...zz.User-derivation rules are successfully authenticated using that assign a user role to the exception list for CDP (Cisco Discovery Protocol) and VTP (Virtual Trunking Protocol to highest precedence: 1. For each authentication method, you can configure...client attributes (this is not returned by a different method. The user role can be derived from a Dell VSA takes precedence over one assigned by the server). The following example adds the MAC address for bandwidth ... in the AAA profile: 305 | Roles and Policies Dell PowerConnect W-Series ArubaOS 6.2 | User Guide
...zz.User-derivation rules are successfully authenticated using that assign a user role to the exception list for CDP (Cisco Discovery Protocol) and VTP (Virtual Trunking Protocol to highest precedence: 1. For each authentication method, you can configure...client attributes (this is not returned by a different method. The user role can be derived from a Dell VSA takes precedence over one assigned by the server). The following example adds the MAC address for bandwidth ... in the AAA profile: 305 | Roles and Policies Dell PowerConnect W-Series ArubaOS 6.2 | User Guide
ArubaOS 6.2 User Guide
Page 342
... High-throughput Radio Profile under the Profiles list, to turn off antenna diversity when the AP must support legacy clients such as Cisco 7921g VoIP phones, or older 802.11g clients (e.g. b. d. Enter ht-corpnet for legacy or highthroughput stations that enabling this ... drop-down menu. honor 40MHz intolerance When enabled, the radio will appear below ht-corpnet in the profiles list. 342 | Virtual APs Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Diversity Spreading Workaround 6. Select (check) the High Throughput enable (radio) checkbox to the virtual AP profile page...
... High-throughput Radio Profile under the Profiles list, to turn off antenna diversity when the AP must support legacy clients such as Cisco 7921g VoIP phones, or older 802.11g clients (e.g. b. d. Enter ht-corpnet for legacy or highthroughput stations that enabling this ... drop-down menu. honor 40MHz intolerance When enabled, the radio will appear below ht-corpnet in the profiles list. 342 | Virtual APs Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Diversity Spreading Workaround 6. Select (check) the High Throughput enable (radio) checkbox to the virtual AP profile page...
ArubaOS 6.2 User Guide
Page 380
... sign future messages as valid/protected Authorized Client in unencrypted mode is used to be used under normal circumstances. It was intended to attack Cisco LEAP authentication protocol. Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Wireless Intrusion Prevention | 380 The Omerta attack is not be answered by disassociation frames with a reason code of 0x01. By...
... sign future messages as valid/protected Authorized Client in unencrypted mode is used to be used under normal circumstances. It was intended to attack Cisco LEAP authentication protocol. Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Wireless Intrusion Prevention | 380 The Omerta attack is not be answered by disassociation frames with a reason code of 0x01. By...