Home > Motorola > Wireless > Motorola Wing 5 Manual

Motorola Wing 5 Manual

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual Motorola Wing 5 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 249 Motorola manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 1128
    Add page 701 to Favourites
    image text
    Enable zoom 
    							AAA-POLICY 8 - 3
8.1.1 accounting
aaa-policy
Configures the server type and interval at which interim accounting updates are sent to the server. Up to 6 accounting 
servers can be configured.
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
accounting [interim|server|type]
accounting interim interval 
accounting server [|preference]
accounting server preference [auth-server-host|auth-server-number|none
accounting server  [dscp|host|nai-routing|onboard|proxy-mode|
   retry-timeout-factor|timeout]
accounting server  [dscp |retry-timeout-factor ]
accounting server  host  secret [0 |2 |] 
  {port }
accounting server  nai-routing realm-type [prefix|suffix] realm  
  {strip}
accounting server  onboard [self|controller]
accounting server  proxy-mode [none|through-controller|
through-rf-domain-manager]
accounting server  timeout  {attempts }
accounting type [start-interim-stop|start-stop|stop-only]
Parameters
• accounting interim interval 
• accounting server preference [auth-server-host|auth-server-number|none]
interim Configures the interim accounting interval
interval  Specify the interim interval from 60 - 3600 seconds.
server Configures an accounting server
preference Configures the accounting server preference
    Add page 702 to Favourites
    image text
    Enable zoom 
    							8 - 4 WiNG CLI Reference Guide
• accounting server  [dscp |retry-timeout-factor ]
• accounting server  host  secret [0 |2 |] 
{port }
• accounting server  nai-routing realm-type [prefix|suffix] realm  
{strip}
auth-server-host Sets the authentication server as the accounting server
This parameter indicates the same server is used for authentication and accounting. 
The server is referred to by its hostname.
auth-server-number Sets the authentication server as the accounting server
This parameter indicates the same server is used for authentication and accounting. 
The server is referred to by its index or number.
none Indicates the accounting server is independent of the authentication server
server  Configures an accounting server. Up to 6 accounting servers can be configured
dscp  Sets the Differentiated Services Code Point (DSCP) value for Quality of Service (QOS) 
monitoring. This value is used in generated RADIUS packets.
  – Sets the DSCP value from 0 - 63
retry-timeout-factor 
Sets the scaling factor for retry timeouts
  – Specify a value from 50 - 200.
A value of 100 indicates the interval between 2 consecutive retries is the same 
irrespective of the number of retries.
If the scaling factor value is less than 100, the time interval between two consecutive 
retires keeps reducing on subsequent retries.
If this value is greater than 100, the time interval between two consecutive retries 
keeps increasing on subsequent retries.
server  Configures an accounting server. Up to 6 accounting servers can be configured
host  Configures the accounting server hostname
secret [0 |
2 |]Configures a common secret key used to authenticate with the accounting server
 0  – Configures a clear text secret key
 2  – Configures an encrypted secret key
  – Specify the secret key. This shared secret should not exceed 127 
characters.
port  Optional. Configures the accounting server port (the port used to connect to the 
accounting server)
  – Sets the port number from 1 - 65535
server  Configures an accounting server. Up to 6 accounting servers can be configured
nai-routing Configures the Network Access Identifier (NAI)
realm-type Selects the match type used on the username
    Add page 703 to Favourites
    image text
    Enable zoom 
    							AAA-POLICY 8 - 5
• accounting server  onboard [self|controller]
• accounting server  proxy-mode [none|through-controller|
through-rf-domain-manager]
• accounting server  timeout  {attempts }
• accounting type [start-interim-stop|start-stop|stop-only]
[prefix|suffix] Select one of the following options:
 prefix – Matches the prefix of the username (For example, username is of type 
DOMAIN/user1, DOMAIN/user2)
 suffix – Matches the suffix of the username (For example, user1@DOMAIN, 
user2)@DOMAIN)
realm Specifies the text matched against the username
 Specifies the matching text including the delimiter (a delimiter is typically  or @)
strip Optional. Strips the realm from the username before forwarding the request to the 
RADIUS server
server  Configures an accounting server. Up to 6 accounting servers can be configured
onboard Selects an onboard server instead of an external host
self Configures the onboard server on a AP, or wireless controller, where the client is 
associated
controller Configures the wireless controller’s RADIUS server
server  Configures an accounting server. Up to 6 accounting servers can be configured
proxy-mode Select the mode used to proxy requests. The options are: none, through-controller, and 
through-rf-domain-manager.
none No proxy required. Sends the request directly using the IP address of the device
through-controller Proxies requests through the wireless controller configuring the device
through-rf-domain-manager Proxies requests through the local RF Domain manager
server  Configures an accounting server. Up to 6 accounting servers can be configured
timeout  Configures the timeout for each request sent to the RADIUS server
  – Specify a value from 1 - 60 seconds.
{attempts} Optional. Specified the number of times a transmission request is attempted
  – Specify a value from 1 - 10.
type Configures the type of RADIUS accounting packets sent. The options are: start-interim-
stop, start-stop, and stop-only.
start-interim-stop Sends accounting-start and accounting-stop messages when the session starts and 
stops. This parameter also sends interim accounting updates.
    Add page 704 to Favourites
    image text
    Enable zoom 
    							8 - 6 WiNG CLI Reference Guide
Examples
rfs7000-37FABE(config-aaa-policy-test)#accounting interim interval 65
rfs7000-37FABE(config-aaa-policy-test)#accounting server 2 host 172.16.10.10 secret 
motorola port 1
rfs7000-37FABE(config-aaa-policy-test)#accounting server 2 nai-routing realm-type 
prefix realm word strip
rfs7000-37FABE(config-aaa-policy-test)#accounting server 2 host word secret word port 
6000
rfs7000-37FABE(config-aaa-policy-test)#accounting server 2 timeout 2 attempts 2
rfs7000-37FABE(config-aaa-policy-test)#accounting type start-stop
rfs7000-37FABE(config-aaa-policy-test)#accounting server preference auth-server-
number
rfs7000-37FABE(config-aaa-policy-test)#show context
aaa-policy test
 accounting server 1 host 172.16.10.100 secret 0 testing
 accounting server 2 host 172.16.10.10 secret 0 motorola port 1008
 accounting server 2 nai-routing realm-type prefix realm DSOS strip
 accounting type start-interim-stop
 accounting interim interval 65
 accounting server preference auth-server-number
Related Commands
start-stop Sends accounting-start and accounting-stop messages when the session starts and 
stops
stop-only Sends an accounting-stop message when the session ends
noResets values or disables commands
    Add page 705 to Favourites
    image text
    Enable zoom 
    							AAA-POLICY 8 - 7
8.1.2 authentication
aaa-policy
Configures authentication parameters
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
authentication [eap|protocol|server]
authentication eap wireless-client [attempts |identity-request-timeout |
retry-timeout-factor |timeout ]
authentication protocol [chap|pap]
authentication server  [dscp|host|nac|nai-routing|onboard|proxy-mode|
retry-timeout-factor|timeout]
authentication server  dscp 
authentication server  host  secret [0 |2 |
] {port }
authentication server  nac
authentication server  nai-routing realm-type [prefix|suffix] realm 
{strip}
authentication server  onboard [controller|self]
authentication server  proxy-mode [none|through-controller|
through-rf-domain-manager]
authentication server  retry-timeout-factor 
authentication server  timeout  {attempts }
Parameters
• authentication eap wireless-client [attempts |identity-request-timeout |retry-timeout-factor |timeout ]
eap Configures Extensible Authentication Protocol (EAP) parameters
wireless-client Configures wireless client’s EAP parameters
attempts  Configures the number of attempts to authenticate a wireless client
  – Specify a value from 1 - 10.
    Add page 706 to Favourites
    image text
    Enable zoom 
    							8 - 8 WiNG CLI Reference Guide
• authentication protocol [chap|pap]
• authentication server  dscp 
• authentication server  host  secret [0 |
2 |] {port }
identity-request-timeout 
Configures the timeout interval after which an EAP identity request to a wireless 
client is resent
  – Specify a value from 1 - 60 seconds.
retry-timeout-factor  Configures the spacing between successive EAP retries. A value of 100 indicates 
equal timeouts between retries. Smaller values indicate shorter timeouts, and larger 
values indicate longer timeouts between successive retries
  – Specify a value from 50 - 200. 
timeout  Configures the duration after which an EAP request to a wireless client is retried
  – Specify a value from 1 - 60 seconds.
protocol [chap|pap] Configures the protocol used for non-EAP authentication
 chap – Uses Challenge Handshake Authentication Protocol (CHAP)
 pap – Uses Password Authentication Protocol (PAP)
server   Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured
  – Specify the RADIUS server index from 1 - 6.
dscp  Configures the Differentiated Service Code Point (DSCP) quality of service parameter 
generated in RADIUS packets. The DSCP value specifies the class of service provided 
to a packet.
server  Configures a RADIUS authentication server. Up to 6 RADIUS servers can be 
configured
  – Specify the RADIUS server index from 1 - 6.
host  Sets the RADIUS server’s IP address or hostname
secret [0 |
2 |]Configures the RADIUS server secret. This key is used to authenticate with the 
RADIUS server
 0  – Configures a clear text secret
 2  – Configures an encrypted secret
  – Specify the secret key. The shared key should not exceed 127 
characters.
port   Optional. Specifies the RADIUS server port (this port is used to connect to the RADIUS 
server)
  – Specify a value from 1 - 65535.
    Add page 707 to Favourites
    image text
    Enable zoom 
    							AAA-POLICY 8 - 9
• authentication server  nac
• accounting server  nai-routing realm-type [prefix|suffix] realm  
{strip}
• authentication server  onboard [controller|self]
server  Configures a RADIUS authentication server. Up to 6 RADIUS servers can be 
configured
  – Specifies the RADIUS server index from 1 - 6.
nac Configures the RADIUS authentication server  used as a Network Access 
Control (NAC) server for devices requiring NAC
server  Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured
  – Specifies the RADIUS server index from 1 - 6.
nai-routing Configures Network Access Identifier (NAI) RADIUS authentication
realm-type [prefix|suffix] Configures the realm-type used for NAI authentication
 prefix – Sets the realm prefix. For example, in the realm name ‘AC\JohnTalbot’, the 
prefix is ‘AC’ and the user name ‘JohnTalbot’.
 suffix – Sets the realm suffix. For example, in the realm name ‘[email protected]’ 
the suffix is ‘AC.org’ and the user name is ‘JohnTalbot’.
realm  Sets the realm information used for RADIUS authentication
  – Sets the realm used for authentication. This value is matched 
against the user name provided for RADIUS authentication. 
Example:
Prefix - AC\JohnTalbot
Suffix - [email protected]
strip Optional. Indicates the realm name must be stripped from the user name before 
sending it to the RADIUS server for authentication. For example, if the complete 
username is ‘AC\JohnTalbot’, then with the strip parameter enabled, only the 
‘JohnTalbot’ part of the complete username is sent for authentication.
server  Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured
  – Specify the RADIUS server index from 1 - 6.
onboard [controller|self] Selects the onboard RADIUS server for authentication
 controller – Indicates the RADIUS server is an onboard server
 self – Indicates the RADIUS server is onboard
    Add page 708 to Favourites
    image text
    Enable zoom 
    							8 - 10 WiNG CLI Reference Guide
• authentication server  proxy-mode [none|through-controller|through-rf-domain-
manager
• authentication server  retry-timeout-factor ]
• authentication server  timeout  {attempts }]
Examples
rfs7000-37FABE(config-aaa-policy-test)#authentication server 5 host 172.16.10.10 
secret motorola port 1009
rfs7000-37FABE(config-aaa-policy-test)#authentication server 5 timeout 10 attempts 3
rfs7000-37FABE(config-aaa-policy-test)#authentication server 5 nai-routing realm
-type suffix realm @motorola.com strip
rfs7000-37FABE(config-aaa-policy-test)#authentication protocol chap
rfs7000-37FABE(config-aaa-policy-test)#authentication eap wireless-client attempts 3
rfs7000-37FABE(config-aaa-policy-test)#authentication eap wireless-client identity-
request-timeout 20
rfs7000-37FABE(config-aaa-policy-test)#authentication server 2 onboard controller
rfs7000-37FABE(config-aaa-policy-test)#show context
aaa-policy test
 authentication server 5 onboard controller
server   Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured
  – Sets the RADIUS server index between 1 - 6
proxy-mode [none|through-
controller|through-rf-domain-
manager]Configures the mode for proxying a request
 none – Proxying is not done. The packets are sent directly using the IP address of 
the device.
 through-controller – Traffic is proxied through the wireless controller configuring 
this device
 through-rf-domain-manager – Traffic is proxied through the local RF Domain 
manager
server  Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured
  – Specify the RADIUS server index from 1 - 6.
retry-timeout-factor 
Configures the scaling of timeouts between two consecutive RADIUS authentication 
retries
  – Specify the scaling factor from 50 - 200.
 A value of 100 indicates the time gap between two consecutive retires remains
the same irrespective of the number of retries.
 A value lesser than 100 indicates the time gap between two consecutive retries
reduces with each successive retry attempt.
 A value greater than 100 indicates the time gap between two consecutive 
retries increases with each successive retry attempt.
server  Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured
  – Specify the RADIUS server index from 1 - 6.
timeout  Configures the timeout, in seconds, for each request sent to the RADIUS server. This is 
the time allowed to elapse before another request is sent to the RADIUS server. If a 
response is received from the RADIUS server within this time, no retry is attempted.
  – Specify a value from 1 - 60 seconds.
attempts  Optional. Indicates the number of retry attempts to make before giving up
  – Specify a value from 1 -10.
    Add page 709 to Favourites
    image text
    Enable zoom 
    							AAA-POLICY 8 - 11
 authentication server 5 timeout 20
 authentication server 5 nai-routing realm-type suffix realm @motorola.com strip
 accounting server 1 host 172.16.10.100 secret 0 testing
 accounting server 2 host 172.16.10.10 secret 0 motorola port 1008
 accounting server 2 nai-routing realm-type prefix realm DSOS strip
 authentication eap wireless-client identity-request-timeout 20
 authentication protocol chap
 accounting type start-interim-stop
 accounting interim interval 65
 accounting server preference auth-server-number
 authentication server 5 host 172.16.10.10 secret 0 motorola port 1009
 authentication server 5 timeout 20
 authentication server 5 host 172
Related Commands
noResets values or disables commands
    Add page 710 to Favourites
    image text
    Enable zoom 
    							8 - 12 WiNG CLI Reference Guide
8.1.3 health-check
aaa-policy
During normal operation, a AAA server can go offline. When a server goes offline, it is marked as down. This command 
configures the interval after which a server marked as down is checked to see if it has come back online and is reachable.
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
health-check interval 
Parameters
• interval 
Examples
rfs7000-37FABE(config-aaa-policy-test)#health-check interval 4000
rfs7000-37FABE(config-aaa-policy-test)#
Related Commands
interval  Configures an interval (in seconds) after which a server marked as down is checked to 
see if it is reachable again
  – Specify a value from 60 - 86400 seconds.
noResets set values or disables commands
    All Motorola manuals Comments (0)