Motorola Wing 5 Manual
Have a look at the manual Motorola Wing 5 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 249 Motorola manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 906
17 - 14 WiNG CLI Reference Guide
17.1.8 restrict-access
management-policy
Restricts management access to a set of hosts or subnets
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
restrict-access [host|ip-access-list|subnet]
restrict-access host {|log|subnet}
restrict-access host {log [all|denied-only]}
restrict-access host {subnet [] {log [all|denied-only]}}
restrict-access ip-access-list
restrict-access...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-905.png "Page 906
17 - 14 WiNG CLI Reference Guide
17.1.8 restrict-access
management-policy
Restricts management access to a set of hosts or subnets
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
restrict-access [host|ip-access-list|subnet]
restrict-access host {|log|subnet}
restrict-access host {log [all|denied-only]}
restrict-access host {subnet [] {log [all|denied-only]}}
restrict-access ip-access-list
restrict-access...")
![Page 907
MANAGEMENT-POLICY 17 - 15
• restrict-access host {subnet [] {log [all|denied-only]}}
• restrict-access ip-access-list
• restrict-access subnet {log [all|denied-only]}
• restrict-access subnet {host [] {log [all|denied-only]}}
host Restricts management access to a specified host. Uses the IP address of a host to filter
access requests
– Specify the host IP address.
subnet Optional. Restricts access on a specified subnet. Uses a subnet IP address as a second
filter option.
– Sets the subnet IP...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-906.png "Page 907
MANAGEMENT-POLICY 17 - 15
• restrict-access host {subnet [] {log [all|denied-only]}}
• restrict-access ip-access-list
• restrict-access subnet {log [all|denied-only]}
• restrict-access subnet {host [] {log [all|denied-only]}}
host Restricts management access to a specified host. Uses the IP address of a host to filter
access requests
– Specify the host IP address.
subnet Optional. Restricts access on a specified subnet. Uses a subnet IP address as a second
filter option.
– Sets the subnet IP...")
![Page 909
MANAGEMENT-POLICY 17 - 17
17.1.9 snmp-server
management-policy
Enables the Simple Network Management Protocol (SNMP) engine parameters
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
snmp-server [community|enable|host|manager|max-pending-request|throttle|user]
snmp-server community [ro|rw]
snmp-server enable [throttle|traps]
snmp-server host [v2c|v3] {}
snmp-server [manager [all|v2|v3]|max-pending-request ]...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-908.png "Page 909
MANAGEMENT-POLICY 17 - 17
17.1.9 snmp-server
management-policy
Enables the Simple Network Management Protocol (SNMP) engine parameters
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
snmp-server [community|enable|host|manager|max-pending-request|throttle|user]
snmp-server community [ro|rw]
snmp-server enable [throttle|traps]
snmp-server host [v2c|v3] {}
snmp-server [manager [all|v2|v3]|max-pending-request ]...")
![Page 910
17 - 18 WiNG CLI Reference Guide
Parameters
• snmp-server community [ro|rw]
• snmp-server enable [throttle|traps]
• snmp-server host [v2c|v3] {}
• snmp-server [manager [all|v2|v3]|max-pending-request ]
• snmp-server throttle {interval [3000|5000|7000]}
community
Sets the community string and access privileges. Enables SNMP access by configuring
community strings that act like passwords. Configure different types of community
strings, each string providing a different form of access. Provide either...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-909.png "Page 910
17 - 18 WiNG CLI Reference Guide
Parameters
• snmp-server community [ro|rw]
• snmp-server enable [throttle|traps]
• snmp-server host [v2c|v3] {}
• snmp-server [manager [all|v2|v3]|max-pending-request ]
• snmp-server throttle {interval [3000|5000|7000]}
community
Sets the community string and access privileges. Enables SNMP access by configuring
community strings that act like passwords. Configure different types of community
strings, each string providing a different form of access. Provide either...")
![Page 911
MANAGEMENT-POLICY 17 - 19
• snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 auth md5
[0 |2 |]]
• snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 encrypted
[auth md5|des auth md5] [0 |2 |]
user [snmpmanager|
snmpoperator|
snmptrap]Defines user access to the SNMP engine
snmpmanager – Sets user as a SNMP manager
snmpoperator – Sets user as a SNMP operator
snmptrap – Sets user as a SNMP trap user
v3 auth md5 Uses SNMP version 3 as the security model
auth – Uses an authentication...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-910.png "Page 911
MANAGEMENT-POLICY 17 - 19
• snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 auth md5
[0 |2 |]]
• snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 encrypted
[auth md5|des auth md5] [0 |2 |]
user [snmpmanager|
snmpoperator|
snmptrap]Defines user access to the SNMP engine
snmpmanager – Sets user as a SNMP manager
snmpoperator – Sets user as a SNMP operator
snmptrap – Sets user as a SNMP trap user
v3 auth md5 Uses SNMP version 3 as the security model
auth – Uses an authentication...")
![Page 913
MANAGEMENT-POLICY 17 - 21
17.1.10 ssh
management-policy
Enables SSH for this management policy. SSH encrypts communication between the client and the server.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
ssh {port []}
Parameters
• ssh {port []}
Examples
rfs7000-37FABE(config-management-policy-test)#ssh port 162
Book Dependant Variable(config-management-policy-test)#...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-912.png "Page 913
MANAGEMENT-POLICY 17 - 21
17.1.10 ssh
management-policy
Enables SSH for this management policy. SSH encrypts communication between the client and the server.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
ssh {port []}
Parameters
• ssh {port []}
Examples
rfs7000-37FABE(config-management-policy-test)#ssh port 162
Book Dependant Variable(config-management-policy-test)#...")
![Page 914
17 - 22 WiNG CLI Reference Guide
17.1.11 telnet
management-policy
Enables Telnet. By default Telnet is enabled on Transmission Control Protocol (TCP) port 23. Use this command to change
the TCP port.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
telnet {port []}
Parameters
• telnet {port []}
Examples
rfs7000-37FABE(config-management-policy-test)#telnet port 200
rfs7000-37FABE(config-management-policy-test)#...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-913.png "Page 914
17 - 22 WiNG CLI Reference Guide
17.1.11 telnet
management-policy
Enables Telnet. By default Telnet is enabled on Transmission Control Protocol (TCP) port 23. Use this command to change
the TCP port.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
telnet {port []}
Parameters
• telnet {port []}
Examples
rfs7000-37FABE(config-management-policy-test)#telnet port 200
rfs7000-37FABE(config-management-policy-test)#...")
![Page 915
MANAGEMENT-POLICY 17 - 23
17.1.12 user
management-policy
Adds new user account
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
user password [0 |1 |] role [helpdesk|
monitor|network-admin|security-admin|superuser|system-admin|web-user-admin]
access [all|console|ssh|telnet|web]
Parameters
• user password [0 |1 |] role
[helpdesk|monitor|network-admin|security-admin|superuser|system-admin|
web-user-admin]...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-914.png "Page 915
MANAGEMENT-POLICY 17 - 23
17.1.12 user
management-policy
Adds new user account
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
user password [0 |1 |] role [helpdesk|
monitor|network-admin|security-admin|superuser|system-admin|web-user-admin]
access [all|console|ssh|telnet|web]
Parameters
• user password [0 |1 |] role
[helpdesk|monitor|network-admin|security-admin|superuser|system-admin|
web-user-admin]...")
MANAGEMENT-POLICY 17 - 19 • snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 auth md5 [0 |2 |]] • snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 encrypted [auth md5|des auth md5] [0 |2 |] user [snmpmanager| snmpoperator| snmptrap]Defines user access to the SNMP engine snmpmanager – Sets user as a SNMP manager snmpoperator – Sets user as a SNMP operator snmptrap – Sets user as a SNMP trap user v3 auth md5 Uses SNMP version 3 as the security model auth – Uses an authentication protocol md5 – Uses HMAC-MD5 algorithm for authentication [0 | 2 | ]Configures password using one of the following options: 0 – Configures clear text password 2 – Configures encrypted password – Specifies a password for authentication and privacy protocols user [snmpmanager| snmpoperator| snmptrap]Defines user access to the SNMP engine snmpmanager – Sets user as a SNMP manager snmpoperator – Sets user as a SNMP operator snmptrap – Sets user as a SNMP trap user v3 encrypted Uses SNMP version 3 as the security model encrypted – Uses encrypted privacy protocol auth md5 Uses authentication protocol auth – Sets authentication parameters md5 – Uses HMAC-MD5 algorithm for authentication des auth md5 Uses privacy protocol for user privacy des – Uses CBC-DES for privacy After specifying the privacy protocol, specify the authentication mode. auth – Sets user authentication parameters md5 – Uses HMAC-MD5 algorithm for authentication [0 | 2 | ]The following are common to both the auth and des parameters: Configures password using one of the following options: 0 – Configures a clear text password 2 – Configures an encrypted password – Specifies a password for authentication and privacy protocols
17 - 20 WiNG CLI Reference Guide Examples rfs7000-37FABE(config-management-policy-test)#snmp-server community snmp1 ro rfs7000-37FABE(config-management-policy-test)# rfs7000-37FABE(config-management-policy-test)#snmp-server host 172.16.10.23 v3 162 rfs7000-37FABE(config-management-policy-test)# rfs7000-37FABE(config-management-policy-test)#commit rfs7000-37FABE(config-management-policy-test)#snmp-server user snmpmanager v3 auth md5 symbol123 rfs7000-37FABE(config-management-policy-test)# rfs7000-37FABE(config-management-policy-test)#snmp-server throttle interval 3000 rfs7000-37FABE(config-management-policy-test)#s rfs7000-37FABE(config-management-policy-test)#show context management-policy test http server no ssh snmp-server community snmp1 ro snmp-server user snmpmanager v3 encrypted des auth md5 0 symbol123 snmp-server host 172.16.10.23 v3 162 snmp-server throttle interval 3000 rfs7000-37FABE(config-management-policy-test)# Related Commands noDisables the SNMP server settings
MANAGEMENT-POLICY 17 - 21
17.1.10 ssh
management-policy
Enables SSH for this management policy. SSH encrypts communication between the client and the server.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
ssh {port []}
Parameters
• ssh {port []}
Examples
rfs7000-37FABE(config-management-policy-test)#ssh port 162
Book Dependant Variable(config-management-policy-test)#
rfs7000-37FABE(config-management-policy-test)#show context
management-policy test
http server
ssh port 162
snmp-server community snmp1 ro
snmp-server user snmpmanager v3 encrypted des auth md5 0 symbol123
snmp-server enable traps
snmp-server host 172.16.10.23 v3 62
restrict-access host 172.16.10.4 log denied-only
rfs7000-37FABE(config-management-policy-test)#
Related Commands
ssh Enables SSH communication between client and server
port Optional. Configures the SSH port
– Sets a value from 1 - 165535. The default port is 22.
noDisables SSH access
17 - 22 WiNG CLI Reference Guide
17.1.11 telnet
management-policy
Enables Telnet. By default Telnet is enabled on Transmission Control Protocol (TCP) port 23. Use this command to change
the TCP port.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6521
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
telnet {port []}
Parameters
• telnet {port []}
Examples
rfs7000-37FABE(config-management-policy-test)#telnet port 200
rfs7000-37FABE(config-management-policy-test)#
rfs7000-37FABE(config-management-policy-test)#show context
management-policy test
telnet port 200
http server
ssh port 162
snmp-server community snmp1 ro
snmp-server user snmpmanager v3 encrypted des auth md5 0 symbol123
snmp-server enable traps
snmp-server host 172.16.10.23 v3 62
restrict-access host 172.16.10.4 log denied-only
rfs7000-37FABE(config-management-policy-test)#
Related Commands
telnet Enables Telnet
port Optional. Configures the Telnet port
– Sets a value from 1 - 165535. The default port is 23.
noDisables Telnet
MANAGEMENT-POLICY 17 - 23 17.1.12 user management-policy Adds new user account Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax user password [0 |1 |] role [helpdesk| monitor|network-admin|security-admin|superuser|system-admin|web-user-admin] access [all|console|ssh|telnet|web] Parameters • user password [0 |1 |] role [helpdesk|monitor|network-admin|security-admin|superuser|system-admin| web-user-admin] access [all|console|ssh|telnet|web] user Adds new user account to this management policy – Sets the username password [0 | 1 | ]Configures a password 0 – Sets a clear text password 1 – Sets the SHA1 hash of the password – Sets the password
17 - 24 WiNG CLI Reference Guide Examples rfs7000-37FABE(config-management-policy-test)#user TESTER password moto123 role superuser access all rfs7000-37FABE(config-management-policy-test)# rfs7000-37FABE(config-management-policy-test)#show context management-policy test telnet port 200 http server ssh port 162 user TESTER password 1 92d96356524478e04a6669c0c5a167a2d5f5ed0547c489b0d5b8662d879d3a1e role superuser access all snmp-server community snmp1 ro snmp-server user snmpmanager v3 encrypted des auth md5 0 symbol123 snmp-server enable traps snmp-server host 172.16.10.23 v3 62 restrict-access host 172.16.10.4 log denied-only rfs7000-37FABE(config-management-policy-test)# Related Commands role Configures the user role. The options are: helpdesk – Helpdesk administrator. Performs troubleshooting tasks, such as clear statistics, reboot, create and copy tech support dumps monitor – Monitor. Has read-only access to the system. Can view configuration and statistics except for secret information network-admin – Network administrator. Manages layer 2, layer 3, Wireless, RADIUS server, DHCP server, and Smart RF security-admin – Security administrator. Modifies WLAN keys and passphrases superuser – Superuser. Has full access, including halt and delete startup-config system-admin – System administrator. Upgrades image, boot partition, time, and manages admin access web-user-admin – Web user administrator. This role is used to create guest users and credentials. The Web user admin can access only the custom GUI screen and does not have access to the normal CLI and GUI. access [all|console|ssh| telnet|web]Configures the access type all – Allows all types of access: console, SSH, Telnet, and Web console – Allows console access ssh – Allows SSH access telnet – Allows Telnet access web – Allows Web access noRemoves a user account
CHAPTER 18 RADIUS-POLICY This chapter summarizes RADIUS group, server and user policy commands in detail. Use the (config) instance to configure RADIUS group commands. This command creates a group within the existing Remote Authentication Dial-in user Service (RADIUS) group. To navigate to the RADIUS group instance, use the following commands: rfs7000-37FABE(config)#radius-group rfs7000-37FABE(config)#radius-group test rfs7000-37FABE(config-radius-group-test)#? Radius user group configuration commands: guest Make this group a Guest group no Negate a command or set its defaults policy Radius group access policy configuration rate-limit Set rate limit for group clrscr Clears the display screen commit Commit all changes made in this session do Run commands from Exec mode end End current mode and change to EXEC mode exit End current mode and down to previous mode help Description of the interactive help system revert Revert changes service Service Commands show Show running system information write Write running configuration to memory or terminal rfs7000-37FABE(config-radius-group-test)#
18 - 2 WiNG CLI Reference Guide 18.1 radius-group Sets RADIUS user group parameters Table 18.1 summarizes RADIUS group commands Table 18.1radius-group Commands Command Description Reference guestEnables guest access for the newly created grouppage 18-3 noNegates a command or sets its default valuespage 18-8 policyConfigures RADIUS group access policy parameterspage 18-4 rate-limitSets the default rate limit per user in kbps, and applies it to all enabled WLANspage 18-7 clrscrClears the display screenpage 5-3 commitCommits (saves) changes made in the current sessionpage 5-4 doRuns commands from EXEC modepage 4-66 endEnds and exits the current mode and moves to the PRIV EXEC modepage 5-5 exitEnds the current mode and moves to the previous modepage 5-6 helpDisplays the interactive help systempage 5-7 revertReverts changes to their last saved configurationpage 5-13 serviceInvokes service commands to troubleshoot or debug (config-if) instance configurationspage 5-14 showDisplays running system informationpage 5-40 writeWrites information to memory or terminalpage 6-4
RADIUS-POLICY 18 - 3 18.1.1 guest radius-group Manages captive portal guest access. Creates a guest user and associates it with a group. The guest user and policies are used for captive portal authorization to the controller managed network. Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6511 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax guest Parameters None Examples rfs7000-37FABE(config-radius-group-test)#guest rfs7000-37FABE(config-radius-group-test)# rfs7000-37FABE(config-radius-group-test)#show context radius-group test guest rfs7000-37FABE(config-radius-group-test)# Related Commands noCreates a non guest group
18 - 4 WiNG CLI Reference Guide
18.1.2 policy
radius-group
Sets the authorization policies for a RADIUS group, such as access day/time, WLANs etc.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6511
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
policy [access|day|role|ssid|time|vlan]
policy vlan
policy access [all|console|ssh|telnet|web]
policy access [all|console|ssh|telnet|web] {(all|console|ssh|telnet|web)}
policy day [all|fr|mo|sa|su|th|tu|we|weekdays]{(all|fr|mo|sa|su|
th|tu|we|weekdays)}
policy role [helpdesk|monitor|network-admin|security-admin|
super-user|system-admin|web-user-admin]
policy ssid
policy time start end
Parameters
• policy vlan
NOTE: A user-based VLAN is effective only if dynamic VLAN authorization is enabled for
the WLAN
vlan Sets the RADIUS group VLAN ID from 1 - 4094