Motorola Wing 5 Manual
Have a look at the manual Motorola Wing 5 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 249 Motorola manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 920
18 - 4 WiNG CLI Reference Guide
18.1.2 policy
radius-group
Sets the authorization policies for a RADIUS group, such as access day/time, WLANs etc.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6511
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
policy [access|day|role|ssid|time|vlan]
policy vlan
policy access [all|console|ssh|telnet|web]
policy access [all|console|ssh|telnet|web] {(all|console|ssh|telnet|web)}
policy day...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-919.png "Page 920
18 - 4 WiNG CLI Reference Guide
18.1.2 policy
radius-group
Sets the authorization policies for a RADIUS group, such as access day/time, WLANs etc.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6511
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
policy [access|day|role|ssid|time|vlan]
policy vlan
policy access [all|console|ssh|telnet|web]
policy access [all|console|ssh|telnet|web] {(all|console|ssh|telnet|web)}
policy day...")
![Page 921
RADIUS-POLICY 18 - 5
• policy access [all|console|ssh|telnet|web] {(all|console|ssh|telnet|web)}
• policy role [helpdesk|monitor|network-admin|security-admin|super-user|
system-admin|web-user-admin]
• policy ssid
• policy day[all|fr|mo|sa|su|th|tu|we|weekdays] {(all|fr|mo|sa|su|th|tu|we|
weekdays)}
access Configures a group access type
all – Allows all access. Wireless client access to the console, ssh, telnet, and/or Web
console – Allows console access only
ssh – Allows SSH access only
telnet –...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-920.png "Page 921
RADIUS-POLICY 18 - 5
• policy access [all|console|ssh|telnet|web] {(all|console|ssh|telnet|web)}
• policy role [helpdesk|monitor|network-admin|security-admin|super-user|
system-admin|web-user-admin]
• policy ssid
• policy day[all|fr|mo|sa|su|th|tu|we|weekdays] {(all|fr|mo|sa|su|th|tu|we|
weekdays)}
access Configures a group access type
all – Allows all access. Wireless client access to the console, ssh, telnet, and/or Web
console – Allows console access only
ssh – Allows SSH access only
telnet –...")
![Page 923
RADIUS-POLICY 18 - 7
18.1.3 rate-limit
radius-group
Sets the rate limit for the RADIUS server group
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6511
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
rate-limit [from-air|to-air]
Parameters
• rate-limit [from-air|to-air]
Usage Guidelines
Use [no] rate-limit [wired-to-wireless|wireless-to-wired]to remove the rate limit applied to the group.
[no] rate-limit [wireless-to-wired]sets the rate limit back to unlimited...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-922.png "Page 923
RADIUS-POLICY 18 - 7
18.1.3 rate-limit
radius-group
Sets the rate limit for the RADIUS server group
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6511
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
rate-limit [from-air|to-air]
Parameters
• rate-limit [from-air|to-air]
Usage Guidelines
Use [no] rate-limit [wired-to-wireless|wireless-to-wired]to remove the rate limit applied to the group.
[no] rate-limit [wireless-to-wired]sets the rate limit back to unlimited...")
![Page 924
18 - 8 WiNG CLI Reference Guide
18.1.4 no
radius-group
Negates a command or sets its default. Removes or modifies the RADIUS group policy settings. When used in the config
RADIUS group mode, the
no command removes or modifies the following settings: access type, access days, role type,
VLAN ID, and SSID.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6511
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
no [guest|policy|rate-limit]
no policy...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-923.png "Page 924
18 - 8 WiNG CLI Reference Guide
18.1.4 no
radius-group
Negates a command or sets its default. Removes or modifies the RADIUS group policy settings. When used in the config
RADIUS group mode, the
no command removes or modifies the following settings: access type, access days, role type,
VLAN ID, and SSID.
Supported in the following platforms:
AP300
AP621
AP650
AP6511
AP6511
AP6532
AP71XX
RFS4000
RFS6000
RFS7000
NX9000
NX9500
Syntax
no [guest|policy|rate-limit]
no policy...")
![Page 925
RADIUS-POLICY 18 - 9
• no policy day [all|fr|mo|sa|su|th|tu|we|weekdays]
• no policy ssid [|all]
• no policy [role|time|vlan]
• no rate-limit [from-air|to-air]
Examples
rfs7000-37FABE(config-radius-group-test)#no guest
rfs7000-37FABE(config-radius-group-test)#
Related Commands
no policy days Removes or modifies the days on which access is provided to this RADIUS group
all – Removes access on all days (Monday to Sunday)
fr – Removes access on Fridays only
mo – Removes access on Mondays only
sa –...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-924.png "Page 925
RADIUS-POLICY 18 - 9
• no policy day [all|fr|mo|sa|su|th|tu|we|weekdays]
• no policy ssid [|all]
• no policy [role|time|vlan]
• no rate-limit [from-air|to-air]
Examples
rfs7000-37FABE(config-radius-group-test)#no guest
rfs7000-37FABE(config-radius-group-test)#
Related Commands
no policy days Removes or modifies the days on which access is provided to this RADIUS group
all – Removes access on all days (Monday to Sunday)
fr – Removes access on Fridays only
mo – Removes access on Mondays only
sa –...")
RADIUS-POLICY 18 - 5
• policy access [all|console|ssh|telnet|web] {(all|console|ssh|telnet|web)}
• policy role [helpdesk|monitor|network-admin|security-admin|super-user|
system-admin|web-user-admin]
• policy ssid
• policy day[all|fr|mo|sa|su|th|tu|we|weekdays] {(all|fr|mo|sa|su|th|tu|we|
weekdays)}
access Configures a group access type
all – Allows all access. Wireless client access to the console, ssh, telnet, and/or Web
console – Allows console access only
ssh – Allows SSH access only
telnet – Allows Telnet access only
web – Allows Web access only
These parameters are optional you can use more than one at a time.
role [helpdesk|monitor|
network-admin|
security-admin|
super-user|
system-admin|
web-user-admin]Configures the role assigned to this RADIUS group
helpdesk – Helpdesk administrator. Performs troubleshooting tasks, such as clear
statistics, reboot, create and copy tech support dumps
monitor – Monitor. Has read-only access to the system. Can view configuration and
statistics except for secret information
network-admin – Network administrator. Manages layer 2, layer 3, Wireless, RADIUS
server, DHCP server, and Smart RF
security-admin – Security administrator. Modifies WLAN keys and passphrases
superuser – Superuser. Has full access, including halt and delete startup config
system-admin – System administrator. Upgrades image, boot partition, time, and manages
admin access
web-user-admin – Web user administrator. This role is used to create guest users and
credentials. The web-user-admin can access only the custom GUI screen and does not
have access to the normal CLI and GUI.
ssid Sets the Service Set Identifier (SSID) for this RADIUS group
– Sets a case-sensitive alphanumeric SSID, not exceeding 32 characters
day [all|fr|mo|sa|
su|th|tu|we|weekdays]Configures the days on which this RADIUS group can access the network. The options are.
all – Allows access on all days (Sunday to Saturday)
fr – Allows access on Friday only
mo – Allows access on Mondays only
sa – Allows access on Saturdays only
su – Allows access on Sundays only
th – Allows access on Thursdays only
tu – Allows access on Tuesdays only
we – Allows access on Wednesdays only
weekdays – Allows access on weekdays only (Monday to Friday
These parameters are optional, you can provide access on multiple days
18 - 6 WiNG CLI Reference Guide • policy time start end Examples rfs7000-37FABE(config-radius-group-test)#policy access all rfs7000-37FABE(config-radius-group-test)# rfs7000-37FABE(config-radius-group-test)#policy time start 13:30 end 17:30 rfs7000-37FABE(config-radius-group-test)# rfs7000-37FABE(config-radius-group-test)#policy role superuser rfs7000-37FABE(config-radius-group-test)# rfs7000-37FABE(config-radius-group-test)#show context radius-group test policy time start 13:30 end 17:30 policy access web ssh telnet console policy role superuser rfs7000-37FABE(config-radius-group-test)# Related Commands time start end Configures the time when this RADIUS group can access the network start – Sets the start time in the HH:MM format (for example, 13:30 means the user can login only after 1:30 PM) end – Sets the end time in the HH:MM format (for example, 17:30 means the user is allowed to remain logged in until 5:30 PM) noRemoves or modifies a RADIUS group’s access settings
RADIUS-POLICY 18 - 7 18.1.3 rate-limit radius-group Sets the rate limit for the RADIUS server group Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6511 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax rate-limit [from-air|to-air] Parameters • rate-limit [from-air|to-air] Usage Guidelines Use [no] rate-limit [wired-to-wireless|wireless-to-wired]to remove the rate limit applied to the group. [no] rate-limit [wireless-to-wired]sets the rate limit back to unlimited Examples rfs7000-37FABE(config-radius-group-test)##rate-limit to-air 101 rfs7000-37FABE(config-radius-group-test)# Related Commands to-air Sets the rate limit in the downlink direction, from the network to the wireless client – Sets the rate from 100 - 1000000 Kbps from-air Sets the rate limit in the uplink direction, from the wireless client to the network – Sets the rate from 100 - 1000000 Kbps noRemoves the RADIUS group’s rate limits
18 - 8 WiNG CLI Reference Guide 18.1.4 no radius-group Negates a command or sets its default. Removes or modifies the RADIUS group policy settings. When used in the config RADIUS group mode, the no command removes or modifies the following settings: access type, access days, role type, VLAN ID, and SSID. Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6511 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax no [guest|policy|rate-limit] no policy [access|day|role|ssid|time|vlan] no policy access [all|console|ssh|telnet|web] no policy day [all|fr|mo|sa|su|th|tu|we|weekdays] no policy ssid [|all] no policy [role|time|vlan] no rate-limit [from-air|to-air] Parameters • no guest • no policy access [all|console|ssh|telnet|web] no guest Makes this RADIUS group a non guest group no policy access Removes or modifies the RADIUS group access all – Removes all access (Wireless client access to the console, SSH, Telnet, and Web) console – Removes console access ssh – Removes SSH access telnet – Removes Telnet web – Removes Web access These are recursive options, and you can remove more than one at a time.
RADIUS-POLICY 18 - 9 • no policy day [all|fr|mo|sa|su|th|tu|we|weekdays] • no policy ssid [|all] • no policy [role|time|vlan] • no rate-limit [from-air|to-air] Examples rfs7000-37FABE(config-radius-group-test)#no guest rfs7000-37FABE(config-radius-group-test)# Related Commands no policy days Removes or modifies the days on which access is provided to this RADIUS group all – Removes access on all days (Monday to Sunday) fr – Removes access on Fridays only mo – Removes access on Mondays only sa – Removes access on Saturdays only su – Removes access on Sundays only th – Removes access on Thursdays only tu – Removes access on Tuesdays only we – Removes access on Wednesdays only weekdays – Removes access on weekdays (Monday to Friday) These are recursive options, and you can remove more than one at a time. no policy ssid Removes the RADIUS group’s SSID – Specify the RADIUS group SSID all – Removes all allowed WLANs no policy role Removes the RADIUS group’s role no policy time Removes the RADIUS group’s start and end access time no policy vlan Removes the RADIUS group’s VLAN ID no rate-limit Removes RADIUS group’s rate limit from-air Removes the rate limit in the uplink direction, from the wireless client to the network to-air Sets the rate limit in the downlink direction, from the network to the wireless client guestManages a guest user linked with a hotspot policySets a RADIUS group’s authorization policies rate-limitSets a RADIUS group’s rate limit
18 - 10 WiNG CLI Reference Guide 18.2 radius-server-policy Creates an onboard device RADIUS server policy. Use the (config) instance to configure RADIUS-Server-Policy related configuration commands. To navigate to the RADIUS- Server-Policy instance, use the following commands: rfs7000-37FABE(config)#radius-server-policy rfs7000-37FABE(config)#radius-server-policy test rfs7000-37FABE(config-radius-server-policy-test)# Table 18.2 summarizes RADIUS server policy commands Table 18.2radius-server-policy Commands Commands Description Reference authenticationConfigures RADIUS authentication parameterspage 18-11 crl-checkEnables a certificate revocation list (CRL) checkpage 18-13 ldap-group- verificationEnables the LDAP group verification settingspage 18-14 ldap-serverConfigures the LDAP server parameterspage 18-15 localConfigures a local RADIUS realmpage 18-17 nasConfigures the key sent to a RADIUS clientpage 18-18 noNegates a command or sets its defaultspage 18-19 proxyConfigures the RADIUS proxy server settingspage 18-22 session-resumptionEnables session resumptionpage 18-24 useDefines settings used with the RADIUS server policypage 18-25 clrscrClears the display screenpage 5-3 commitCommits (saves) changes made in this current sessionpage 5-4 doRuns commands in the EXEC modepage 4-66 endEnds and exits the current mode and moves to the PRIV EXEC modepage 5-5 exitEnds the current mode and moves to the previous modepage 5-6 helpDisplays the interactive help systempage 5-7 revertReverts changes to the their last saved configurationpage 5-13 serviceInvokes service commands to troubleshoot or debug (config-if) instance configurationspage 5-14 showDisplays running system informationpage 6-4 writeWrites information to memory or terminalpage 5-42
RADIUS-POLICY 18 - 11 18.2.1 authentication radius-server-policy Configures RADIUS server authentication parameters Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6511 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax authentication [data-source|eap-auth-type] authentication data-source [ldap|local] authentication eap-auth-type [all|peap-gtc|peap-mschapv2|tls|ttls-md5| ttls-mschapv2|ttls-pap] Parameters • authentication data-source [ldap|local] • authentication eap-auth-type [all|peap-gtc|peap-mschapv2|tls|ttls-md5| ttls-mschapv2|ttls-pap] data-source The RADIUS sever can use multiple data sources to authenticate a user. It is necessary to specify the data source. The options are: LDAP and local ldap Uses a remote Lightweight Directory Access Protocol (LDAP) server as the data source local Uses the local user database to authenticate a user eap-auth-type Uses the Extensible Authentication Protocol (EAP) to authenticate the user all Enables both TTLS and PEAP authentication peap-gtc Enables PEAP with default GTC peap-mschapv2 Enables PEAP with default MSCHAPv2 tls Enables TLS ttls-md5 Enables TTLS with default md5 ttls-mschapv2 Enables TTLS with default MSCHAPv2 ttls-pap Enables TTLS with default PAP
18 - 12 WiNG CLI Reference Guide Examples rfs7000-37FABE(config-radius-server-policy-test)#authentication eap-auth-type tls rfs7000-37FABE(config-radius-server-policy-test)# rfs7000-37FABE(config-radius-server-policy-test)#show context radius-server-policy test authentication eap-auth-type tls rfs7000-37FABE(config-radius-server-policy-test)# Related Commands noRemoves RADIUS authentication settings
RADIUS-POLICY 18 - 13 18.2.2 crl-check radius-server-policy Enables a certificate revocation list (CRL) check on this RADIUS server policy Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6511 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax crl-check Parameters None Examples rfs7000-37FABE(config-radius-server-policy-test)#crl-check rfs7000-37FABE(config-radius-server-policy-test)# rfs7000-37FABE(config-radius-server-policy-test)#show context radius-server-policy test authentication eap-auth-type tls crl-check rfs7000-37FABE(config-radius-server-policy-test)# Related Commands noDisables CRL check on a RADIUS server policy
18 - 14 WiNG CLI Reference Guide 18.2.3 ldap-group-verification radius-server-policy Enables LDAP group verification settings on this RADIUS server policy Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6511 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax ldap-group-verification Parameters None Examples rfs7000-37FABE(config-radius-server-policy-test)#ldap-group-verification rfs7000-37FABE(config-radius-server-policy-test)# Related Commands noDisables LDAP group verification settings