Configuration Guide
Page 20
...File to Use After the Next Reboot 611 Loading a Configuration File 611 Specifying a Backup Configuration File 612 Resetting to the Factory Default Configuration 612 Backing Up and Restoring the System 613 Managing Configuration Changes 615 Backup and Restore Examples 615 Upgrading the System Image ...616 Preparing the WX Switch for the Upgrade 616 Upgrading an Individual Switch Using the CLI 617 Command Changes During Upgrade 618 A TROUBLESHOOTING A WX SWITCH Fixing Common WX Setup Problems 619 Recovering the System When the Enable Password is Lost 622 WXR100 622 WX1200, WX2200, or ...
...File to Use After the Next Reboot 611 Loading a Configuration File 611 Specifying a Backup Configuration File 612 Resetting to the Factory Default Configuration 612 Backing Up and Restoring the System 613 Managing Configuration Changes 615 Backup and Restore Examples 615 Upgrading the System Image ...616 Preparing the WX Switch for the Upgrade 616 Upgrading an Individual Switch Using the CLI 617 Command Changes During Upgrade 618 A TROUBLESHOOTING A WX SWITCH Fixing Common WX Setup Problems 619 Recovering the System When the Enable Password is Lost 622 WXR100 622 WX1200, WX2200, or ...
Configuration Guide
Page 28
...Prompts By default, the MSS CLI provides the following prompt for a value. Syntax Notation The MSS CLI uses standard syntax notation: Bold monospace font identifies the command and keywords you become enabled as an administrative user by typing enable and supplying a suitable password, MSS ..., in the following prompt: WXmmmm# For information about changing the CLI prompt on a WX, see the set prompt command description in the Wireless LAN Switch and Controller Command Reference. The mmmm portion shows the WX model number (for tabs and spaces, and is optional: clear fdb {dynamic |...
...Prompts By default, the MSS CLI provides the following prompt for a value. Syntax Notation The MSS CLI uses standard syntax notation: Bold monospace font identifies the command and keywords you become enabled as an administrative user by typing enable and supplying a suitable password, MSS ..., in the following prompt: WXmmmm# For information about changing the CLI prompt on a WX, see the set prompt command description in the Wireless LAN Switch and Controller Command Reference. The mmmm portion shows the WX model number (for tabs and spaces, and is optional: clear fdb {dynamic |...
Configuration Guide
Page 36
...no special usage. One or more examples of the command in the Wireless LAN Switch and Controller Command Reference contains the following elements: A command name, ...132; A brief description of how the command functions. The full command syntax. Any command defaults. The command access, which the command was introduced and the version numbers of a command description and.... One or more related commands. All indicates that you must enter the enable password before entering the command. The command history, which identifies the MSS version in ...
...no special usage. One or more examples of the command in the Wireless LAN Switch and Controller Command Reference contains the following elements: A command name, ...132; A brief description of how the command functions. The full command syntax. Any command defaults. The command access, which the command was introduced and the version numbers of a command description and.... One or more related commands. All indicates that you must enter the enable password before entering the command. The command history, which identifies the MSS version in ...
Configuration Guide
Page 40
... additional users, use the CLI or 3Com Wireless Switch Manager. You can use the Web Quick Start to configure the following parameters: System name of the switch Country code (the country where wireless access will not be provided) Administrator username and password Management IP address and default router (gateway) Time and date...
... additional users, use the CLI or 3Com Wireless Switch Manager. You can use the Web Quick Start to configure the following parameters: System name of the switch Country code (the country where wireless access will not be provided) Administrator username and password Management IP address and default router (gateway) Time and date...
Configuration Guide
Page 44
...default VLAN Administrative users and passwords Enable password System time, date, and timezone Unencrypted (clear) SSID names Usernames and passwords for guest access using WebAAA Encrypted (crypto) SSID names and dynamic WEP encryption for encrypted SSIDs' wireless traffic Usernames and passwords... for secure access using 802.1X authentication using PEAP-MSCHAP-V2 and secure wireless data encryption using dynamic Wired Equivalent Privacy (WEP)...
...default VLAN Administrative users and passwords Enable password System time, date, and timezone Unencrypted (clear) SSID names Usernames and passwords for guest access using WebAAA Encrypted (crypto) SSID names and dynamic WEP encryption for encrypted SSIDs' wireless traffic Usernames and passwords... for secure access using 802.1X authentication using PEAP-MSCHAP-V2 and secure wireless data encryption using dynamic Wired Equivalent Privacy (WEP)...
Configuration Guide
Page 45
...run this command on page 213. You can change the enable password later using the set enablepass command. One of the questions the script asks is , "Do you for managing the switch over the network. After prompting you wish to configure wireless?" The command asks you answer n, the script generates key ... asks is the country code. CLI quickstart Command 45 The command automatically places all ports that are not used for configuration of a new switch only. CAUTION: The quickstart command is for directly connected MAPs into the default VLAN (VLAN 1). If you a series of questions.
...run this command on page 213. You can change the enable password later using the set enablepass command. One of the questions the script asks is , "Do you for managing the switch over the network. After prompting you wish to configure wireless?" The command asks you answer n, the script generates key ... asks is the country code. CLI quickstart Command 45 The command automatically places all ports that are not used for configuration of a new switch only. CAUTION: The quickstart command is for directly connected MAPs into the default VLAN (VLAN 1). If you a series of questions.
Configuration Guide
Page 46
... switch allows by default is CLI access through the serial connection. System Time and date parameters: Date: 31st of March, 2007 Time: 4:36 PM Timezone: PST (Pacific Standard Time), with an offset of -8 hours from Universal Coordinated Time (UTC) Unencrypted SSID name: public Username user1 and password...
... switch allows by default is CLI access through the serial connection. System Time and date parameters: Date: 31st of March, 2007 Time: 4:36 PM Timezone: PST (Pacific Standard Time), with an offset of -8 hours from Universal Coordinated Time (UTC) Unencrypted SSID name: public Username user1 and password...
Configuration Guide
Page 51
... who are not allowed to the WX by default. In enabled mode, you can use all CLI...password, 3Com highly recommends that you enforce authentication on page 413.) 3 Restricted mode. 3 Overview CONFIGURING AAA FOR ADMINISTRATIVE AND LOCAL ACCESS 3Com Mobility System Software (MSS) supports authentication, authorization, and accounting (AAA) for operation. A CLI Telnet connection to the console port and manage the switch...enter the enabled mode of operation is enforced. (3Com recommends that you initially connect to a Remote Authentication Dial-In User Service (RADIUS) server. To...
... who are not allowed to the WX by default. In enabled mode, you can use all CLI...password, 3Com highly recommends that you enforce authentication on page 413.) 3 Restricted mode. 3 Overview CONFIGURING AAA FOR ADMINISTRATIVE AND LOCAL ACCESS 3Com Mobility System Software (MSS) supports authentication, authorization, and accounting (AAA) for operation. A CLI Telnet connection to the console port and manage the switch...enter the enabled mode of operation is enforced. (3Com recommends that you initially connect to a Remote Authentication Dial-In User Service (RADIUS) server. To...
Configuration Guide
Page 55
... yourself as an administrator, you set the enable password and configure authentication, the default username and password are blank. To enable an administrator: 1 Log in to further configure the WX switch. Password: 3 Type enable to the WX switch from the console. Telnet access is not initially... command, you have administrative privileges, which allow you to the WX switch from the serial console, and press Enter when the WX switch displays a username prompt: Username: 2 Press Enter when the WX switch displays a password prompt. WX1200> enable 4 Press Enter to the WX console port...
... yourself as an administrator, you set the enable password and configure authentication, the default username and password are blank. To enable an administrator: 1 Log in to further configure the WX switch. Password: 3 Type enable to the WX switch from the console. Telnet access is not initially... command, you have administrative privileges, which allow you to the WX switch from the serial console, and press Enter when the WX switch displays a username prompt: Username: 2 Press Enter when the WX switch displays a password prompt. WX1200> enable 4 Press Enter to the WX console port...
Configuration Guide
Page 56
...ADMINISTRATIVE AND LOCAL ACCESS Setting the WX Switch Enable Password There is not displayed as you type it. WX1200# set enablepass Enter old password: Enter new password: Retype new password: Password changed Be sure to its default settings and wipes out any saved configuration...password" prompt, press Enter. 3 At the "Enter new password" prompt, enter an enable password of up to 32 alphanumeric characters with no password) to confirm it causes the system to return to use a password that you change the enable password from the default. 3Com recommends that you know the password...
...ADMINISTRATIVE AND LOCAL ACCESS Setting the WX Switch Enable Password There is not displayed as you type it. WX1200# set enablepass Enter old password: Enter new password: Retype new password: Password changed Be sure to its default settings and wipes out any saved configuration...password" prompt, press Enter. 3 At the "Enter new password" prompt, enter an enable password of up to 32 alphanumeric characters with no password) to confirm it causes the system to return to use a password that you change the enable password from the default. 3Com recommends that you know the password...
Configuration Guide
Page 57
...this configuration into 3WXM. (For 3WXM information, see the Wireless Switch Manager Reference Manual.) Authenticating at the console. If you have previously required authentication and have created a local username and password, you can configure the console so that authentication is ... is required. 3Com recommends that it (during testing, for example), type the following command to enter the switch's enable password when you have decided not to require it does not require username and password authentication: WX1200# set user username password password success: change ...
...this configuration into 3WXM. (For 3WXM information, see the Wireless Switch Manager Reference Manual.) Authenticating at the console. If you have previously required authentication and have created a local username and password, you can configure the console so that authentication is ... is required. 3Com recommends that it (during testing, for example), type the following command to enter the switch's enable password when you have decided not to require it does not require username and password authentication: WX1200# set user username password password success: change ...
Configuration Guide
Page 59
... at EXAMPLE, enter the following command: WX1200# set user Jose password spRin9 success: User Jose created To clear a user from one MAP to another, and when the user terminates his or her session. The default for administrative logins, use the following command: set accounting {admin ... user Jose with unauthorized access to the console from logging in the local database on the WX switch. 3Com recommends that you to prevent anyone with the password spRin9 in . Accounting records can be updated for Administrative Users Accounting allows you enforce console authentication after...
... at EXAMPLE, enter the following command: WX1200# set user Jose password spRin9 success: User Jose created To clear a user from one MAP to another, and when the user terminates his or her session. The default for administrative logins, use the following command: set accounting {admin ... user Jose with unauthorized access to the console from logging in the local database on the WX switch. 3Com recommends that you to prevent anyone with the password spRin9 in . Accounting records can be updated for Administrative Users Accounting allows you enforce console authentication after...
Configuration Guide
Page 61
... switch to the last saved configuration or loads a particular configuration filename. (For more information, see the Wireless LAN Switch ...switch is rebooted before you have saved the configuration, all configuration changes since the last time you enter and want to save the configuration for future sessions. Displaying the AAA Configuration 61 Displaying the AAA To display your AAA configuration, type the following command: Configuration WX1200# display aaa Default...local user Geetha Password = 1214253d1d19 (encrypted) (For information about the fields in WX nonvolatile...
... switch to the last saved configuration or loads a particular configuration filename. (For more information, see the Wireless LAN Switch ...switch is rebooted before you have saved the configuration, all configuration changes since the last time you enter and want to save the configuration for future sessions. Displaying the AAA Configuration 61 Displaying the AAA To display your AAA configuration, type the following command: Configuration WX1200# display aaa Default...local user Geetha Password = 1214253d1d19 (encrypted) (For information about the fields in WX nonvolatile...
Configuration Guide
Page 65
... users can configure MSS so that are automatically encrypted when entered in the local database. By default, user passwords are memorable to themselves, difficult for example, Tre%Pag32!). A user cannot reuse any of his or her 10...of failed login attempts. 4 MANAGING USER PASSWORDS Overview This chapter describes how to manage user passwords, configure user passwords, and how to display password information. 3COM recommends that all users create passwords that the following additional restrictions apply to user passwords: Passwords must be a minimum of 10 characters...
... users can configure MSS so that are automatically encrypted when entered in the local database. By default, user passwords are memorable to themselves, difficult for example, Tre%Pag32!). A user cannot reuse any of his or her 10...of failed login attempts. 4 MANAGING USER PASSWORDS Overview This chapter describes how to manage user passwords, configure user passwords, and how to display password information. 3COM recommends that all users create passwords that the following additional restrictions apply to user passwords: Passwords must be a minimum of 10 characters...
Configuration Guide
Page 66
... the following command: WX# set user username password [encrypted] password For example, to configure user Jose with the password spRin9 in the local database on the WX switch (command_audit.cur) cannot be made case-sensitive by default. By default, usernames and passwords in the local database are disabled by activating password restrictions, as described in the following command...
... the following command: WX# set user username password [encrypted] password For example, to configure user Jose with the password spRin9 in the local database on the WX switch (command_audit.cur) cannot be made case-sensitive by default. By default, usernames and passwords in the local database are disabled by activating password restrictions, as described in the following command...
Configuration Guide
Page 67
...When you enable them, MSS evaluates the passwords configured on the WX and displays a list of users whose password does not meet the restriction on the WX switch, type the following password restrictions take effect: Passwords must be a minimum of 10 characters ... 4 failed login attempts are disabled by default. Configuring Passwords 67 Enabling Password Restrictions To activate password restrictions for network and administrative users, use the following command: set authentication password-restrict enable warning: the following users have passwords that do not have at least 4 ...
...When you enable them, MSS evaluates the passwords configured on the WX and displays a list of users whose password does not meet the restriction on the WX switch, type the following password restrictions take effect: Passwords must be a minimum of 10 characters ... 4 failed login attempts are disabled by default. Configuring Passwords 67 Enabling Password Restrictions To activate password restrictions for network and administrative users, use the following command: set authentication password-restrict enable warning: the following users have passwords that do not have at least 4 ...
Configuration Guide
Page 68
Specifying 0 causes the number of 3 attempts to a Locked-Out User" on the WX switch and displays a list of users whose password does not meet the minimum length restriction. If a user is locked out of the system, you can restore...authentication max-attempts 3 success: change accepted. For example, to the default values. 68 CHAPTER 4: MANAGING USER PASSWORDS You can specify a minimum password length between 0 - 2147483647. By default, there is configured, you enable this command, MSS evaluates the passwords configured on page 70.) For example, to allow users a maximum of...
Specifying 0 causes the number of 3 attempts to a Locked-Out User" on the WX switch and displays a list of users whose password does not meet the minimum length restriction. If a user is locked out of the system, you can restore...authentication max-attempts 3 success: change accepted. For example, to the default values. 68 CHAPTER 4: MANAGING USER PASSWORDS You can specify a minimum password length between 0 - 2147483647. By default, there is configured, you enable this command, MSS evaluates the passwords configured on page 70.) For example, to allow users a maximum of...
Configuration Guide
Page 69
... the users in user group cardiology to be valid for 30 days: WX# set usergroup group-name expire-password-in time By default, user passwords do not expire. You can be specified in days (for example, 30 or 30d), hours (720h), or a combination of days and hours (30d12h) For ...example, the following command sets user Student1ís password to be valid for 30 days: WX# set user Student1 expire-password-in 30 success...
... the users in user group cardiology to be valid for 30 days: WX# set usergroup group-name expire-password-in time By default, user passwords do not expire. You can be specified in days (for example, 30 or 30d), hours (720h), or a combination of days and hours (30d12h) For ...example, the following command sets user Student1ís password to be valid for 30 days: WX# set user Student1 expire-password-in 30 success...
Configuration Guide
Page 70
... in = 59 hours (2 days 11 hours) status = disabled vlan-name = default service-type = 7 (For details on displaying passwords, see the Wireless LAN Switch and Controller Command Reference. Displaying Password Information User password information can restore access to the user. set authentication password-restrict enable set authentication minimum-password-length 10 ... To restore access to a user who had been locked...
... in = 59 hours (2 days 11 hours) status = disabled vlan-name = default service-type = 7 (For details on displaying passwords, see the Wireless LAN Switch and Controller Command Reference. Displaying Password Information User password information can restore access to the user. set authentication password-restrict enable set authentication minimum-password-length 10 ... To restore access to a user who had been locked...
Configuration Guide
Page 113
... prompt is displayed, MSS allows 30 seconds to enter a valid username and password to the Web management application through TCP port 22. Telnet - SSH is enabled by default. These timers are not configurable. To disable or reenable it, use the following...{enable | disable} A WXR100 can have up to eight Telnet or SSH sessions, in any combination, and one Console session. SSH requires a valid username and password for managing a WX switch over the network. SSH provides a secure connection to the switch. Enabling SSH SSH is enabled by default.
... prompt is displayed, MSS allows 30 seconds to enter a valid username and password to the Web management application through TCP port 22. Telnet - SSH is enabled by default. These timers are not configurable. To disable or reenable it, use the following...{enable | disable} A WXR100 can have up to eight Telnet or SSH sessions, in any combination, and one Console session. SSH requires a valid username and password for managing a WX switch over the network. SSH provides a secure connection to the switch. Enabling SSH SSH is enabled by default.