port port-id
config
This command configures a WLAN port. The WLAN port identifiers for the WLAN MDA are fixed and represent either an access point (AP) or the station, with the following configuration:
port 1/4/1 is always AP 1
port 1/4/2 is always AP 2
port 1/4/3 is always AP 3
port 1/4/4 is always station 1
n/a
specifies the physical port ID in the format slot/mda/port, where the slot ID is always 1, the MDA is always 4, and the port ID is 1 to 4
description description-string
no description
config>port
This command creates a text description for a configuration context to help identify the content in the configuration file.
The no form of this command removes any description string from the context.
n/a
description character string. Allowed values are any string up to 80 or 160 characters long (depending on the command) composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $,or spaces), the entire string must be enclosed within double quotes.
[no] shutdown
config>port
This command administratively disables the specified WLAN port. When disabled, no configurations can be changed or removed and no statistics can be reset. The operational state of the port is also disabled.
When a WLAN AP on the node is shut down, the following occurs.
All WLAN clients connected to the AP are released.
If the AP is configured as a SAP toward the WLAN gateway, the SAP and associated service become operationally down.
When the WLAN station on the node is shut down, the following occurs.
The station disconnects from the AP it was connected to.
The station stops trying to connect to the networks in its network list.
If any WLAN APs are configured on the node and they are not shut down, they will stay up and continue using the channel that was in use before the shutdown of the station.
Issuing the no shutdown command enables the specified port when the WLAN MDA is also enabled.
When the WLAN station port is enabled, the following occurs.
The WLAN APs on the node that were operationally up go down and only come back up when the station connects to a remote AP. The channel selected by the station is then used by the WLAN APs.
The station scans for an available network from its list of candidate networks.
When it connects to a valid network, the AP on the node will also use the channel that was used to connect the station (when the channel command is set to auto).
The no form of this command administratively enables the specified port.
shutdown
wlan
config>port
This command enables the context to configure WLAN port parameters.
n/a
access-point
config>port>wlan
This command enables the context to configure WLAN AP port parameters.
[no] broadcast-ssid
config>port>wlan>access-point
This command enables a WLAN AP to broadcast the network SSID.
The no form of the command disables the broadcast of the network SSID.
no broadcast-ssid
client-limit clients
config>port>wlan>access-point
This command configures the maximum number of clients that can connect to a WLAN AP concurrently.
24
the number of concurrent clients that can connect to a WLAN AP
client-timeout seconds
config>port>wlan>access-point
This command configures the timeout period for inactive clients. If a client does not send or receive data over the WLAN connection within the specified period, the client is disconnected from the WLAN AP.
300
the length of time, in seconds, that a WLAN AP waits before disconnecting an inactive client
[no] shutdown
config>port>wlan>access-point>dhcp
This command disables the DHCP relay function for a WLAN AP.
The no form of the command enables the DHCP relay function on an AP. When a DHCP request is received by a client trying to connect to the AP, the node inserts Option 82 with specific information needed to connect to the WLAN gateway. If an Option 82 sub-option is already present in the DHCP request, it is replaced with the version expected by the WLAN gateway.
shutdown
dot1x
config>port>wlan>access-point
This command enables the context to configure dot1X parameters for a WLAN AP port.
radius-plcy policy-name
no radius-plcy
config>port>wlan>access-point>dot1x
This command specifies a RADIUS policy for a WLAN AP to use when network WLAN security is set to wpa2-enterprise.
The RADIUS policy name must have already been configured under the config>system>security>dot1x context before executing this command. For information about configuring a RADIUS policy name, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR Classic CLI Command Reference Guide.
The no form of the command clears the RADIUS policy name from a WLAN AP port.
n/a
the RADIUS policy to use for a WLAN AP
re-auth-period seconds
config>port>wlan>access-point>dot1x
This command configures the reauthentication period when network LAN security for a WLAN AP is set to wpa2-enterprise. Clients that are connected to the WLAN AP must reauthenticate after the reauthentication period expires.
300
the intervals at which clients that are connected to a WLAN AP must reauthenticate
mode {access | network}
config>port>wlan
This command sets the mode of a WLAN port to access or network. All WLAN ports can operate either as access ports or network ports. By default, WLAN ports 1/4/1 to 1/4/3 operate in access mode and WLAN port 1/4/4 operates in network mode.
access for WLAN ports 1/4/1 to 1/4/3, network for WLAN port 1/4/4
sets the WLAN port mode to access
sets the WLAN port mode to network
network network-id ssid ssid-name [create]
no network
config>port>wlan
This command configures the network identifier and the network service set identifier (SSID). The network SSID can be changed only when the WLAN port is shut down.
The SSID defines the name of the WLAN network. The WLAN AP ports use this name to allow WLAN clients to connect to their offered WLAN network.
The WLAN station port uses the network ID and associated SSID to connect to a remote AP. Up to 10 network numbers and associated SSID can be configured for the WLAN station port; however, only one network can be active and connected to the station at a time.
Operators must configure security parameters for each network SSID specified.
The no form of this command removes the network and all the configurations within the network context.
n/a
the network identifier, from 1 to 10
a 32-character string that defines the SSID
keyword used to create the network SSID
wlan-security [type {wpa2-psk | wpa2-enterprise}]
no wlan-security
config>port>wlan>network
This command configures the network security type for the specified WLAN interface.
When no security type is set, the WLAN interface is considered to be open. When the security type is set to wpa2-psk, the WPA2-PSK passphrase must be configured.
When a WLAN AP port is configured for WPA2-Enterprise security, operators must configure a RADIUS policy under the config>system>security>dot1x context in the CLI. For information about configuring a RADIUS policy in this context, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide. The dot1x RADIUS policy ID used to configure the RADIUS policy is then configured on the WLAN AP port using the config>port>wlan>access-point>dot1x>radius-plcy command, in order to authenticate clients connecting to the WLAN AP.
When the WLAN station port is configured for WPA2-Enterprise security, operators must configure the authentication type as one of EAP-TTLS, EAP-FAST, or EAP-PEAP using the authentication command.
The no form of the command disables security and the WLAN interface is considered to be open.
no wlan-security
keyword used to select the security type
the WLAN interface uses WPA2-PSK security
the WLAN interface uses WPA2-Enterprise security
wpa-encryption [tkip | aes]
no wpa-encryption
config>port>wlan>network>wlan-security
This command sets the WPA2 encryption type when network WLAN security is configured as either wpa2-psk or wpa2-enterprise.
When WLAN security is set to either wpa2-psk or wpa2-enterprise, the encryption type defaults to aes.
The no form of the command removes the configured encryption type.
aes
sets the encryption type to TKIP
sets the encryption type to AES
wpa-passphrase ascii-passphrase [hash | hash2]
no wpa-passphrase
config>port>wlan>network>wlan-security
This command configures the WPA2-PSK passphrase when network WLAN security is configured as wpa2-psk. The passphrase is a pre-shared alphanumeric string that is used to connect potential clients to an AP on the node.
The no form of the command clears the passphrase. The default setting is the string passphrase.
passphrase
a 63-character alphanumeric string that identifies the passphrase to use for WPA2-PSK security
specifies that the hash key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the specified hash or hash2 parameter.
specifies that the hash key is entered in a more complex, encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the specified hash or hash2 parameter.
station
config>port>wlan>network>wlan-security
This command enters the context to configure WLAN station port parameters.
n/a
authentication {eap-ttls | eap-fast | eap-peap}
no authentication
config>port>wlan>network>wlan-security>station
This command configures the type of network authentication to be used by the WLAN station when the wlan-security parameter is set to WPA2-enterprise.
none
sets the authentication type for the WLAN station to EAP-TTLS
sets the authentication type for the WLAN station to EAP-FAST
sets the authentication type for the WLAN station to EAP-PEAP
password password-string [hash | hash2]
no password
config>port>wlan>network>wlan-security>station
This command configures the password that the station uses to access the network when the authentication method requires a password.
n/a
the password to be authenticated
specifies that the hash key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the specified hash or hash2 parameter.
specifies that the hash key is entered in a more complex, encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the specified hash or hash2 parameter.
username username-string
no username
config>port>wlan>network>wlan-security>station
This command configures the name that the station uses to access the network when the authentication method requires a username.
n/a
the username to be authenticated, up to 64 characters