12.25. WiFi Command Reference

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the context in the configuration file.

The no form of this command removes any description string from the context.

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system-generated configuration files.

The no form of this command places the entity into an administratively enabled state.

This command enables the context to configure subscriber management entities. A subscriber is uniquely identified by a subscriber identification string. Each subscriber can have several DHCP sessions active at any time. Each session is referred to as a subscriber host and is identified by its IP address and MAC address.

All subscriber hosts belonging to the same subscriber are subject to the same hierarchical QoS (HQoS) processing. The HQoS processing is defined in the sub-profile (the subscriber profile). A sub-profile refers to an existing scheduler policy (configured in the config>qos>scheduler-policy context) and offers the possibility to overrule the rate of individual schedulers within this policy.

Because all subscriber hosts use the same scheduler policy instance, they must all reside on the same complex.

This command enables the context to configure WLAN Gateway parameters.

This command enables the context to configure profiles, templates and policies that can be applied to DSM subscribers.

This command creates a tunnel query where filter criteria over WLAN-GW tunnels are defined. This query can later be used to retrieve the state of the tunnels and Layer 2 access points (which are modeled as tunnels) matching the configured criteria.

The no form of this command removes the query.

This command specifies the address type to match on tunnels.

The no form of this command reverts to the default.

This command specifies the matching criteria of tunnels based on whether or not learning the associated AP-MAC address last failed.

This command specifies whether or not to count the number of tunnels matching the specified criteria.

Note: Do not enable this command if the expected number of tunnels is large.

This command enables matching on a Layer 2 access point with a specified C-VLAN.

The no form of this command disables matching on a C-VLAN.

This command enables matching on a Layer 2 access point with a specified S-VLAN.

The no form of this command disables matching on an S-VLAN.

This command enables matching on Layer 2 access points active on the specified SAP.

The no form of this command disables matching on the SAP.

This command enables matching on tunnels that are terminated by the specified IP address on the WLAN-GW.

The no form of this command disables matching on the local IP address.

This command enables matching only on tunnels that have, at most, the specified number of UEs connected.

This command enables matching only on tunnels that have at least the specified number of UEs connected.

The no form of this command disables matching on a minimum number of UEs.

This command enables matching only on the tunnel that uses the specified source IP address.

The no form of this command disables matching on a tunnel’s source IP address.

This command enables matching only on tunnels that are terminated in the specified routing instance.

The no form of this command disables matching on a routing instance.

This command enables matching on specific tunnel types. If no tunnel type match criteria is specified, type matching is implicitly disabled.

This command enables matching on GRE tunnels.

The no form of this command disables matching on GRE tunnels, unless no other tunnel type specifier is configured.

This command enables matching on Layer 2 tunnels.

The no form of this command disables matching on Layer 2 access points, unless no other tunnel type specifier is configured.

This command enables matching on L2TP tunnels.

The no form of this command disables matching on L2TP tunnels, unless no other tunnel type specifier is configured.

This command enables matching on VXLAN tunnels.

The no form of this command disables matching on VXLAN tunnels, unless no other tunnel type specifier is configured.

This command enables matching on a specific UE state. Multiple states can be provisioned. If no UE state specifier is configured, UE state matching is disabled (all UEs match).

This match criteria can be combined with minimum and maximum match criteria, which will then apply only to UEs of the specified state.

This command enables matching on DSM UEs.

The no form of this command disables matching on DSM UEs, unless UE state matching is disabled altogether.

This command enables matching on ESM UEs.

The no form of this command disables matching on DSM UEs, unless UE state matching is disabled altogether.

This command enables matching on tunnels with L2W UEs.

The no form of this command disables matching on L2W UEs, unless UE state matching is disabled altogether.

This command enables matching on tunnels with migrant UEs.

The no form of this command disables matching on migrant UEs, unless UE state matching is disabled altogether.

This command enables matching on tunnels with cross-connect UEs.

The no form of this command disables matching on cross-connect UEs, unless UE state matching is disabled altogether.

This command creates a UE query where filter criteria over WLAN-GW ISA UEs are defined. This query can later be used to retrieve state of the UEs matching the configured criteria.

The no form of this command removes the query.

This command enables matching on UEs that have an address of the specified type.

The no form of this command reverts to the default.

This command enables matching on UEs that are part of the specified BD.

The no form of this command disables matching on the BD.

This command enables matching on UEs with the specified DHCPv6 IA-NA address.

The no form of this command disables matching on the IA-NA address.

This command enables matching on UEs with the specified IPv4 address.

The no form of this command disables matching on the IPv4 address.

This command enables matching on UEs with the specified MAC address.

The no form of this command disables matching on the MAC address.

This command enables matching on UEs with the specified SLAAC prefix.

The no form of this command disables matching on the SLAAC prefix.

This command enables matching on a specific UE state. Multiple states can be provisioned.

The no form of this command disables matching on the specified UE state (all UEs match).

This command enables matching on UEs that are already signed in.

The no form of this command disables matching on UEs that are already signed in, unless all state matching is disabled.

This command enables matching on UEs in an authorized state.

The no form of this command disables matching on UEs in an authorized state, unless all state matching is disabled.

This command enables matching on cross-connected UEs.

The no form of this command disables matching on cross-connected UEs, unless all state matching is disabled.

This command enables matching on UEs currently in a data-triggered state. This query only filters UEs that are currently authenticating due to a data trigger, not UEs that were originally authenticated due to data trigger, such as those in an ESM, DSM, or portal state.

The no form of this command disables matching on UEs in a data-triggered state, unless all state matching is disabled.

This command enables matching on UEs that are in a delete-pending state.

The no form of this command disables matching on UEs in a delete pending-state, unless all state matching is disabled.

This command enables matching on UEs currently in a DHCP-triggered state. This query only filters UEs that are currently authenticating due to a DHCP, DHCPv6, or RS trigger, not RADIUS-authenticated UEs in an ESM, DSM, or portal state that were originally authenticated due to a DHCP, DHCPv6, or RS trigger.

The no form of this command disables matching on UEs in a DHCP-triggered state, unless all state matching is disabled.

This command enables matching on UEs in a DSM state.

The no form of this command disables matching on UEs in a DSM state, unless all state matching is disabled.

This command enables matching on UEs in an ESM state.

The no form of this command disables matching on UEs in an ESM state, unless all state matching is disabled.

This command enables matching on UEs in a GTP-authorized state.

The no form of this command disables matching on UEs in a GTP-authorized state, unless all state matching is disabled.

This command enables matching on UEs in an IP-assigned state, meaning that the UE already has an IP assigned but it is not yet authorized. This usually only applies when auth-on-dhcp is not configured.

The no form of this command disables matching on UEs in an IP-assigned state, unless all state matching is disabled.

This command enables matching on UEs in an IP-assigned and authorized state, meaning that the UE already has an IP assigned and is authorized, but is not yet promoted to a final state such as ESM or DSM. This applies to UEs authenticated by distributed RADIUS proxy without auth-on-dhcp configured. UEs move to this state upon DHCP completion and continue to a more final state (such as DSM, ESM, or portal) upon receiving the first data packet.

The no form of this command disables matching on UEs in an IP-assigned and authorized state, unless all state matching is disabled.

This command enables matching on UEs in a Layer 2 wholesale state.

The no form of this command disables matching on UEs in a Layer 2 wholesale state, unless all state matching is disabled.

This command enables matching on UEs in a portal state.

The no form of this command disables matching on UEs in a portal state, unless all state matching is disabled.

This command enables matching on UEs that are active on a tunnel which is connected to the specified IP address on the WLAN-GW.

The no form of this command disables matching on the local tunnel address.

This command enables matching on UEs that are active on a tunnel with the specified source IP address.

The no form of this command disables matching on the remote tunnel address.

This command enables matching on UEs that are active on a tunnel which is terminated in the specified router instance.

The no form of this command disables matching on the tunnel router instance.

This command enables matching on UEs that are active on a tunnel of the specified type. The not-specified value disables matching on the tunnel type.

The no form of this command reverts to the default.

This command enables matching on UEs, based on the VLAN tag within the tunnel, which typically used to indicate an SSID.

The no form of this command disables matching on the VLAN.

This command enables matching on UEs, based on the WLAN-GW group ID and, optionally, the specific ISA member they are installed on.

The no form of this command disables matching on the WLAN-GW group.

This command specifies a virtual chassis identifier that can link two wlan-gws together.

The no form of this command removes the dual-homing-key.

This command specifies the value used for TCP-MSS-adjust in the IPv6 upstream direction for DSM. The downstream direction for both IPv4 and IPv6 are both configured under the group-interface. The upstream direction for IPv4 NAT hosts is configured under the NAT policy.

The defined segment size is inserted in a TCP SYN message if there is no existing MSS option or the value in the MSS option is bigger than the configured value.

The no form of this command disables upstream TCP MSS adjust for IPv6 DSM.

This command configures a GTP peer cleanup timeout to terminate a handover wait state.

This command enters the configuration context of mobility-triggered-accounting in wlan-gw context under router or VPRN service.

This command enables the inclusion of counters with a hold-down time option in mobility-triggered interim-updates. When enabled, to disable the inclusion of counters, interim updates must be disabled and then re-enabled without the include-counters keyword. By default, the hold-down time is not imposed.

The no form of this command disables generation of flash interim accounting updates to RADIUS when change in location of the UE is detected.

This command enables the context to configure ISA filter parameters.

This command specifies what should happen to packets that do not match any of the configured entries.

The no form of this command reverts to the default value.

This command creates a new entry for this filter. When processing a packet, entries are matched in order, starting with the lowest entry-id. A maximum of 128 IPv4 and 128 IPv6 DSM filter entries are allowed.

The no form of this command removes the specified entry from the ISA filter.

This command specifies what should happen to packets that do match this entry.

The no form of this command reverts to the default value.

This command creates a match context for this entry. The protocol value specifies which Layer-4 protocol the packet should match.

The no form of this command removes the match context of this entry.

This command specifies that the packet’s UDP/TCP dst-port must match a specific value. This command is not valid in a match context that is not specific to UDP or TCP.

The no form of this command removes matching of the layer-4 port.

This command specifies that the packet’s destination IP address must match the specified IP prefix and mask.

The no form of this command disables the match on the destination IP.

This command configures the source IP or IPv6 address match condition.

The no form of this command reverts to the default value.

This command configures the source port match condition.

The no form of this command reverts to the default value.

This command specifies the committed burst-size value of this policer. This can only be set on dual-bucket-bandwidth policers.

The no form of this command reverts to its default.

This command specifies the maximum burst-size value of this policer.

The no form of this command reverts to its default.

This command specifies at which rate the policer drains packets. The cir value is only supported on dual-bucket-bandwidth policers. If rate max is configured, no actual rate limitations are applied.

The no form of this command reverts to the default.

This command creates the context to configure an ISA policer. When creating a policer for the first time, both the create and type parameters are required.

The no form of this command reverts to the default.

This command specifies what happens to packets that are in-profile and out-of-profile.

The no form of this command reverts to the default value.

For operational efficiency, the operational rate of a policer cannot take on every value in the configurable range. This configuration defines a rule that must be followed when mapping a configured rate to an operational rate.

The cir adaptation-rule can only be set on dual-bucket-bandwidth policers.

The no form of this command reverts to its default.

This command creates an acct-on-off-group.

An acct-on-off-group can be referenced by:

The no form of this command deletes the acct-on-off-group.

This command creates a radius-server-policy.

A RADIUS server policy can be used in

The no form of this command removes the policy name from the configuration.

This command specifies name of the radius-script-policy to be applied for access-accept.

This command controls the sending of Accounting-On and Accounting-Off messages and the acct-on-off oper-state of the radius-server-policy:

acct-on-off: enables the sending of Accounting-On and Accounting-Off messages for this radius-server-policy. The acct-on-off oper-state is always not blocked.

acct-on-off oper-state-change [group group-name]: enables the sending of Accounting-On and Accounting-Off messages for this radius-server-policy. The acct-on-off oper-state is function of the Accounting-response received for the Accounting-On and Accounting-Off. Optionally, sets the acct-on-off oper-state of the acct-on-off-group.

acct-on-off monitor-group group-name: no Accounting-On and Accounting-Off messages are sent for this radius-server-policy. The acct-on-off oper-state is inherited from the acct-on-off-group.

The no form of this command disables the sending of Accounting-On and Accounting-Off messages.

This command specifies the name of the acct-request-script-policy pointing to the Python script to be applied for RADIUS accounting request messages.

This command specifies the name of the auth-request-script-policy pointing to the Python script to be applied for RADIUS access request messages.

This command enables the context to configure RADIUS message buffering.

The no form of this command disables RADIUS message buffering.

This command enables RADIUS accounting interim update message buffering.

The no form of this command disables RADIUS accounting interim update message buffering.

This command enables RADIUS accounting stop message buffering.

The no form of this command disables RADIUS accounting stop message buffering.

This command enables the context to configure radius-server-policy parameters.

This command configures the algorithm used to select a RADIUS server from the pool of configured RADIUS servers.

This command disables a subscriber RADIUS accounting session from sticking with a single server under normal working conditions. If a direct algorithm is used, all subscriber RADIUS sessions will go directly to the server with the lowest configured index. If a failure occurs, a new in-service server with the next lowest index is used. When the original server recovers, if stickiness is not disabled, all existing sessions will continue to use the new server. This command disables stickiness, and as a result, the recovered original RADIUS server will again service every subscriber. If a round-robin algorithm is used and stickiness is not disabled, an accounting session for a particular subscriber (or host, depending on the accounting mode) will stay with the same server. This command removes the stickiness and all subscriber accounting messages will go through the list of servers in a round-robin manner.

This command enables the context to configure health check parameters for the RADIUS server.

This command sets up a test account as a probing mechanism to check the connectivity of all configured RADIUS authentication servers within the RADIUS server policy.

This command specifies the intervals at which the test account will send its access requests to probe the RADIUS servers.

This command specifies the password that the test account will use to send access requests to probe the RADIUS servers.

This command disables the test account that probes the RADIUS server.

The no form of this command enables the capability.

This command specifies the username that the test account will use to send its access requests to probe the RADIUS servers.

The no form of this command removes the username from the test-account configuration.

This command configures the number of times the router attempts to contact the RADIUS server, if not successful the first time.

The no form of this command reverts to the default.

This command specifies the virtual router instance applicable for the set of configured RADIUS servers. This value cannot be changed once a RADIUS server is configured for this policy.

The no form of this command reverts to the default.

This command adds a RADIUS server.

The no form of this command removes a RADIUS server.

This command configures the source address of the RADIUS packet. The system IP address must be configured in order for the RADIUS client to work. See Configuring a System Interface in the 7750 SR OS Configuration Guide.

Note: The system IP address must only be configured if the source-address is not specified. When the no source-address command is executed, the source address is determined at the moment the request is sent. This address is also used in the nas-ip-address attribute: over there it is set to the system IP address if no source-address was given.

The no form of this command reverts to the default value.

This command configures the time the router waits for a response from a RADIUS server.

The no form of this command reverts to the default value.

This command configures the hold time before re-using a RADIUS server.

The no form of this command reverts to the default value.

This command configures the source address of an IPv6 RADIUS packet.

When no ipv6-source-address is configured, the system IPv6 address (inband RADIUS server connection) or Boot Option File (BOF) IPv6 address (outband RADIUS server connection) must be configured in order for the RADIUS client to work with an IPv6 RADIUS server.

This address is also used in the NAS-IPv6-Address attribute.

The no form of this command reverts to the default value.