Page 1 NXC Series Wireless LAN Controller Versions: 4.20 Edition 1, 01/2015 Quick Start Guide CLI Reference Guide Default Login Details IP Address https://192.168.1.1 User Name admin www.zyxel.com Password 1234 Copyright © 2011 Copyright © 2015 ZyXEL Communications Corporation ZyXEL Communications Corporation...
Page 2  IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a Reference Guide for a series of products intended for people who want to configure the NXC via Command Line Interface (CLI).  Some commands or command options in this guide may not be available in your product.
Page 3: Table Of Contents
Contents Overview Contents Overview Command Line Interface ......................15 User and Privilege Modes ......................31 Object Reference ........................35 Status ............................37 Registration ..........................41 Interfaces ........................... 47 Route ............................65 AP Management ........................73 AP Group ........................... 79 Wireless LAN Profiles ........................ 87 Rogue AP ..........................
Page 4 Contents Overview Packet Flow Explore ........................ 237 Maintenance Tools ........................239 Watchdog Timer ........................245 Managed AP Commands ......................249 List of Commands ........................255 NXC CLI Reference Guide...
Page 5: Table Of Contents
Table of Contents Table of Contents Contents Overview ..........................3 Table of Contents ..........................5 Chapter 1 Command Line Interface........................15 1.1 Overview ............................15 1.1.1 The Configuration File ......................15 1.2 Accessing the CLI ..........................15 1.2.1 Console Port ..........................16 1.2.2 Web Configurator Console ......................17 1.2.3 Telnet ............................20 1.2.4 SSH (Secure SHell) .........................20 1.3 How to Find Commands in this Guide ....................21...
Page 6 Table of Contents Chapter 3 Object Reference ..........................35 3.1 Object Reference Commands ......................35 3.1.1 Object Reference Command Example ..................36 Chapter 4 Status ..............................37 4.1 Status Show Commands ........................37 Chapter 5 Registration............................41 5.1 myZyXEL.com overview ........................41 5.1.1 Subscription Services Available on the NXC ................41 5.2 Registration Commands ........................42 5.2.1 Command Examples .......................42 5.3 Country Code ............................43...
Page 7 Table of Contents 7.4.1 Static Route Commands Example ...................70 7.5 Learned Routing Information Commands ..................71 7.5.1 show ip route Command Example ...................71 Chapter 8 AP Management..........................73 8.1 AP Management Overview .......................73 8.2 AP Management Commands ......................74 8.2.1 AP Management Commands Example ...................78 Chapter 9 AP Group .............................79 9.1 Wireless Load Balancing Overview ....................79...
Page 8 Table of Contents 12.2 Wireless Frame Capture Commands ....................109 12.2.1 Wireless Frame Capture Examples ..................110 Chapter 13 Dynamic Channel Selection......................111 13.1 DCS Overview ..........................111 13.2 DCS Commands ........................... 111 Chapter 14 Auto-Healing ............................. 113 14.1 Auto-Healing Overview ......................... 113 14.2 Auto-Healing Commands ......................
Page 9 Table of Contents 19.1 Captive Portal Overview ........................127 19.1.1 Web Authentication Policy Commands ................127 19.1.2 qrcode-auth-profile Commands ...................130 19.1.3 page-customization Commands ..................131 19.1.4 Customizing the User Logout Page ..................132 Chapter 20 RTLS ..............................133 20.1 RTLS Introduction .........................133 20.2 RTLS Commands ..........................133 Chapter 21 Firewall ..............................135 21.1 Firewall Overview ..........................135...
Page 10 Table of Contents Chapter 25 Schedules............................159 25.1 Schedule Overview ........................159 25.2 Schedule Commands Summary ....................159 25.2.1 Schedule Command Examples ...................160 Chapter 26 AAA Server............................161 26.1 AAA Server Overview ........................161 26.2 Authentication Server Command Summary ..................161 26.2.1 aaa group server ad Commands ..................162 26.2.2 aaa group server ldap Commands ..................163 26.2.3 aaa group server radius Commands ...................164 26.2.4 aaa group server Command Example .................166...
Page 11 Table of Contents Chapter 31 System ...............................181 31.1 System Overview ..........................181 31.2 Customizing the WWW Login Page ....................181 31.3 Host Name Commands .........................183 31.4 Time and Date ..........................183 31.4.1 Date/Time Commands ......................184 31.5 Console Port Speed ........................185 31.6 DNS Overview ..........................185 31.6.1 DNS Commands ........................185 31.6.2 DNS Command Example ....................186 Chapter 32...
Page 12 Table of Contents 33.1 DHCPv6 Object Commands Summary ..................199 33.1.1 DHCPv6 Object Commands ....................199 33.1.2 DHCPv6 Object Command Examples .................200 Chapter 34 File Manager............................201 34.1 File Directories ..........................201 34.2 Configuration Files and Shell Scripts Overview ................201 34.2.1 Comments in Configuration Files or Shell Scripts ...............202 34.2.2 Errors in Configuration Files or Shell Scripts ...............203 34.2.3 NXC Configuration File Details ....................203 34.2.4 Configuration File Flow at Restart ..................204...
Page 13 Table of Contents 36.1.3 Session Commands ......................228 36.2 Email Daily Report Commands .....................229 36.2.1 Email Daily Report Example ....................231 36.3 Reboot ............................232 Chapter 37 Session Timeout ..........................233 Chapter 38 Diagnostics ............................235 38.1 Diagnostics ............................235 38.2 Diagnosis Commands ........................235 38.3 Diagnosis Commands Example ....................235 Chapter 39 Packet Flow Explore.........................237 39.1 Packet Flow Explore ........................237...
Page 14 Table of Contents NXC CLI Reference Guide...
Page 15: Command Line Interface
HAP T ER Command Line Interface This chapter describes how to access and use the CLI (Command Line Interface). 1.1 Overview If you have problems with your NXC, customer support may request that you issue some of these commands to assist them in troubleshooting. ...
Page 16: Console Port
Chapter 1 Command Line Interface  The NXC might force you to log out of your session if reauthentication time, lease time, or idle timeout is reached. See Chapter 22 on page 143 for more information about these settings. 1.2.1 Console Port The default settings for the console port are as follows.
Page 17: Web Configurator Console
Chapter 1 Command Line Interface Enter the user name and password at the prompts.  The default login username is admin and password is 1234. The username and password are case-sensitive. 1.2.2 Web Configurator Console The Console allows you to use CLI commands from directly within the Web Configurator rather than having to use a separate terminal program.
Page 18 Chapter 1 Command Line Interface The following table describes the elements in this screen. Table 2 Console LABEL DESCRIPTION Command Line Enter commands for the device that you are currently logged into here. If you are logged into the NXC, see the CLI Reference Guide for details on using the command line to configure it.
Page 19 Chapter 1 Command Line Interface 2 Enter the IP address of the NXC and click OK. 3 Next, enter the user name of the account being used to log into your target device and then click OK. 4 You may be prompted to authenticate your account password, depending on the type of device that you are logging into.
Page 20: Telnet
Chapter 1 Command Line Interface 5 If your login is successful, the command line appears and the status bar at the bottom of the Console updates to reflect your connection state. 1.2.3 Telnet Use the following steps to Telnet into your NXC. 1 If your computer is connected to the NXC over the Internet, skip to the next step.
Page 21: How To Find Commands In This Guide
Chapter 1 Command Line Interface Figure 4 SSH Login Example C:\>ssh2 [email protected] Host key not found from database. Key fingerprint: xolor-takel-fipef-zevit-visom-gydog-vetan-bisol-lysob-cuvun-muxex You can get a public key's fingerprint by running % ssh-keygen -F publickey.pub on the keyfile. Are you sure you want to continue connecting (yes/no)? yes Host key saved to C:/Documents and Settings/user/Application Data/SSH/ hostkeys/ ey_22_192.168.1.1.pub...
Page 22: Command Summary
Chapter 1 Command Line Interface 1.4.3 Command Summary This section lists the commands for the feature in one or more tables. 1.4.4 Command Examples This section contains any examples for the commands in this feature. 1.4.5 Command Syntax The following conventions are used in this guide. •...
Page 23: Shortcuts And Help
Chapter 1 Command Line Interface Table 3 CLI Modes (continued) USER PRIVILEGE CONFIGURATION SUB-COMMAND What Limited- • Look at system • Look at system Unable to access Unable to access information (like information (like Admin users can Status screen) Status screen) •...
Page 24: List Of Sub-Commands Or Required User Input
Chapter 1 Command Line Interface Figure 5 Help: Available Commands Example 1 Router> ? apply atse clear configure ------------------[Snip]-------------------- shutdown telnet test traceroute write Router> Figure 6 Help: Available Command Example 2 Router> show ? access-page account ad-server address-object...
Page 25: Entering Partial Commands
Chapter 1 Command Line Interface 1.6.3 Entering Partial Commands The CLI does not accept partial or incomplete commands. You may enter a unique part of a command and press to have the NXC automatically display the full command. [TAB] For example, if you enter and press , the full command of config...
Page 26: Input Values
Chapter 1 Command Line Interface 1.7 Input Values You can use the ? or [TAB] to get more information about the next input value that is required for a command. In some cases, the next input value is a string whose length and allowable characters may not be displayed in the screen.
Page 27 Chapter 1 Command Line Interface Table 4 Input-Value Formats for Strings in CLI Commands (continued) # VALUES LEGAL VALUES e-mail 1-64 alphanumeric or .@_- encryption key 16-64 “0x” or “0X” + 16-64 hexadecimal values 8-32 alphanumeric or ;\|`~!@#$%^&*()_+\\{}':,./<>=- file name 0-31 alphanumeric or _- filter extension...
Page 28 Chapter 1 Command Line Interface Table 4 Input-Value Formats for Strings in CLI Commands (continued) # VALUES LEGAL VALUES password Used in user and ip 1-63 alphanumeric or `~!@#$%^&*()_-+={}|\;:'<,>./ Used in e-mail log profile SMTP authentication 1-63 alphanumeric or `~!@#$%^&*()_-+={}|\;:'<>./ Used in device HA synchronization 1-63 alphanumeric or ~#%^*_-={}:,.
Page 29: Saving Configuration Changes
Chapter 1 Command Line Interface Table 4 Input-Value Formats for Strings in CLI Commands (continued) # VALUES LEGAL VALUES username 1-31 alphanumeric or _- first character: alphanumeric or _- domain authorization username 6-20 alphanumeric or .@_- registration user name alphanumeric or -_. logging commands user@domainname 1-80...
Page 30 Chapter 1 Command Line Interface NXC CLI Reference Guide...
Page 31: User And Privilege Modes
HAP T ER User and Privilege Modes This chapter describes how to use these two modes. 2.1 User And Privilege Modes This is the mode you are in when you first log into the CLI. (Do not confuse ‘user mode’ with types of user accounts the NXC uses.
Page 32 Chapter 2 User and Privilege Modes Table 5 User (U) and Privilege (P) Mode Commands (continued) COMMAND MODE DESCRIPTION Has the NXC create a new diagnostic file. diag-info Lists files in a directory. Goes from privilege mode to user mode disable Goes from user mode to privilege mode enable...
Page 33: Debug Commands
Chapter 2 User and Privilege Modes 2.1.1 Debug Commands Debug commands marked with an asterisk (*) are not available when the debug flag is on and are for ZyXEL service personnel use only. The debug commands follow a syntax that is Linux-based, so if there is a Linux equivalent, it is displayed in this chapter for your reference.
Page 34 Chapter 2 User and Privilege Modes NXC CLI Reference Guide...
Page 35: Object Reference
HAP T ER Object Reference This chapter describes how to use object reference commands. 3.1 Object Reference Commands The object reference commands are used to see which configuration settings reference a specific object. You can use this table when you want to delete an object because you have to remove references to the object first.
Page 36: Object Reference Command Example
Chapter 3 Object Reference Table 7 show reference Commands (continued) COMMAND DESCRIPTION Displays which configuration settings reference the show reference object-group aaa specified AAA RADIUS group object. radius [group_name] Displays the specified radio profile object. show reference object [wlan- radio-profile] Displays the specified monitor profile object.
Page 37: Status
HAP T ER Status This chapter explains some commands you can use to display information about the NXC’s current operational state. 4.1 Status Show Commands The following table describes the commands available for NXC system status. Table 8 Status Show Commands COMMAND DESCRIPTION Displays details about the NXC’s startup state.
Page 38 Chapter 4 Status Here are examples of the commands that display the CPU and disk utilization. Router(config)# show cpu status CPU utilization: 0 % CPU utilization for 1 min: 0 % CPU utilization for 5 min: 0 % Router(config)# show disk ...
Page 39 Chapter 4 Status Here is an example of the command that displays the open ports. Router(config)# show socket open Proto Local_Address Foreign_Address State =========================================================================== 172.16.13.240:22 172.16.13.10:1179 ESTABLISHED 127.0.0.1:64002 0.0.0.0:0 0.0.0.0:520 0.0.0.0:0 0.0.0.0:138 0.0.0.0:0 0.0.0.0:138 0.0.0.0:0 0.0.0.0:138 0.0.0.0:0 0.0.0.0:138 0.0.0.0:0 0.0.0.0:138 0.0.0.0:0 0.0.0.0:138 0.0.0.0:0...
Page 40 Here are examples of the commands that display the system uptime and model, firmware, and build information. Router> show system uptime system uptime: 04:18:00 Router> show version ZyXEL Communications Corp. model : NXC5200 firmware version: 2.20(AQQ.0)b3 BM version : 1.08...
Page 41: Registration
HAP T ER Registration This chapter introduces myzyxel.com and shows you how to register the NXC for IDP/ AppPatrol and anti-virus using commands. 5.1 myZyXEL.com overview myZyXEL.com is ZyXEL’s online services center where you can register your NXC and manage subscription services available for the NXC. ...
Page 42: Registration Commands
Chapter 5 Registration  To use a subscription service, you have to register the NXC and activate the corresponding service at myZyXEL.com (through the NXC). 5.2 Registration Commands The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.
Page 43: Country Code
Chapter 5 Registration The following command displays the account information and whether the device is registered. Router# configure terminal Router(config)# show device-register status username : alexctsui password : 123456 device register status : yes expiration self check : no The following command displays the service registration status and type and how many days remain before the service expires.
Page 44 Chapter 5 Registration Table 11 Country Codes (continued) COUNTRY CODE COUNTRY NAME COUNTRY CODE COUNTRY NAME Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo, Democratic Republic of the Congo, Republic of Cook Islands Costa Rica...
Page 45 Chapter 5 Registration Table 11 Country Codes (continued) COUNTRY CODE COUNTRY NAME COUNTRY CODE COUNTRY NAME Jordan Kazakhstan Kenya Kiribati Korea, Republic of Kuwait Kyrgyzstan Lao People’s Democratic Republic Latvia Lebanon Lesotho Liberia Liechtenstein Lithuania Luxembourg Macau Macedonia, Former Yugoslav Madagascar Republic Malawi...
Page 46 Chapter 5 Registration Table 11 Country Codes (continued) COUNTRY CODE COUNTRY NAME COUNTRY CODE COUNTRY NAME Sierra Leone Singapore Slovak Republic Slovenia Solomon Islands Somalia South Africa South Georgia and the South Sandwich Islands Spain Sri Lanka St Pierre and Miquelon St.
Page 47: Interfaces
HAP T ER Interfaces This chapter shows you how to use interface-related commands. 6.1 Interface Overview In general, an interface has the following characteristics. • An interface is a logical entity through which (layer-3) packets pass. • An interface is bound to a physical port or another interface. •...
Page 48: Basic Interface Properties And Ip Address Commands
Chapter 6 Interfaces Table 12 Input Values for General Interface Commands (continued) LABEL DESCRIPTION The name of the DHCP pool. You may use 1-31 alphanumeric characters, profile_name underscores( ), or dashes (-), but the first character cannot be a number. This value is case-sensitive.
Page 49 Chapter 6 Interfaces Table 13 interface General Commands: Basic Properties and IP Address Assignment (continued) COMMAND DESCRIPTION Sets the IPv6 interface to be a DHCPv6 client. ipv6 dhcp6 [client] Shortens the DHCPv6 message exchange process [no] ipv6 dhcp6 rapid-commit from four to two steps to help reduce network traffic.
Page 50 Chapter 6 Interfaces Table 13 interface General Commands: Basic Properties and IP Address Assignment (continued) COMMAND DESCRIPTION Specifies a name for an Ethernet interface. It can interface-name ethernet_interface use alphanumeric characters, hyphens, and user_defined_name underscores, and it can be up to 11 characters long.
Page 51 Chapter 6 Interfaces This example shows how to modify the name of interface ge4 to “VIP”. First you have to check the interface system name (ge4 in this example) on the NXC. Then change the name and display the result. Router>...
Page 52: Dhcp Setting Commands
Chapter 6 Interfaces 6.2.2 DHCP Setting Commands This table lists DHCP setting commands. DHCP is based on DHCP pools. Create a DHCP pool if you want to assign a static IP address to a MAC address or if you want to specify the starting IP address and pool size of a range of IP addresses that can be assigned to DHCP clients.
Page 53 Chapter 6 Interfaces Table 14 interface Commands: DHCP Settings (continued) COMMAND DESCRIPTION Specifies the MAC address that appears in the [no] client-identifier mac_address DHCP client list. The command clears this field. Specifies the host name that appears in the DHCP [no] client-name host_name client list.
Page 54 Chapter 6 Interfaces Table 14 interface Commands: DHCP Settings (continued) COMMAND DESCRIPTION Sets the IP start address and maximum pool size of [no] starting-address ip pool-size the specified DHCP pool. The final pool size is <1..65535> limited by the subnet mask. Note: You must specify the network first, and the start address...
Page 55 Chapter 6 Interfaces 6.2.2.1 DHCP Setting Command Examples The following example uses these commands to configure DHCP pool DHCP_TEST. Router# configure terminal Router(config)# ip dhcp pool DHCP_TEST Router(config-ip-dhcp-pool)# network 192.168.1.0 /24 Router(config-ip-dhcp-pool)# domain-name zyxel.com Router(config-ip-dhcp-pool)# first-dns-server 10.1.5.1 Router(config-ip-dhcp-pool)# second-dns-server ge1 1st-dns Router(config-ip-dhcp-pool)# third-dns-server 10.1.5.2 Router(config-ip-dhcp-pool)#...
Page 56: Connectivity Check (Ping-Check) Commands
Chapter 6 Interfaces 6.2.3 Connectivity Check (Ping-check) Commands Use these commands to have an interface regularly check the connection to the gateway you specified to make sure it is still available. You specify how often the interface checks the connection, how long to wait for a response before the attempt is a failure, and how many consecutive failures are required before the NXC stops routing to the gateway.
Page 57: Ethernet Interface Specific Commands
Chapter 6 Interfaces 6.2.3.1 Connectivity Check Command Example The following commands show you how to set the WAN1 interface to use a TCP handshake on port 8080 to check the connection to IP address 1.1.1.2 Router# configure terminal Router(config)# interface wan1 Router(config-if-wan1)# ping-check 1.1.1.2 method tcp port 8080 Router(config-if-wan1)# exit Router(config)# show ping-check...
Page 58: Port Commands
Chapter 6 Interfaces Table 17 interface Commands: MAC Setting (continued) COMMAND DESCRIPTION Sets which type of network you will connect this type {internal|external|general} interface. The NXC automatically adds default route and SNAT settings for traffic it routes from internal interfaces to external interfaces; for example LAN to WAN traffic.
Page 59: Port Role Commands
Chapter 6 Interfaces 6.5 Port Role Commands The following table describes the commands available for port role identification. You must use the command to enter the configuration mode before you can use configure terminal these commands. Table 19 Command Summary: Port Role COMMAND DESCRIPTION Displays the type of cable connection for each physical...
Page 60 Chapter 6 Interfaces  For the NXC which supports more than one USB ports, these commands only apply to the USB storage device that is first attached to the NXC. Table 20 USB Storage General Commands COMMAND DESCRIPTION Displays the status of the connected USB storage device. show usb-storage Enables or disables the connected USB storage service.
Page 61: Usb Storage General Commands Example
Chapter 6 Interfaces 6.6.1 USB Storage General Commands Example This example shows how to display the status of the connected USB storage device. Router> show usb-storage USBStorage Configuration: Activation: enable Criterion Number: 100 Criterion Unit: megabyte USB Storage Status: Device description: N/A Usage: N/A Filesystem: N/A Speed: N/A...
Page 62 Chapter 6 Interfaces Table 21 Input Values for VLAN Interface Commands (continued) LABEL DESCRIPTION Sets the description of the interface. You may use 0 - 511 alphanumeric description characters, underscores ( ), or dashes (-), but the first character cannot be a number.
Page 63: Vlan Interface Examples
Chapter 6 Interfaces Table 22 Command Summary: VLAN Interface Profile (continued) COMMAND DESCRIPTION Sets the description of this interface. It is not used description description elsewhere. You can use alphanumeric and ()+/ :=?!*#@$_%- characters, and it can be up to 60 characters long.
Page 64 Chapter 6 Interfaces NXC CLI Reference Guide...
Page 65: Route
HAP T ER Route This chapter shows you how to configure policies for IP routing and static routes on your NXC. 7.1 Policy Route Traditionally, routing is based on the destination address only and the NXC takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Page 66 Chapter 7 Route The following table describes the commands available for policy route. You must use the command to enter the configuration mode before you can use these configure terminal commands. Table 24 Command Summary: Policy Route COMMAND DESCRIPTION Globally enables bandwidth management. You [no] bwm activate must globally activate bandwidth management to have individual policy routes or application patrol...
Page 67 Chapter 7 Route Table 24 Command Summary: Policy Route (continued) COMMAND DESCRIPTION Use this command to have the NXC not modify no dscp-marking the DSCP value of the route’s outgoing packets. Sets the interface on which the incoming packets [no] interface {interface_name | are received.
Page 68: Assured Forwarding (Af) Phb For Diffserv
Chapter 7 Route Table 24 Command Summary: Policy Route (continued) COMMAND DESCRIPTION Displays the specified range of policy route show policy-route begin policy_number end settings. policy_number Displays whether or not the NXC forwards show policy-route override-direct-route packets that match a policy route according to the policy route instead of sending the packets to a directly connected network.
Page 69: Policy Route Command Example
Chapter 7 Route 7.2.2 Policy Route Command Example The following commands create two address objects (TW_SUBNET and GW_1) and insert a policy that routes the packets (with the source IP address TW_SUBNET and any destination IP address) through the interface ge1 to the next-hop router GW_1. This route uses the IP address of the outgoing interface as the matched packets’...
Page 70: Static Route Commands
Chapter 7 Route Figure 10 Example of Static Routing Topology 7.4 Static Route Commands The following table describes the commands available for static route. You must use the command to enter the configuration mode before you can use these configure terminal commands.
Page 71: Learned Routing Information Commands
Chapter 7 Route 7.5 Learned Routing Information Commands This table lists the commands to look at learned routing information. Table 27 ip route Commands: Learned Routing Information COMMAND DESCRIPTION show ip route [kernel | connected | static] Displays learned routing and other routing information. 7.5.1 show ip route Command Example The following example shows learned routing information on the NXC.
Page 72 Chapter 7 Route NXC CLI Reference Guide...
Page 73: Ap Management
HAP T ER AP Management This chapter shows you how to configure wireless AP management options on your NXC. 8.1 AP Management Overview The NXC allows you to remotely manage all of the Access Points (APs) on your network. You can manage a number of APs without having to configure them individually as the NXC automatically handles basic configuration for you.
Page 74: Ap Management Commands
Chapter 8 AP Management 8.2 AP Management Commands The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands. Table 28 Input Values for General AP Management Commands LABEL DESCRIPTION The Ethernet MAC address of the managed AP.
Page 75 Chapter 8 AP Management Table 29 Command Summary: AP Management (continued) COMMAND DESCRIPTION Sets whether or not the NXC changes the AP’s [no] force vlan management VLAN to match the one you configure using the vlan sub-command. The management VLAN on the NXC and AP must match for the NXC to manage the AP.
Page 76 Chapter 8 AP Management Table 29 Command Summary: AP Management (continued) COMMAND DESCRIPTION Removes the specified AP (ap_mac) or all connected capwap ap kick {all | ap_mac} APs (all) from the management list. Doing this removes the AP(s) from the management list. If the NXC is set to automatically add new APs to the AP management list, then any kicked APs are added back to the management list as soon as they reconnect.
Page 77 Chapter 8 AP Management Table 29 Command Summary: AP Management (continued) COMMAND DESCRIPTION Displays whether the managed AP(s) will change back to show capwap ap fallback associate with the primary AP controller when the primary AP controller is available. Displays the interval for how often the managed AP(s) show capwap ap fallback interval check whether the primary AP controller is available.
Page 78: Ap Management Commands Example
Chapter 8 AP Management 8.2.1 AP Management Commands Example The following example shows you how to add an AP to the management list, and then edit it. Router# show capwap ap wait-list index: 1 IP: 192.168.1.35, MAC: 00:11:11:11:11:FE Model: NWA5160N, Description: AP-00:11:11:11:11:FE index: 2 IP: 192.168.1.36, MAC: 00:19:CB:00:BB:03 Model: NWA5160N, Description: AP-00:19:CB:00:BB:03...
Page 79: Ap Group
HAP T ER AP Group This chapter shows you how to configure AP groups, which define the radio, port, VLAN and load balancing settings and apply the settings to all APs in the group. An AP can belong to one AP group at a time.
Page 80 Chapter 9 AP Group Table 31 Command Summary: AP Group (continued) COMMAND DESCRIPTION Specifies the MAC address of the AP that you want to ap-group-member ap_group_profile_name apply the specified AP group profile and add to the group. [no] member mac_address Use the no command to remove the specified AP from this group.
Page 81 Chapter 9 AP Group Table 31 Command Summary: AP Group (continued) COMMAND DESCRIPTION Sets the model of the managed AP and disable the [no] lan-provision model {nwa5301-nj | model-specific LAN port and configure the port VLAN ID. wac6502d-e | wac6502d-s | wac6503d-s | Use the no command to remove the specified port and wac6553d-e} ap_lan_port inactivate VLAN settings.
Page 82 Chapter 9 AP Group Table 31 Command Summary: AP Group (continued) COMMAND DESCRIPTION Sets the interval in seconds that each AP communicates load-balancing liInterval <1..255> with the other APs in its range for calculating the load balancing algorithm. Note: This parameter has been optimized for the NXC and should not be changed unless you have been specifically directed to do so by ZyXEL support.
Page 83: Ap Group Examples
Chapter 9 AP Group Table 31 Command Summary: AP Group (continued) COMMAND DESCRIPTION Displays the LAN port and/or VLAN settings on the show ap-group-profile managed AP which is in the specified AP group and of ap_group_profile_name model {nwa5301-nj | the specified model. wac6502d-e | wac6502d-s | wac6503d-s | vlan_interface: the name of the VLAN, such as wac6553d-e} interface {all | vlan |...
Page 84 Chapter 9 AP Group The following example shows you how to create an AP group profile (named GP1) and configure AP load balancing in "by station" mode. The maximum number of stations is set to Router(config)# ap-group-profile GP1 Router(config-ap-group GP1)# load-balancing mode station Router(config-ap-group GP1)# load-balancing max sta 1 Router(config-ap-group GP1)# exit Router(config)# show ap-group-profile GP1 load-balancing config...
Page 85 Chapter 9 AP Group The following example shows the settings and status of the VLAN(s) configured for the managed APs (NWA5301-NJ) in the default AP group. Router(config)# show ap-group-profile default lan-provision model nwa5301-nj interface vlan No. Name Active VID Member =========================================================================== vlan0 lan1,lan2,lan3...
Page 86 Chapter 9 AP Group NXC CLI Reference Guide...
Page 87: Wireless Lan Profiles
HAP T ER Wireless LAN Profiles This chapter shows you how to configure wireless LAN profiles on your NXC. 10.1 Wireless LAN Profiles Overview The managed Access Points designed to work explicitly with your NXC do not have on-board configuration files, you must create “profiles” to manage them. Profiles are preset configurations that are uploaded to the APs and which manage them.
Page 88 Chapter 10 Wireless LAN Profiles Table 32 Input Values for General Radio and Monitor Profile Commands (continued) LABEL DESCRIPTION Sets the 5 GHz channel used by this radio profile. The channel range is wireless_channel_5g 36 ~ 165. Note: Your choice of channel may be restricted by regional regulations.
Page 89 Chapter 10 Wireless LAN Profiles Table 33 Command Summary: Radio Profile (continued) COMMAND DESCRIPTION Sets the radio band (2.4 GHz or 5 GHz) and band mode band {2.4G |5G} band-mode for this profile. Band mode details: {bg | bgn | a | ac | an} For 2.4 GHz, bg lets IEEE 802.11b and IEEE 802.11g clients associate with the AP.
Page 90 Chapter 10 Wireless LAN Profiles Table 33 Command Summary: Radio Profile (continued) COMMAND DESCRIPTION Enables this to allow an AP to avoid phase DFS channels dcs dfs-aware {enable|disable} below the 5 GHz spectrum. Sets how sensitive DCS is to radio channel changes in dcs sensitivity-level {high| medium the vicinity of the AP running the scan.
Page 91 Chapter 10 Wireless LAN Profiles Table 33 Command Summary: Radio Profile (continued) COMMAND DESCRIPTION Activates MPDU frame aggregation for this profile. Use [no] amsdu the no parameter to disable it. Mac Service Data Unit (MSDU) aggregation collects Ethernet frames without any of their 802.11n headers and wraps the header-less payload in a single 802.11n MAC header.
Page 92: Ap Radio & Monitor Profile Commands Example
Chapter 10 Wireless LAN Profiles Table 33 Command Summary: Radio Profile (continued) COMMAND DESCRIPTION Assigns an SSID profile to this radio profile. Requires an [no] ssid-profile existing SSID profile. Use the no parameter to disable it. wlan_interface_index ssid_profile Sets the outgoing chain mask rate. tx-mask chain_mask Sets the incoming chain mask rate.
Page 93: Ssid Profile Commands
Chapter 10 Wireless LAN Profiles • block acknowledgement enabled • a short guard interval • an output power of 100% It will also assign the SSID profile labeled ‘default’ in order to create WLAN VAP (wlan-1-1) functionality within the radio profile. Router(config)# wlan-radio-profile RADIO01 Router(config-profile-radio)# activate Router(config-profile-radio)# band 2.4G band-mode bgn...
Page 94 Chapter 10 Wireless LAN Profiles Table 34 Input Values for General SSID Profile Commands (continued) LABEL DESCRIPTION Assigns an existing security profile to the SSID profile. You may use 1- securityprofile 31 alphanumeric characters, underscores ( ), or dashes (-), but the first character cannot be a number.
Page 95: Ssid Profile Example
Chapter 10 Wireless LAN Profiles Table 35 Command Summary: SSID Profile (continued) COMMAND DESCRIPTION Applies to each SSID profile that uses localbridge. If vlan-id <1..4094> the VLAN ID is equal to the AP’s native VLAN ID then traffic originating from the SSID is not tagged. The default VLAN ID is 1.
Page 96 Chapter 10 Wireless LAN Profiles The following table describes the commands available for security profile management. You must use the command to enter the configuration mode before you configure terminal can use these commands. Table 37 Command Summary: Security Profile COMMAND DESCRIPTION Displays the security profile(s).
Page 97 Chapter 10 Wireless LAN Profiles Table 37 Command Summary: Security Profile (continued) COMMAND DESCRIPTION MAC authentication has the AP use an external server to [no] mac-auth activate authenticate wireless clients by their MAC addresses. Users cannot get an IP address if the MAC authentication fails.
Page 98: Security Profile Example
Chapter 10 Wireless LAN Profiles Table 37 Command Summary: Security Profile (continued) COMMAND DESCRIPTION Sets the WPA/WPA2 encryption cipher type. wpa-encrypt {tkip | aes | auto} auto: This automatically chooses the best available cipher based on the cipher in use by the wireless client that is attempting to make a connection.
Page 99: Mac Filter Profile Commands
Chapter 10 Wireless LAN Profiles 10.5 MAC Filter Profile Commands The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands. Table 38 Input Values for General MAC Filter Profile Commands LABEL DESCRIPTION The MAC filter profile name.
Page 100: Layer-2 Isolation Profile Commands
Chapter 10 Wireless LAN Profiles 10.6 Layer-2 Isolation Profile Commands The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands. Table 40 Input Values for General Layer-2 Isolation Profile Commands LABEL DESCRIPTION The layer-2 isolation profile name.
Page 101: Layer-2 Isolation Profile Example
Chapter 10 Wireless LAN Profiles 10.6.1 Layer-2 Isolation Profile Example The following example creates a layer-2 isolation profile with the name ‘L2-Isolate-example’. In this profile, you allow the device with the MAC addresss of 00:a0:c5:01:23:45 to be accessed by other devices in the SSID to which the layer-2 isolation profile is applied. It also displays the profile settings.
Page 102 Chapter 10 Wireless LAN Profiles The maximum number of hops (the repeaters beteen a wireless client and the root AP) you can have in a ZyMesh varies according to how many wireless clients a managed AP can support.  A ZyMesh/WDS link with more hops has lower throughput. ...
Page 103 Chapter 10 Wireless LAN Profiles Table 43 Command Summary: ZyMesh Profile (continued) COMMAND DESCRIPTION Sets a pre-shared key of between 8 and 63 case- psk psk sensitive ASCII characters (including spaces and symbols) or 64 hexadecimal characters.The key is used to encrypt the wireless traffic between the APs.
Page 104 Chapter 10 Wireless LAN Profiles NXC CLI Reference Guide...
Page 105: Rogue Ap
HAP T ER Rogue AP This chapter shows you how to set up Rogue Access Point (AP) detection and containment. 11.1 Rogue AP Detection Overview Rogue APs are wireless access points operating in a network’s coverage area that are not under the control of the network’s administrators, and can potentially open holes in the network security.
Page 106: Rogue Ap Detection Examples
Chapter 11 Rogue AP Table 45 Command Summary: Rogue AP Detection (continued) COMMAND DESCRIPTION Sets the device that owns the specified MAC address as rogue-ap ap_mac description2 a rogue AP. You can also assign a description to this entry on the rogue AP list. Removes the device that owns the specified MAC no rogue-ap ap_mac address from the rogue AP list.
Page 107: Rogue Ap Containment Overview
Chapter 11 Rogue AP This example shows the friendly AP detection list. Router(config)# show rogue-ap detection list friendly description =========================================================================== 11:11:11:11:11:11 third floor 00:13:49:11:22:33 00:13:49:00:00:05 00:13:49:00:00:01 00:0D:0B:CB:39:33 dept1 This example shows the combined rogue and friendly AP detection list. Router(config)# show rogue-ap detection list all role description ===========================================================================...
Page 108: Rogue Ap Containment Commands
Chapter 11 Rogue AP  Containing a rogue AP means broadcasting unviable login data at it, preventing legitimate wireless clients from connecting to it. This is a kind of Denial of Service attack. 11.4 Rogue AP Containment Commands The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.
Page 109: Wireless Frame Capture
HAP T ER Wireless Frame Capture This chapter shows you how to configure and use wireless frame capture on the NXC. 12.1 Wireless Frame Capture Overview Troubleshooting wireless LAN issues has always been a challenge. Wireless sniffer tools like Ethereal can help capture and decode packets of information, which can then be analyzed for debugging.
Page 110: Wireless Frame Capture Examples
Chapter 12 Wireless Frame Capture The following table describes the commands available for wireless frame capture. You must use the command to enter the configuration mode before you can use configure terminal these commands. Table 49 Command Summary: Wireless Frame Capture COMMAND DESCRIPTION Enters sub-command mode for wireless frame capture.
Page 111: Dynamic Channel Selection
HAP T ER Dynamic Channel Selection This chapter shows you how to configure and use dynamic channel selection on the NXC. 13.1 DCS Overview Dynamic Channel Selection (DCS) is a feature that allows an AP to automatically select the radio channel upon which it broadcasts by passively listening to the area around it and determining what channels are currently being broadcast on by other devices.
Page 112 Chapter 13 Dynamic Channel Selection NXC CLI Reference Guide...
Page 113: Auto-Healing
HAP T ER Auto-Healing This chapter shows you how to configure auto-healing settings. 14.1 Auto-Healing Overview Auto-healing allows you to extend the wireless service coverage area of the managed APs when one of the managed APs fails. 14.2 Auto-Healing Commands The following table identifies the values required for many of these commands.
Page 114: Auto-Healing Examples
Chapter 14 Auto-Healing Table 52 Command Summary: Auto-Healing (continued) COMMAND DESCRIPTION Enters a number from 0 to 9. This value is used to auto-healing margin calculate the power level (power-threshold + margin) to which the neighbor APs of the failed AP increase their output power in order to extend their wireless service coverage areas.
Page 115: Dynamic Guest
HAP T ER Dynamic Guest This chapter shows you how to configure dynamic guest accounts. 15.1 Dynamic Guest Overview Dynamic guest accounts are guest accounts, but are created dynamically with the guest manager account and stored in the NXC’s local user database. A dynamic guest account user can access the NXC’s services only within a given period of time and will become invalid after the expiration date/time.
Page 116 Chapter 15 Dynamic Guest Table 53 Command Summary: Dynamic Guest (continued) COMMAND DESCRIPTION Sets the description for the specified user group. The [no] description description command clears the description for the specified user group. Sets this group as a dynamic guest group. dynamic-guest group Sets the NXC to remove the dynamic guest accounts dynamic-guest enable expired-account...
Page 117: Dynamic Guest Examples
Chapter 15 Dynamic Guest 15.2.1 Dynamic Guest Examples This example creates a guest-manager user account and a dynamic-guest user group, then sets the NXC to generate two dynamic-guest accounts automatically. This also shows the dynamic guest users information. Router(config)# username GuestMaster password 4321 user-type guest-manager Router(config)# groupname dynamic-guest Router(group-user)# dynamic-guest group Router(group-user)# exit...
Page 118 Chapter 15 Dynamic Guest NXC CLI Reference Guide...
Page 119: Leds
HAP T ER LEDs This chapter describes two features that controls the LEDs of the managed APs connected to your NXC - Locator and Suppression. 16.1 LED Suppression Mode The LED Suppression feature allows you to control how the LEDs of the AP behave after it’s ready.
Page 120: Led Suppression Commands Example
Chapter 16 LEDs 16.2.1 LED Suppression Commands Example The following example activates LED suppression mode on the AP with the MAC address 00:a0:c5:01:23:45 and displays the settings. Router(config)# led_suppress 00:a0:c5:01:23:45 enable Router(config)# show led_suppress 00:a0:c5:01:23:45 status Suppress Mode Status : Enable Router(config)# 16.3 LED Locator The LED locator feature identifies the location of the WAC AP among several devices in the...
Page 121: Zones
HAP T ER Zones Set up zones to configure network security and network policies in the NXC.  Use the configure terminal command to enter Configuration mode in order to use the commands described in this chapter. 17.1 Zones Overview A zone is a group of interfaces.
Page 122: Zone Commands Summary
Chapter 17 Zones 17.2 Zone Commands Summary The following table describes the values required for many zone commands. Other values are discussed with the corresponding commands. Table 56 Input Values for Zone Commands LABEL DESCRIPTION The name of a zone. profile_name Use up to 31 characters (a-zA-Z0-9_-).
Page 123: Zone Command Examples
Chapter 17 Zones 17.2.1 Zone Command Examples The following commands add Ethernet interfaces ge1 and ge2 to zone A and block intra-zone traffic. Router# configure terminal Router(config)# zone A Router(zone)# interface ge1 Router(zone)# interface ge2 Router(zone)# block Router(zone)# exit Router(config)# show zone No.
Page 124 Chapter 17 Zones NXC CLI Reference Guide...
Page 125: Alg
HAP T ER This chapter covers how to use the NXC’s ALG feature to allow certain applications to pass through the NXC. 18.1 ALG Introduction The NXC can function as an Application Layer Gateway (ALG) to allow certain NAT un- friendly applications (such as SIP) to operate properly through the NXC’s NAT.
Page 126: Alg Commands
Chapter 18 ALG 18.2 ALG Commands The following table lists the commands. You must use the configure terminal command to enter the configuration mode before you can use these commands. Table 58 alg Commands COMMAND DESCRIPTION Turns on or configures the ALG. [no] alg sip [inactivity-timeout | signal-port <1025..65535>...
Page 127: Captive Portal
HAP T ER Captive Portal This chapter describes how to configure which HTTP-based network services default to the captive portal page when client makes an initial network connection. 19.1 Captive Portal Overview A captive portal can intercept all network traffic, regardless of address or port, until the user authenticates his or her connection, usually through a specifically designated login Web page.
Page 128 Chapter 19 Captive Portal Table 59 Web Authentication Policy Commands (continued) COMMAND DESCRIPTION Sets the login web page through which the user authenticate their web-auth login setting connections before connecting to the rest of the network or Internet. Table 60 on page 128 for the sub-commands.
Page 129 Chapter 19 Captive Portal Table 60 web-auth login setting Sub-commands (continued) COMMAND DESCRIPTION Sets the session page’s URL; for example: http://192.168.1.1/session.cgi. [no] session-url 192.168.1.1 is the web server on which the web portal files are installed. Sets the URL of the page from which users can terminate their sessions; for [no] userlogout-url example, http://192.168.1.1/userlogout.asp.
Page 130: Qrcode-Auth-Profile Commands
Chapter 19 Captive Portal • Have the NXC use a custom login page from an external web portal instead of the default one built into the NXC • Create web-auth policy 1 • Set web-auth policy 1 to use the SSID profile named SSIDprofile1 •...
Page 131: Page-Customization Commands
Chapter 19 Captive Portal Table 62 qrcode-auth-profile Commands (continued) COMMAND DESCRIPTION Sets the VLAN interface on the NXC, through which the client is [no] auth-assisted-vlan allowed to access the NXC. vlan_iface Use the no command to remove the specified VLAN interface. Sets how the clients authenticate with a QR code to log into the web [no] auth-type {all | auth- site.
Page 132: Customizing The User Logout Page
Chapter 19 Captive Portal Table 63 page-customization Commands (continued) COMMAND DESCRIPTION Goes to configuration mode. exit Displays the custom login page settings. show page-customization 19.1.4 Customizing the User Logout Page Use these commands to customize the user logout screen. You must use the command to enter the configuration mode before configure terminal you can use these commands.
Page 133: Rtls
HAP T ER RTLS Use the RTLS commands to use the managed APs as part of an Ekahau RTLS to track the location of Ekahau Wi-Fi tags. 20.1 RTLS Introduction Ekahau RTLS (Real Time Location Service) tracks battery-powered Wi-Fi tags attached to APs managed by the NXC to create maps, alerts, and reports.
Page 134 Chapter 20 RTLS NXC CLI Reference Guide...
Page 135: Firewall
HAP T ER Firewall This chapter introduces the NXC’s firewall and shows you how to configure your NXC’s firewall. 21.1 Firewall Overview The NXC’s firewall is a stateful inspection firewall. The NXC restricts access by screening data packets against defined access rules. It can also inspect sessions. For example, traffic from one zone is not allowed unless it is initiated by a computer in another zone first.
Page 136: Firewall Commands
Chapter 21 Firewall Your customized rules take precedence and override the NXC’s default settings. The NXC checks the schedule, user name (user’s login name on the NXC), source IP address, destination IP address and IP protocol type of network traffic against the firewall rules (in the order you list them).
Page 137 Chapter 21 Firewall Table 67 Command Summary: Firewall (continued) COMMAND DESCRIPTION Enters the firewall sub-command mode to add firewall zone_object {zone_object|EnterpriseWLAN} a direction specific through-EnterpriseWLAN append rule or to-EnterpriseWLAN rule to the end of the global rule list. Removes a direction specific through- firewall zone_object {zone_object|EnterpriseWLAN} EnterpriseWLAN rule or to-EnterpriseWLAN delete rule_number...
Page 138: Firewall Sub-Commands
Chapter 21 Firewall 21.2.1 Firewall Sub-Commands The following table describes the sub-commands for several firewall commands. Table 68 firewall Sub-commands COMMAND DESCRIPTION Sets the action the NXC takes when packets match action {allow|deny|reject} this rule. Enables a firewall rule. The command disables [no] activate the firewall rule.
Page 139: Firewall Command Examples
Chapter 21 Firewall 21.2.2 Firewall Command Examples The following example shows you how to add a firewall rule to allow a MyService connection from the WLAN zone to the IP addresses Dest_1 in the LAN zone. • Enter configuration command mode. •...
Page 140: Session Limit Commands
Chapter 21 Firewall The following command displays the firewall rule(s) (including the default firewall rule) that applies to the packet direction from WAN to LAN. The firewall rule numbers in the menu are the firewall rules’ priority numbers in the global rule list. Router# configure terminal Router(config)# show firewall WAN LAN firewall rule: 3...
Page 141 Chapter 21 Firewall The following table describes the session-limit commands. You must use the configure command to enter the configuration mode before you can use these commands. terminal Table 70 Command Summary: Session Limit COMMAND DESCRIPTION Turns the session-limit feature on or off. [no] session-limit activate Sets the default number of concurrent NAT/ session-limit limit <0..8192>...
Page 142 Chapter 21 Firewall NXC CLI Reference Guide...
Page 143: User/Group
HAP T ER User/Group This chapter describes how to set up user accounts, user groups, and user settings for the NXC. You can also set up rules that control when users have to log in to the NXC before the NXC routes traffic for them.
Page 144: User/Group Commands Summary
Chapter 22 User/Group 22.2 User/Group Commands Summary The following table identifies the values required for many username/groupname commands. Other input values are discussed with the corresponding commands. Table 72 username/groupname Command Input Values LABEL DESCRIPTION The name of the user (account). You may use 1-31 alphanumeric characters, username underscores( ), or dashes (-), but the first character cannot be a number.
Page 145: User Group Commands
Chapter 22 User/Group Table 73 username/groupname Commands Summary: Users (continued) COMMAND DESCRIPTION Sets the lease time for the specified user. Set it to username username [no] logon-lease-time zero to set unlimited lease time. The command <0..1440> sets the lease time to five minutes (regardless of the current default setting for new users).
Page 146 Chapter 22 User/Group Table 75 username/groupname Commands Summary: Settings (continued) COMMAND DESCRIPTION Sets the default user type for each new user. The users default-setting [no] user-type Displays the current retry limit settings for users. show users retry-settings Enables the retry limit for users.
Page 147: Mac Auth Commands
Chapter 22 User/Group 22.2.4 MAC Auth Commands This table lists the commands for mappings MAC addresses to MAC address user accounts. Table 76 mac-auth Commands Summary COMMAND DESCRIPTION Maps the specified MAC address authenticated by [no] mac-auth database mac mac address type an external server to the specified MAC role (MAC ext-mac-address mac-role username description address user account).
Page 148: Additional User Commands
Chapter 22 User/Group • Use upper case letters in the account MAC addresses Router(config)# username ZyXEL-mac user-type mac-address Router(config)# mac-auth database mac 00:13:49:11:a0:c4 type ext-mac-address mac-role ZyXEL-mac description zyxel mac 3. Modify wlan-security-profile Router(config)# wlan-security-profile secureWLAN1 Router(config-wlan-security default)# mac-auth activate Router(config-wlan-security default)# mac-auth auth-method Auth1 Router(config-wlan-security default)# mac-auth delimiter account colon Router(config-wlan-security default)# mac-auth case account upper...
Page 149 Chapter 22 User/Group 22.2.5.1 Additional User Command Examples The following commands display the users that are currently logged in to the NXC and forces the logout of all logins from a specific IP address. Router# configure terminal Router(config)# show users all Name Role Type...
Page 150 Chapter 22 User/Group The following commands display the users that are currently locked out and then unlocks the user who is displayed. Router# configure terminal Router(config)# show lockout-users Username Tried From Lockout Time Remaining =========================================================================== From Failed Login Attempt Record Expired Timer =========================================================================== 192.168.1.60 Router(config)# unlock lockout-users 192.168.1.60...
Page 151: Addresses
HAP T ER Addresses This chapter describes how to set up addresses and address groups for the NXC.  Use the configure terminal command to enter Configuration mode in order to use the commands described in this chapter. 23.1 Address Overview Address objects can represent a single IP address or a range of IP addresses.
Page 152: Address Commands Summary
Chapter 23 Addresses 23.2 Address Commands Summary The following table describes the values required for many address object and address group commands. Other values are discussed with the corresponding commands. Table 78 Input Values for Address Commands LABEL DESCRIPTION The name of the address. You may use 1-31 alphanumeric characters, object_name underscores( ), or dashes (-), but the first character cannot be a number.
Page 153: Address Group Commands
Chapter 23 Addresses 23.2.1.1 Address Object Command Examples The following example creates three address objects and then deletes one. Router# configure terminal Router(config)# address-object A0 10.1.1.1 Router(config)# address-object A1 10.1.1.1-10.1.1.20 Router(config)# address-object A2 10.1.1.0/24 Router(config)# show address-object Object name Type Address Note Ref.
Page 154 Chapter 23 Addresses Table 80 object-group Commands: Address Groups (continued) COMMAND DESCRIPTION Sets the description to the specified value. The [no] description description command clears the description. description: You can use alphanumeric and characters, and it can be up ()+/:=?!*#@$_%- to 60 characters long.
Page 155: Services
HAP T ER Services Use service objects to define TCP applications, UDP applications, and ICMP messages. You can also create service groups to refer to multiple service objects in other features. 24.1 Services Overview See the appendices in the web configurator’s User Guide for a list of commonly-used services. 24.2 Services Commands Summary The following table describes the values required for many service object and service group commands.
Page 156: Service Group Commands
Chapter 24 Services Table 82 service-object Commands: Service Objects (continued) COMMAND DESCRIPTION Creates the specified ICMP message using the service-object object_name icmp icmp_value specified parameters. icmp_value: <0..255> | alternate-address | conversion-error | echo | echo-reply | information- reply | information-request | mask-reply | mask- request | mobile-redirect | parameter-problem | redirect | router-advertisement | router-solicitation | source-quench | time-exceeded | timestamp-reply |...
Page 157 Chapter 24 Services Table 83 object-group Commands: Service Groups (continued) COMMAND DESCRIPTION Adds the specified service group (second [no] object-group group_name group_name) to the specified service group (first group_name). The command removes the specified service group from the specified service group.
Page 158 Chapter 24 Services NXC CLI Reference Guide...
Page 159: Schedules
HAP T ER Schedules Use schedules to set up one-time and recurring schedules for policy routes, firewall rules, application patrol, and content filtering. 25.1 Schedule Overview The NXC supports two types of schedules: one-time and recurring. One-time schedules are effective only once, while recurring schedules usually repeat. Both types of schedules are based on the current date and time in the NXC.
Page 160: Schedule Command Examples
Chapter 25 Schedules The following table lists the schedule commands. Table 85 schedule Commands COMMAND DESCRIPTION Displays information about the schedules in the show schedule-object NXC. Deletes the schedule object. no schedule-object object_name Lists all schedules configured on the NXC. schedule-object list Creates or updates a one-time schedule.
Page 161: Aaa Server
HAP T ER AAA Server This chapter introduces and shows you how to configure the NXC to use external authentication servers. 26.1 AAA Server Overview You can use an AAA (Authentication, Authorization, Accounting) server to provide access control to your network. The following lists the types of authentication server the NXC supports.
Page 162: Aaa Group Server Ad Commands
Chapter 26 AAA Server 26.2.1 aaa group server ad Commands The following table lists the commands you use to configure a aaa group server ad group of AD servers. Table 86 aaa group server ad Commands COMMAND DESCRIPTION Deletes all AD server groups or the specified AD clear aaa group server ad [group- server group.
Page 163: Aaa Group Server Ldap Commands
Chapter 26 AAA Server Table 86 aaa group server ad Commands (continued) COMMAND DESCRIPTION Activates server domain authentication. The no [no] server domain-auth parameter deactivates it. activate Adds the NetBIOS name of the AD server. The NXC server domain-auth domain- uses it with the user name in the format name ...
Page 164: Aaa Group Server Radius Commands
Chapter 26 AAA Server Table 87 aaa group server ldap Commands (continued) COMMAND DESCRIPTION Sets the user name the NXC uses to log into the LDAP [no] server binddn binddn server group. The command clears this setting. Sets the unique common name (cn) to identify a [no] server cn-identifier uid record.
Page 165 Chapter 26 AAA Server Table 88 aaa group server radius Commands (continued) COMMAND DESCRIPTION Sets a descriptive name for the RADIUS server group. [no] aaa group server radius command deletes the specified server group. group-name Changes the descriptive name for a RADIUS server aaa group server radius rename group.
Page 166: Aaa Group Server Command Example
Chapter 26 AAA Server Table 88 aaa group server radius Commands (continued) COMMAND DESCRIPTION Specifies the Network Access Server IP address [no] server nas-ip attribute value if the RADIUS server requires it. The no command clears this setting. Enable this to have the NXC send subscriber status [no] server acct-interim updates to the RADIUS server.
Page 167: Authentication Objects
HAP T ER Authentication Objects This chapter shows you how to select different authentication methods for user authentication using the AAA servers or the internal user database. 27.1 Authentication Objects Overview After you have created the AAA server objects, you can specify the authentication objects (containing the AAA server information) that the NXC uses to authenticate users (such as managing through HTTP/HTTPS or Captive Portal).
Page 168: Aaa Authentication Command Example
Chapter 27 Authentication Objects Table 89 aaa authentication Commands (continued) COMMAND DESCRIPTION Sets the default profile to use the authentication method(s) in [no] aaa authentication the order specified. default member1 [member2] member = group ad, group ldap, group radius, or local. [member3] [member4] Note: You must specify at least one member for each profile.
Page 169: Test Aaa Command
Chapter 27 Authentication Objects 27.3 test aaa Command The following table lists the command you use to teat a user account on an test aaa authentication server. Table 90 test aaa Command COMMAND DESCRIPTION Tests whether a user account exists on the specified test aaa {server|secure- authentication server.
Page 170 Chapter 27 Authentication Objects NXC CLI Reference Guide...
Page 171: Authentication Server
HAP T ER Authentication Server This chapter shows you how to configure the NXC as an authentication server for access points. 28.1 Authentication Server Overview The NXC can also work as a RADIUS server to exchange messages with other APs for user authentication and authorization.
Page 172: Authentication Server Command Examples
Chapter 28 Authentication Server Table 91 Command Summary: Authentication Server (continued) COMMAND DESCRIPTION Sets the description for the profile. The command clears this [no] description setting. description description: You can use alphanumeric and ()+/ characters, and it can be up to 60 characters :=?!*#@$_%- long.
Page 173: Enc
HAP T ER This chapter shows you how to configure the NXC as an ENC agent and allow it to be managed by the ENC server or an ACS (Auto Configuration Server) via TR-069 over HTTP or HTTPs. 29.1 ENC Overview ENC (Enterprise Network Center) is a browser-based network management system that allows a network administrators from any location to manage and monitor multiple ZyXEL devices.
Page 174 Chapter 29 ENC Table 92 Command Summary: ENC-Agent (continued) COMMAND DESCRIPTION Sets how often (in seconds) the NXC sends Inform messages to enc-agent periodic-inform initiate connections to the ENC or ACS server. interval <10..86400> Sets the NXC to authenticate the ENC or ACS server’s enc-agent authentication certificate when you are using HTTPs.
Page 175: Enc-Agent Command Examples
Chapter 29 ENC Table 92 Command Summary: ENC-Agent (continued) COMMAND DESCRIPTION Sets the NXC to not periodically send “Inform” messages to the no enc-agent periodic- ENC or ACS server. inform Enables ENC-agent debug logging. The command disables [no] debug enc-agent ENC-agent debug logging.
Page 176 Chapter 29 ENC NXC CLI Reference Guide...
Page 177: Certificates
HAP T ER Certificates This chapter explains how to use the Certificates. 30.1 Certificates Overview The NXC can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key.
Page 178: Certificates Commands Summary
Chapter 30 Certificates Table 93 Certificates Commands Input Values (continued) LABEL DESCRIPTION Identify the organizational unit or department to which the certificate organizational_unit owner belongs. You can use up to 31 characters. You can use alphanumeric characters, the hyphen and the underscore. Identify the company or group to which the certificate owner belongs.
Page 179 Chapter 30 Certificates Table 94 ca Commands Summary (continued) COMMAND DESCRIPTION Generates a PKCS#10 certification request. ca generate pkcs10 name certificate_name cn- type {ip cn cn_address|fqdn cn cn_domain_name|mail cn cn_email} [ou organizational_unit] [o organization] [c country] [usr-def certificate_name] key-type {rsa|dsa} key-len key_length ca generate pkcs12 name name password password Generates a PKCS#12 certificate.
Page 180: Certificates Commands Examples
Chapter 30 Certificates 30.5 Certificates Commands Examples The following example creates a self-signed X.509 certificate with IP address 10.0.0.58 as the common name. It uses the RSA key type with a 512 bit key. Then it displays the list of local certificates.
Page 181: System
HAP T ER System This chapter provides information on the commands that correspond to what you can configure in the system screens. 31.1 System Overview Use these commands to configure general NXC information, the system time and the console port connection speed for a terminal emulation program. They also allow you to configure DNS settings and determine which services/protocols can access which NXC zones (if any) from which computers.
Page 182 Chapter 31 System Figure 15 Access Page Customization Logo Title Message Color (color of all text) Note Message (last line of text) Window Background You can specify colors in one of the following ways: • color-rgb: Enter red, green, and blue values in parenthesis and separate by commas. For example, use “rgb(0,0,0)”...
Page 183: Host Name Commands
Chapter 31 System Table 95 Command Summary: Customization (continued) COMMAND DESCRIPTION Sets the title for the top of the login screen. Use up to 64 login-page title title printable ASCII characters. Spaces are allowed. Sets the title text color of the login page. login-page title-color {color-rgb | color-name | color-number} Sets the color of the logo banner across the top of the login...
Page 184: Date/Time Commands
Chapter 31 System 31.4.1 Date/Time Commands The following table describes the commands available for date and time setup. You must use command to enter the configuration mode before you can use configure terminal these commands. Table 97 Command Summary: Date/Time COMMAND DESCRIPTION Sets the new date in year, month and day format...
Page 185: Console Port Speed
Chapter 31 System 31.5 Console Port Speed This section shows you how to set the console port speed when you connect to the NXC via the console port using a terminal emulation program. The following table describes the console port commands. You must use the command to enter the configure terminal configuration mode before you can use these commands.
Page 186: Dns Command Example
Chapter 31 System Table 100 Command Summary: DNS (continued) COMMAND DESCRIPTION Sets a service control rule for DNS requests. ip dns server rule {<1..64>|append|insert <1..64>} access-group {ALL|profile_name} zone {ALL|profile_name} action {accept|deny} Changes the number of a service control rule. ip dns server rule move <1..64> to <1..64> Sets a domain zone forwarder record that ip dns server zone-forwarder specifies a DNS server’s IP address.
Page 187: System Remote Management
HAP T ER System Remote Management This chapter shows you how to determine which services/protocols can access which NXC zones (if any) from which computers.  To allow the NXC to be accessed from a specified computer using a service, make sure you do not have a service control rule or to-NXC rule to block that traffic.
Page 188: Common System Command Input Values
Chapter 32 System Remote Management 32.2 Common System Command Input Values The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands. Table 101 Input Values for General System Commands LABEL DESCRIPTION The name of the IP address (group) object.
Page 189: Http/Https Command Examples
Chapter 32 System Remote Management Table 102 Command Summary: HTTP/HTTPS (continued) COMMAND DESCRIPTION Redirects all HTTP connection requests to a [no] ip http secure-server force-redirect HTTPS URL. The command disables forwarding HTTP connection requests to a HTTPS URL. Sets a service control rule for HTTPS service. ip http secure-server table {admin|user} rule {rule_number|append|insert rule_number} access- group {ALL|address_object} zone...
Page 190: Ssh
Chapter 32 System Remote Management This command sets an authentication method used by the HTTP/HTTPS server to authenticate the client(s). Router# configure terminal Router(config)# ip http authentication Example This following example sets a certificate named MyCert used by the HTTPS server to authenticate itself to the SSL client.
Page 191: Ssh Command Examples
Chapter 32 System Remote Management Table 103 Command Summary: SSH (continued) COMMAND DESCRIPTION Sets the SSH service port number. The [no] ip ssh server port <1..65535> command resets the SSH service port number to the factory default (22). Sets a service control rule for SSH service. ip ssh server rule {rule_number|append|insert rule_number} access-group {ALL|address_object} address_object: The name of the IP address...
Page 192: Telnet Commands
Chapter 32 System Remote Management 32.6 Telnet Commands The following table describes the commands available for Telnet. You must use the command to enter the configuration mode before you can use these configure terminal commands. Table 104 Command Summary: Telnet COMMAND DESCRIPTION Allows Telnet access to the NXC CLI.
Page 193: Configuring Ftp
Chapter 32 System Remote Management 32.7 Configuring FTP You can upload and download the NXC’s firmware and configuration files using FTP. To use this feature, your computer must have an FTP client. 32.7.1 FTP Commands The following table describes the commands available for FTP. You must use the configure command to enter the configuration mode before you can use these commands.
Page 194: Snmp
Chapter 32 System Remote Management This command displays FTP settings. Router# configure terminal Router(config)# show ip ftp server status active : yes port : 21 certificate: default : no service control: Zone Address Action ======================================================================== 32.8 SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices.
Page 195: Snmp Commands
Chapter 32 System Remote Management 32.8.3 SNMP Commands The following table describes the commands available for SNMP. You must use the command to enter the configuration mode before you can use these configure terminal commands. Table 107 Command Summary: SNMP COMMAND DESCRIPTION Allows SNMP access to the NXC.
Page 196: Snmp Commands Examples
Chapter 32 System Remote Management Table 107 Command Summary: SNMP (continued) COMMAND DESCRIPTION Displays SNMP Settings. show snmp status Displays SNMPv3 user status. show snmp-server v3user status 32.8.4 SNMP Commands Examples The following command sets a service control rule that allowed the computers with the IP addresses matching the specified address object to access the specified zone using SNMP service.
Page 197: Commands
Chapter 32 System Remote Management 32.9.1 TR-069 Commands The following table describes the commands available for TR-069. You must use the command to enter the configuration mode before you can use these configure terminal commands. Table 108 Command Summary: TR-069 COMMAND DESCRIPTION Enters up to 255 characters to set the password...
Page 198: Commands Examples
Chapter 32 System Remote Management Table 108 Command Summary: TR-069 (continued) COMMAND DESCRIPTION Enters up to 255 characters to set the user name [no] tr069-agent username username used to authenticate the management server when connecting to the NXC. The command removes the password.
Page 199: Dhcpv6 Objects
HAP T ER DHCPv6 Objects This chapter describes how to configure and view DHCPv6 request objects. 33.1 DHCPv6 Object Commands Summary The following table identifies the values required for many DHCPv6 object commands. Other input values are discussed with the corresponding commands. Table 110 DHCPv6 Object Command Input Values LABEL DESCRIPTION...
Page 200: Dhcpv6 Object Command Examples
Chapter 33 DHCPv6 Objects 33.1.2 DHCPv6 Object Command Examples This example creates and displays a DHCPv6 request object named “test1” for DNS server information. Router(config)# dhcp6-request-object test1 dns-server Router(config)# show dhcp6 request-object DHCP6 Request Object: test1 Object Type: dns-server Object Value: Bind Iface: REFERENCE: 0 Router(config)#...
Page 201: File Manager
HAP T ER File Manager This chapter covers how to work with the NXC’s firmware, certificates, configuration files, custom IDP signatures, packet trace results, shell scripts and temporary files. 34.1 File Directories The NXC stores files in the following directories. Table 112 FTP File Transfer Notes FILE NAME DIRECTORY FILE TYPE...
Page 202: Comments In Configuration Files Or Shell Scripts
Chapter 34 File Manager These files have the same syntax, which is also identical to the way you run CLI commands manually. An example is shown below. Figure 16 Configuration File / Shell Script: Example # enter configuration mode configure terminal # change administrator password username admin password 4321 user-type admin # configure ge3...
Page 203: Errors In Configuration Files Or Shell Scripts
Chapter 34 File Manager  “exit” or “!'” must follow sub commands if it is to make the NXC exit sub command mode. Line 3 in the following example exits sub command mode. interface ge1 ip address dhcp Lines 1 and 3 in the following example are comments and line 4 exits sub command mode. interface ge1 # this interface is a DHCP client Lines 1 and 2 are comments.
Page 204: Configuration File Flow At Restart
Chapter 34 File Manager • When you change the configuration, the NXC creates a startup-config.conf file of the current configuration. • The NXC checks the startup-config.conf file for errors when it restarts. If there is an error in the startup-config.conf file, the NXC copies the startup-config.conf configuration file to the startup-config-bad.conf configuration file and tries the existing lastgood.conf configuration file.
Page 205: File Manager Commands Summary
Chapter 34 File Manager 34.4 File Manager Commands Summary The following table lists the commands that you can use for file management. Table 115 File Manager Commands Summary COMMAND DESCRIPTION Has the NXC use a specific configuration file. You must apply /conf/file_name.conf [ignore-error] still use the command to save your...
Page 206: File Manager Command Example
Chapter 34 File Manager Table 115 File Manager Commands Summary (continued) COMMAND DESCRIPTION Displays the settings of the configuration file that the show running-config system is using. Has the NXC ignore any errors in the startup- setenv-startup stop-on-error off config.conf file and apply all of the valid commands. Displays whether or not the NXC is set to ignore any show setenv-startup errors in the startup-config.conf file and apply all of the...
Page 207: Command Line Ftp Configuration File Upload Example
Chapter 34 File Manager  The firmware update can take up to five minutes. Do not turn off or reset the NXC while the firmware update is in progress! If you lose power during the firmware upload, you may need to refer to Section 34.9 on page 209 to recover the firmware.
Page 208: Command Line Ftp Configuration File Download Example
Chapter 34 File Manager 34.6.4 Command Line FTP Configuration File Download Example The following example gets a configuration file named today.conf from the NXC and saves it on the computer as current.conf. Figure 18 FTP Configuration File Download Example C:\>ftp 192.168.1.1 Connected to 192.168.1.1.
Page 209: Notification Of A Damaged Recovery Image Or Firmware
Chapter 34 File Manager Figure 19 NXC File Usage at Startup 1. Boot Module 2. Recovery Image 3. Firmware 1 The boot module performs a basic hardware test. You cannot restore the boot module if it is damaged. The boot module also checks and loads the recovery image. The NXC notifies you if the recovery image is damaged.
Page 210: Restoring The Recovery Image (Nxc5200 Only)
Chapter 34 File Manager 3 If the console session displays “Invalid Firmware”, or “Invalid Recovery Image”, or the console freezes at "Press any key to enter debug mode within 3 seconds" for more than one minute, go to Section 34.10 on page 210 to restore the recovery image.
Page 211 Chapter 34 File Manager Figure 23 Enter Debug Mode 3 Enter atuk to initialize the recovery process. If the screen displays “ERROR”, enter atur to initialize the recovery process.  You only need to use the atuk or atur command if the recovery image is damaged.
Page 212: Restoring The Firmware
Chapter 34 File Manager Figure 26 Example Xmodem Upload Type the firmware file's location, or click Browse to search for it. Choose the 1K Xmodem protocol. Then click Send. 6 Wait for about three and a half minutes for the Xmodem upload to finish. Figure 27 Recovery Image Upload Complete 7 Enter atgo.
Page 213 Chapter 34 File Manager 3 Use an FTP client on your computer to connect to the NXC. For example, in the Windows command prompt, type ftp 192.168.1.1. Keep the console session connected in order to see when the firmware recovery finishes. 4 Hit enter to log in anonymously.
Page 214 Chapter 34 File Manager Figure 32 Firmware Recovery Complete and Restart 10 The username prompt displays after the NXC starts up successfully. The firmware recovery process is now complete and the NXC is ready to use. Figure 33 Restart Complete NXC CLI Reference Guide...
Page 215: Restoring The Default System Database
Chapter 34 File Manager 34.12 Restoring the Default System Database The default system database stores information such as the default anti-virus or IDP signatures. The NXC can still operate if the default system database is damaged or missing, but related features (like anti-virus or IDP) may not function properly. If the default system database file is not valid, the NXC displays a warning message in your console session at startup or when reloading the anti-virus or IDP signatures.
Page 216: Using The Atkz -U Debug Command (Nxc5200 Only)
Chapter 34 File Manager Figure 36 Default System Database Missing Log: Anti-virus This procedure requires the NXC’s default system database file. Download the firmware package from www.zyxel.com and unzip it. The default system database file uses a .db extension, for example, "1.01(XL.0)C0.db". Do the following after you have obtained the default system database file.
Page 217 Chapter 34 File Manager Figure 38 atkz -u Command for Restoring the Default System Database 4 “Connect a computer to port 1 and FTP to 192.168.1.1 to upload the new file” displays on the screen. Connect your computer to the NXC’s port 1 (only port 1 can be used). Figure 39 Use FTP with Port 1 and IP 192.168.1.1 to Upload File 5 The NXC’s FTP server IP address for firmware recovery is 192.168.1.1, so set your computer to use a static IP address from 192.168.1.2 ~192.168.1.254.
Page 218 Chapter 34 File Manager Figure 42 Default System Database Received and Recovery Complete 12 The username prompt displays after the NXC starts up successfully. The default system database recovery process is now complete and the NXC IDP and anti-virus features are ready to use again.
Page 219: Logs
HAP T ER Logs This chapter provides information about the NXC’s logs.  When the system log reaches the maximum number of log messages, new log messages automatically overwrite existing log messages, starting with the oldest existing log message first. See the User’s Guide for the maximum number of system log messages in the NXC.
Page 220: Log Entries Commands
Chapter 35 Logs 35.1.1 Log Entries Commands This table lists the commands to look at log entries. Table 118 logging Commands: Log Entries COMMAND DESCRIPTION Displays the selected entries in the system log. show logging entries [priority pri] [category module_name] [srcip ip] [dstip ip] [service PRI: alert | crit | debug | emerg | error | info | notice | warn service_name] [begin <1..512>...
Page 221: Debug Log Commands
Chapter 35 Logs 35.1.2.1 System Log Command Examples The following command displays the current status of the system log. Router# configure terminal Router(config)# show logging status system-log 512 events logged suppression active : yes suppression interval: 10 category settings content-filter : normal , forward-web-sites : no blocked-web-sites : normal , user : normal ,...
Page 222: E-Mail Profile Log Commands
Chapter 35 Logs This table lists the commands for the remote syslog server settings. Table 121 logging Commands: Remote Syslog Server Settings COMMAND DESCRIPTION Displays the current settings for the remote show logging status syslog servers. Enables the specified remote server. The [no] logging syslog <1..4>...
Page 223 Chapter 35 Logs Table 122 logging Commands: E-mail Profile Settings (continued) COMMAND DESCRIPTION Sets the e-mail address for logs or alerts. The [no] logging mail <1..2> {send-log-to | send- command clears the specified field. alerts-to} e_mail e_mail: You can use up to 63 alphanumeric characters, underscores (_), or dashes (-), and you must use the @ character.
Page 224: Console Port Log Commands
Chapter 35 Logs 35.1.5 Console Port Log Commands This table lists the commands for the console port settings. Table 123 logging Commands: Console Port Settings COMMAND DESCRIPTION Displays the current settings for the console log. show logging status console (This log is not discussed above.) Enables the console log.
Page 225 Chapter 35 Logs Table 124 logging Commands: Access Point Settings (continued) COMMAND DESCRIPTION Displays the logging status for the specified AP’s show wtp-logging status mail [ap_mac] mail log. Displays the specified AP’s query log. show wtp-logging query-log ap_mac Displays the specified AP’s query debug log. show wtp-logging query-dbg-log ap_mac Displays the AP logging result status.
Page 226 Chapter 35 Logs NXC CLI Reference Guide...
Page 227: Reports And Reboot
HAP T ER Reports and Reboot This chapter provides information about the report associated commands and how to restart the NXC using commands. It also covers the daily report e-mail feature. 36.1 Report Commands Summary The following sections list the report and session commands. 36.1.1 Report Commands This table lists the commands for reports.
Page 228: Report Command Examples
Chapter 36 Reports and Reboot 36.1.2 Report Command Examples The following commands start collecting data, display the traffic reports, and stop collecting data. Router# configure terminal Router(config)# show report ge1 ip No. IP Address User Amount Direction =================================================================== 192.168.1.4 admin 1273(bytes) Outgoing 192.168.1.4...
Page 229: Email Daily Report Commands
Chapter 36 Reports and Reboot 36.2 Email Daily Report Commands The following table identifies the values used in some of these commands. Other input values are discussed with the corresponding commands. Table 127 Input Values for Email Daily Report Commands LABEL DESCRIPTION An e-mail address.
Page 230 Chapter 36 Reports and Reboot Table 128 Email Daily Report Commands (continued) COMMAND DESCRIPTION Sets the SMTP service port. smtp-port <1..65535> Resets the SMTP service port configuration. no smtp-port Determines whether or not the station statistics daily-report [no] item station-count are included in the report e-mails.
Page 231: Email Daily Report Example
Chapter 36 Reports and Reboot 36.2.1 Email Daily Report Example This example sets the NXC to send a daily report e-mail. Router(config)# daily-report Router(config-daily-report)# smtp-address example-SMTP-mail-server.com Router(config-daily-report)# mail-subject set test subject Router(config-daily-report)# no mail-subject append system-name Router(config-daily-report)# mail-subject append date-time Router(config-daily-report)# mail-from [email protected] Router(config-daily-report)# [email protected] Router(config-daily-report)# no mail-to-2...
Page 232: Reboot
Chapter 36 Reports and Reboot This displays the email daily report settings and has the NXC send the report now. Router(config)# show daily-report status email daily report status ========================= activate: yes scheduled time: 13:57 reset counter: no smtp address: example-SMTP-mail-server.com smtp auth: yes smtp username: 12345 smtp password: pass12345...
Page 233: Session Timeout
HAP T ER Session Timeout Use these commands to modify and display the session timeout values. You must use the configure terminal command before you can use these commands. Table 129 Session Timeout Commands COMMAND DESCRIPTION Sets the timeout for UDP sessions to connect or session timeout {udp-connect <1..300>...
Page 234 Chapter 37 Session Timeout NXC CLI Reference Guide...
Page 235: Diagnostics
HAP T ER Diagnostics This chapter covers how to use the diagnostics feature. 38.1 Diagnostics The diagnostics feature provides an easy way for you to generate a file containing the NXC’s configuration and diagnostic information. You may need to generate this file and send it to customer support during troubleshooting.
Page 236 Chapter 38 Diagnostics NXC CLI Reference Guide...
Page 237: Chapter 39 Packet Flow Explore
HAP T ER Packet Flow Explore This chapter covers how to use the packet flow explore feature. 39.1 Packet Flow Explore Use this to get a clear picture on how the NXC determines where to forward a packet and how to change the source IP address of the packet according to your current settings.
Page 238: Packet Flow Explore Commands Example
Chapter 39 Packet Flow Explore 39.3 Packet Flow Explore Commands Example The following example shows all routing related functions and their order. Router> show route order route order: Direct Route, Policy Route, 1-1 SNAT, Main Route The following example shows all SNAT related functions and their order. Router>...
Page 239: Chapter 40 Maintenance Tools
HAP T ER Maintenance Tools Use the maintenance tool commands to check the conditions of other devices through the NXC. The maintenance tools can help you to troubleshoot network problems. 40.1 Maintenance Tools Commands Here are maintenance tool commands that you can use in privilege mode. Table 132 Maintenance Tools Commands in Privilege Mode COMMAND DESCRIPTION...
Page 240 Chapter 40 Maintenance Tools Here are maintenance tool commands that you can use in configure mode. Table 133 Maintenance Tools Commands in Configuration Mode COMMAND DESCRIPTION Performs a packet capture that captures network traffic [no] packet-capture activate going through the set NXC’s interface(s). Studying these packet captures may help you identify network problems.
Page 241: Command Examples
Chapter 40 Maintenance Tools Table 133 Maintenance Tools Commands in Configuration Mode (continued) COMMAND DESCRIPTION Specifies the maximum number of bytes to capture per snaplen <68..1512> packet. The NXC automatically truncates packets that exceed this size. As a result, when you view the packet capture files in a packet analyzer, the actual size of the packets may be larger than the size of captured packets.
Page 242 Chapter 40 Maintenance Tools Router# packet-trace interface ge2 ip-proto icmp file extension-filter -> and src host 192.168.105.133 and dst host 192.168.105.40 -s 500 -n tcpdump: listening on eth1 07:26:51.731558 192.168.105.133 > 192.168.105.40: icmp: echo request (DF) 07:26:52.742666 192.168.105.133 > 192.168.105.40: icmp: echo request (DF) 07:26:53.752774 192.168.105.133 >...
Page 243 Chapter 40 Maintenance Tools Then configure the following settings to capture packets going through the NXC’s WAN1 interface only (this means you have to remove LAN2 and WAN2 from the iface list). • IP address: any • Host IP: any •...
Page 244 Chapter 40 Maintenance Tools NXC CLI Reference Guide...
Page 245: Chapter 41 Watchdog Timer
HAP T ER Watchdog Timer This chapter provides information about the NXC’s watchdog timers. 41.1 Hardware Watchdog Timer The hardware watchdog has the system restart if the hardware fails.  The hardware-watchdog-timer commands are for support engineers. It is recommended that you not modify the hardware watchdog timer settings. Table 134 hardware-watchdog-timer Commands COMMAND DESCRIPTION...
Page 246: Application Watchdog
Chapter 41 Watchdog Timer  The software-watchdog-timer commands are for support engineers. It is recommended that you not modify the software watchdog timer settings. Table 135 software-watchdog-timer Commands COMMAND DESCRIPTION Sets how long the system’s core firmware can be [no] software-watchdog-timer timer unresponsive before resetting.
Page 247: Application Watchdog Commands Example
Chapter 41 Watchdog Timer Table 136 app-watchdog Commands COMMAND DESCRIPTION Sets the percentage thresholds for sending a memory usage alert. The [no] app-watch-dog mem- NXC starts sending alerts when memory usage exceeds the maximum threshold min <1..100> max (the second threshold you enter). The NXC stops sending alerts when <1..100>...
Page 248 Chapter 41 Watchdog Timer The following example lists the processes that the application watchdog is monitoring. Router# configure terminal Router(config)# show app-watch-dog monitor-list #app_name min_process_count max_process_count(-1 unlimited) recover_enable recover_reboot recover_always recover_max_try_count ecover_max_fail_count uamd firewalld policyd classify resd zyshd_wd zyshd httpd httpd dhcpd zylogd...
Page 249: Managed Ap Commands
HAP T ER Managed AP Commands Connect directly to a managed AP’s CLI (Command Line Interface) to configure the managed AP’s CAPWAP (Control And Provisioning of Wireless Access Points) client and DNS server settings. 42.1 Managed Series AP Commands Overview Log into an AP’s CLI and use the commands in this chapter if the AP does not automatically connect to the NXC or you need to configure the AP’s DNS server.
Page 250: Capwap Client Commands
Chapter 42 Managed AP Commands 42.3 CAPWAP Client Commands Use the CAPWAP client commands to configure the AP’s IP address and other related management interface settings. Do not use the original interface commands to configure the IP address and related settings on the AP, because the AP does not save interface command settings after rebooting.
Page 251: Capwap Client Commands Example
Chapter 42 Managed AP Commands 42.3.1 CAPWAP Client Commands Example This example shows how to configure the AP’s management interface and how it connects to the AP controller (the NXC), and check the connecting status. The following commands: • Display how the AP finds the NXC •...
Page 252: Dns Server Commands
Chapter 42 Managed AP Commands 42.4 DNS Server Commands The following table describes commands for configuring the AP’s DNS server. You must use command to enter the configuration mode before you can use configure terminal these commands. Table 139 Command Summary: DNS Server COMMAND DESCRIPTION Sets a domain zone forwarder record that specifies a fully...
Page 253: Dns Server Commands And Dhcp
Chapter 42 Managed AP Commands 42.4.2 DNS Server Commands and DHCP The AP in the example in Section 42.4.1 on page 252 uses a static IP address. If the AP uses DHCP instead, you do not need to configure the DNS server’s IP address on the AP when you configure DHCP option 6 on the DHCP server.
Page 254 Chapter 42 Managed AP Commands NXC CLI Reference Guide...
Page 255: List Of Commands
List of Commands List of Commands This section lists the root commands in alphabetical order. [no] 2g-scan-channel wireless_channel_2g ......... 92 [no] 5g-scan-channel wireless_channel_5g ......... 92 [no] aaa authentication {profile-name} .......... 167 [no] aaa authentication default member1 [member2] [member3] [member4] ... 168 [no] aaa authentication profile-name member1 [member2] [member3] [member4] ..
Page 256 List of Commands [no] block-ack ..............91 [no] bwm activate ..............66 [no] client-identifier mac_address ..........53 [no] client-name host_name ............53 [no] clock daylight-saving ............184 [no] clock saving-interval begin {apr|aug|dec|feb|jan|jul|jun|mar|may|nov|oct|sep} {1|2|3|4|last} {fri|mon|sat|sun|thu|tue|wed} hh:mm end {apr|aug|dec|feb|jan|jul|jun|mar|may|nov|oct|sep} {1|2|3|4|last} {fri|mon|sat|sun|thu|tue|wed} hh:mm offset .......
Page 257 List of Commands [no] groupname groupname ............145 [no] groupname groupname ............145 [no] guest-account user_name ............ 131 [no] hardware-address mac_address ..........52 [no] hardware-watchdog-timer <4..37> ..........245 [no] host ip ..............52 [no] hostname ............183 [no] htprotect ..............91 [no] interface {interface_name | EnterpriseWLAN} .........
Page 258 List of Commands [no] load-balancing kickout ............81 [no] log [alert] ..............138 [no] logging console ............224 [no] logging console category module_name ........224 [no] logging debug suppression ..........221 [no] logging debug suppression interval <10..600> ....... 221 [no] logging mail <1..2> ............222 [no] logging mail <1..2>...
Page 259 List of Commands [no] second-dns-server {ip | interface_name {1st-dns | 2nd-dns | 3rd-dns} | EnterpriseW- LAN} ..............54 [no] second-wins-server ip ............54 [no] secret secret .............. 171 [no] self-assisted-message message ..........131 [no] self-assisted-vlan vlan_iface ..........131 [no] server acct-address radius_server acct-port port ......165 [no] server acct-interim activate ..........
Page 260 List of Commands [no] snmp-server community community_string {ro|rw} ......195 [no] snmp-server contact description ..........195 [no] snmp-server enable {informs|traps} ......... 195 [no] snmp-server host {fqdn | ipv4_address} [community_string] ....195 [no] snmp-server location description ........... 195 [no] snmp-server port <1..65535> ..........195 [no] snmp-server v3user username username authentication {md5|sha} privacy {aes|des|none} privilege {ro|rw} .........
Page 261 List of Commands [no] wtp-logging console ............225 [no] wtp-logging console category module_name level pri ......225 [no] wtp-logging debug suppression ..........225 [no] wtp-logging debug suppression interval <10..600> ......225 [no] wtp-logging mail mail_range category module_name level {alert | all} ..225 [no] wtp-logging syslog syslog_range category module_name disable ....
Page 262 List of Commands word password ca ca_name url url; ........178 ca enroll scep name certificate_name ....cn-type {ip cn cn_address|fqdn cn cn_domain_name|mail cn cn_email} [ou organizational_unit] [o organization] [c country] [usr-def certificate_name] key-type {rsa|dsa} key-len key_length pass- word password ca ca_name url url .........
Page 263 List of Commands daily-report [no] daily-report reset-counter ........230 daily-report [no] item av-report ..........230 daily-report [no] item idp-report ..........230 daily-report [no] item port-usage ..........230 daily-report [no] item session-usage ..........230 daily-report [no] item station-count ..........230 daily-report [no] item traffic-report ........... 230 daily-report [no] item wtp-rx ...........
Page 264 List of Commands diag-info collect ............... 235 diag-info copy usb-storage ............235 dir ................32 dir {/cert | /conf | /idp | /packet_trace | /script | /tmp} ..... 205 disable ................32 downstream <0..1048576> ............62 dscp-marking <0..63> ............. 66 dscp-marking class {default | dscp_class} ........
Page 265 List of Commands firewall zone_object {zone_object|EnterpriseWLAN} append ......137 firewall zone_object {zone_object|EnterpriseWLAN} delete rule_number .... 137 firewall zone_object {zone_object|EnterpriseWLAN} flush ......137 firewall zone_object {zone_object|EnterpriseWLAN} insert rule_number .... 137 firewall zone_object {zone_object|EnterpriseWLAN} move rule_number to rule_number 137 firewall zone_object {zone_object|EnterpriseWLAN} rule_number ....136 firmware-update-schedule activate ..........
Page 266 List of Commands join ..........62 language ....198 lan_port {activate | inactivate} pvid <1..4094> ........76 lan-provision ap ap_mac ............76 lan-provision lan_port {activate | inactivate} pvid <1..4094> ....75 lan-provision vlan_interface {activate | inactivate} vid <1..4094> join lan_port {tag | untag} [lan_port {tag | untag}] [lan_port {tag | untag}] ....
Page 267 List of Commands no dynamic-guest expired-account deleted ........116 no dynamic-guest username ............116 no enc-agent acs password ............174 no enc-agent acs username ............174 no enc-agent authentication ............. 174 no enc-agent manager ............174 no enc-agent password ............174 no enc-agent periodic-inform ............
Page 268 List of Commands policy default-route ............. 67 policy delete policy_number ............67 policy flush ..............67 policy list table ..............67 policy move policy_number to policy_number ........67 port status Port<1..x> ............58 proto-type {icmp | igmp | igrp | pim | ah | esp | vrrp | udp | tcp | any} ..240 psk psk .................
Page 269 List of Commands setenv-startup stop-on-error off ..........206 show ................129 show ................145 show ................32 show ................52 show aaa authentication {group-name|default} ........167 show aaa group server ad group-name ..........162 show aaa group server ldap group-name ........... 163 show aaa group server radius group-name .........
Page 270 List of Commands show connlimit max-per-host ............. 137 show console ..............185 show corefile copy usb-storage ........... 60 show country-code list ............77 show cpu status ..............37 show daily-report status ............229 show default country-code ............77 show device-register status ............42 show dhcp6 interface ............
Page 271 List of Commands show led status ..............37 show led_locator ap_mac_address status .......... 120 show led_suppress ap_mac_address status ......... 119 show lockout-users .............. 148 show logging debug entries [priority pri] [category module_name] [srcip ip] [dstip ip] [service service_name] [begin <1..1024> end <1..1024>] [keyword keyword] .
Page 272 List of Commands show reference object-group username [username] ........35 show report [interface_name {ip | service | url}] ....... 227 show report status .............. 227 show rogue-ap containment config ..........108 show rogue-ap containment list ..........108 show rogue-ap detection info ............ 106 show rogue-ap detection list {rogue | friendly| all} ......
Page 273 List of Commands show wlan-radio-profile {all | radio_profile_name} ....... 88 show wlan-security-profile {all | security_profile_name} ......96 show wlan-ssid-profile {all | ssid_profile_name} ......... 94 show wtp-logging dbg-result-status ..........225 show wtp-logging debug entries [priority pri] [category module_name] [srcip ipv4] [dstip ipv4] [service service] [srciface config_interface] [dstiface config_interface] [protocol log_proto_accept ] [begin <1..512>...
Page 274 List of Commands trigger move <1..8> to <1..8> ............ 67 tx-mask chain_mask ............... 92 type {external | internal} ............128 type {internal|external|general} ..........58 unlock lockout-users ip | console ..........148 upstream <0..1048576> ............62 usb-storage mount ..............60 usb-storage umount ............... 60 usb-storage warn number ...
Page 275 List of Commands wlan-radio-profile rename radio_profile_name1 radio_profile_name2 ....88 wlan-security-profile rename security_profile_name1 security_profile_name2 ..96 wlan-ssid-profile rename ssid_profile_name1 ssid_profile_name2 ....94 write ................206 write ................32 zone profile_name ............... 122 zymesh-profile rename zymesh_profile_name1 zymesh_profile_name2 ....102 NXC CLI Reference Guide...

ZyXEL Communications NXC Series Cli Reference Manual

Contents Overview

Table of Contents

Chapter 1 Command Line Interface

Chapter 2 User and Privilege Modes

Chapter 3 Object Reference

Chapter 4 Status

Chapter 5 Registration

Chapter 6 Interfaces

Chapter 7 Route

Chapter 8 AP Management

Chapter 9 AP Group

Chapter 10 Wireless LAN Profiles

Chapter 11 Rogue AP

Chapter 12 Wireless Frame Capture

Chapter 13 Dynamic Channel Selection

Chapter 14 Auto-Healing

Chapter 15 Dynamic Guest

Chapter 16 Leds

Chapter 17 Zones

Chapter 18 ALG

Chapter 19 Captive Portal

Chapter 20 RTLS

Chapter 21 Firewall

Chapter 22 User/Group

Chapter 23 Addresses

Chapter 24 Services

Chapter 25 Schedules

Chapter 26 AAA Server

Chapter 27 Authentication Objects

Chapter 28 Authentication Server

Chapter 29 ENC

Chapter 30 Certificates

Chapter 31 System

Chapter 32 System Remote Management

Chapter 33 Dhcpv6 Objects

Chapter 34 File Manager

Chapter 35 Logs

Chapter 36 Reports and Reboot

Chapter 37 Session Timeout

Chapter 38 Diagnostics

Quick Links

Related Manuals for ZyXEL Communications NXC Series

Summary of Contents for ZyXEL Communications NXC Series