User ManualTable of ContentsNortel WLAN—Security Switch 2300 Series Configuration Guide1Contents9How to get help37Introducing the Nortel WLAN 2300 system39Nortel WLAN 2300 system39Documentation40Safety and advisory notices41Nortel manuals use the following text and syntax conventions:41Using the command-line interface43CLI conventions43Command prompts44Syntax notation45Text entry conventions and allowed characters46MAC address notation46IP address and mask notation46User wildcards, MAC address wildcards, and VLAN wildcards47User wildcards47MAC address wildcards47VLAN wildcards48Matching order for wildcards48Port lists49Virtual LAN identification50Command-line editing51Keyboard shortcuts51History buffer51Tabs51Single-asterisk (*) wildcard character52Double-asterisk (**) wildcard characters52Using CLI help52Understanding command descriptions53WSS setup methods55Overview56Quick starts57WLAN Management Software58CLI59Web View60How a WSS gets its configuration61Web Quick Start (2350 and 2360/2361)62Web Quick Start parameters63Web Quick Start requirements64Accessing the Web Quick Start65CLI quickstart command67Quickstart example69Remote WSS configuration71Opening the QuickStart network plan in WLAN Management Software72Configuring Web-based AAA for administrative and local access73Overview of Web-based AAA for administrative and local access73Before you start75About Administrative Access75Access modes76Types of Administrative Access77First-time configuration via the console77Enabling an administrator78Setting the WSS enable password79Setting the WSS enable password for the first time79WMS enable password80Authenticating at the console81Customizing Web-based AAA with “wildcards” and groups82Setting user passwords83Adding and clearing local users for Administrative Access84Configuring accounting for administrative users84Displaying the Web-based AAA configuration85Saving the configuration85Administrative Web-based AAA configuration scenarios86Local authentication87Local authentication for console users and RADIUS authentication for Telnet users88Local override and backup local authentication89Authentication when RADIUS servers do not respond90Managing User Passwords91Passwords Overview91Configuring Passwords92Setting passwords for local users93Enabling password restrictions94Setting the maximum number of login attempts95Specifying minimum password length96Configuring password expiration time97Restoring access to a locked-out user98Displaying Password Information99Configuring and managing ports and VLANs101Configuring and managing ports101Setting the port type102Setting a port for a directly connected AP103Configuring for a AP104Setting a port for a wired authentication user105Clearing a port106Clearing a AP107Configuring a port name108Setting a port name108Removing a port name108Configuring media type on a dual-interface gigabit ethernet port (2380 only)109Configuring port operating parameters11010/100 Ports—autonegotiation and port speed110Gigabit Ports—autonegotiation and flow control111Disabling a port111Disabling power over ethernet111Resetting a port112Displaying port information113Displaying port configuration and status113Displaying PoE state113Displaying port statistics114Clearing statistics counters114Monitoring port statistics114Configuring load-sharing port groups117Load sharing117Link redundancy117Configuring a port group117Removing a port group118Displaying port group information118Interoperating with Cisco Systems EtherChannel118Configuring and managing VLANs119Understanding VLANs in Nortel WSS software120VLANs, IP subnets, and IP addressing120Users and VLANs120VLAN names121Roaming and VLANs121Traffic forwarding121802.1Q tagging122Tunnel affinity122Configuring a VLAN123Creating a VLAN123Adding ports to a VLAN123Removing an entire VLAN or a VLAN port124Changing tunneling affinity126Restricting layer 2 forwarding among clients127Displaying VLAN information129Managing the layer 2 forwarding database130Types of forwarding database entries131How entries enter the forwarding database132Displaying forwarding database information133Displaying the size of the forwarding database133Displaying forwarding database entries133Adding an entry to the forwarding database135Removing entries from the forwarding database136Configuring the aging timeout period137Displaying the aging timeout period137Changing the aging timeout period137Port and VLAN configuration scenario137Configuring and managing IP interfaces and services145MTU support146Configuring and managing IP interfaces147Adding an IP interface148Statically configuring an IP interface148Enabling the DHCP client148Disabling or reenabling an IP interface151Removing an IP interface152Displaying IP interface information153Configuring the system IP address153Designating the system IP address154Displaying the system IP address155Clearing the system IP address156Configuring and managing IP routes156Displaying IP routes157Adding a static route159Removing a static route160Managing the management services160Managing SSH161Login timeouts161Enabling SSH161Adding an SSH user162Changing the SSH service port number162Managing SSH server sessions162Managing Telnet164Telnet login timers164Enabling Telnet164Adding a Telnet user164Displaying Telnet status164Changing the Telnet service port number165Resetting the Telnet service port number to its default165Managing Telnet server sessions165Managing HTTPS166Enabling HTTPS166Displaying HTTPS information166Changing the idle timeout for CLI management sessions167Configuring and managing DNS167Enabling or disabling the DNS client168Configuring DNS servers169Adding a DNS server169Removing a DNS server169Configuring a default domain name170Adding the default domain name170Removing the default domain name170Displaying DNS server information171Configuring and managing aliases171Adding an alias172Removing an alias173Displaying aliases174Configuring and managing time parameters174Setting the time zone176Displaying the time zone176Clearing the time zone176Configuring the summertime period177Displaying the summertime period177Clearing the summertime period177Statically configuring the system time and date178Displaying the time and date179Configuring and managing NTP180Adding an NTP server181Removing an NTP server182Changing the NTP update interval183Resetting the update interval to the default184Enabling the NTP client185Displaying NTP information186Managing the ARP table186Displaying ARP table entries187Adding an ARP entry188Changing the aging timeout189Pinging another device189Logging in to a remote device190Tracing a route191IP interfaces and services configuration scenario191Configuring SNMP195Overview195Configuring SNMP195Setting the system location and contact strings196Enabling SNMP versions197Configuring community strings (SNMPv1 and SNMPv2c only)198Creating a USM user for SNMPv3199Command examples200Setting SNMP security201Configuring a notification profile202Command examples203Configuring a notification target205Command examples206Enabling the SNMP service207Displaying SNMP information207Displaying SNMP version and status information208Displaying the configured SNMP community strings209Displaying USM settings210Displaying notification profiles211Displaying notification targets212Displaying SNMP statistics counters213Configuring and managing Mobility Domain roaming215About the Mobility Domain feature215Smart Mobile Virtual Controller Cluster216Configuring a Mobility Domain216Configuring the seed217Configuring member WSSs on the seed217Configuring a member218Configuring mobility domain seed redundancy218Displaying Mobility Domain status220Displaying the Mobility Domain configuration220Clearing a Mobility Domain from a WSS220Clearing a Mobility Domain member from a seed221Smart Mobile Virtual Controller Cluster configuration221Virtual Controller Cluster configuration terminology221Centralized configuration using Virtual Controller Cluster Mode221Autodistribution of APs on the Virtual Controller Cluster222“Hitless” failover with Virtual Controller Cluster configuration222Configuring Smart Mobile Cluster on a Mobility Domain222Virtual Controller Cluster Configuration Parameters223Configuring secure WSS to WSS communications223Monitoring the VLANs and tunnels in a Mobility Domain226Displaying roaming stations226Displaying roaming VLANs and their affinities227Displaying tunnel information227Understanding the sessions of roaming users227Requirements for roaming to succeed228Effects of timers on roaming229Monitoring roaming sessions229Mobility Domain scenario230Configuring network domains233About the network domain feature233Network domain seed affinity236Configuring a network domain237Configuring network domain seeds238Specifying network domain seed peers239Configuring network domain members240Displaying network domain information241Clearing network domain configuration from a WSS242Clearing a network domain seed from a WSS243Clearing a network domain peer from a network domain seed244Clearing network domain seed or member configuration from a WSS245Network domain scenario245Configuring RF load balancing for APs249RF load balancing overview249Configuring RF load balancing249Disabling or re-enabling RF load balancing251Assigning radios to load balancing groups252Specifying band preference for RF load balancing253Setting strictness for RF load balancing254Exempting an SSID from RF load balancing255Displaying RF load balancing information255Configuring APs257AP overview257Country of operation259Directly connected APs and distributed APs260Distributed AP network requirements260Distributed APs and STP261Distributed APs and DHCP option 43261AP parameters262Resiliency and dual-homing options for APs263Boot process for distributed APs268Establishing connectivity on the network268Contacting a WSS269Loading and activating an operational image271Obtaining configuration information from the WSS272AP boot examples272Session load balancing278Service profiles280Public and private SSIDs284Encryption284Radio profiles285Auto-RF286Default radio profile286Radio-specific parameters287Configuring global AP parameters288Specifying the country of operation289Configuring an auto-AP profile for automatic AP configuration291How an unconfigured AP finds a WSS to configure it291Configured APs have precedence over unconfigured APs292Configuring an auto-AP profile292Configuring AP port parameters296Setting the port type for a directly connected AP296Configuring an indirectly connected AP298Configuring static IP addresses on distributed APs298Clearing an AP from the configuration299Changing AP names300Changing bias300Configuring a load-balancing group300Disabling or reenabling automatic firmware upgrades301Forcing an AP to download its operational image from the WSS301Enabling LED blink mode301Configuring AP-WSS security302Encryption key fingerprint302Encryption options302Verifying an AP’s fingerprint on a WSS303Setting the AP security requirement on a WSS304Fingerprint log message305MP-432 and 802.11n configuration305PoE Requirements306Configuring a service profile306Creating a service profile306Removing a service profile307Changing a service profile setting307Disabling or reenabling encryption for an SSID307Disabling or reenabling beaconing of an SSID307Changing the fallthru authentication type307Changing transmit rates308Enforcing the Data Rates309Disabling idle-client probing310Changing the user idle timeout310Changing the short retry threshold310Changing the long retry threshold311Configuring a radio profile312Creating a new profile312Changing radio parameters312Resetting a radio profile parameter to its default value315Removing a radio profile316Configuring radio-specific parameters317Configuring the channel and transmit power317Configuring the external antenna model317External antenna selector guides for the AP-2330, AP-2330A, AP-2330B and Series 2332 APs320Antenna selection decision trees333Specifying the external antenna model335Mapping the radio profile to service profiles336Assigning a radio profile and enabling radios337Disabling or reenabling radios337Enabling or disabling individual radios338Disabling or reenabling all radios using a profile339Resetting a radio to its factory default settings340Restarting an AP341Displaying AP information341Displaying AP configuration information342Displaying connection information for APs343Displaying a list of APs that are not configured344Displaying active connection information for APs345Displaying service profile information346Displaying radio profile information347Displaying AP status information348Displaying static IP address information for APs349Displaying AP statistics counters350Configuring WLAN mesh services353WLAN mesh services overview353Configuring WLAN mesh services355Configuring the Mesh AP355Configuring the Service Profile for Mesh Services356Configuring Security356Enabling Link Calibration Packets on the Mesh Portal AP357Deploying the Mesh AP357Configuring Wireless Bridging357Displaying WLAN Mesh Services Information358Configuring user encryption361Configuring WPA364WPA cipher suites365TKIP countermeasures368WPA authentication methods369WPA information element370Client support371Configuring WPA373Creating a service profile for WPA373Enabling WPA373Specifying the WPA cipher suites373Changing the TKIP countermeasures timer value374Enabling PSK authentication374Displaying WPA settings375Assigning the service profile to radios and enabling the radios376Configuring RSN (802.11i)377Creating a service profile for RSN377Enabling RSN377Specifying the RSN cipher suites378Changing the TKIP countermeasures timer value378Enabling PSK authentication378Displaying RSN settings379Assigning the service profile to radios and enabling the radios379Configuring WEP379Setting static WEP key values381Assigning static WEP keys382Encryption configuration scenarios382Enabling WPA with TKIP383Enabling dynamic WEP in a WPA network385Configuring encryption for MAC clients387Configuring Auto-RF391Auto-RF overview391Initial channel and power assignment392How channels are selected392Channel and power tuning393Power tuning393Channel tuning393Tuning the transmit data rate394Auto-RF parameters395Changing Auto-RF settings396Changing channel tuning settings396Disabling or reenabling channel tuning396Changing the channel tuning interval396Changing the channel holddown interval397Changing power tuning settings398Enabling power tuning398Changing the power tuning interval398Changing the maximum default power allowed on a radio398Locking down tuned settings398Displaying Auto-RF information399Displaying Auto-RF settings400Displaying RF neighbors401Displaying RF attributes402Configuring APs to be AeroScout listeners403Configuring AP radios to listen for AeroScout RFID tags403Locating an RFID tag404Using an AeroScout engine405Using WMS406AirDefense integration with the Nortel WLAN 2300 system407About AirDefense integration407Converting an AP into an AirDefense sensor408Copying the AirDefense sensor software to the WSS410Loading the AirDefense sensor software on the AP411How a converted AP obtains an IP address411Specifying the AirDefense server412Converting an AirDefense sensor back to an AP413Clearing the AirDefense sensor software from the AP’s configuration414Configuring quality of service415About QoS415Summary of QoS features416End-to-End QoS420QoS Mapping420QoS mode422WMM QoS mode422Bandwidth Management for QoS431SVP QoS mode431U-APSD support432Call admission control432Broadcast control433Static CoS433Overriding CoS433Changing QoS settings433Changing the QoS mode434Enabling U-APSD support434Configuring call admission control434Enabling CAC434Changing the maximum number of active sessions435Configuring static CoS435Changing CoS mappings435Using the client DSCP value to classify QoS level436Enabling broadcast control436Displaying QoS information436Displaying a radio profile’s QoS settings437Displaying a service profile’s QoS settings437Displaying CoS mappings438Displaying the default CoS mappings438Displaying a DSCP-to-CoS mapping438Displaying a CoS-to-DSCP mapping439Displaying the DSCP table439Displaying AP forwarding queue statistics440Configuring and managing spanning tree protocol441Enabling the spanning tree protocol442Changing standard spanning tree parameters443Changing the bridge priority445Changing STP port parameters446Changing the STP port cost446Resetting the STP port cost to the default value446Changing the STP port priority447Resetting the STP port priority to the default value447Changing spanning tree timers448Changing the STP hello interval448Changing the STP forwarding delay448Changing the STP maximum age448Configuring and managing STP fast convergence features449Configuring port fast convergence451Displaying port fast convergence information452Configuring backbone fast convergence453Displaying the backbone fast convergence state454Configuring uplink fast convergence455Displaying uplink fast convergence information456Displaying spanning tree information456Displaying STP bridge and port information457Displaying the STP port cost on a VLAN basis458Displaying blocked STP ports459Displaying spanning tree statistics460Clearing STP statistics462Spanning tree configuration scenario462Configuring and managing IGMP snooping465Disabling or reenabling IGMP snooping465Disabling or reenabling proxy reporting465Enabling the pseudo-querier466Changing IGMP timers466Changing the query interval467Changing the other-querier-present interval468Changing the query response interval469Changing the last member query interval470Changing robustness471Enabling router solicitation471Changing the router solicitation interval472Configuring static multicast ports472Adding or removing a static multicast router port473Adding or removing a static multicast receiver port474Displaying multicast information474Displaying multicast configuration information and statistics475Displaying multicast statistics only476Clearing multicast statistics476Displaying multicast queriers477Displaying multicast routers478Displaying multicast receivers479Configuring and managing security ACLs481About security access control lists481Overview of security ACL commands482Security ACL filters483Order in which ACLs are applied to traffic484Traffic direction484Selection of user ACLs484Creating and committing a security ACL484Setting a source IP ACL485Wildcard masks486Class of Service486Setting an ICMP ACL488Setting TCP and UDP ACLs490Setting a TCP ACL490Setting a UDP ACL490Determining the ACE order492Committing a Security ACL493Viewing security ACL information494Viewing the edit buffer494Viewing committed security ACLs494Viewing security ACL details495Displaying security ACL hits495Clearing security ACLs496Mapping security ACLs496Mapping user-based security ACLs497Mapping security ACLs to ports, VLANs, virtual ports, or distributed APs499Displaying ACL maps to ports, VLANs, and virtual ports499Clearing a security ACL map499Modifying a security ACL500Adding another ACE to a security ACL501Placing one ACE before another502Modifying an existing security ACL503Clearing security ACLs from the edit buffer504Using ACLs to change CoS505Filtering based on DSCP values507Using the dscp option507Using the precedence and ToS options507Enabling prioritization for legacy voice over IP508General guidelines509Enabling VoIP support for TeleSym VoIP510Enabling SVP optimization for SpectraLink phones511Known limitations511Configuring a service profile for RSN (WPA2)511Configuring a service profile for WPA512Configuring a radio profile512Configuring a VLAN and AAA for voice clients513Configuring an ACL to prioritize voice traffic513Setting 802.11b/g radios to 802.11b (for Siemens SpectraLink VoIP phones only)514Disabling Auto-RF before upgrading a SpectraLink phone514Restricting client-to-client forwarding among IP-only clients515Security ACL configuration scenario516Managing keys and certificates517Why use keys and certificates?517Wireless security through TLS518PEAP-MS-CHAP-V2 security519About keys and certificates519Public key infrastructures521Public and private keys522Digital certificates523PKCS #7, PKCS #10, and PKCS #12 object files524Certificates automatically generated by WSS software524Creating keys and certificates525Choosing the appropriate certificate installation method for your network526Creating public-private key pairs528Generating self-signed certificates529Installing a key pair and certificate from a PKCS #12 object file530Creating a CSR and installing a certificate from a PKCS #7 object file531Installing a CA’s own certificate532Displaying certificate and key information532Key and certificate configuration scenarios533Creating self-signed certificates534Installing CA-signed certificates from PKCS #12 object files536Installing CA-signed certificates using a PKCS #10 object file (CSR) and a PKCS #7 object file538SSID name “Any”539Last-resort processing539User credential requirements540Configuring AAA for network users541About AAA for network users541Authentication542Authentication types542Authentication algorithm543Accounting548Summary of AAA features549AAA tools for network users549“Wildcards” and groups for network user classification550Wildcard “Any” for SSID matching550AAA methods for IEEE 802.1X and Web network access551AAA rollover process551Local override exception551Remote authentication with local backup552IEEE 802.1X Extensible Authentication Protocol types554Ways a WSS can use EAP555Effects of authentication type on encryption method556Configuring 802.1X authentication556Configuring 802.1X Acceleration557Using pass-through558Authenticating through a local database559Binding user authentication to machine authentication560Authentication rule requirements560Bonded Authentication period561Bonded Authentication configuration example562Displaying Bonded Authentication configuration information562Configuring authentication and authorization by MAC address563Adding and clearing MAC users and user groups locally564Adding MAC users and groups564Clearing MAC users and groups564Configuring MAC authentication and authorization565Changing the MAC authorization password for RADIUS566Configuring Web portal Web-based AAA566How Web portal Web-based AAA works568Display of the login page568Web-based AAA requirements and recommendations570WSS requirements570Network requirements573WSS recommendations573Client NIC recommendations573Client Web browser recommendations573Configuring Web portal Web-based AAA574Web portal Web-based AAA configuration example574External Captive Portal577Displaying session information for Web portal Web-based AAA users577Using a custom login page578Copying and modifying the Web login page579Custom login page scenario579Using dynamic fields in Web-based AAA redirect URLs582Using an ACL other than portalacl583Configuring the Web portal Web-based AAA session timeout period584Configuring the Web Portal Web-based AAA Logout Function585Configuring last-resort access585Configuring last-resort access for wired authentication ports588Configuring AAA for users of third-party APs588Authentication process for users of a third-party AP589Requirements590Third-party AP requirements590WSS requirements590RADIUS server requirements590Configuring authentication for 802.1X users of a third-party AP with tagged SSIDs591Configuring authentication for non-802.1X users of a third-party AP with tagged SSIDs593Configuring access for any users of a non-tagged SSID594Assigning authorization attributes594Assigning attributes to users and groups599Simultaneous login600Assigning SSID default attributes to a service profile601Assigning a security ACL to a user or a group602Assigning a security ACL locally602Assigning a security ACL on a RADIUS server603Clearing a security ACL from a user or group603Assigning encryption types to wireless users604Assigning and clearing encryption types locally604Assigning and clearing encryption types on a RADIUS server605Keeping users on the same VLAN even after roaming606Overriding or adding attributes locally with a location policy609About the location policy610How the location policy differs from a security ACL611Setting the location policy612Applying security ACLs in a location policy rule613Displaying and positioning location policy rules613Clearing location policy rules and disabling the location policy614Configuring accounting for wireless network users614Configuring periodic accounting update records616Enabling system accounting messages617Viewing local accounting records618Viewing roaming accounting records619Displaying the AAA configuration620Avoiding AAA problems in configuration order621Using the wildcard “Any” as the SSID name in authentication rules622Using authentication and accounting rules together623Configuration producing an incorrect processing order623Configuration for a correct processing order623Configuring a Mobility Profile624Network user configuration scenarios625General use of network user commands626Enabling RADIUS pass-through authentication628Enabling PEAP-MS-CHAP-V2 authentication629Enabling PEAP-MS-CHAP-V2 offload630Combining 802.1X Acceleration with pass-through authentication631Overriding AAA-assigned VLANs632SSID name “Any”546Last-resort processing546User credential requirements546Configuring communication with RADIUS633RADIUS overview633Before you begin635Configuring RADIUS servers635Configuring global RADIUS defaults636Setting the system IP address as the source address637Configuring individual RADIUS servers638Deleting RADIUS servers639Configuring RADIUS server groups639Creating server groups640Ordering server groups640Configuring load balancing640Adding members to a server group641Deleting a server group643Configuring the RADIUS Ping Utility643RADIUS and server group configuration scenario644Dynamic RADIUS645Configuration645MAC User range authentication646MAC authentication request format647Split authentication and authorization648Managing 802.1X on the WSS649Managing 802.1X on wired authentication ports649Enabling and disabling 802.1X globally650Setting 802.1X port control651Managing 802.1X encryption keys651Enabling 802.1X key transmission652Configuring 802.1X key transmission time intervals653Managing WEP keys654Configuring 802.1X WEP rekeying654Configuring the interval for WEP rekeying654Setting EAP retransmission attempts655Managing 802.1X client reauthentication655Enabling and disabling 802.1X reauthentication656Setting the maximum number of 802.1X reauthentication attempts657Setting the 802.1X reauthentication period658Setting the bonded authentication period659Managing other timers659Setting the 802.1X quiet period660Setting the 802.1X timeout for an authorization server661Setting the 802.1X timeout for a client662Displaying 802.1X information662Viewing 802.1X clients663Viewing the 802.1X configuration664Viewing 802.1X statistics665Configuring SODA endpoint security for a WSS667About SODA endpoint security667SODA endpoint security support on WSSs669How SODA functionality works on WSSs670Configuring SODA functionality670Configuring Web Portal Web-based AAA for the service profile672Creating the SODA agent with SODA manager673Copying the SODA agent to the WSS674Installing the SODA agent files on the WSS675Enabling SODA functionality for the service profile676Disabling enforcement of SODA agent checks677Specifying a SODA agent success page678Specifying a SODA agent failure page679Specifying a remediation ACL680Specifying a SODA agent logout page681Specifying an alternate SODA agent directory for a service profile682Uninstalling the SODA agent files from the WSS683Displaying SODA configuration information684Managing sessions685About the session manager685Displaying and clearing administrative sessions685Displaying and clearing all administrative sessions686Displaying and clearing an administrative console session687Displaying and clearing administrative Telnet sessions688Displaying and clearing client Telnet sessions689Displaying and clearing network sessions689Displaying verbose network session information691Displaying and clearing network sessions by username692Displaying and clearing network sessions by MAC address693Displaying and clearing network sessions by VLAN name694Displaying and clearing network sessions by session ID695Displaying and changing network session timers696Disabling keepalive probes698Changing or disabling the user idle timeout699Rogue detection and counter measures701About rogues and RF detection701Rogue access points and clients702Rogue classification702Rogue detection lists703RF detection scans705Dynamic Frequency Selection (DFS)705Countermeasures707Mobility Domain requirement708Summary of rogue detection features708Configuring rogue detection lists709Configuring a permitted vendor list710Configuring a permitted SSID list711Configuring a client black list712Configuring an attack list713Configuring an ignore list714Enabling countermeasures715Using on-demand countermeasures in a Mobility Domain716Disabling or reenabling Scheduled RF Scanning716Enabling AP signatures716Disabling or reenabling logging of rogues717Enabling rogue and countermeasures notifications717IDS and DoS alerts717Flood attacks718DoS attacks719Netstumbler and Wellenreiter applications720Wireless bridge721Ad-Hoc network722Weak WEP key used by client723Disallowed devices or SSIDs724Displaying statistics counters725IDS log message examples726Displaying RF detection information728Displaying rogue clients730Displaying rogue detection counters731Displaying SSID or BSSID information for a Mobility Domain732Displaying RF detect data734Displaying the APs detected by an AP radio735Displaying countermeasures information736Testing the RFPing737Managing system files739About system files739Displaying software version information740Displaying boot information742Working with files742Displaying a list of files743Copying a file745Using an image file’s MD5 checksum to verify its integrity747Deleting a file748Creating a subdirectory749Removing a subdirectory750Managing configuration files750Displaying the running configuration751Saving configuration changes753Specifying the configuration file to use after the next reboot754Loading a configuration file755Specifying a backup configuration file756Resetting to the factory default configuration757Backing up and restoring the system757Managing configuration changes759Backup and restore examples760Upgrading the system image760Preparing the WSS for the upgrade761Upgrading an individual switch using the CLI762Upgrade scenario762Command changes during upgrade764Appendix A: Troubleshooting a WSS765Fixing common WSS setup problems766Recovering the system when the enable password is lost7682382, 2380 or 2360/2361768Configuring and managing the system log769Log message components770Logging destinations and levels770Using log commands771Logging to the log buffer772Logging to the console773Logging messages to a syslog server773Setting Telnet session defaults774Changing the current Telnet session defaults774Logging to the trace buffer774Enabling mark messages774Saving trace messages in a file775Displaying the log configuration775Running traces776Using the trace command776Tracing authentication activity776Tracing session manager activity776Tracing authorization activity777Tracing 802.1X sessions777Displaying a trace777Stopping a trace777About trace results777Displaying trace results778Copying trace results to a server778Clearing the trace log780List of trace areas780Using show commands780Viewing VLAN interfaces780Viewing AAA session statistics780Viewing FDB information781Viewing ARP information781Port mirroring782Configuration requirements782Configuring port mirroring782Displaying the port mirroring configuration782Clearing the port mirroring configuration783Remotely monitoring traffic783How remote traffic monitoring works783All snooped traffic is sent in the clear783Best practices for remote traffic monitoring783Configuring a snoop filter784Displaying configured snoop filters785Editing a snoop filter785Deleting a snoop filter785Mapping a snoop filter to a radio786Displaying the snoop filters mapped to a radio786Displaying the snoop filter mappings for all radios786Removing snoop filter mappings786Enabling or disabling a snoop filter787Displaying remote traffic monitoring statistics787Preparing an observer and capturing traffic787Capturing system information and sending it to technical support788The show tech-support command789Core files789Debug messages790Sending information to NETS791Appendix B: Enabling and logging onto Web View793System requirements793Browser requirements793WSS requirements793Logging onto Web View794Appendix C: Supported RADIUS attributes795Supported standard and extended attributes795Nortel vendor-specific attributes799Appendix D: Traffic ports used by WSS software801Appendix E: DHCP server803How the WSS software DHCP server works804Configuring the DHCP server804Displaying DHCP server information805Appendix F: Glossary807Index829Command Index849Size: 6.2 MBPages: 858Language: EnglishOpen manual