Preface
- Text Conventions
- Providing Feedback to Us
- Getting Help
- Related Publications
About This Guide
- Who Should Use This Guide
- How to Use This Guide
Introduction to the CLI
- CLI Wizard
- CLI Structure
- Account Types
Common Commands
- apply
- end
- exit
- help
- logout
- no
- show
root Commands
- audit
- availability
  - pair
  - pairip
  - pairrole
  - fast_failover
  - link_timeout
  - sync-config
  - sync-mu
- backup
- no backup
- copy
- host-attributes
  - hostname
  - domain
  - dns
    - dns
    - move
- export
- no export
- flash
- no flash
- healthpoll
- import
- key
  - activate
  - ecap
- lanset
- loglevel
- ping
- radtest
- radtest_mba
- reset
- restart
- restore
- secureconnection
  - secret
  - weak-ciphers
- show
  - show ac version
  - show active-user
  - show ap (AP Configuration)
  - show ap_certificate
  - show ap_certreq
  - show ap_inventory
  - show app (Application Group)
  - show apup
  - show audits
  - show availability
  - show backup
  - show cdrs
  - show clients apserial
  - show clients vns
  - show run-config
  - show dns
  - show export
  - show flash
  - show healthpoll
  - show import
  - show import_status
  - show key
  - show l2ports
  - show lanset
  - show log
  - show loglevel
  - show ospf
  - show policy
  - show report channel_inspector
  - show role
  - show report
  - show restore
  - show routes
  - show schedule_ backup
  - show schedule_upgrade
  - show snmp
  - show stats
  - show syslog
  - show system_state
  - show tech_support
  - show time
  - show time-config
  - show topology
  - show traffic_capture
  - show upgrade
  - show upgrade_backup_dest
  - show upgrade_history
  - show upgrade_image_src
  - show users
  - show vnsmode
  - show vnsmode radius
  - show web
  - show wlans
- shutdown
- tech_support
- traceroute
- upgrade ac
- upgrade apup
- upgrade_backup_dest
- upgrade_image_src
ap Commands
- ap Context
  - access
  - blacklist
  - defaults
    - ap37xx
    - ap38xx
    - ap3801
    - 3912FCC and 3912ROW
    - 3935FCC
    - 3935ROW
    - 3965FCC
    - 3965ROW
    - assign
      - wlans-list
      - wlan-foreign-ap
    - learnac
    - move
  - load-groups
  - lpm-override
  - maintenance
    - upgrd
  - registration
  - remove
  - search
  - serial
  - <serial>
    - 802_1x
      - eap
      - gen_certreq
      - peap
    - aclist
    - ap_env
    - apip
    - balanced-power
    - bcast_disassoc
    - bgway
    - client_session
    - country
    - desc
    - ipmcast-assembly
    - lacp
    - lbs-status
    - led-mode
    - lldp
    - location
    - move
    - name
    - persistent
    - poll_timeout
    - port-setting
    - professional_antenna
      - leftantenna-radio1
      - leftantenna-radio2
      - middleantenna-radio1
      - middleantenna-radio2
      - rightantenna-radio1
      - rightantenna-radio2
      - 3935e ports
      - show- antennas
    - radio1
    - radio2
    - real_capture
    - secure-tunnel
    - secure-tunnel-lifetime
    - show
    - ssh
    - tunnel-mtu
    - usedhcp
    - vlanid
    - wlan
    - zone
- Radio Commands
  - admin-mode
  - antsel
  - atpc
  - att
  - beaconp
  - ch
  - dcs
  - domain
  - dtim
  - force-disassociate
  - frag
  - ldpc
  - max-distance
  - mcast-adaptable
  - mcast2ucast
  - minbrate
  - mode
  - n_addba_support
  - n_aggr_mpdu
  - n_aggr_mpdu_max
  - n_aggr_mpdu_max_subframes
  - n_aggr_msdu
  - n_chlwidth
  - n_guardinterval
  - n_pbthreshold
  - n_pmode
  - n_ptype
  - nonUnicastQuota
  - optimized-mcast
  - pmode
  - prate
  - preamble
  - probe-suppression
  - ptype
  - radio-actions
  - rss-threshold
  - rts
  - stbc
  - tx_adjust_power
  - txbf
  - tx_max_power
  - tx_min_power
- DCS Commands
- logs Context
- maintain_cycle Context
  - duration
  - platform
  - freq
l2ports Commands
- esaN
- jumbo-frames
- portN
  - port
- show
- <named-LAG-port>
  - lag-member
  - port
ip Commands
- route
- ospf
login Commands
- apply
- auth
  - server
  - primary
  - authset
  - move
  - radtest_login
- auth-order
- move
- show
Radar Commands
- mitigator Context
  - analysis
  - scprof
  - gsprof
  - maintenance
- Common Scan/Profile Commands
  - adhoc
  - aplist
  - blacklist-timer
  - channels
  - classification
  - concurrent-number
  - dosa
  - drop-faf
  - external-friendly
  - external-honeypot
  - internal-honeypot
  - name
  - port
  - rogue
  - rogue-prevent
  - security-scan
  - spoofed-ap
  - show
mobility Commands
- backupmanagerip
- mrole
- mport
- mheartbeat
- slpreg
- agent
- secmode
- mdismethod
- mmanagerip
schedule_backup Commands
- destination
- dir
- freq
- password
- protocol
- server
- starttime
- type
- user
schedule_upgrade Commands
- schld_upgrd
- upgrade_backup
snmp Commands
- contact
- context
- enable
- engine-id
- location
- port
- publish-ap
- rcommunity
- rwcommunity
- severity
- show
- trap-manager-v1v2
- trap-manager-v3
- user
syslog Commands
- audmsg
- facility
- stationevents
- svcmsg
- syslogip
time Commands
- clock
- date
- ntp
- ntpip
- show-continents
- show-regions
- tz
traffic_capture Commands
- file_name
- size
- interface
- delete
- list
- start
- stop
- show
- show interfaces
users Commands
- id
- pwd
VNS Commands (vnsmode)
- adminctr
- create
- custom-app
  - custom-app-list
- das
  - port
  - replay_interval
- default-role
  - show
  - sync
  - topology-name
  - acfilters
  - apfilters
- delete
- nac
  - create
  - delete
  - show
- netflow-mirror
- radius
- rateprofile
  - create
  - delete
  - show
- redirection-url-list
- <named-VNS>
  - auth
  - non-auth
  - name
  - status
  - sync
  - wlans-name
  - show
- Common Filter Configuration Commands
  - create
  - config
  - delete
  - move
wlans Commands
- clients
  - client
  - descr
  - enable
  - endofday
  - export_clients
  - import_clients
  - startofday
- create
- delete
- remote-ssid
- show
- <WLAN-service-name>
- hotspot
role Commands
- role Context
- create
- delete
- show
- <named-role>
  - access-control
  - default-cos
  - egress-vlans
  - name
  - filter-status
  - sync
  - ulfilterap
  - apcustom
  - acfilters
  - apfilters
  - show
  - traffic-mirror
  - redirection-url
- Common Filter Configuration Commands
  - create
  - config
  - delete
  - move
topology Commands
- create
- delete
- internal-vlanid
- multicast-support
- show
- <named-topology>
  - 3rd-party
  - l2
    - arp-proxy
    - multicast
      - config
      - create
      - delete
      - filter
      - move
      - show
    - port
    - show
    - tagged
    - vlanid
  - l3
    - ap-register
    - cert
    - copy-csr
    - dhcp
      - dhcp-servers
      - dls
      - dls-address
      - dns
      - domain
      - exclude
      - foreign-gateway
      - foreign-range
      - gateway
      - lease-default
      - lease-max
      - mode
      - range
      - show
      - wins
    - exceptions
      - config
      - create
      - delete
      - move
      - show
    - foreign-ip
    - gateway
    - gateway-ipv6
    - gen-certreq
    - ip
    - ipv6
    - mgmt
    - mtu
    - netmask
    - nexthop
    - ospf-advert
    - ospf-cost
    - show
  - l3presence
  - mode
  - name
  - show
  - strict-subnet
  - sync
- topology-group
  - create
  - delete
  - show
  - <topology-group-name>
    - members
    - name
    - show
    - vlanid
Location-Based-Service (lbs) Commands
- multicast
- port
- service
- server-ip
- show
- Related commands
  - lbs-status
  - show
web Commands
- guestportal-admin-timeout
- timeout
- showvns
- show
cos Commands
- create
- delete
- show
- <named-cos>
  - show
  - name
  - sync
  - use-wlan-marking
  - priority
  - tos-dscp-mask
  - rateprf-in
  - rateprf-out
  - transmit-queue
site Commands
- create
- delete
- show site
- <named-site>
RF Location Commands
- location-engine
- default-height
- auto-tracking
- default-env-mode
- floor-plan
  - export
  - import
  - delete
- on-demand
- publish
- show
- area-tracking
Publish Commands
- push
- interval
- unit
- push-list
- push-client-reporting

access-control

Use the access-control command to configure access to APs and/or controllers assigned this role. The access-control command is accessible from within the role:<named-role> context.

Parameters

none	Specifies no access allowed.
no-change	Specifies no change to current access status (keep using previous role/filter).
allow	Specifies access allowed.
deny	Specifies access denied.
new	Specifies new.
`containment vlan-id`	Specifies a containment VLAN access, by the VLAN ID.
redirect	Specifies redirection based on policy rules.

Usage

If the access-control command is set to no-change, any filters that exist in the previous role are applied to this station. For example, if the previous role is the default-role, default-role filters are applied to this station.

The show named-role command, within the role context, and the show command, within a role:<named-role> context, specify the current role-status command setting with the line “Do not change role settings when this Role is applied:”.

Examples

The following example enables access to AC and AP filter configuration within the p1 <named-role> context:

EWC.extremenetworks.com:role:p1# access-control no-change
EWC.extremenetworks.com:role:p1# apply
EWC.extremenetworks.com:role:p1# show
Assigned topology: Seg1_Routed
Ingress rate profile: no change
Egress rate profile: no change
Do not change role settings when this Role is applied: enable
Name: Auth
Synchronize: disable

Published December 2016prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback