Preface
- Text Conventions
- Providing Feedback to Us
- Getting Help
- Related Publications
About This Guide
- Who Should Use This Guide
- How to Use This Guide
Introduction to the CLI
- CLI Wizard
- CLI Structure
- Account Types
Common Commands
- apply
- end
- exit
- help
- logout
- no
- show
root Commands
- audit
- availability
  - pair
  - pairip
  - pairrole
  - fast_failover
  - link_timeout
  - sync-config
  - sync-mu
- backup
- no backup
- copy
- host-attributes
  - hostname
  - domain
  - dns
    - dns
    - move
- export
- no export
- flash
- no flash
- healthpoll
- import
- key
  - activate
  - ecap
- lanset
- loglevel
- ping
- radtest
- radtest_mba
- reset
- restart
- restore
- secureconnection
  - secret
  - weak-ciphers
- show
  - show ac version
  - show active-user
  - show ap (AP Configuration)
  - show ap_certificate
  - show ap_certreq
  - show ap_inventory
  - show app (Application Group)
  - show apup
  - show audits
  - show availability
  - show backup
  - show cdrs
  - show clients apserial
  - show clients vns
  - show run-config
  - show dns
  - show export
  - show flash
  - show healthpoll
  - show import
  - show import_status
  - show key
  - show l2ports
  - show lanset
  - show log
  - show loglevel
  - show ospf
  - show policy
  - show report channel_inspector
  - show role
  - show report
  - show restore
  - show routes
  - show schedule_ backup
  - show schedule_upgrade
  - show snmp
  - show stats
  - show syslog
  - show system_state
  - show tech_support
  - show time
  - show time-config
  - show topology
  - show traffic_capture
  - show upgrade
  - show upgrade_backup_dest
  - show upgrade_history
  - show upgrade_image_src
  - show users
  - show vnsmode
  - show vnsmode radius
  - show web
  - show wlans
- shutdown
- tech_support
- traceroute
- upgrade ac
- upgrade apup
- upgrade_backup_dest
- upgrade_image_src
ap Commands
- ap Context
  - access
  - blacklist
  - defaults
    - ap37xx
    - ap38xx
    - ap3801
    - 3912FCC and 3912ROW
    - 3935FCC
    - 3935ROW
    - 3965FCC
    - 3965ROW
    - assign
      - wlans-list
      - wlan-foreign-ap
    - learnac
    - move
  - load-groups
  - lpm-override
  - maintenance
    - upgrd
  - registration
  - remove
  - search
  - serial
  - <serial>
    - 802_1x
      - eap
      - gen_certreq
      - peap
    - aclist
    - ap_env
    - apip
    - balanced-power
    - bcast_disassoc
    - bgway
    - client_session
    - country
    - desc
    - ipmcast-assembly
    - lacp
    - lbs-status
    - led-mode
    - lldp
    - location
    - move
    - name
    - persistent
    - poll_timeout
    - port-setting
    - professional_antenna
      - leftantenna-radio1
      - leftantenna-radio2
      - middleantenna-radio1
      - middleantenna-radio2
      - rightantenna-radio1
      - rightantenna-radio2
      - 3935e ports
      - show- antennas
    - radio1
    - radio2
    - real_capture
    - secure-tunnel
    - secure-tunnel-lifetime
    - show
    - ssh
    - tunnel-mtu
    - usedhcp
    - vlanid
    - wlan
    - zone
- Radio Commands
  - admin-mode
  - antsel
  - atpc
  - att
  - beaconp
  - ch
  - dcs
  - domain
  - dtim
  - force-disassociate
  - frag
  - ldpc
  - max-distance
  - mcast-adaptable
  - mcast2ucast
  - minbrate
  - mode
  - n_addba_support
  - n_aggr_mpdu
  - n_aggr_mpdu_max
  - n_aggr_mpdu_max_subframes
  - n_aggr_msdu
  - n_chlwidth
  - n_guardinterval
  - n_pbthreshold
  - n_pmode
  - n_ptype
  - nonUnicastQuota
  - optimized-mcast
  - pmode
  - prate
  - preamble
  - probe-suppression
  - ptype
  - radio-actions
  - rss-threshold
  - rts
  - stbc
  - tx_adjust_power
  - txbf
  - tx_max_power
  - tx_min_power
- DCS Commands
- logs Context
- maintain_cycle Context
  - duration
  - platform
  - freq
l2ports Commands
- esaN
- jumbo-frames
- portN
  - port
- show
- <named-LAG-port>
  - lag-member
  - port
ip Commands
- route
- ospf
login Commands
- apply
- auth
  - server
  - primary
  - authset
  - move
  - radtest_login
- auth-order
- move
- show
Radar Commands
- mitigator Context
  - analysis
  - scprof
  - gsprof
  - maintenance
- Common Scan/Profile Commands
  - adhoc
  - aplist
  - blacklist-timer
  - channels
  - classification
  - concurrent-number
  - dosa
  - drop-faf
  - external-friendly
  - external-honeypot
  - internal-honeypot
  - name
  - port
  - rogue
  - rogue-prevent
  - security-scan
  - spoofed-ap
  - show
mobility Commands
- backupmanagerip
- mrole
- mport
- mheartbeat
- slpreg
- agent
- secmode
- mdismethod
- mmanagerip
schedule_backup Commands
- destination
- dir
- freq
- password
- protocol
- server
- starttime
- type
- user
schedule_upgrade Commands
- schld_upgrd
- upgrade_backup
snmp Commands
- contact
- context
- enable
- engine-id
- location
- port
- publish-ap
- rcommunity
- rwcommunity
- severity
- show
- trap-manager-v1v2
- trap-manager-v3
- user
syslog Commands
- audmsg
- facility
- stationevents
- svcmsg
- syslogip
time Commands
- clock
- date
- ntp
- ntpip
- show-continents
- show-regions
- tz
traffic_capture Commands
- file_name
- size
- interface
- delete
- list
- start
- stop
- show
- show interfaces
users Commands
- id
- pwd
VNS Commands (vnsmode)
- adminctr
- create
- custom-app
  - custom-app-list
- das
  - port
  - replay_interval
- default-role
  - show
  - sync
  - topology-name
  - acfilters
  - apfilters
- delete
- nac
  - create
  - delete
  - show
- netflow-mirror
- radius
- rateprofile
  - create
  - delete
  - show
- redirection-url-list
- <named-VNS>
  - auth
  - non-auth
  - name
  - status
  - sync
  - wlans-name
  - show
- Common Filter Configuration Commands
  - create
  - config
  - delete
  - move
wlans Commands
- clients
  - client
  - descr
  - enable
  - endofday
  - export_clients
  - import_clients
  - startofday
- create
- delete
- remote-ssid
- show
- <WLAN-service-name>
- hotspot
role Commands
- role Context
- create
- delete
- show
- <named-role>
  - access-control
  - default-cos
  - egress-vlans
  - name
  - filter-status
  - sync
  - ulfilterap
  - apcustom
  - acfilters
  - apfilters
  - show
  - traffic-mirror
  - redirection-url
- Common Filter Configuration Commands
  - create
  - config
  - delete
  - move
topology Commands
- create
- delete
- internal-vlanid
- multicast-support
- show
- <named-topology>
  - 3rd-party
  - l2
    - arp-proxy
    - multicast
      - config
      - create
      - delete
      - filter
      - move
      - show
    - port
    - show
    - tagged
    - vlanid
  - l3
    - ap-register
    - cert
    - copy-csr
    - dhcp
      - dhcp-servers
      - dls
      - dls-address
      - dns
      - domain
      - exclude
      - foreign-gateway
      - foreign-range
      - gateway
      - lease-default
      - lease-max
      - mode
      - range
      - show
      - wins
    - exceptions
      - config
      - create
      - delete
      - move
      - show
    - foreign-ip
    - gateway
    - gateway-ipv6
    - gen-certreq
    - ip
    - ipv6
    - mgmt
    - mtu
    - netmask
    - nexthop
    - ospf-advert
    - ospf-cost
    - show
  - l3presence
  - mode
  - name
  - show
  - strict-subnet
  - sync
- topology-group
  - create
  - delete
  - show
  - <topology-group-name>
    - members
    - name
    - show
    - vlanid
Location-Based-Service (lbs) Commands
- multicast
- port
- service
- server-ip
- show
- Related commands
  - lbs-status
  - show
web Commands
- guestportal-admin-timeout
- timeout
- showvns
- show
cos Commands
- create
- delete
- show
- <named-cos>
  - show
  - name
  - sync
  - use-wlan-marking
  - priority
  - tos-dscp-mask
  - rateprf-in
  - rateprf-out
  - transmit-queue
site Commands
- create
- delete
- show site
- <named-site>
RF Location Commands
- location-engine
- default-height
- auto-tracking
- default-env-mode
- floor-plan
  - export
  - import
  - delete
- on-demand
- publish
- show
- area-tracking
Publish Commands
- push
- interval
- unit
- push-list
- push-client-reporting

prohibited-ap

Use the prohibited-ap command to add, update, or remove an AP from prohibited status. APs are identified in this context by their BSSID (Basic Service Set ID), which is the same as their MAC address. The prohibited-ap command is accessible from the mitigator:maintenance context of the CLI.

After you run the prohibited-ap command, run the apply command to implement the change.

prohibited-ap (bssid [desc string] [category string]) | (bssid delete)

Parameters

`bssid`	The MAC address of the AP.
desc `string`	An optional alphanumeric character string describing the AP.
category `string`	The optional category defines the reason the AP is prohibited. Valid values are: prohibitedap, internalhoneypot, and externalhoneypot
delete	Removes the AP identified by the BSSID from prohibited AP status.

Example

The following example makes testap1 with BSSID: 11:11:22:22:33:33 prohibited due to the prohibitedap category:

EWC.extremenetworks.com:mitigator:maintenance# prohibited-ap 11:11:22:22:33:33 desc testap1 category prohibitedap
EWC.extremenetworks.com:mitigator:maintenance# apply

The following example removes the AP with BSSID: 11:11:22:22:33:33 from prohibited status:

EWC.extremenetworks.com:mitigator:maintenance# prohibited-ap 11:11:22:22:33:33 delete
EWC.extremenetworks.com:mitigator:maintenance# apply

Published December 2016prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback