WM Setup Guide 8.8 PDF

Quick Start Guide
Wireless Manager Virtual

Appliance
Arista Networks
www.arista.com
Headquarters Support Sales
5453 Great America Parkway
Santa Clara, CA 95054
USA
+1 408 547-5502 +1 408 547-5501
+1 408 547-5500
+1 866 476-0000 +1 866 497-0000
www.arista.com support-wifi@arista.com sales@arista.com
© Copyright 2019 Arista Networks, Inc. The information contained herein is subject to change without notice. Arista Networks
and the Arista logo are trademarks of Arista Networks, Inc in the United States and other countries. Other product or service
names may be trademarks or service marks of others.
ii Quick Start Guide: Wireless Manager Virtual Appliance

Contents
ABOUT THIS GUIDE 4
PRODUCT AND DOCUMENTATION UPDATES 4
ACCESSING THE SERVER INITIALIZATION AND SETUP WIZARD 5
SET UP THE SERVER DNS ENTRY 10
LAUNCHING THE WIRELESS MANAGER 10
ACTIVATING THE LICENSE 11
SERVER CONFIG SHELL COMMANDS 12
SERVER COMMANDS 12
CLUSTER COMMANDS 23
HIGH AVAILABILITY COMMANDS 24
DATABASE COMMANDS 26
NETWORK-RELATED COMMANDS 27
DEBUGGING COMMANDS 34
FIPS RELATED COMMANDS 34
MISCELLANEOUS COMMANDS 35
SET UP AND MANAGE SERVER CLUSTER 41
SET UP SERVER CLUSTER 41
ADD CHILD SERVER TO SERVER CLUSTER 42
DELETE CHILD SERVER FROM SERVER CLUSTER 43
DELETE SERVER CLUSTER 44
CHECK SERVER STATUS WITH RESPECT TO SERVER CLUSTER 44
CUSTOM SERVER TAG 46
SET SERVER TAG 46
VIEW SERVER TAG 46
CUSTOM PREFIX FOR FILENAMES 47
DEDICATED MANAGEMENT INTERFACE 49
SET MANAGEMENT INTERFACE 49
SERVER TROUBLESHOOTING 54
BACKUP AND RESTORE DATABASE 56
TYPES OF DATABASE BACKUP 56
© Arista Networks, 2019 2

BACK UP WIRELESS MANAGER DATABASE 57
RESTORE THE DATABASE ON WIRELESS MANAGER 61
CHECK DATABASE BACKUP SCHEDULE STATUS 62
APPENDIX A AP-SERVER MUTUAL AUTHENTICATION 64

About this Guide
This guide describes how to configure Wireless Manager (WM).
Important! Please read the EULA before configuring the Wireless Manager. Installing the server constitutes your
acceptance of the terms and conditions of the EULA mentioned above in this document.
Product and Documentation Updates

To receive important news on product updates, please visit our website at
https://www.arista.com/en/support/product-documentation.
We continuously enhance our product documentation based on customer feedback.

Accessing the Server Initialization and Setup Wizard
At the first boot of the server, log in using the following credentials:
Username: config
Passoword: config
: [8.x]
: [8 . x . x - xxx]
The Server Initialization and Setup Wizard is displayed.
This wizard helps you to map the Backspace key, change the configuration password, change the network settings,
and set the server ID of the server. You can retain the default values at each step by pressing Enter.
The wizard is displayed at the first boot or at every reboot if the server is not configured.
[8.x]
[8 . x . x - xxx]
[CentOS 6. 5]
Change Config Shell Password

As a best practice, Arista Networks recommends that you change the config shell password. The following figure
shows how to change the config shell password.

Change Network Settings
The network settings of the server specify its unique IP address on the network. Access points (APs) use this IP
address to identify the server. The default IP address assigned to the server is 192.168.1.246.
Important: Note down the network settings. If you forget the network settings, you can no longer access the server
over the network after it reboots.
To change the network settings, provide the following inputs.
• IP Address: Choose an IP address that is compatible with the network segment to which the server is
connected. The server must belong to the same subnet.
• Subnet Mask: Enter the mask of the network segment to which the server is connected.
• Gateway IP Address: Enter the IP address of the gateway for the subnet on which the server is connected.
Ethernet traffic from the subnet is forwarded to another network through the gateway.
• Primary DNS IP Address: Specify the IP address of the primary DNS server used by the server to resolve
DNS entries.
• Secondary DNS IP Address: Specify the IP address of the secondary (alternate) DNS server used by the
server to resolve DNS entries.
• Tertiary DNS IP Address: Specify the IP address of the tertiary (alternate) DNS server used by the
enterprise server to resolve DNS entries.
• DNS Suffix: Append this suffix to the unqualified domain name to generate a fully qualified domain name.
The following figure shows how to change the network settings.

Set Server Time Zone, Date and Time Settings
Set the correct time zone and date for the server. You must select a continent and then a country to set the time
zone. You can change the server date and time manually or using an NTP server. To set the server date and time
using an NTP server, you must specify the NTP server IP address or the DNS name of the NTP server.

Set Server ID Settings
The server ID identifies a unique server instance when there are multiple server instances on the network. APs can
be configured to communicate with a specific server instance. The default server ID is 1.
Recommended: The Server ID setting is important only if you have a multi-server installation. If you have only one
server, the server ID should be the default value 1.

Set Server Tag
Wireless Manager can be assigned a tag that could then be used to identify the server and specific files and objects
associated with that server. By default, the server tag is blank.
You can reset the server tag using the set server tag command. For details, refer to the Server Tagging chapter in
this guide.
Once the server initialization has completed, the message screen shown below appears.

Press y to reboot the server for the changes to take effect. If you choose to reboot later press n. The server Config
Shell prompt appears. You must reboot the server upon completion of the Initialization and Setup Wizard before
you access the server from the Wireless Manager or CloudVision WiFi UI.
Note: On the Config Shell prompt, you can type the help command to view the list of available commands.
Set up the Server DNS Entry

Add a DNS entry wifi-security-server in your enterprise DNS server. This entry should point to the network
interface IP address of the server that you configured in Change Network Settings.
Adding this entry serves two purposes:
• APs on a DHCP enabled subnet can connect to the server with zero-configuration.
• You can access the server using the address https://wifi-security-server.
Launching the Wireless Manager

Ensure that the following hardware and software are available on your computer before launching the console.
Hardware Requirements
Hardware Requirements
Processor Intel P4 X86 architecture platform (or equivalent)
Processor Speed 1.4 GHz (minimum)
Memory 1 GB (minimum)
Screen Resolution 1024X768 (recommended)
Software Requirements
Software Requirements
Operating System (OS) Windows 2000 or XP
Browser Internet Explorer (IE) 9.0 or higher, Mozilla Firefox v18 or higher,
Google Chrome v25 or higher, Safari 6.0 or higher
To launch the Wireless Manager, perform the following steps:
1. Launch a Web browser from your computer.

2. Enter the IP Address of the Wireless Manager server—for example, 198.162.55.141.
Activating the License

1. Save the license key file shipped with the server on your desktop.
2. Click Choose File, browse to the license key file, and select it.
The button could be labeled either Choose File or Browse, depending on the Web browser used. The
functionality remains the same.
3. Click Apply.
If the license key is valid, the Login screen is displayed. Otherwise, an error message is displayed.
You can log in with username admin and password admin.

Server Config Shell Commands
This chapter describes the commands in the Server Config Shell used to reconfigure and maintain the server after
running the Server Configuration Wizard. Some commands display the status of the server.
Server Commands
get access address
Syntax: get access address
Description: Shows access IP Address/Hostname of this server
When to use: To Display IP Address/Hostname used to access the Wireless Manager
Prerequisite: None
Restrictions/Limitations: None
get cert
Syntax: get cert
Description: Generates self-signed certificate
When to use: To generate self-signed certificate
Prerequisite: None
get certreq
Syntax: get certreq
Description: Generates certificate signing request
When to use: To generate certificate-signing request
Prerequisite: None
get date
Syntax: get date
Description: Displays the current time zone, date, and time on the server.
When to use: To view the current time zone, date, and time on the server.
Prerequisite: None
get idle timeout

Syntax: get idle timeout

Description: Displays the value of the command shell idle timeout. This is the time interval after which the
server command shell times out or expires; a user who has been idle for this time will have to log in again.
A value of 0 indicates no timeout, i.e., the command shell never expires.
When to use: To check the command shell idle timeout value.
Prerequisite: None
get integrity status

Syntax: get integrity status
Description: Displays PASSED or FAILED after checking the integrity of critical server components. If the
status is FAILED, the list of failed server components is also displayed.
When to use: To check integrity of critical server components
Prerequisite: None
get packet capture

Syntax: get packet capture
Description: Captures packets on Public and HA/Management network interface(s).
When to use: To capture packets for troubleshooting.
Prerequisite: None
get server cert

Syntax: get server cert
Description: Uploads server certificate to a remote host.
When to use: To move the server certificate to a remote FTP, HTTP, or SCP host.
Prerequisite: None
get server check

Syntax: get server check
Description: Runs a server consistency check and displays the results. If any fatal item fails, a failure result
is recorded.
When to use: To check server consistency
Prerequisite: None

get server config
Syntax: get server config
Description: Displays the complete server configuration, which includes the server ID, server version,
server build, MAC address of the network and HA interface server mode, server time zone, date and time
settings, WLSE integration settings, settings of network interfaces, and server processes.
When to use: To retrieve all basic information information about Wireless Manager such as network
addresses, status of various services running on the server, FIPS status, scheduled backup information
Prerequisite: None
get serverid
Syntax: get serverid
Description: Displays server ID
When to use: To view server ID
Prerequisite: None
get server tag

Syntax: get server tag
Description: Displays the custom tag assigned to the server
When to use: To view the server tag
Prerequisite: None
get ssh
Syntax: get ssh
Description: Displays status of ssh access to server
When to use: To view the status of ssh access to server
Prerequisite: None
get status
Syntax: get status
Description: Displays the status of the server processes
When to use: To check status of the server processes

Prerequisite: None

get version
Syntax: get version
Description: Displays the version and build information of all server components
When to use: To check version and build information of the server and its components
Prerequisite: None
get webserver tls mode

Syntax: get webserver tls mode
Description: Display the TLS version currently being used by the Web Server.
When to use: To know the currently used TLS protocol version
Prerequisite: Wireless Manager on CentOS 6.2 or CentOS 6.5
Restrictions/Limitations: Available on CentOS 6.2 and CentOS 6.5 only. Not for CentOS 5.2
get device upgrade bundles

Syntax: get device upgrade bundles
Description: Display information about device upgrade bundles available in the local repository .
When to use: To know the upgrade bundles available in the repository.
Prerequisite: None
get device repo config

Syntax: get device repo config
Description: Display configuration (Mode and Hostnames) for repositories that store upgrade bundles and
capability information
When to use: To know the configuration for repositories.
Prerequisite: None
get interface
Syntax: get interface
Description: Display Network and HA/Management Interface speed and mode.
When to use: To know the Network and HA interface speed and mode
Prerequisite: None

get cors
Syntax: get cors
Description: Display the current status of CORS support.
When to use: To know the current status of CORS support.
Prerequisite: None
set interface
Syntax: set interface
Description: Sets Network and HA/Management Interface speed and mode.
When to use: To set the Network and HA interface speed and mode
Prerequisite: None
get remote logging

Syntax: get remote logging
Description: Display the configuration of remote logging
When to use: To know the Network and HA interface speed and mode
Prerequisite: None
get raid status

Syntax: get raid status
Description: Display RAID Array status
When to use: To know the RAID array status
Prerequisite: None
set scan config

Syntax: set scan config
Description: Modify AP Background scanning parameters.
When to use: To modify background scanning parameters.
Prerequisite: None

set device capability
Syntax: set device capability
Description: Update capability information of devices
When to use: To modify capability information.
Prerequisite: None
set device upgrade bundles

Syntax: set device upgrade bundles
Description: Upload/delete device upgrade bundles in local repository
When to use: To upload or to delete any device upgrade bundles.
Prerequisite: None
set device repo config

Syntax: set device repo config
Description: Set configuration (Mode and Hostnames) for repositories that stores upgrade bundles and
capability information of
When to use: To set configuration for repositories.
Prerequisite: None
set idle timeout

Syntax: set idle timeout <timeout in minutes>
Description: Sets the idle timeout for the command shell. This is the time interval after which the server
command shell times out or expires; a user who has been idle for this time will have to log in again. A
value of 0 indicates no timeout, i.e., the command shell never expires.
When to use: To change the command shell idle timeout value or to disable the idle timeout by setting it
to 0.
Prerequisite: None
set loginid case sensitivity

Syntax: set loginid case sensitivity
Description: Set configuration for case sensitivity of loginid
When to use: To set convention for creating login IDs
Prerequisite: None

set remote logging

Syntax: set remote logging
Description: Sets remote login configuration
When to use: To set the remote login configuration
Prerequisite: None
set license
Syntax: set license
Description: Sets license
When to use:
Prerequisite: None
set sensor legacy authentication

Syntax: set sensor legacy authentication
Description: Allow / disallow sensors (APs) running on versions lower than 6.2 to connect to the server.
When to use: To define which versions of the servers the AP will run on.
Prerequisite: None
set smart device oui

Syntax: set smart device oui
Description: Add, Remove MAC OUI's for specific smart device type id
When to use: To modify the OUIs for particular smart device types.
Prerequisite: None
set server
Syntax: set server
Description: Start/ stops the application server
When to use: To se the server in start or stop mode
Prerequisite: None

set server discovery
Syntax: set server discovery
Description: Change Server discovery settings on given AP(s).
When to use: To modify the server discovery settings.
Prerequisite: None
set server id
Syntax: set server
Description: Set server id
When to use: Toset the server id.
Prerequisite: None
set access address

Syntax: set access address
Description: Sets custom IP Address/Hostname (FQDN) that can be used to access this server in private
network.
When to use: If set, any other CLI commands, where server IP is displayed to user (like ‘get debug’,
‘upgrade’), uses this access address instead.
Prerequisite: None
Restrictions/Limitations: Do not use
set cert
Syntax: set cert
Description: Installs a signed SSL certificate issued for the request generated using get certreq command
or user can also install their own SSL certificate signed by a CA also with corresponding private key
When to use: To install signed SSL certificate
Prerequisite: SSL certificate issued for the request generated using get certreq command or Pair of some
other SSL certificate along with corresponding private key.
Restrictions/Limitations: Certificate and private keys can be downloaded using HTTP, HTTPS or FTP their
ports should not be blocked in network.
set communication paraphrase

Syntax: set communication paraphrase
Description: Set a passphrase of 10-127 characters. The shared secret is derived from this passphrase
When to use: To set communication passphrase between server and AP.

Prerequisite: None
set communication key

Syntax: set communication key
Description: Set a key of 10-127 characters. The shared secret is derived from this key
When to use: To set communication key between server and AP.
Prerequisite: None
set communication key default

Syntax: set communication key default
Description: Restores the communication key to its factory default value.
When to use: To reset the communication key to its factory default value.
Prerequisite: None
set date
Syntax: set date
Description: Sets the current time zone, date, and time on the server.
When to use: To change the current time zone, date, and time on the server.
Prerequisite: None
set erase
Syntax: set erase
Description: Configures the backspace key.
When to use: To configure the backspace key.
Prerequisite: None
set server tag

Syntax: set server tag
Description: Sets a custom tag on the server to identify the server and the files and objects associated
with the server.
When to use: To set a custom tag for server identification. When set, this tag is used in the names of
debug bundle, backup bundles and any other files/logs generated by this server.

Prerequisite: None.
Restrictions/Limitations: Only alphanumeric characters and special characters _ (underscore), . (dot) and
– (hyphen) are allowed. Maximum character limit is 16.
set ssh
Syntax: set ssh
Description: Starts or stops ssh access to server
When to use: To start or stop ssh access to the server
Prerequisite: None
set webserver
Syntax: set webserver
Description: Starts or stops web server
When to use: To start or stop web server
Prerequisite: None
set webserver tls mode

Syntax: set webserver tls mode
Description: Switches the TLS version of Web Server between "TLS1.2 protocol only" and "TLS1.0, TLS1.1
and TLS1.2" protocol modes
When to use: To configure the Web Server to use "TLS1.2 protocol only" or "TLS1.0, TLS1.1 and TLS1.2"
protocol suite
Prerequisite: Wireless Manager on CentOS 6.2 or CentOS 6.5
Restrictions/Limitations: Available on CentOS 6.2 and CentOS 6.5 only. Not for CentOS 5.2
set cors
Syntax: set cors
Description: Enable and disable CORS support.
When to use: To enable or disable the CORS support.
Prerequisite: None
reboot
Syntax: reboot
Description: Reboots the server

When to use: To reboot server
Prerequisite: None
reset factory
Syntax: reset factory
Description: Resets the server to the factory defaults/out of the box status
When to use: To reset server to factory defaults
Prerequisite: None
shutdown
Syntax: shutdown
Description: Shuts down CPP gracefully.
When to use: To shut down server gracefully.
Prerequisite: None
upgrade
Syntax: upgrade
Description: Upgrades server using the specified upgrade bundle from an http location
When to use: To upgrade server
Prerequisite: None

Cluster Commands
cluster set parent ip
Syntax: cluster set parent ip
Description: Sets server cluster parent server's access IP accessible to the child servers.
When to use: To set parent server's access IP accessible to child servers in a server cluster
Prerequisite: Server must be part of a server cluster as a parent or child.
Restrictions/Limitations: Server must be part of a server cluster as a parent or child
cluster set
Syntax: cluster set
Description: Sets a server as a parent server in a server cluster.
When to use: To set a parent cluster server.
Prerequisite: None
Restrictions/Limitations: This command must be executed on the server to be set as the
parent server.
cluster reset
Syntax: cluster reset
Description: Deletes a server cluster or a child server from a cluster. When executed on a parent server,
the entire cluster is destroyed and all servers in the cluster behave as standalone servers. This command
can be executed on parent server or child server When executed on a child server, it eliminates the
relationship between the child server and the parent server. The rest of the cluster remains intact.
When to use: To delete a cluster server or a child server from a cluster.
Prerequisite: None
Restrictions/Limitations: It is recommended to execute this command on parent server only. It
can be executed on a child server ONLY when there is no other way to remove the child from a
server cluster.
cluster add child

Syntax: cluster add child
Description: Adds a child to a server cluster
When to use: To add a child server to cluster.
Prerequisite: None
Restrictions/Limitations: This command must be executed on the parent server in the server
cluster.

cluster delete child
Syntax: cluster delete child
Description: Deletes a child to a server cluster
When to use: To delete a child server from a cluster.
Prerequisite: None
Restrictions/Limitations: This command must be executed on the parent server in the server
cluster.
cluster show status

Syntax: cluster show status
Description: Displays the status of the cluster server
When to use: To know the status of the cluster server.
Prerequisite: None
Restrictions/Limitations: This command can be executed on any server regardless of whether
it is in a server cluster or not.
High Availability Commands

get ha
Syntax: get ha
Description: Displays high availability (HA) cluster configuration and service status
When to use: To know the status of high availability setup. Can be executed on both ACTIVE and
STANDALONE servers in HA setup.
Prerequisite: None
Restrictions/Limitations: This command can be executed on any server regardless of whether it is in a

server cluster or not.
get ha help
Syntax: get ha help
Description: Displays detailed high availability (HA) setup help
When to use: To get the help for HA setup.
Prerequisite: None
set ha
Syntax: set ha
Description: Sets up high availability Wireless Manager pair

When to use: To set up a high availability Wireless Manager pair.
Prerequisite: Two Wireless Managers with same build version, Operating system version, architecture
must be available. At least one of the servers must have HA specific license.
set ha dead time

Syntax: set ha dead time
Description: Changes the dead time of high availability service
When to use: To configure HA dead timeout.
Prerequisite: HA should have been set up in Automatic failover mode.
set ha force failover

Syntax: set ha failover
Description: Forces high availability (HA) failover
When to use: To force HA pair to switch roles, that is Active and Standby.
Prerequisite: HA should have been set up in Manual failover mode.
set ha link timeout

Syntax: set ha link timeout
Description: Sets the timeout, in seconds, after which the ‘data sync link down’ event is generated. The
default timeout is 10 seconds.
When to use: To configure high availability (HA) in automatic failover mode with HA link timeout, that is
after how much time systems should consider HA link as down
Prerequisite: To configure high availability (HA) in automatic failover mode with HA link timeout, that is
after how much time systems should consider HA link as down
set ha redirector addrs

Syntax: set ha redirector addrs
Description: Set public IP address/host name of high availability (HA) servers
When to use: To set the access address on HA servers
Prerequisite: None
set ha standby password

Syntax: set ha standby password

Description: Changes ‘config’ user password of the other HA server in standby mode
When to use: To change the ‘config’ user password
Prerequisite: None
Database Commands
db backup
Syntax: db backup
Description: Backs up the database to the remote server/location specified by user
When to use: To back up database
Prerequisite: User must know SCP/FTP location/server and credentials to access this location/server
db clean
Syntax: db clean
Description: Resource clean up without disruption of services
When to use: Since the server periodically cleans up its database automatically, it is recommended that
This step should be carried out only if the performance has deteriorated significantly.
Prerequisite: None.
Restrictions/Limitations: It is recommended not to use the Server Console while this command is
running.
db reset
Syntax: db reset
Description: Resets the database to factory defaults but maintains network settings
When to use: To reset the server database and configurations to factory default
Prerequisite: None
db restore
Syntax: db restore
Description: Restores the database from a previous backup on a remote server
When to use: To restore state to previously saved state
Prerequisite: User must know SCP/FTP location of backup file

get db backup info
Syntax: get db backup info
Description: Displays scheduled DB backup information
When to use: To view scheduled DB backup information
Prerequisite: None
set db backup info

Syntax: set db backup info
Description: Sets DB backup schedule
When to use: To set DB backup schedule
Prerequisite: None
upload db backup
Syntax: upload db backup
Description: Uploads last successful database backup to external server
When to use: To transfer last stored DB Backup to some other location
Prerequisite: User must know SCP/FTP location of backup file
set dbserver
Syntax: set dbserver
Description: Starts or stops a server database
When to use: To start or stop server database
Prerequisite: None
Network-related Commands
get allowed ip
Syntax: get allowed ip
Description: Displays the list of IPv4 addresses or subnets that are allowed to access specific services on
this device
When to use: To view the list of IPv4 addresses or subnets that are allowed to access specific services on
this device
Prerequisite: None

Restrictions/Limitations: IPv4 must be enabled on server.
get allowed ipv6

Syntax: get allowed ipv6
Description: Displays the list of IPv6 addresses or subnets that are allowed to access specific services on
this device
When to use: To view the list of IPv6 addresses or subnets that are allowed to access specific services on
this device
Prerequisite: None
Restrictions/Limitations: IPv6 must be enabled on server.
get ipv6 network

Syntax: get ipv6 network
Description: Displays IPv6 networking information
When to use: To view Ipv6 networking information
Prerequisite: None
get ipv6 route

Syntax: get ipv6 route
Description: Displays IPv6 routing information
When to use: To view IPv6 routing information
Prerequisite: None
get lldp
Syntax: get lldp
Description: Displays the configuration of Link Layer Discovery Protocol (LLDP) settings
When to use: To check LLDP settings
Prerequisite: None
get management interface

Syntax: get management interface
Description: Fetches and displays the management interface (eth1) configuration including the IPv4
address, subnet mask, and gateway.
When to use: To view the management interface (eth1) configuration details.

Prerequisite: None
get management route

Syntax: get management route
Description: Fetches and displays the management interface (eth1) configuration including the IPv4
address, subnet mask, and gateway.
When to use: To view the management interface (eth1) configuration details.
Prerequisite: None
get network
Syntax: get network
Description: Displays the network interface (eth0) configuration including the IP address, subnet mask,
gateway, DNS address, and DNS suffix
When to use: To view the network interface (eth0) configuration including the IP address, subnet mask,
Prerequisite: None
get route (v4 only)

Syntax: get route
Description: Displays the routing table.
When to use: To view the routing table.
Prerequisite: None
set allowed ip
Syntax: set allowed ip
Description: Set the list of IP addresses or subnets that are allowed to access specific services on this
device. After configuration, user can access SSH and HTTPS services on this server only from provided IP
addresses. No other host, apart from configured ones, can access these services. However, these services
will be accessible with IPv6 address of the Server.
When to use: To configure the list of IP addresses or subnets that are allowed to access specific services
on this device.
Prerequisite: IPv4 must be enabled on server.
Restrictions/Limitations: Displays IPv4 addresses or subnets only.

set allowed ipv6
Syntax: set allowed ipv6
Description: Set the list of IPv6 addresses or subnets that are allowed to access specific services on this
device. After configuration, user can access SSH and HTTPS services on this server only from provided IPv6
addresses. No other host, apart from configured ones, can access these services over IPv6 network.
However, these services will be accessible with IPv4 address of the Server.
When to use: To configure the list of IPv6 addresses or subnets that are allowed to access specific services
on this device.
Prerequisite: IPv6 must be enabled on server.
Restrictions/Limitations: Displays IPv6 addresses or subnets only.
set ipv6 network

Syntax: set ipv6 network
Description: Sets IPv6 networking information
When to use: To configure IPv6 networking information
Prerequisite: None
set ipv4 management interface

Syntax: set ipv4 management interface
Description: Sets IPv4 management interface information
When to use: To configure eth1 as the dedicated management interface with IPv4 address
Prerequisite: None
set ipv6 management interface

Syntax: set ipv6 management interface
Description: Sets IPv6 management interface information
When to use: To configure eth1 as the dedicated management interface with IPv6 address
Prerequisite: IPv6 must be enabled on the server
set ipv6 management route

Syntax: set ipv6 management route
Description: Sets IPv6 management route
When to use: To configure IPv6 management route
Prerequisite: Management interface must be enabled over IPv6 on the server

set ipv6 route

Syntax: set ipv6 route
Description: Sets IPv6 routing information
When to use: To configure IPv6 routing information
Prerequisite: None
set lldp
Syntax: set lldp
Description: Sets Link Layer Discovery Protocol (LLDP) configuration
When to use: To configure LLDP
Prerequisite: None
set management interface

Syntax: set management interface
Description: Sets IPv4 and/or IPv6 management interface information and enables you to add or delete
IPv4 and/or IPv6 networks whose traffic would be sent over the management interface.
When to use: To configure eth1 as the dedicated management interface with IPv4 address and/or IPv6
address and to add/delete IPv4 and/or IPv6 networks whose traffic would be sent over the management
interface.
Prerequisite: None
set management route

Syntax: set management route
Description: Enables addition or deletion of IPv4 network whose traffic would be sent over the
management interface.
When to use: To add or delete networks whose traffic would be sent over the management interface with
an IPv4 address.
Prerequisite: Management interface must be configured before using this command.
set network
Syntax: set network

Description: Sets the network interface (eth0) configuration including the IP address, subnet mask,
When to use: To configure the network interface (eth0) configuration including the IP address, subnet
mask, gateway, DNS address, and DNS suffix
Prerequisite: None
set route (v4 only)

Syntax: set route
Description: Configures the routing table
When to use: To add or delete routing table entries
Prerequisite: None
ping
Syntax: ping [hostname/IP address]
Description: Pings an IPv4 host
When to use: To ping an IPv4 host
Prerequisite: None
ping6
Syntax: ping6 [hostname/IP address]
Description: Pings an IPv6 host
When to use: To pings an IPv6 host
Prerequisite: None
traceroute
Syntax: traceroute [IP address]
Description: Shows the route to an IPv4 host
When to use: To view the route to an IPv4 host
Prerequisite: None
traceroute6
Syntax: traceroute [IPv6 address]

Description: Shows the route to an IPv6 host
When to use: To view the route to an IPv6 host
Prerequisite: None
reboot
Syntax: reboot
Description: Reboots the server image
When to use: Reboots the server image
Prerequisite: None

Debugging Commands
get debug
Syntax: get debug
Description: Creates a debug information tarball file for debugging purposes.
When to use: To create a debug information tarball file for debugging purposes.
Prerequisite: User must know SCP/FTP/SFTP location to upload tarball file
get debug verbose

Syntax: get debug verbose
Description: Displays basic debug information on the CLI.
When to use: Retrieve basic debug information
Prerequisite: None
get debug ondemand

Syntax: get debug ondemand
Description: Used for on-demand or case-specific debugging and requires a debug bundle as parameter.
Contact support-wifi@arista.com for the debug bundle.
When to use: To run specific debugging commands provided by Arista Technical Support.
Prerequisite: Debug bundle provided by Arista Technical Support.
FIPS related Commands

get FIPS mode
Syntax: get FIPS mode
Description: If the server is in FIPS 140-2 mode, the command returns ON. If the server is in default mode,
the command returns OFF
When to use: Displays if FIPS mode is ON or OFF on this server
Prerequisite: None
set FIPS mode

Syntax: set FIPS mode
Description: Sets the operation mode of the server to either FIPS 140-2 validated mode or default mode

When to use: Enable or disable FIPS 140-2 validated mode
Prerequisite: None
Miscellaneous Commands
exit
Syntax: exit
Description: Exits server CLI
When to use: To exit server CLI
Prerequisite: None
get hddcheck
Syntax: get hddcheck
Description: Displays the number of bad blocks found on the hard disk drive.
When to use: To view number of bad blocks on the hard disk drive.
Prerequisite: None
get log config

Syntax: get log config
Description: Displays the configuration of the logger.
When to use: To view logger configuration.
Prerequisite: None
get log level aruba

Syntax: get log level aruba
Description: Displays the log level of Aruba Mobility Controller Adapter module.
When to use: To view the log level of Aruba Mobility Controller Adapter module.
Prerequisite: None
get log level gui

Syntax: get log level gui
Description: Displays the log level of the GUI module.

When to use: To view the log level of the GUI module.
Prerequisite: None
get log level msmcontroller

Syntax: get log level msmcontroller
Description: Displays the log level of the HP MSM Controller Integration module.
When to use: To view the log level of the HP MSM Controller Integration module.
Prerequisite: None
get log level wlc

Syntax: get log level wlc
Description: Displays the log level of Cisco WLC Adapter module
When to use: To view the log level of the Cisco WLC Adapter module.
Prerequisite: None
get msmcontroller cert

Syntax: get msmcontroller cert
Description: Generates a self-signed certificate for HP Adapter
When to use: To generate a self-signed certificate for HP Adapter.
Prerequisite: None
get msmcontroller certreq

Syntax: get msmcontroller certreq
Description: Generates a certificate signing request for HP Adapter
When to use: To generate a certificate signing request for HP Adapter.
Prerequisite: None
get sensor list

Syntax: get sensor list
Description: Displays a list of sensors (i.e. APs) and network detectors (NDs).
When to use: To view list of APs and NDs.

Prerequisite: None

get sensor reset button

Syntax: get sensor reset button
Description: Displays the state of the pinhole reset button on the AP.
When to use: To view the state of the pinhole reset button on the AP.
Prerequisite: None
get sensor debug logs

Syntax: get sensor debug logs
Description: Uploads AP debug logs to specified upload URL
When to use: To upload AP debug logs to the specified upload URL.
Prerequisite: None
get snmp
Syntax: get snmp
Description: Displays SNMP configuration.
When to use: To view SNMP configuration.
Prerequisite: None
help
Syntax: help
Description: Displays list of server CLI commands
When to use: To view server CLI commands
Prerequisite: None
reset factory
Syntax: reset factory
Description: Resets the server to the factory defaults/out of the box status.
When to use: To reset the server settings to the factory defaults.
Prerequisite: None

reset locked gui
Syntax: reset locked gui
Description: Unlocks Graphical User Interface (GUI) account for user admin.
When to use: To unlock the GUI account for the admin user.
Prerequisite: None
reset password gui

Syntax: reset password gui
Description: Sets the Graphical User Interface (GUI) password for the user admin to the factory default
‘admin’.
When to use: To set the GUI password for the admin user to factory default password admin
Prerequisite: None
set log config

Syntax: set log config
Description: Sets the configuration of the logger.
When to use: To configure the logger.
Prerequisite: None
set log level aruba

Syntax: set log level aruba
Description: Sets the log level of Aruba Mobility Controller Adapter module.
When to use: To configure the log level of Aruba Mobility Controller Adapter module.
Prerequisite: None
set log level gui

Syntax: set log level gui
Description: Sets the log level of the GUI module.
When to use: To configure the log level of the GUI module.
Prerequisite: None

set log level msmcontroller
Syntax: set log level msmcontroller
Description: Sets the log level of the HP MSM Controller Integration module.
When to use: To configure the log level of the HP MSM Controller Integration module.
Prerequisite: None
set log level wlc

Syntax: set log level wlc
Description: Displays the log level of Cisco WLC Adapter module
When to use: To view the log level of the Cisco WLC Adapter module.
Prerequisite: None
set msmcontroller cert

Syntax: set msmcontroller cert
Description: Generates a self-signed certificate for HP Adapter
When to use: To generate a self-signed certificate for HP Adapter.
Prerequisite: None
set server discovery

Syntax: set server discovery
Description: Changes discovery settings on server.
When to use: To change discovery settings on server.
Prerequisite: None
set sensor reset button

Syntax: set sensor reset button
Description: Sets the state of the pinhole reset button on the AP (available for select AP models only).
When to use: To set the state of the pinhole reset button on the AP.
Prerequisite: None

set wlc mapper
Syntax: set wlc mapper
Description: Manages Cisco WLC Custom Mapper file.
When to use: To manage Cisco WLC Customer Mapper file.
Prerequisite: None
plugin update aware

Syntax: plugin update aware
Description: Updating the CloudVision WiFi plug-in results in the restart of the web service. Ensure that
Wireless Manager upgrade or database operations such as backup/restore/ reset are not in progress
while updating the plug-in.
When to use: To update CloudVision WiFi plug-in
Prerequisite: None
plugin delete aware

Syntax: plugin delete aware
Description: CloudVision WiFi plug-in is deleted and the web service restarts. It does not hamper the
Wireless Manager setup.
When to use: To delete CloudVision WiFi plug-in from the server
Prerequisite: None

Set up and Manage Server Cluster
A server cluster is an interconnected group of servers. A server cluster comprises a parent server and one or more
child servers.
A server cluster is created to manage multiple servers using a single server. This managing server is called the
parent server and the servers that are managed from the parent server are called the child servers. The parent
server retrieves aggregated data from multiple child servers in the cluster and displays it on the Wireless Manager
along with the parent server data. You can also push common policies onto multiple child servers from a parent
server.
A server (parent server or child server) can be a part of only one cluster at any given point. A child server cannot be
the parent of any other server in the cluster.
To create and manage servers in the cluster, you need to use the server command line console. You can, however,
view the aggregated server data and manage policies via the Wireless Manager or CloudVision WiFi UI.
Following are the prerequisites to create a server cluster:
• The Wireless Managers that form a cluster must have the same version and build number.
• A valid license must have been applied to all child servers to be added to the server cluster.
• The child server must not be a part of any other server cluster.
You can perform five cluster-related operations from the server command line console. They are:
1. Set up a server cluster/assign parent server to a server cluster.
2. Add a child server to a server cluster.
3. Delete or remove a child server from a server cluster.
4. Delete an entire server cluster.
5. Check the status of servers in a cluster or check if a server is part of a cluster.
The servers in a server cluster are assigned IDs when they become a part of the server cluster. A parent server is
assigned the ID “1” in the cluster. As and when the child servers are added, they are assigned sequentially
increasing IDs: the child server added first is assigned the ID “2”, the next one is assigned “3”, and so on.
After creating the cluster, you must mount the child servers on the parent server location tree to be able to view
aggregated server data on the UI or push policies from parent server to child server. For details, refer to the
Wireless Manager User Guide.
Set up Server Cluster

You can set up a cluster comprising one parent and multiple child servers through the server command line
interface. The cluster set command is used to set up a cluster. This command must be executed on the
command line interface of the server that you want to assign as the parent server in the cluster.
You can optionally choose to run the server cluster setup wizard to add child servers to the cluster.
You can check the status of the server by executing the cluster show status command.

Note: If a parent server or child server is in HA mode, the active server is added to the cluster. The standby HA
server cannot be added to the cluster. Before setting up a server cluster, a parent server or a child server can be in
Standalone mode or in HA pair configuration with other servers. Once the cluster is set up, HA mode can then be
enabled on the parent server or the child server, if required.
To set up a cluster, do the following:
1. Log in to the command line interface of the server that you want to set up as the parent server in the
cluster. Log in to the server with 'config' user credentials.
2. Run the cluster set command on the command line. The server is set as the parent server in the
cluster.
3. If you want to add child servers right away, enter ‘y’ when prompted to add child servers. Enter a name
for the child server, the IP address of the child server, and the password for the config user of the child
server. Repeat this step to add more child servers.
Refer to the screenshot below for the cluster set command.
Add Child Server to Server Cluster

There are two ways to add a child server to a server cluster.
1. Use the server cluster setup wizard invoked by running the cluster set command, as explained in the
Set up Server Cluster section.
2. Run the cluster add child command. This command must be executed on the command line of the
parent server.
To add a child server to a server cluster using the cluster add child command, do the following:
1. Log in to the command line interface of the parent server with 'config' user credentials.
2. Run the cluster add child command.
3. Enter a suitable name for the child server.

4. Enter the hostname or IP address of the child server.
5. Enter the ‘config’ user password.
If all the data entered is correct, the server with the specified hostname/IP address is added as a child server
in the cluster. Refer to the screenshot below for the cluster add child command.
Delete Child Server from Server Cluster

A child server can be deleted from a server cluster using the cluster delete child command. When you
delete a child server from a cluster, the link between the parent server and the child server is broken. The rest of
the cluster continues to function as before.
To delete a child server from a server cluster, do the following:
1. Log in to the server command line interface of the parent server with 'config' user credentials.
2. Run the cluster delete child command.
3. Enter the ID of the child server you want to delete.
4. Enter y to confirm the delete operation. The child server is deleted from the cluster.
Refer to the screenshot below for the cluster delete child command.

Delete Server Cluster
A server cluster can be deleted using the cluster reset command. This command must be executed on the
parent server command line.
Note: When the cluster reset command is executed on a child server command line, it removes the child from the
cluster. This action, however, is NOT recommended unless there is no other way to remove the child server from the
cluster. Use the cluster delete child command to delete a child server from a server cluster.
To delete a server cluster, do the following:
1. Log in to the server command line interface of the parent server with 'config' user credentials.
2. Run the cluster reset command.
3. Enter y to confirm the delete operation. The cluster is deleted.
Refer to the screenshot below for the cluster reset command.
Check Server Status with respect to Server Cluster

You can check if a server is part of a server cluster using the cluster show status command; the command
also tells you whether the server is a parent server or a child server.

You can run this command on any server that may or may not be in a server cluster, that is, you can execute this
command on any active server.
To check the status of a server, do the following:
1. Log in to the server command line interface with 'config' user credentials.
2. Run the cluster show status command. The status of the server is returned by the command.
Refer to the screenshots below for parent and child server status outputs.

Custom Server Tag
Wireless Manager can be assigned a tag to identify the server and specific files and objects associated with that
server.
Before the 7.1U4r1 release, if you had a setup with multiple Wireless Managers and you downloaded certain
files—say, an audit log from each server—you would notice that the files have identical names across the different
servers. This was also true of files related to the server database backup. This made it difficult to identify the server
to which a file belonged.
Starting with 7.1U4r1 release, a tag assigned to a server is used in the names of files that are downloaded from
that server and files related to the server database backup, making it easier to identify their server of origin.
Set Server Tag

You can assign a tag to a server from the server CLI. By default, a server has no tag assigned to it. You must
explicitly set a tag for each Wireless Manager in your setup. This also holds true for each server in high availability
mode and in a server cluster setup.
You can set or change a server tag from the CLI by using the set server tag command. For example,
[config]$ set server tag

Configure custom tag for files generated by this server.
Current custom tag:

Do you want to set/reset the prefix?([S]et / [R]eset)[R]: S
Enter custom tag (upto 16 characters): Srv-USeast-03
A server tag can contain a maximum of 16 characters and must not include the \, /, :, *, ?, ", <, >, | characters. The
server tag supports Unicode characters as well.
The server or services do not restart when you set or change a server tag. The files generated and downloaded
after setting the server tag have file names with the new server tag.
You can reset the server tag to a blank value by running the set server tag command and choosing the Reset
option.
[config]$ set server tag

Configure custom tag for files generated by this server.
Current custom tag: [Srv-USeast-03]

Do you want to set/reset the prefix?([S]et / [R]eset)[R]: R
Custom tag has been successfully reset.
View Server Tag

You can view the tag assigned to a server by running the get server tag command.
If a tag is set, then it is displayed on the CLI. Otherwise, a message indicating that a server tag has not been set is
displayed.

[config]$ get server tag
Displays custom tag set by user.
Current custom tag: [Srv-USeast-03]
Custom Prefix for Filenames

The tag set on the server is used as the prefix along with the short name for the product “WM_” in the file name.
The format for the filename is as follows:
WM_SERVERTAG_FILETYPE_ID_YYYYMMDDHHMMSS.extension
For example, if you set the server tag to “Srv-USeast-03” and then download a report from this server, the file
name would appear as “WM_ Srv-USeast-03_REPORTID_REPINSTANCEID_YYYYMMDDHHMMSS.pdf.”
If no tag is set, the file name has the prefix “WM_ “and would appear as follows:
WM_REPORTID_REPINSTID_YYYYMMDDHHMMSS.pdf.
The filenames prior to the 7.1U4r1 release and the revised names with sample server tag ‘Srv-USeast-03’ are as
follows:
• Database backup file
Old Name: wss_backup_ETH0MAC_DD-MON-YYYY-HHMMSS.tgz
New Name: WM_Srv-USeast-03_backup_ETH0MAC_YYYYMMDDHHMMSS.tgz
• Database backup file containing only configuration settings
Old Name: wss_backup_ETH0MAC_DD-MON-YYYY-HHMMSS.tgz
New Name: WM_Srv-USeast-03_backup_ETH0MAC_YYYYMMDDHHMMSS_Config.tgz
• Debug file
Old Name: server_$ETH0MAC_MMDDHHMM.tgz
New Name: WM_Srv-USeast-03_debug_ETH0MAC_YYYYMMDDHHMMSS.tgz
• Connection debug logs
Old Name: cl_CLMAC_YYYYMMDDHHMMSS.log
New Name: WM_Srv-USeast-03_cl_conn_$CLMAC_YYYYMMDDHHMMSS.log
• Event Meta Data
Old Name: event_list_USERLOCALE.tsv
New Name: WM_BUILD#_Event_List_USERLOCALE.tsv
# Note that this file is dependent on the WM build number and not on the WM server itself.
• Generated Report

Old Name: AMCReport_ID_21_2_RANDOM_MMDDYYYY_HH_MM_SS.pdf
New Name: WM_Srv-USeast-03_Report_ID_REPORTID_REPINSTID_YYYYMMDDHHMMSS.pdf
• Archived Report
Old Name: Archived_Report_1_1_RANDOMSTRING.pdf
New Name: WM_Srv-USeast-03_Archived_Report_USERID_ARCHIVEREPORTID_RANDOMUUID.pdf
• Audit logs
Old Name: UAL_MMDDYYYY_HH_MM_SS.csv
New Name: WM_Srv-USeast-03_UAL_ETH0MAC_YYYYMMDDHHMMSS.log
• Visibility Analytics
Old Name: Visibility_Analytics_MMDDYYYY_HH_MM_SS.csv
New Name: WM_Srv-USeast-03_Visib_Analytics_YYYYMMDDHHMMSS.csv
• Association Analytics
Old Name: Association_Analytics_MMDDYYYY_HH_MM_SS.csv
New Name: WM_Srv-USeast-03_Assoc_Analytics_YYYYMMDDHHMMSS.csv

Dedicated Management Interface
Starting with the 7.1U4r1 release, Wireless Manager provides CLI commands that enable you to define an
Ethernet interface dedicated to management traffic. Management traffic comprises traffic from the UI, API
calls, and database backup. Other traffic will then travel only on the “eth0” network interface. This traffic
includes infrastructure /operational traffic such as AP-server communication, HA data synchronization,
cluster related traffic, and communication with WLAN controllers.
Set Management Interface

You can configure eth1 as the dedicated management interface by using the set management interface
command. On running the command, the Web server restarts.
Once configured, the following incoming traffic is allowed only on the “eth0” network interface and not
on the management interface:
• AP connection
• Server Cluster
You can also specify which traffic originating from the server destined to specific remote hosts/networks
must go through the management interface rather than the eth0 interface. To do this, you need to provide
a list of such hosts/networks in the set management interface command.
Some examples of outgoing traffic and remote hosts/networks are:
• Server where the database backup is uploaded
• LDAP, RADIUS servers
• SMTP server to send e-mails for events and reports.
• ESM Servers (Syslog, CEF, SNMP)
• NTP server
• LLDP receiver
• Upgrade availability
In the case of an HA setup, the management interface must be set on both the active and the standby
servers. The HTTP redirector starts in the management interface of the standby server and redirects the
HTTP/HTTPS traffic to the management interface of the active server.
Prior to the 7.1U4r1 release, if Data Sync Link was set to eth1, only the HA traffic was routed from eth1.
Starting with the 7.1U4r1 release, if a management interface is enabled in an HA setup, then Data Sync
Link cannot be set to eth1. The data synchronization will happen over eth0.
Note: eth0 and eth1 interfaces must be on different subnets. In the case of an HA setup, all the four interfaces
(eth0 and eth1 on the active and standby servers) must be on different subnets.
The set management interface command enables you to set an IPv4 and IPv6 management interfaces,
and IPv4 and IPv6 management routes. The IPv6 management interface and route can be configured only if
IPv6 is enabled. IPv6 can be enabled using the set ipv6 network command.

Running the set management interface command invokes a CLI wizard.
1. Enable the management interface if disabled.
The management interface is disabled by default.
2. The command results in a restart of the Web server. Confirm whether you want to continue with
running the command.
3. Specify the IPv4 address, subnet mask, and gateway IPv4 address of the management interface.
4. Confirm the management interface settings.
5. Optionally, you can add IPv6 management interfaces and add or delete networks that will be
accessible via the management interface.
6. If you are adding an IPv4 network, enter the IPv4 address and subnet mask for the IPv4 network. If
you are adding an IPv6 network, enter the IPv6 address and subnet mask for the IPv6 network.
7. Specify whether you want to add or delete more networks.
8. Confirm whether you want to continue to add/delete networks.
The web server restarts after the configuration is complete.

You can configure the IPv6 management interface via the set IPv6 management interface command.
The web server restarts after the command executes successfully.

Get Management Interface
You can see the status of the management interface and the corresponding settings by running the get
management interface command.
Figure 1: get management interface Command
Set Management Route

The set management routecommand enables you to add IPv4 networks whose traffic will be sent over the
management interface. Similarly, the set ipv6 management route command enables you to add IPv6
networks whose traffic will be sent over the management interface. The management interface must be
enabled for this to take effect. The management interface can be enabled and configured by using the set
management interfacecommand.
Running the set management route command invokes a CLI wizard.

1. Specify whether you want to add or delete networks that will be accessible via the management
interface.
2. If you are adding a network, enter the IP address and subnet mask for the network.
3. If you are deleting a network, enter a comma-separated list of network IDs from those shown in the CLI.
4. Specify whether you want to add or delete more networks.

Similarly, you can configure the IPv6 management route by executing the set IPv6 management route
command.
Get Management Route
You can see the list of networks whose traffic is routed through the management interface by running the
get management route command.

Server Troubleshooting
The following table details the server troubleshooting tips.
Problem Solution
After changing the IP address of the The subnet mask of the computer used to configure the server may not be the
server, the computer used to configure same as that of the server. Change the subnet mask of the computer so that it
the server gets disconnected. is in the same subnet as the server.
On typing ‘https:// wifi-security-server’ The default gateway and preferred DNS server settings of the computer used
in the IE 5.5 browser, the ‘Login’ screen to access the server console may be incorrect. Ensure that the default gateway
does not appear even after adding a and preferred DNS server settings of the computer used to access the server
DNS entry wifi-security-server for the console match the server settings.
server.
On rebooting the server, the get The IP address assigned to the server conflicts with some other IP address on
network command does not show an the network. Change the IP address of the server using the set network
IP address. command.
No APs connect to the server after The server ID used by the server may be in use by another server on the
setting the server ID. network. Verify that no other server with the server ID set for the server is
running on the network.
Change the server ID using the set serverid command.
No connection to the server Check if the server is powered on. If the server is not powered on, switch it on.
Otherwise, check the IP Address or the DNS name on the server config shell.
Important: Ensure that you have used the correct IP address or the DNS name
to connect to the server.
If the IP address or the DNS name is correct, try pinging other computers on
the network from the server config shell interface.
If the problem still exits, reset the server and attempt to reconnect to it.
The console shows a “Java Runtime Follow the instructions provided on the console to install the Java Runtime
Environment Detection” not installed Environment.
message.
Unable to log in to the console. If you are logging in for the first time, refer to the Initializing section for the
default login name and password.
Try recovering the password using the Recover option in the ‘Forgot
Password?’ section of the Login Screen.

Problem Solution
The console has frozen (Clicks do not Close the browser and try connecting to the server in another window.
work).
If you cannot connect to the server, follow the steps listed in the first problem
of this table.
AP-server authentication fails with the Please log in to the AP and set the correct passphrase.
error “Mismatch in shared secret”.
AP-server authentication fails when an If the AP uses legacy authentication, turn on the legacy authentication on the
AP with pre-6.2 firmware tries to server and upgrade the AP. After upgrade, the AP should connect to the server
connect to the server and legacy if the server uses the factory default passphrase. If you have changed the
authentication has been turned off. passphrase on the server, log in to the AP and set the correct passphrase.
No events are being reported or the Check the status of the server on the System Status screen.
device status is stale (not updated).
No AP is connected to the server. Check the status of the server on the System Status screen.
Server response time is high. Restart the console. If the problem persists, run the db clean command from
the server config shell.

Backup and Restore Database
Arista Networks strongly recommends that you periodically take a backup of the database on the Wireless
Manager. This ensures that you can restore the Wireless Manager to a last known working state in the case of a
server failure.
You can run the config shell CLI command, db backup, to take a backup of the database. The command archives
the relevant data and files, and stores the archived file on a specified remote server.
Note: The database backup results in the auto-restart of the corresponding monitoring services, such as Web
server. The server hardware or VM itself does not reboot. The WiFi client traffic through the APs is not disrupted
due to the restart of the services.
Types of Database Backup

Starting with the 7.1U4r1 release, Wireless Manager provides two types of backup: Full backup and Configuration-
only backup. The full backup takes a complete backup of the configuration and data. In case of a configuration-only
backup, the following data and files are not backed up:
• Events
• Performance data
• Analytics data
• All OSS/BSS CSV files of Performance Statistics
• Archived Reports
• Fetched SAFE reports
• Transient Data
o SSIDs Probed by Clients
o Client fingerprinting

Note: For full backup, the analytics data and performance data can be backed up only if the appropriate license for
Analytics and Performance features is applied on the server.
When taking a configuration-only backup, you can choose whether you want to back up the WiFi clients-related
data such as probed SSIDs and other transient data. The default option is to exclude client data.
Back up Wireless Manager Database

To take a backup of the server database, perform the following steps:
1. Log in to the server CLI.

2. Run the db backup command.
This invokes a CLI-based wizard that lets you configure the database backup.
3. Select the transfer protocol and enter the remote server details.
Option Description
Transfer protocol/ backup method The available options are:
• SCP - Type S for using the SCP protocol.
• SFTP - Type T for using the SFTP protocol.
• FTP - Type F for using the FTP protocol.
Remote server IP address/DNS IPv4 or IPv6 address or FQDN of the remote server. Ensure that the
name server is reachable over the network.
Remote Server Login Name Username for logging in to the remote server.
Remote Server Password Password for the specified username.
Remote Server Destination Absolute path of the directory on the remote server where the

Option Description
Directory database backup file will be stored.
4. Specify the type of backup.

Type F for a full backup and C for a configuration-only backup.
5. If you are performing a full backup and have applied the appropriate licenses on the server:
a. You might be prompted to choose if you want to back up the Analytics data. Type Y to back up the
Analytics data.
b. You might be prompted to choose if you want to back up the Performance data. Type Y to back up
the Performance data.
6. If you are performing a configuration-only backup, you will be prompted to choose if you want to back up
the Client devices data. Type Y to back up the Client devices data.
7. Specify whether this backup should be scheduled on a recurring basis. Type ON to configure a backup
schedule.
a. Select a backup frequency.
b. Specify day and/or time for the taking the periodic backup.
8. Type Y to confirm the information provided for the database backup.
The server initiates a backup of the database.
The filename for the full backup is of the form WM_<PREFIX>_backup_ETH0MAC_YYYYMMDDHHMMSS.tgz, where
<PREFIX> is replaced with the server tag set on the server. If no server tag is set, the filename is of the form
WM_backup_ETH0MAC_YYYYMMDDHHMMSS.tgz.
The filename for the Configuration-only backup is of the form
WM_<PREFIX>_backup_ETH0MAC_YYYYMMDDHHMMSS_Config.tgz, where <PREFIX> is replaced with the server
tag set on the server. If no server tag is set, the filename is of the form
WM_backup_ETH0MAC_YYYYMMDDHHMMSS_Config.tgz.
The following figures show examples of full backup and configuration-only backup using the db backup
command.

You can view the backup file details on the Wireless Manager UI under Configuration>System Settings>System
Status, as shown below.

Restore the Database on Wireless Manager
If you have taken a backup of the Wireless Manager database, you can restore the Wireless Manager to a last
known working state in case of a server failure. The database restore is agnostic of the database backup type. A
database restore proceeds as follows:
1. It removes all the existing data and files.
2. It then copies the data and files from the backup to the database, thereby restoring the database to
the last known working state captured in the backup file.
Important! If you restore a configuration-only backup, then all other data and files that are not part of the backup
will be lost from the database.
1. Log in to the server CLI.

2. Run the db restore command
This invokes a CLI-based wizard enabling you to configure the database backup options.
3. Select the transfer protocol and provide the details of the remote server on which the database backup
file is stored.
Option Description
Transfer protocol/ backup method The available options are:
• SCP - Type S for using the SCP protocol.
• SFTP - Type T for using the SFTP protocol.
• FTP - Type F for using the FTP protocol.
Remote Server IP address/DNS IPv4 or IPv6 address or FQDN of the remote server. Ensure that the
name server is reachable over the network.

Option Description
Remote Server Login Name Username for logging in to the remote server.
Remote Server Password Password for the specified username.
Remote Server Destination Absolute path of the destination directory on the SCP server where
Directory you want to take the backup.
Remote Server Destination Absolute path of the directory on the remote server where the
Directory database backup file is stored.
4. Type Y to confirm the information provided for the database restore.

The server initiates the restoration of the database.
Refer to the following image for an example of the db restore command.
Check Database Backup Schedule Status

You can check the status of a database backup schedule by running the get status command. The Scheduled
DB Backup in the output indicates the schedule and backup type, as shown below.

You can get the database backup information by running the get db backup info command.

Appendix A AP-Server Mutual Authentication
The AP-server communication begins with a mutual authentication step in which the AP and server authenticate
each other using a shared secret. AP-server communication takes place only if this authentication succeeds.
After the authentication succeeds, a session key is generated. All communication between the AP and server from
this point on is encrypted using the session key.
The AP and server are shipped with the same default value of the shared secret. The CLI commands for changing
the shared secret are provided on both the AP and the server. Alternatively, you can modify this shared secret
from the server UI.
Note: After the shared secret (communication key) is changed on the server, all APs connected to the server will
automatically be set up to use the new communication key. APs that are not connected to the server at this time
must be set up with the same communication key for them to be able to communicate with this server
Note: The server is backward compatible, i.e., Aps with older firmware versions can connect to the latest version
server. This, however, is not recommended. Please upgrade all APs to the latest firmware version. Once you have
done that, you can use the set sensor legacy authentication CLI command to disable APs with older
firmware from connecting to the server.

WM Setup Guide 8.8 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

WM Setup Guide 8.8 PDF

Uploaded by

Copyright:

Available Formats

Quick Start Guide

Wireless Manager Virtual

ii Quick Start Guide: Wireless Manager Virtual Appliance

© Arista Networks, 2019 2

© Arista Networks, 2019 3

Product and Documentation Updates

We continuously enhance our product documentation based on customer feedback.

© Arista Networks, 2019 4

The Server Initialization and Setup Wizard is displayed.

Change Config Shell Password

© Arista Networks, 2019 5

The following figure shows how to change the network settings.

© Arista Networks, 2019 6

© Arista Networks, 2019 7

© Arista Networks, 2019 8

© Arista Networks, 2019 9

Set up the Server DNS Entry

Adding this entry serves two purposes:

• You can access the server using the address https://wifi-security-server.

Launching the Wireless Manager

Processor Intel P4 X86 architecture platform (or equivalent)

Processor Speed 1.4 GHz (minimum)

Screen Resolution 1024X768 (recommended)

To launch the Wireless Manager, perform the following steps:

1. Launch a Web browser from your computer.

© Arista Networks, 2019 10

Activating the License

You can log in with username admin and password admin.

© Arista Networks, 2019 11

Description: Shows access IP Address/Hostname of this server

When to use: To Display IP Address/Hostname used to access the Wireless Manager

Description: Generates self-signed certificate

When to use: To generate self-signed certificate

Description: Generates certificate signing request

When to use: To generate certificate-signing request

get idle timeout

© Arista Networks, 2019 12

When to use: To check the command shell idle timeout value.

get integrity status

When to use: To check integrity of critical server components

get packet capture

Description: Captures packets on Public and HA/Management network interface(s).

When to use: To capture packets for troubleshooting.

get server cert

Description: Uploads server certificate to a remote host.

get server check

When to use: To check server consistency

© Arista Networks, 2019 13

Description: Displays server ID

When to use: To view server ID

get server tag

Description: Displays the custom tag assigned to the server

When to use: To view the server tag

Description: Displays status of ssh access to server

When to use: To view the status of ssh access to server

Description: Displays the status of the server processes

When to use: To check status of the server processes

© Arista Networks, 2019 14

get webserver tls mode

When to use: To know the currently used TLS protocol version

Prerequisite: Wireless Manager on CentOS 6.2 or CentOS 6.5

get device upgrade bundles

When to use: To know the upgrade bundles available in the repository.