Professional Documents
Culture Documents
Arista Networks
www.arista.com
Headquarters Support Sales
5453 Great America Parkway
Santa Clara, CA 95054
USA
+1 408 547-5502 +1 408 547-5501
+1 408 547-5500
+1 866 476-0000 +1 866 497-0000
www.arista.com support-wifi@arista.com sales@arista.com
© Copyright 2019 Arista Networks, Inc. The information contained herein is subject to change without notice. Arista Networks
and the Arista logo are trademarks of Arista Networks, Inc in the United States and other countries. Other product or service
names may be trademarks or service marks of others.
Important! Please read the EULA before configuring the Wireless Manager. Installing the server constitutes your
acceptance of the terms and conditions of the EULA mentioned above in this document.
Username: config
Passoword: config
: [8.x]
: [8 . x . x - xxx]
This wizard helps you to map the Backspace key, change the configuration password, change the network settings,
and set the server ID of the server. You can retain the default values at each step by pressing Enter.
The wizard is displayed at the first boot or at every reboot if the server is not configured.
[8.x]
[8 . x . x - xxx]
[CentOS 6. 5]
Important: Note down the network settings. If you forget the network settings, you can no longer access the server
over the network after it reboots.
To change the network settings, provide the following inputs.
• IP Address: Choose an IP address that is compatible with the network segment to which the server is
connected. The server must belong to the same subnet.
• Subnet Mask: Enter the mask of the network segment to which the server is connected.
• Gateway IP Address: Enter the IP address of the gateway for the subnet on which the server is connected.
Ethernet traffic from the subnet is forwarded to another network through the gateway.
• Primary DNS IP Address: Specify the IP address of the primary DNS server used by the server to resolve
DNS entries.
• Secondary DNS IP Address: Specify the IP address of the secondary (alternate) DNS server used by the
server to resolve DNS entries.
• Tertiary DNS IP Address: Specify the IP address of the tertiary (alternate) DNS server used by the
enterprise server to resolve DNS entries.
• DNS Suffix: Append this suffix to the unqualified domain name to generate a fully qualified domain name.
Recommended: The Server ID setting is important only if you have a multi-server installation. If you have only one
server, the server ID should be the default value 1.
You can reset the server tag using the set server tag command. For details, refer to the Server Tagging chapter in
this guide.
Once the server initialization has completed, the message screen shown below appears.
Note: On the Config Shell prompt, you can type the help command to view the list of available commands.
• APs on a DHCP enabled subnet can connect to the server with zero-configuration.
Hardware Requirements
Hardware Requirements
Memory 1 GB (minimum)
Software Requirements
Software Requirements
Operating System (OS) Windows 2000 or XP
Browser Internet Explorer (IE) 9.0 or higher, Mozilla Firefox v18 or higher,
Google Chrome v25 or higher, Safari 6.0 or higher
2. Click Choose File, browse to the license key file, and select it.
The button could be labeled either Choose File or Browse, depending on the Web browser used. The
functionality remains the same.
3. Click Apply.
If the license key is valid, the Login screen is displayed. Otherwise, an error message is displayed.
Server Commands
get access address
Syntax: get access address
Prerequisite: None
Restrictions/Limitations: None
get cert
Syntax: get cert
Prerequisite: None
Restrictions/Limitations: None
get certreq
Syntax: get certreq
Prerequisite: None
Restrictions/Limitations: None
get date
Syntax: get date
Description: Displays the current time zone, date, and time on the server.
When to use: To view the current time zone, date, and time on the server.
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Description: Displays PASSED or FAILED after checking the integrity of critical server components. If the
status is FAILED, the list of failed server components is also displayed.
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
When to use: To move the server certificate to a remote FTP, HTTP, or SCP host.
Prerequisite: None
Restrictions/Limitations: None
Description: Runs a server consistency check and displays the results. If any fatal item fails, a failure result
is recorded.
Prerequisite: None
Restrictions/Limitations: None
Description: Displays the complete server configuration, which includes the server ID, server version,
server build, MAC address of the network and HA interface server mode, server time zone, date and time
settings, WLSE integration settings, settings of network interfaces, and server processes.
When to use: To retrieve all basic information information about Wireless Manager such as network
addresses, status of various services running on the server, FIPS status, scheduled backup information
Prerequisite: None
Restrictions/Limitations: None
get serverid
Syntax: get serverid
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
get ssh
Syntax: get ssh
Prerequisite: None
Restrictions/Limitations: None
get status
Syntax: get status
get version
Syntax: get version
Description: Displays the version and build information of all server components
When to use: To check version and build information of the server and its components
Prerequisite: None
Restrictions/Limitations: None
Description: Display the TLS version currently being used by the Web Server.
Restrictions/Limitations: Available on CentOS 6.2 and CentOS 6.5 only. Not for CentOS 5.2
Description: Display information about device upgrade bundles available in the local repository .
Prerequisite: None
Restrictions/Limitations: None
Description: Display configuration (Mode and Hostnames) for repositories that store upgrade bundles and
capability information
Prerequisite: None
Restrictions/Limitations: None
get interface
Syntax: get interface
When to use: To know the Network and HA interface speed and mode
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
set interface
Syntax: set interface
When to use: To set the Network and HA interface speed and mode
Prerequisite: None
Restrictions/Limitations: None
When to use: To know the Network and HA interface speed and mode
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Description: Set configuration (Mode and Hostnames) for repositories that stores upgrade bundles and
capability information of
Prerequisite: None
Restrictions/Limitations: None
Description: Sets the idle timeout for the command shell. This is the time interval after which the server
command shell times out or expires; a user who has been idle for this time will have to log in again. A
value of 0 indicates no timeout, i.e., the command shell never expires.
When to use: To change the command shell idle timeout value or to disable the idle timeout by setting it
to 0.
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Prerequisite: None
Restrictions/Limitations: None
set license
Syntax: set license
When to use:
Prerequisite: None
Restrictions/Limitations: None
Description: Allow / disallow sensors (APs) running on versions lower than 6.2 to connect to the server.
When to use: To define which versions of the servers the AP will run on.
Prerequisite: None
Restrictions/Limitations: None
Description: Add, Remove MAC OUI's for specific smart device type id
When to use: To modify the OUIs for particular smart device types.
Prerequisite: None
Restrictions/Limitations: None
set server
Syntax: set server
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
set server id
Syntax: set server
Prerequisite: None
Restrictions/Limitations: None
Description: Sets custom IP Address/Hostname (FQDN) that can be used to access this server in private
network.
When to use: If set, any other CLI commands, where server IP is displayed to user (like ‘get debug’,
‘upgrade’), uses this access address instead.
Prerequisite: None
set cert
Syntax: set cert
Description: Installs a signed SSL certificate issued for the request generated using get certreq command
or user can also install their own SSL certificate signed by a CA also with corresponding private key
Prerequisite: SSL certificate issued for the request generated using get certreq command or Pair of some
other SSL certificate along with corresponding private key.
Restrictions/Limitations: Certificate and private keys can be downloaded using HTTP, HTTPS or FTP their
ports should not be blocked in network.
Restrictions/Limitations: None
Description: Set a key of 10-127 characters. The shared secret is derived from this key
Prerequisite: None
Restrictions/Limitations: None
When to use: To reset the communication key to its factory default value.
Prerequisite: None
Restrictions/Limitations: None
set date
Syntax: set date
Description: Sets the current time zone, date, and time on the server.
When to use: To change the current time zone, date, and time on the server.
Prerequisite: None
Restrictions/Limitations: None
set erase
Syntax: set erase
Prerequisite: None
Restrictions/Limitations: None
Description: Sets a custom tag on the server to identify the server and the files and objects associated
with the server.
When to use: To set a custom tag for server identification. When set, this tag is used in the names of
debug bundle, backup bundles and any other files/logs generated by this server.
Restrictions/Limitations: Only alphanumeric characters and special characters _ (underscore), . (dot) and
– (hyphen) are allowed. Maximum character limit is 16.
set ssh
Syntax: set ssh
Prerequisite: None
Restrictions/Limitations: None
set webserver
Syntax: set webserver
Prerequisite: None
Restrictions/Limitations: None
Description: Switches the TLS version of Web Server between "TLS1.2 protocol only" and "TLS1.0, TLS1.1
and TLS1.2" protocol modes
When to use: To configure the Web Server to use "TLS1.2 protocol only" or "TLS1.0, TLS1.1 and TLS1.2"
protocol suite
Restrictions/Limitations: Available on CentOS 6.2 and CentOS 6.5 only. Not for CentOS 5.2
set cors
Syntax: set cors
Prerequisite: None
Restrictions/Limitations: None
reboot
Syntax: reboot
Description: Reboots the server
Prerequisite: None
Restrictions/Limitations: None
reset factory
Syntax: reset factory
Description: Resets the server to the factory defaults/out of the box status
Prerequisite: None
Restrictions/Limitations: None
shutdown
Syntax: shutdown
Prerequisite: None
Restrictions/Limitations: None
upgrade
Syntax: upgrade
Description: Upgrades server using the specified upgrade bundle from an http location
Prerequisite: None
Restrictions/Limitations: None
Description: Sets server cluster parent server's access IP accessible to the child servers.
When to use: To set parent server's access IP accessible to child servers in a server cluster
cluster set
Syntax: cluster set
Prerequisite: None
parent server.
cluster reset
Syntax: cluster reset
Description: Deletes a server cluster or a child server from a cluster. When executed on a parent server,
the entire cluster is destroyed and all servers in the cluster behave as standalone servers. This command
can be executed on parent server or child server When executed on a child server, it eliminates the
relationship between the child server and the parent server. The rest of the cluster remains intact.
Prerequisite: None
can be executed on a child server ONLY when there is no other way to remove the child from a
server cluster.
Prerequisite: None
Restrictions/Limitations: This command must be executed on the parent server in the server
cluster.
Prerequisite: None
Restrictions/Limitations: This command must be executed on the parent server in the server
cluster.
Prerequisite: None
Description: Displays high availability (HA) cluster configuration and service status
When to use: To know the status of high availability setup. Can be executed on both ACTIVE and
STANDALONE servers in HA setup.
Prerequisite: None
get ha help
Syntax: get ha help
Prerequisite: None
Restrictions/Limitations: None
set ha
Syntax: set ha
Prerequisite: Two Wireless Managers with same build version, Operating system version, architecture
must be available. At least one of the servers must have HA specific license.
Restrictions/Limitations: None
Restrictions/Limitations: None
When to use: To force HA pair to switch roles, that is Active and Standby.
Restrictions/Limitations: None
Description: Sets the timeout, in seconds, after which the ‘data sync link down’ event is generated. The
default timeout is 10 seconds.
When to use: To configure high availability (HA) in automatic failover mode with HA link timeout, that is
after how much time systems should consider HA link as down
Prerequisite: To configure high availability (HA) in automatic failover mode with HA link timeout, that is
after how much time systems should consider HA link as down
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Database Commands
db backup
Syntax: db backup
Prerequisite: User must know SCP/FTP location/server and credentials to access this location/server
Restrictions/Limitations: None
db clean
Syntax: db clean
When to use: Since the server periodically cleans up its database automatically, it is recommended that
This step should be carried out only if the performance has deteriorated significantly.
Prerequisite: None.
Restrictions/Limitations: It is recommended not to use the Server Console while this command is
running.
db reset
Syntax: db reset
Description: Resets the database to factory defaults but maintains network settings
When to use: To reset the server database and configurations to factory default
Prerequisite: None
Restrictions/Limitations: None
db restore
Syntax: db restore
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
upload db backup
Syntax: upload db backup
Restrictions/Limitations: None
set dbserver
Syntax: set dbserver
Prerequisite: None
Restrictions/Limitations: None
Network-related Commands
get allowed ip
Syntax: get allowed ip
Description: Displays the list of IPv4 addresses or subnets that are allowed to access specific services on
this device
When to use: To view the list of IPv4 addresses or subnets that are allowed to access specific services on
this device
Prerequisite: None
Description: Displays the list of IPv6 addresses or subnets that are allowed to access specific services on
this device
When to use: To view the list of IPv6 addresses or subnets that are allowed to access specific services on
this device
Prerequisite: None
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
get lldp
Syntax: get lldp
Description: Displays the configuration of Link Layer Discovery Protocol (LLDP) settings
Prerequisite: None
Restrictions/Limitations: None
Description: Fetches and displays the management interface (eth1) configuration including the IPv4
address, subnet mask, and gateway.
Restrictions/Limitations: None
Description: Fetches and displays the management interface (eth1) configuration including the IPv4
address, subnet mask, and gateway.
Prerequisite: None
Restrictions/Limitations: None
get network
Syntax: get network
Description: Displays the network interface (eth0) configuration including the IP address, subnet mask,
gateway, DNS address, and DNS suffix
When to use: To view the network interface (eth0) configuration including the IP address, subnet mask,
gateway, DNS address, and DNS suffix
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
set allowed ip
Syntax: set allowed ip
Description: Set the list of IP addresses or subnets that are allowed to access specific services on this
device. After configuration, user can access SSH and HTTPS services on this server only from provided IP
addresses. No other host, apart from configured ones, can access these services. However, these services
will be accessible with IPv6 address of the Server.
When to use: To configure the list of IP addresses or subnets that are allowed to access specific services
on this device.
Description: Set the list of IPv6 addresses or subnets that are allowed to access specific services on this
device. After configuration, user can access SSH and HTTPS services on this server only from provided IPv6
addresses. No other host, apart from configured ones, can access these services over IPv6 network.
However, these services will be accessible with IPv4 address of the Server.
When to use: To configure the list of IPv6 addresses or subnets that are allowed to access specific services
on this device.
Prerequisite: None
Restrictions/Limitations: None
When to use: To configure eth1 as the dedicated management interface with IPv4 address
Prerequisite: None
Restrictions/Limitations: None
When to use: To configure eth1 as the dedicated management interface with IPv6 address
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
set lldp
Syntax: set lldp
Prerequisite: None
Restrictions/Limitations: None
Description: Sets IPv4 and/or IPv6 management interface information and enables you to add or delete
IPv4 and/or IPv6 networks whose traffic would be sent over the management interface.
When to use: To configure eth1 as the dedicated management interface with IPv4 address and/or IPv6
address and to add/delete IPv4 and/or IPv6 networks whose traffic would be sent over the management
interface.
Prerequisite: None
Restrictions/Limitations: None
Description: Enables addition or deletion of IPv4 network whose traffic would be sent over the
management interface.
When to use: To add or delete networks whose traffic would be sent over the management interface with
an IPv4 address.
Restrictions/Limitations: None
set network
Syntax: set network
When to use: To configure the network interface (eth0) configuration including the IP address, subnet
mask, gateway, DNS address, and DNS suffix
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
ping
Syntax: ping [hostname/IP address]
Prerequisite: None
Restrictions/Limitations: None
ping6
Syntax: ping6 [hostname/IP address]
Prerequisite: None
Restrictions/Limitations: None
traceroute
Syntax: traceroute [IP address]
Prerequisite: None
Restrictions/Limitations: None
traceroute6
Syntax: traceroute [IPv6 address]
Prerequisite: None
Restrictions/Limitations: None
reboot
Syntax: reboot
Prerequisite: None
Restrictions/Limitations: None
When to use: To create a debug information tarball file for debugging purposes.
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Description: Used for on-demand or case-specific debugging and requires a debug bundle as parameter.
Contact support-wifi@arista.com for the debug bundle.
When to use: To run specific debugging commands provided by Arista Technical Support.
Restrictions/Limitations: None
Description: If the server is in FIPS 140-2 mode, the command returns ON. If the server is in default mode,
the command returns OFF
Prerequisite: None
Restrictions/Limitations: None
Description: Sets the operation mode of the server to either FIPS 140-2 validated mode or default mode
Prerequisite: None
Restrictions/Limitations: None
Miscellaneous Commands
exit
Syntax: exit
Prerequisite: None
Restrictions/Limitations: None
get hddcheck
Syntax: get hddcheck
Description: Displays the number of bad blocks found on the hard disk drive.
When to use: To view number of bad blocks on the hard disk drive.
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Description: Displays the log level of Aruba Mobility Controller Adapter module.
When to use: To view the log level of Aruba Mobility Controller Adapter module.
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Description: Displays the log level of the HP MSM Controller Integration module.
When to use: To view the log level of the HP MSM Controller Integration module.
Prerequisite: None
Restrictions/Limitations: None
When to use: To view the log level of the Cisco WLC Adapter module.
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Description: Displays a list of sensors (i.e. APs) and network detectors (NDs).
Description: Displays the state of the pinhole reset button on the AP.
When to use: To view the state of the pinhole reset button on the AP.
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
get snmp
Syntax: get snmp
Prerequisite: None
Restrictions/Limitations: None
help
Syntax: help
Prerequisite: None
Restrictions/Limitations: None
reset factory
Syntax: reset factory
Description: Resets the server to the factory defaults/out of the box status.
Prerequisite: None
Restrictions/Limitations: None
Description: Unlocks Graphical User Interface (GUI) account for user admin.
When to use: To unlock the GUI account for the admin user.
Prerequisite: None
Restrictions/Limitations: None
Description: Sets the Graphical User Interface (GUI) password for the user admin to the factory default
‘admin’.
When to use: To set the GUI password for the admin user to factory default password admin
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Description: Sets the log level of Aruba Mobility Controller Adapter module.
When to use: To configure the log level of Aruba Mobility Controller Adapter module.
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Description: Sets the log level of the HP MSM Controller Integration module.
When to use: To configure the log level of the HP MSM Controller Integration module.
Prerequisite: None
Restrictions/Limitations: None
When to use: To view the log level of the Cisco WLC Adapter module.
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Prerequisite: None
Restrictions/Limitations: None
Description: Sets the state of the pinhole reset button on the AP (available for select AP models only).
When to use: To set the state of the pinhole reset button on the AP.
Prerequisite: None
Restrictions/Limitations: None
A server cluster is created to manage multiple servers using a single server. This managing server is called the
parent server and the servers that are managed from the parent server are called the child servers. The parent
server retrieves aggregated data from multiple child servers in the cluster and displays it on the Wireless Manager
along with the parent server data. You can also push common policies onto multiple child servers from a parent
server.
A server (parent server or child server) can be a part of only one cluster at any given point. A child server cannot be
the parent of any other server in the cluster.
To create and manage servers in the cluster, you need to use the server command line console. You can, however,
view the aggregated server data and manage policies via the Wireless Manager or CloudVision WiFi UI.
• The Wireless Managers that form a cluster must have the same version and build number.
• A valid license must have been applied to all child servers to be added to the server cluster.
• The child server must not be a part of any other server cluster.
You can perform five cluster-related operations from the server command line console. They are:
The servers in a server cluster are assigned IDs when they become a part of the server cluster. A parent server is
assigned the ID “1” in the cluster. As and when the child servers are added, they are assigned sequentially
increasing IDs: the child server added first is assigned the ID “2”, the next one is assigned “3”, and so on.
After creating the cluster, you must mount the child servers on the parent server location tree to be able to view
aggregated server data on the UI or push policies from parent server to child server. For details, refer to the
Wireless Manager User Guide.
You can optionally choose to run the server cluster setup wizard to add child servers to the cluster.
You can check the status of the server by executing the cluster show status command.
1. Log in to the command line interface of the server that you want to set up as the parent server in the
cluster. Log in to the server with 'config' user credentials.
2. Run the cluster set command on the command line. The server is set as the parent server in the
cluster.
3. If you want to add child servers right away, enter ‘y’ when prompted to add child servers. Enter a name
for the child server, the IP address of the child server, and the password for the config user of the child
server. Repeat this step to add more child servers.
To add a child server to a server cluster using the cluster add child command, do the following:
1. Log in to the command line interface of the parent server with 'config' user credentials.
If all the data entered is correct, the server with the specified hostname/IP address is added as a child server
in the cluster. Refer to the screenshot below for the cluster add child command.
1. Log in to the server command line interface of the parent server with 'config' user credentials.
2. Run the cluster delete child command.
4. Enter y to confirm the delete operation. The child server is deleted from the cluster.
Refer to the screenshot below for the cluster delete child command.
Note: When the cluster reset command is executed on a child server command line, it removes the child from the
cluster. This action, however, is NOT recommended unless there is no other way to remove the child server from the
cluster. Use the cluster delete child command to delete a child server from a server cluster.
1. Log in to the server command line interface of the parent server with 'config' user credentials.
1. Log in to the server command line interface with 'config' user credentials.
2. Run the cluster show status command. The status of the server is returned by the command.
Refer to the screenshots below for parent and child server status outputs.
Before the 7.1U4r1 release, if you had a setup with multiple Wireless Managers and you downloaded certain
files—say, an audit log from each server—you would notice that the files have identical names across the different
servers. This was also true of files related to the server database backup. This made it difficult to identify the server
to which a file belonged.
Starting with 7.1U4r1 release, a tag assigned to a server is used in the names of files that are downloaded from
that server and files related to the server database backup, making it easier to identify their server of origin.
You can set or change a server tag from the CLI by using the set server tag command. For example,
A server tag can contain a maximum of 16 characters and must not include the \, /, :, *, ?, ", <, >, | characters. The
server tag supports Unicode characters as well.
The server or services do not restart when you set or change a server tag. The files generated and downloaded
after setting the server tag have file names with the new server tag.
You can reset the server tag to a blank value by running the set server tag command and choosing the Reset
option.
If a tag is set, then it is displayed on the CLI. Otherwise, a message indicating that a server tag has not been set is
displayed.
WM_SERVERTAG_FILETYPE_ID_YYYYMMDDHHMMSS.extension
For example, if you set the server tag to “Srv-USeast-03” and then download a report from this server, the file
name would appear as “WM_ Srv-USeast-03_REPORTID_REPINSTANCEID_YYYYMMDDHHMMSS.pdf.”
If no tag is set, the file name has the prefix “WM_ “and would appear as follows:
WM_REPORTID_REPINSTID_YYYYMMDDHHMMSS.pdf.
The filenames prior to the 7.1U4r1 release and the revised names with sample server tag ‘Srv-USeast-03’ are as
follows:
• Debug file
# Note that this file is dependent on the WM build number and not on the WM server itself.
• Generated Report
• Archived Report
• Audit logs
• Visibility Analytics
• Association Analytics
• AP connection
• Server Cluster
You can also specify which traffic originating from the server destined to specific remote hosts/networks
must go through the management interface rather than the eth0 interface. To do this, you need to provide
a list of such hosts/networks in the set management interface command.
Some examples of outgoing traffic and remote hosts/networks are:
• NTP server
• LLDP receiver
• Upgrade availability
In the case of an HA setup, the management interface must be set on both the active and the standby
servers. The HTTP redirector starts in the management interface of the standby server and redirects the
HTTP/HTTPS traffic to the management interface of the active server.
Prior to the 7.1U4r1 release, if Data Sync Link was set to eth1, only the HA traffic was routed from eth1.
Starting with the 7.1U4r1 release, if a management interface is enabled in an HA setup, then Data Sync
Link cannot be set to eth1. The data synchronization will happen over eth0.
Note: eth0 and eth1 interfaces must be on different subnets. In the case of an HA setup, all the four interfaces
(eth0 and eth1 on the active and standby servers) must be on different subnets.
The set management interface command enables you to set an IPv4 and IPv6 management interfaces,
and IPv4 and IPv6 management routes. The IPv6 management interface and route can be configured only if
IPv6 is enabled. IPv6 can be enabled using the set ipv6 network command.
2. The command results in a restart of the Web server. Confirm whether you want to continue with
running the command.
3. Specify the IPv4 address, subnet mask, and gateway IPv4 address of the management interface.
5. Optionally, you can add IPv6 management interfaces and add or delete networks that will be
accessible via the management interface.
6. If you are adding an IPv4 network, enter the IPv4 address and subnet mask for the IPv4 network. If
you are adding an IPv6 network, enter the IPv6 address and subnet mask for the IPv6 network.
You can see the status of the management interface and the corresponding settings by running the get
management interface command.
You can see the list of networks whose traffic is routed through the management interface by running the
get management route command.
Problem Solution
After changing the IP address of the The subnet mask of the computer used to configure the server may not be the
server, the computer used to configure same as that of the server. Change the subnet mask of the computer so that it
the server gets disconnected. is in the same subnet as the server.
On typing ‘https:// wifi-security-server’ The default gateway and preferred DNS server settings of the computer used
in the IE 5.5 browser, the ‘Login’ screen to access the server console may be incorrect. Ensure that the default gateway
does not appear even after adding a and preferred DNS server settings of the computer used to access the server
DNS entry wifi-security-server for the console match the server settings.
server.
On rebooting the server, the get The IP address assigned to the server conflicts with some other IP address on
network command does not show an the network. Change the IP address of the server using the set network
IP address. command.
No APs connect to the server after The server ID used by the server may be in use by another server on the
setting the server ID. network. Verify that no other server with the server ID set for the server is
running on the network.
No connection to the server Check if the server is powered on. If the server is not powered on, switch it on.
Otherwise, check the IP Address or the DNS name on the server config shell.
Important: Ensure that you have used the correct IP address or the DNS name
to connect to the server.
If the IP address or the DNS name is correct, try pinging other computers on
the network from the server config shell interface.
If the problem still exits, reset the server and attempt to reconnect to it.
The console shows a “Java Runtime Follow the instructions provided on the console to install the Java Runtime
Environment Detection” not installed Environment.
message.
Unable to log in to the console. If you are logging in for the first time, refer to the Initializing section for the
default login name and password.
Try recovering the password using the Recover option in the ‘Forgot
Password?’ section of the Login Screen.
The console has frozen (Clicks do not Close the browser and try connecting to the server in another window.
work).
If you cannot connect to the server, follow the steps listed in the first problem
of this table.
AP-server authentication fails with the Please log in to the AP and set the correct passphrase.
error “Mismatch in shared secret”.
AP-server authentication fails when an If the AP uses legacy authentication, turn on the legacy authentication on the
AP with pre-6.2 firmware tries to server and upgrade the AP. After upgrade, the AP should connect to the server
connect to the server and legacy if the server uses the factory default passphrase. If you have changed the
authentication has been turned off. passphrase on the server, log in to the AP and set the correct passphrase.
No events are being reported or the Check the status of the server on the System Status screen.
device status is stale (not updated).
No AP is connected to the server. Check the status of the server on the System Status screen.
Server response time is high. Restart the console. If the problem persists, run the db clean command from
the server config shell.
Note: The database backup results in the auto-restart of the corresponding monitoring services, such as Web
server. The server hardware or VM itself does not reboot. The WiFi client traffic through the APs is not disrupted
due to the restart of the services.
• Events
• Performance data
• Analytics data
• All OSS/BSS CSV files of Performance Statistics
• Archived Reports
• Fetched SAFE reports
• Transient Data
o SSIDs Probed by Clients
o Client fingerprinting
When taking a configuration-only backup, you can choose whether you want to back up the WiFi clients-related
data such as probed SSIDs and other transient data. The default option is to exclude client data.
Option Description
Remote server IP address/DNS IPv4 or IPv6 address or FQDN of the remote server. Ensure that the
name server is reachable over the network.
Remote Server Login Name Username for logging in to the remote server.
Remote Server Destination Absolute path of the directory on the remote server where the
The filename for the full backup is of the form WM_<PREFIX>_backup_ETH0MAC_YYYYMMDDHHMMSS.tgz, where
<PREFIX> is replaced with the server tag set on the server. If no server tag is set, the filename is of the form
WM_backup_ETH0MAC_YYYYMMDDHHMMSS.tgz.
The filename for the Configuration-only backup is of the form
WM_<PREFIX>_backup_ETH0MAC_YYYYMMDDHHMMSS_Config.tgz, where <PREFIX> is replaced with the server
tag set on the server. If no server tag is set, the filename is of the form
WM_backup_ETH0MAC_YYYYMMDDHHMMSS_Config.tgz.
The following figures show examples of full backup and configuration-only backup using the db backup
command.
2. It then copies the data and files from the backup to the database, thereby restoring the database to
the last known working state captured in the backup file.
Important! If you restore a configuration-only backup, then all other data and files that are not part of the backup
will be lost from the database.
Option Description
Remote Server IP address/DNS IPv4 or IPv6 address or FQDN of the remote server. Ensure that the
name server is reachable over the network.
Remote Server Login Name Username for logging in to the remote server.
Remote Server Destination Absolute path of the destination directory on the SCP server where
Directory you want to take the backup.
Remote Server Destination Absolute path of the directory on the remote server where the
Directory database backup file is stored.
After the authentication succeeds, a session key is generated. All communication between the AP and server from
this point on is encrypted using the session key.
The AP and server are shipped with the same default value of the shared secret. The CLI commands for changing
the shared secret are provided on both the AP and the server. Alternatively, you can modify this shared secret
from the server UI.
Note: After the shared secret (communication key) is changed on the server, all APs connected to the server will
automatically be set up to use the new communication key. APs that are not connected to the server at this time
must be set up with the same communication key for them to be able to communicate with this server
Note: The server is backward compatible, i.e., Aps with older firmware versions can connect to the latest version
server. This, however, is not recommended. Please upgrade all APs to the latest firmware version. Once you have
done that, you can use the set sensor legacy authentication CLI command to disable APs with older
firmware from connecting to the server.