Professional Documents
Culture Documents
OTROS - Aerohive CLI Guide
OTROS - Aerohive CLI Guide
The following is a complete list of commands available in the HiveOS 6.6r1 release for the AP230 along with explanations of every keyword.
Click a command to see its keyword explanations. Then click the Back Arrow in your browser to return to the list of commands. For an
introduction to the Aerohive CLI, explaining different ways to access it, some keyboard shortcuts, and usage tips, click here.
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 1/315
27/4/2016 Aerohive CLI Guide
aaa radiusserver local nas <string> sharedkey <string>
aaa radiusserver local nas <string> tls
aaa radiusserver local port <number>
aaa radiusserver local remotecheckperiod <number>
aaa radiusserver local requiremessageauthenticator
aaa radiusserver local retryinterval <number>
aaa radiusserver local sharedsecretautogen
aaa radiusserver local staauth cacert <string> servercert <string> privatekey <string> [ privatekeypassword
<string> ]
aaa radiusserver local staauth defaulttype {leap|peap|tls|ttls|md5}
aaa radiusserver local staauth type tls {checkcertcn|checkindb}
aaa radiusserver local staauth type {leap|peap|tls|ttls|md5}
aaa radiusserver local staauth type {peap|ttls} checkindb
aaa radiusserver local usergroup <string>
aaa radiusserver local {enable|cache}
aaa radiusserver name <string> acctport <port>
aaa radiusserver name <string> authport <port>
aaa radiusserver name <string> server <string> sharedsecret <string>
aaa radiusserver name <string> server <string> tls
aaa radiusserver name <string> tlsport <port>
aaa radiusserver proxy deadtime <number>
aaa radiusserver proxy inject operatorname
aaa radiusserver proxy radsec acctport <port>
aaa radiusserver proxy radsec authport <port>
aaa radiusserver proxy radsec dynamicauthextension
aaa radiusserver proxy radsec enable
aaa radiusserver proxy radsec realm <string> {primary|backup} <string>
aaa radiusserver proxy radsec tlsport <port>
aaa radiusserver proxy realm <string> nostrip
aaa radiusserver proxy realm <string> {primary|backup} <string>
aaa radiusserver proxy realm format {nai|ntdomain}
aaa radiusserver proxy retrydelay <number> retrycount <number>
aaa radiusserver retryinterval <number>
aaa radiusserver {primary|backup1|backup2|backup3} <ip_addr|string> [ sharedsecret <string> ] [ authport
<number> ] [ acctport <number> ] [ viavpntunnel ]
accessconsole customssid <string>
accessconsole hidessid
accessconsole maxclient <number>
accessconsole mode {auto|disable|enable}
accessconsole security macfilter <string>
accessconsole security protocolsuite open
accessconsole security protocolsuite {wpa2aespsk|wpa2tkippsk|wpaautopsk} asciikey <string>
accessconsole telnet
admin auth radiusmethod [ {pap|chap|mschapv2} ]
admin auth {local|radius|both}
admin managerip <ip_addr/netmask>
admin minpasswordlength <number>
admin rootadmin <string> password <string>
admin {readwrite|readonly} <string> password <string>
alg {ftp|tftp|sip|dns|http} enable
alg {ftp|tftp|sip|dns} qos <number>
alg {ftp|tftp|sip} inactivedatatimeout <number>
alg {ftp|tftp|sip} maxduration <number>
amrp interface <ethx|redx|aggx> priority <number>
amrp l2neighborkeepalivecount <number>
amrp metric pollinterval <number>
amrp metric type {aggressive|conservative|normal}
amrp neighbor <mac_addr> metric min <number> max <number>
amrp vpntunnel heartbeat interval <number> retry <number>
application identification cdpindex <number> cdpname <string>
application identification cdpindex <number> cdprule <string> cdpmodule {TCP|UDP|HTTP|TLS}
application identification name <string> value <string>
application identification shutdown
application reporting appid <string>
application reporting appid <string> enable
application reporting collectionperiod <number> reportperiod <number>
application reporting upload <url> timewindow <number> [ admin <string> password <string> {basic|digest} ]
application reporting watchlist <string>
application reporting watchlist <string> enable
application reporting {enable|disable|auto}
bonjourgateway enable
bonjourgateway filter rule <number> [ from <string> ] <string> [ to <string> ] [ metric <number> ]
bonjourgateway filter rule <number> {before|after} rule <number>
bonjourgateway neighbor <ip_addr|string>
bonjourgateway priority <number>
bonjourgateway realm <string>
bonjourgateway vlan <number> [ <number> ]
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 2/315
27/4/2016 Aerohive CLI Guide
bootparam bootfile <string>
bootparam bootpassword <string>
bootparam countrycode <number>
bootparam device <ip_addr/netmask>
bootparam device <ip_addr> <netmask>
bootparam gateway <ip_addr>
bootparam nativevlan <number>
bootparam netboot enable
bootparam netdump dumpfile [ <string> ]
bootparam netdump enable
bootparam server <ip_addr>
bootparam vlan <number>
cac airtimepersecond <number>
cac enable
cac roaming airtimepercentage <number>
capture interface <wifix> [ count <number> ] [ filter <number> ] [ promiscuous ]
capture save interface <wifix> <string>
capwap client HTTP proxy name <string> port <number>
capwap client HTTP proxy user <string> password <string>
capwap client defaultservername <string>
capwap client discovery interval <number>
capwap client discovery maximum interval <number>
capwap client discovery method {broadcast}
capwap client dtls acceptbootstrappassphrase
capwap client dtls bootstrappassphrase <string>
capwap client dtls enable
capwap client dtls handshakewaittime <number>
capwap client dtls hmdefinedpassphrase <string> keyid <number>
capwap client dtls maxretries <number>
capwap client dtls negotiation enable
capwap client dtls psk <string>
capwap client dtls sessiondeletewaittime <number>
capwap client enable
capwap client join timeout <number>
capwap client neighbor dead interval <number>
capwap client neighbor heartbeat interval <number>
capwap client pcialert enable
capwap client server [ {backup} ] name <string> [ connectdelay <number> ] [ viavpntunnel ]
capwap client server port <number>
capwap client silent interval <number>
capwap client transport HTTP
capwap client vhmname <string>
capwap maxdiscoveries counter <number>
capwap ping <string> [ port <number> ] [ count <number> ] [ size <number> ] [ timeout <number> ]
capwap ping <string> [ port <number> ] flood <number> [ size <number> ] [ timeout <number> ]
clear aaa radiusserver cache [ username <string> ]
clear aaa radiusserverkey [ {radiusserver|ldapclient} ] [ <string> ]
clear aaa radiusserverkey radsec ca
clear application reporting appstats
clear application reporting statistics
clear arpcache
clear auth roamingcache mac <mac_addr> {hiveneighbors|hiveall}
clear auth roamingcache {hiveneighbors}
clear auth username <string>
clear auth {localcache|roamingcache|station} [ mac <mac_addr> ]
clear auth {localcache|roamingcache|station} ssid <string>
clear cac stationairtime [ mac <mac_addr> ]
clear capture local [ <string> ]
clear capwap client counter
clear config rollback
clear forwardingengine counters [ interface <wifix|wifix.y|ethx|mgtx|aggx|redx> ] [ station <mac_addr> ] [ drop ]
[ tunnel ] [ policy ]
clear forwardingengine ipsessions [ srcip <ip_addr> ] [ dstip <ip_addr> ] [ srcport <number> ] [ dstport
<number> ] [ protocol <number> ]
clear forwardingengine ipsessions id <number>
clear forwardingengine macsessions [ srcmac <mac_addr> ] [ dstmac <mac_addr> ]
clear forwardingengine macsessions id <number>
clear gretunnel counters tunnel
clear hive <string> counter neighbor [ <mac_addr> ]
clear interface <ethx|aggx|redx> maclearning dynamic <mac_addr>
clear interface <ethx|aggx|redx> maclearning dynamic all
clear interface <ethx|wifix|wifix.y|aggx|redx> counter
clear interface <mgtx|mgtx.y> dhcpserver lease all
clear interface <mgtx|mgtx.y> dhcpserver lease ip <ip_addr>
clear interface <mgtx|mgtx.y> dhcpserver lease mac <mac_addr>
clear interface <wifix> wlanidp mitigate rogueap [ <mac_addr> ]
clear lldp [ {cdp} ] table
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 3/315
27/4/2016 Aerohive CLI Guide
clear location {aeroscout|tzsp} counter
clear log [ {buffered|debug|flash|all} ]
clear mdnsd counter [ vlan <number> ]
clear networkfirewall session all
clear qos counter
clear service [ <string> ] counter
clear ssh known_host <string>
clear ssid <string> counter station [ <mac_addr> ]
clear supplicant certfile [ <string> ]
clear userandgroup all
clear vpn certificatekey
clear vpn {ike|ipsec} sa
clear webdirectory [ {ppskselfreg} ]
clear wlanidp mitigate [ <mac_addr> ]
clientmonitor enable
clientmonitor policy <string> problemtype {association|authentication|networking} [ triggertimes <number> ] [
reportinterval <number> ] [ quiettime <number> ]
clienttracing <mac_addr>
clock datetime <date> <time>
clock timezone <number> [ {30|45} ]
clock timezone daylightsavingtime <date> <time> <date> <time>
config rollback enable
config rollback manual [ waittime <number> ]
config rollback now
config rollback {capwapdisconnect|nextreboot} [ waittime <number> ]
config version <number>
console echo obscurepasswords
console page <number>
console serialport enable
console timeout <number>
datacollection collect interval <number>
datacollection enable
datacollection report interval <number>
datacollection {maxcollect} <number>
debug console [ {all} ]
debug console level {emergency|alert|critical|error|warning|notification|info|debug}
debug console timestamp
designatedserver idmproxy announce
designatedserver idmproxy dynamic
devicegroup <string> [ macobject <string> ] [ domainobject <string> ] [ osobject <string> ]
devicegroup <string> ownership {cid|byod}
devicelocation <string>
dns domainname <string>
dns dynamicdns domainname <string>
dns dynamicdns enable
dns dynamicdns serveraccount {dyndns|noip} username <string> password <string>
dns serverip <ip_addr|ipv6_addr> [ {second|third} ]
domainobject <string> domain <string>
exec aaa idmtest auth username <string> password <string> [ {pap|mschapv2} ] [ proxy <string> ] [ bindssid
<string> ]
exec aaa idmtest {radsecproxy|authproxy}
exec aaa ldapsearch servertype {activedirectory|ldapserver|opendirectory} server <string> basedn <string>
binddn <string> password <string> [ {attributes} [ <string> ] ]
exec aaa ldapsearch username <string> [ basedn <string> ] [ domain <string> ]
exec aaa librarysiptest primary username <string> password <string>
exec aaa netadsinfo <string>
exec aaa netjoin [ {primary|backup1|backup2|backup3} username <string> password <string> ]
exec aaa netjoin domain <string> fullname <string> server <string> username <string> password <string> [
computerou <string> ]
exec aaa ntlmauth username <string> password <string> [ domain <string> ]
exec aaa radiustest <string> accounting
exec aaa radiustest <string> callcheck <mac_addr>
exec aaa radiustest <string> username <string> password <string> [ {pap|chap|mschapv2} ]
exec activealarmsresending
exec antennaalignment interface <wifix> peer <mac_addr> [ count <number> ] [ interval <number> ] [ textsize
<number> ]
exec auth <string> ppskmacunbinding mac <mac_addr>
exec auth <string> ppskmacunbinding macppsk <mac_addr> <string>
exec auth <string> ppskmacunbinding ppsk <string>
exec bypasswanhardening
exec capture remotesniffer [ user <string> <string> ] [ hostallowed <string> ] [ localport <number> ] [
promiscuous ]
exec clientmonitor <mac_addr>
exec datacollection {push|clear}
exec delayexecute [ <number> ]
exec interface <wifix> spectralscan channel <number>
exec interface <wifix> spectralscan reportinterval <number>
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 4/315
27/4/2016 Aerohive CLI Guide
exec interface <wifix> spectralscan {start|stop}
exec mobiledevicemanager aerohive statuschange <string>
exec sshclient server <string> user <string>
exec usergroup <string> psktopmk
exec wlanidp apclassify {rogue|friendly} <mac_addr> [ <mac_addr> ]
exec wlanidp mitigate {rogueap} <mac_addr>
exec wlanidp mitigate {rogueap} <mac_addr> interface <wifix>
exec {jsscheck|airwatchcheck|aerohivecheck} mobiledevice <mac_addr> enrollstatus
exit
filter <number> l2 [ {data|ctl|mgmt} ] [ subtype <hex> ] [ srcmac <mac_addr> ] [ dstmac <mac_addr> ] [ bssid
<mac_addr> ] [ txmac <mac_addr> ] [ rxmac <mac_addr> ] [ error {crc|decrypt|mic|all|no} ] [ etype <hex> ]
filter <number> l3 [ srcip <ip_addr> ] [ dstip <ip_addr> ] [ protocol <number> ] [ srcport <number> ] [ dst
port <number> ]
filter [ <number> ] [ direction bidirectional ]
forwardingengine drop {ipfragmentedpackets|toselfnonmanagementtraffic}
forwardingengine interssidflood enable
forwardingengine l2defaultroute interface <ethx> vlan <number> [ <number> ]
forwardingengine log {firewalldroppedpackets|toselfsessions}
forwardingengine macsessions syncvlan
forwardingengine maxipsessionsperstation <number>
forwardingengine maxmacsessionsperstation <number>
forwardingengine proxyarp enable
forwardingengine staticrule <string> action drop inif <ethx|aggx|redx> dstmac <mac_addr>
forwardingengine staticrule <string> action drop inif <ethx|aggx|redx> srcmac <mac_addr> dstmac <mac_addr>
forwardingengine staticrule <string> action drop inif <ethx|aggx|redx> srcoui <oui> dstmac <mac_addr>
forwardingengine staticrule <string> action drop inif <wifix.y> dstmac <mac_addr> txmac <mac_addr>
forwardingengine staticrule <string> action drop inif <wifix.y> srcmac <mac_addr> dstmac <mac_addr> txmac
<mac_addr>
forwardingengine staticrule <string> action drop inif <wifix.y> srcoui <oui> dstmac <mac_addr> txmac
<mac_addr>
forwardingengine staticrule <string> action pass inif <ethx|aggx|redx> dstmac <mac_addr> outif
<ethx|aggx|redx>
forwardingengine staticrule <string> action pass inif <ethx|aggx|redx> dstmac <mac_addr> outif <wifix.y> rx
mac <mac_addr>
forwardingengine staticrule <string> action pass inif <ethx|aggx|redx> srcmac <mac_addr> dstmac <mac_addr>
outif <ethx|aggx|redx>
forwardingengine staticrule <string> action pass inif <ethx|aggx|redx> srcmac <mac_addr> dstmac <mac_addr>
outif <wifix.y> rxmac <mac_addr>
forwardingengine staticrule <string> action pass inif <ethx|aggx|redx> srcoui <oui> dstmac <mac_addr> outif
<ethx|aggx|redx>
forwardingengine staticrule <string> action pass inif <ethx|aggx|redx> srcoui <oui> dstmac <mac_addr> outif
<wifix.y> rxmac <mac_addr>
forwardingengine staticrule <string> action pass inif <wifix.y> dstmac <mac_addr> txmac <mac_addr> outif
<ethx|aggx|redx>
forwardingengine staticrule <string> action pass inif <wifix.y> dstmac <mac_addr> txmac <mac_addr> outif
<wifix.y> rxmac <mac_addr>
forwardingengine staticrule <string> action pass inif <wifix.y> srcmac <mac_addr> dstmac <mac_addr> txmac
<mac_addr> outif <ethx|aggx|redx>
forwardingengine staticrule <string> action pass inif <wifix.y> srcmac <mac_addr> dstmac <mac_addr> txmac
<mac_addr> outif <wifix.y> rxmac <mac_addr>
forwardingengine staticrule <string> action pass inif <wifix.y> srcoui <oui> dstmac <mac_addr> txmac
<mac_addr> outif <ethx|aggx|redx>
forwardingengine staticrule <string> action pass inif <wifix.y> srcoui <oui> dstmac <mac_addr> txmac
<mac_addr> outif <wifix.y> rxmac <mac_addr>
forwardingengine tunnel selectivemulticastforward allowall except <ip_addr|ip_addr/mask>
forwardingengine tunnel selectivemulticastforward blockall
forwardingengine tunnel selectivemulticastforward blockall except <ip_addr|ip_addr/mask>
forwardingengine tunnel tcpmssthreshold enable
forwardingengine tunnel tcpmssthreshold thresholdsize <number>
history <number>
hive <string>
hive <string> fragthreshold <number>
hive <string> manage all
hive <string> manage {Telnet|SSH|SNMP|ping}
hive <string> neighbor connectingthreshold <number> pollinginterval <number>
hive <string> neighbor connectingthreshold {low|medium|high} pollinginterval <number>
hive <string> password <string>
hive <string> rtsthreshold <number>
hive <string> security macfilter <string>
hive <string> security wlan dos stationlevel frametype {assocreq|auth|eapol} ban <number>
hive <string> security wlan dos stationlevel frametype {assocreq|auth|eapol} ban forever
hive <string> security wlan dos {hivelevel|stationlevel} frametype {probereq|proberesp|assocreq|assoc
resp|disassoc|auth|deauth|eapol|all}
hive <string> security wlan dos {hivelevel|stationlevel} frametype {probereq|proberesp|assocreq|assoc
resp|disassoc|auth|deauth|eapol|all} alarm <number>
hive <string> security wlan dos {hivelevel|stationlevel} frametype {probereq|proberesp|assocreq|assoc
resp|disassoc|auth|deauth|eapol|all} threshold <number>
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 5/315
27/4/2016 Aerohive CLI Guide
hive <string> wlanidp innetap
hive <string> wlanidp maxmitigatornum <number>
hive <string> wlanidp mitigationmode {automatic|semiautomatic|manual}
hive <string> wlanidp mitigationmode {automatic|semiautomatic} action {mitigate|report}
hive <string> wlanidp mitigatorreevalperiod <number>
hive <string> wlanidp queryinterval <number>
hive <string> wlanidp waitinterval <number>
hiveui cas client server name <string>
hiveui cas client server port <number>
hiveui enable
hostname <string>
interface <blex> ibeacon [ uuid <string> ] [ major <number> ] [ minor <number> ] [ measuredpower <number> ]
interface <blex> ibeacon enable
interface <blex> ibeaconmonitor enable
interface <ethx> bind <aggx>
interface <ethx> bind <redx> [ primary ]
interface <ethx> clientmonitorpolicy <string>
interface <ethx> duplex {full|half|auto}
interface <ethx> ip <ip_addr/netmask>
interface <ethx> mode wan
interface <ethx> nativevlan <number>
interface <ethx> pppoe authmethod {pap|chap|any}
interface <ethx> pppoe enable
interface <ethx> pppoe username <string> password <string>
interface <ethx> securityobject <string>
interface <ethx> speed {10|100|1000|auto}
interface <ethx> supplicant <string>
interface <ethx|aggx|redx> allowedvlan <number> [ <number> ]
interface <ethx|aggx|redx> allowedvlan {all|auto}
interface <ethx|aggx|redx> interstationtraffic
interface <ethx|aggx|redx> linkdiscovery {lldp|cdp}
interface <ethx|aggx|redx> maclearning enable
interface <ethx|aggx|redx> maclearning idletimeout <number>
interface <ethx|aggx|redx> maclearning static <mac_addr>
interface <ethx|aggx|redx> manage {Telnet|SSH|SNMP|ping|all}
interface <ethx|aggx|redx> mode bridge802.1q userprofileattribute <number>
interface <ethx|aggx|redx> mode {bridge802.1q|backhaul}
interface <ethx|aggx|redx> qosclassifier <string>
interface <ethx|aggx|redx> qosmarker <string>
interface <ethx|aggx|redx> ratelimit broadcast <number>
interface <ethx|aggx|redx> ratelimit multicast <number>
interface <ethx|aggx|redx> ratelimit unicast <number>
interface <ethx|aggx|redx> ratelimit {multicast|broadcast|unicast} enable
interface <ethx|aggx|redx> shutdown
interface <ethx|redx|aggx> mode bridgeaccess [ userprofileattribute <number> ]
interface <ethx|usbnetx> mode wan nat
interface <ethx|usbnetx> mode wan natpolicy <string>
interface <ethx|usbnetx> mode wan priority <number>
interface <mgtx.y> ip <ip_addr/netmask>
interface <mgtx.y> manage ping
interface <mgtx.y> vlan <number>
interface <mgtx> defaultipprefix <ip_addr/netmask>
interface <mgtx> defaultipprefix <ip_addr>
interface <mgtx> dhcp client fallbacktostaticip
interface <mgtx> dhcp keepalive enable
interface <mgtx> dhcp keepalive interval <number>
interface <mgtx> dhcp keepalive retry <number>
interface <mgtx> dhcp keepalive timeout <number>
interface <mgtx> dhcp keepalive vlan <number> [ <number> ]
interface <mgtx> dhcpprobe vlanrange <number> <number> [ timeout <number> ] [ retries <number> ]
interface <mgtx> hive <string>
interface <mgtx> ip <ip_addr/netmask>
interface <mgtx> ip <ip_addr> <netmask>
interface <mgtx> ipv6 <ipv6_addr/mask> [ eui64 ]
interface <mgtx> ipv6 <ipv6_addr> linklocal
interface <mgtx> ipv6 autoconfig
interface <mgtx> ipv6 dhcp client
interface <mgtx> mtu <number>
interface <mgtx> nativevlan <number>
interface <mgtx> vlan <number>
interface <mgtx|ethx> dhcp client
interface <mgtx|ethx> dhcp client addressonly
interface <mgtx|ethx> dhcp client option custom ppskserverip <number>
interface <mgtx|ethx> dhcp client option custom radiusserverip <number>
interface <mgtx|ethx> dhcp client option custom radiusserverip accounting <number>
interface <mgtx|ethx> dhcp client option custom {syslogserverip|hivemanagerip|backuphivemanagerip} <number>
interface <mgtx|ethx> dhcp client option custom {syslogserver|hivemanager|backuphivemanager} <number>
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 6/315
27/4/2016 Aerohive CLI Guide
interface <mgtx|ethx> dhcp client prefersubnet <ip_addr/netmask>
interface <mgtx|ethx> dhcp client timeout <number>
interface <mgtx|mgtx.y> dhcpserver enable
interface <mgtx|mgtx.y> dhcpserver ipbinding <ip_addr> <mac_addr>
interface <mgtx|mgtx.y> dhcpserver ippool <ip_addr> <ip_addr>
interface <mgtx|mgtx.y> dhcpserver options custom <number> hex <string>
interface <mgtx|mgtx.y> dhcpserver options custom <number> integer <number>
interface <mgtx|mgtx.y> dhcpserver options custom <number> ip <ip_addr>
interface <mgtx|mgtx.y> dhcpserver options custom <number> string <string>
interface <mgtx|mgtx.y> dhcpserver options defaultgateway <ip_addr> [ {natsupport} ]
interface <mgtx|mgtx.y> dhcpserver options domainname <string>
interface <mgtx|mgtx.y> dhcpserver options hivemanager <ip_addr>
interface <mgtx|mgtx.y> dhcpserver options hivemanager <string>
interface <mgtx|mgtx.y> dhcpserver options leasetime <number>
interface <mgtx|mgtx.y> dhcpserver options mtu <number>
interface <mgtx|mgtx.y> dhcpserver options netmask <netmask>
interface <mgtx|mgtx.y> dhcpserver options vendorspecific VCI <string>
interface <mgtx|mgtx.y> dhcpserver options vendorspecific VCI <string> <number> ip <ip_addr>
interface <mgtx|mgtx.y> dhcpserver options vendorspecific VCI <string> <number> string <string>
interface <mgtx|mgtx.y> dhcpserver options {dns1|dns2|dns3} <ip_addr>
interface <mgtx|mgtx.y> dhcpserver options {logsrv|pop3|smtp} <ip_addr>
interface <mgtx|mgtx.y> dhcpserver options {ntp1|ntp2} <ip_addr>
interface <mgtx|mgtx.y> dhcpserver options {wins1|wins2} <ip_addr>
interface <mgtx|mgtx.y> dhcpserver reservedaddress <ip_addr> <ip_addr>
interface <mgtx|mgtx.y> dhcpserver {arpcheck|authoritativeflag}
interface <mgtx|mgtx.y> dnsserver enable
interface <mgtx|mgtx.y> dnsserver extresolve {dns1|dns2|dns3} <ip_addr>
interface <mgtx|mgtx.y> dnsserver intdomainname <string> [ <ip_addr> ]
interface <mgtx|mgtx.y> dnsserver intresolve {dns1|dns2|dns3} <ip_addr>
interface <mgtx|mgtx.y> dnsserver mode {split|nonsplit}
interface <mgtx|mgtx.y> dnsserver opendnsdeviceid <string>
interface <mgtx|mgtx.y> iphelper address <ip_addr>
interface <mgtx|mgtx.y> iphelper maxhops <number>
interface <mgtx|vlanx> dhcpserver options vendorspecific VCI <string> <number> hex <string>
interface <mgtx|vlanx> dhcpserver options vendorspecific VCI <string> <number> integer <number>
interface <wifix> hive <string> shutdown
interface <wifix> linkdiscovery {lldp|cdp}
interface <wifix> mode {access|backhaul|dual|sensor}
interface <wifix> radio antenna diversity
interface <wifix> radio channel <string>
interface <wifix> radio channel exclude <string>
interface <wifix> radio power <number>
interface <wifix> radio power auto
interface <wifix> radio power auto floor <number>
interface <wifix> radio power auto maxdrop <number>
interface <wifix> radio profile <string>
interface <wifix> radio range <number>
interface <wifix> radio txpowercontrol <number>
interface <wifix> radio txpowercontrol auto
interface <wifix> ssid <string>
interface <wifix> ssid <string> ip <ip_addr/netmask>
interface <wifix> ssid <string> shutdown
interface <wifix> wlanidp profile <string>
ip natpolicy <string>
ip natpolicy <string> type matchnet inside <ip_addr/netmask> outside <ip_addr/netmask>
ip natpolicy <string> type virtualhost insidehost <ip_addr> insideport <port> outsideport <port> protocol
{tcp|udp}
ip pathmtudiscovery enable
ip route default gateway <ip_addr> [ metric <number> ]
ip route host <ip_addr> [ gateway <ip_addr> ] [ metric <number> ]
ip route net <ip_addr> <netmask> [ gateway <ip_addr> ] [ metric <number> ]
ip tcpmssthreshold enable
ip tcpmssthreshold l3vpnthresholdsize <number>
ip tcpmssthreshold thresholdsize <number>
ip versionpreference {ipv4|ipv6}
ippolicy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to
<ip_addr|string_64> [ <mask> ] ] [ service <string> ] [ action {permit|deny|nat|interstationtraffic
drop|redirect} ]
ippolicy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to
<ip_addr|string_64> [ <mask> ] ] [ service <string> ] action deny log packetdrop
ippolicy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to
<ip_addr|string_64> [ <mask> ] ] [ service <string> ] action interstationtrafficdrop log [ {initiate
session|terminatesession|packetdrop} ]
ippolicy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to
<ip_addr|string_64> [ <mask> ] ] [ service <string> ] action permit log [ {initiatesession|terminatesession} ]
ippolicy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] to
localsubnet [ service <string> ] [ action {permit|deny|nat|interstationtrafficdrop|redirect} ]
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 7/315
27/4/2016 Aerohive CLI Guide
iperf client <ip_addr> [ {port} <number> ] [ {udp} ] [ {interval} <number> ] [ {nodelay} ] [ {dualtest} ] [
{tradeoff} ] [ {listenport} <number> ] [ {window} <number> ] [ {mss} <number> ] [ {bandwidth} <number> ] [ {time}
<number> ] [ {parallel} <number> ]
iperf server [ {port} <number> ] [ {udp} ] [ {singleudp} ] [ {interval} <number> ] [ {nodelay} ] [ {window}
<number> ] [ {mss} <number> ] [ {bind} <ip_addr> ]
ipv6 dhcpv6shield enable
ipv6 raguard stateless enable
ipv6 route <ipv6_addr/mask> <mgtx> gateway <ipv6_addr> [ metric <number> ]
ipv6 route <ipv6_addr/mask> gateway <ipv6_addr> [ metric <number> ]
ipv6 route default <mgtx> gateway <ipv6_addr> [ metric <number> ]
ipv6 route default gateway <ipv6_addr> [ metric <number> ]
kddr enable
librarysippolicy <string> default usergroup <string> [ action {permit|restricted|deny} ] [ additionaldisplay
message <string> ]
librarysippolicy <string> id <number> field <string> {equal|greaterthan|lessthan} <number> usergroup <string>
[ action {permit|restricted|deny} ] [ additionaldisplaymessage <string> ]
librarysippolicy <string> id <number> field <string> {matches|differsfrom|startswith|occursafter|occurs
before|contains} <string> usergroup <string> [ action {permit|restricted|deny} ] [ additionaldisplaymessage
<string> ]
librarysippolicy <string> id <number> {after|before} id <number>
license <string> <string>
lldp [ {cdp|receiveonly} ]
lldp [ {cdp} ] maxentries <number>
lldp holdtime <number>
lldp maxpower <number>
lldp timer <number>
load config {current|backup|bootstrap|default}
location aerohive enable
location aerohive listmatch enable
location aerohive mac <mac_addr>
location aerohive oui <oui>
location aerohive reportinterval <number>
location aerohive rssiholdtime <number>
location aerohive rssiupdatethreshold <number>
location aerohive rssivalidperiod <number>
location aerohive suppressreport <number>
location ratethreshold {tag|station|rogueap} <number>
location {aeroscout|tzsp} enable
location {aeroscout} server <string>
location {aeroscout} {tag|station|rogueap}
location {tzsp} mcastmac <mac_addr>
location {tzsp} serverconfig server <string> port <number>
logging buffered level {emergency|alert|critical|error|warning|notification|info|debug}
logging debug
logging facility {local0|local1|local2|local3|local4|local5|local6|local7|auth|authpriv|security|user}
logging flash level {emergency|alert|critical|error|warning|notification|info|debug}
logging server <string> [ level {emergency|alert|critical|error|warning|notification|info|debug} ] [ {viavpn
tunnel} ]
logging trap level [ {emerg|alert|crit|err|warning|notice|info} ]
login banner <string>
macobject <string> macrange <mac_addr> <mac_addr>
macpolicy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to
<mac_addr> [ <number> ] ] [ action {permit|deny} ]
macpolicy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to
<mac_addr> [ <number> ] ] action deny log packetdrop
macpolicy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to
<mac_addr> [ <number> ] ] action permit log [ {initiatesession|terminatesession} ]
mdmobject <string> [ enrollstatus {enrolled|nonenrolled|unknown} ] [ compliancestatus {compliant|non
compliant|unknown} ] [ clienttag <string> ]
mobiledevicepolicy <string> [ rule <number> ] [ originaluserprofile <string> ] devicegroup <string>
reassigneduserprofileattr <number>
mobiledevicepolicy <string> apply {once|multipletimes}
mobiledevicepolicy <string> clientclassification [ {mac} ] [ {domain} ] [ {os} ]
mobiledevicepolicy <string> rule <number> {before|after} rule <number>
mobilitypolicy <string> dnxp
mobilitypolicy <string> dnxp nomadicroaming
mobilitypolicy <string> dnxp unroamthreshold <number> <number>
mobilitypolicy <string> inxp gretunnel from <ip_addr/netmask> password <string>
mobilitypolicy <string> inxp gretunnel to <ip_addr> <ip_addr> password <string>
mobilitypolicy <string> inxp gretunnel to <ip_addr> password <string>
mobilitythreshold gretunnel permittedload {low|medium|high}
networkfirewall name <string> [ from {any|vpn} ] [ to {any|vpn} ] [ service <string> ] [ action {permit|deny} ]
logging {on|off}
networkfirewall name <string> [ from {any|vpn} ] to hostname <string> [ service <string> ] [ action {permit|deny}
] logging {on|off}
networkfirewall name <string> [ from {any|vpn} ] to iprange <ip_addr> <ip_addr> [ service <string> ] [ action
{permit|deny} ] logging {on|off}
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 8/315
27/4/2016 Aerohive CLI Guide
networkfirewall name <string> [ from {any|vpn} ] to network <ip_addr> <mask> [ service <string> ] [ action
{permit|deny} ] logging {on|off}
networkfirewall name <string> [ from {any|vpn} ] to wildcard <ip_addr> <mask> [ service <string> ] [ action
{permit|deny} ] logging {on|off}
networkfirewall name <string> from iprange <ip_addr> <ip_addr> [ to {any|vpn} ] [ service <string> ] [ action
{permit|deny} ] logging {on|off}
networkfirewall name <string> from iprange <ip_addr> <ip_addr> to hostname <string> [ service <string> ] [
action {permit|deny} ] logging {on|off}
networkfirewall name <string> from iprange <ip_addr> <ip_addr> to iprange <ip_addr> <ip_addr> [ service
<string> ] [ action {permit|deny} ] logging {on|off}
networkfirewall name <string> from iprange <ip_addr> <ip_addr> to network <ip_addr> <mask> [ service <string> ]
[ action {permit|deny} ] logging {on|off}
networkfirewall name <string> from iprange <ip_addr> <ip_addr> to wildcard <ip_addr> <mask> [ service <string> ]
[ action {permit|deny} ] logging {on|off}
networkfirewall name <string> from network <ip_addr> <mask> [ to {any|vpn} ] [ service <string> ] [ action
{permit|deny} ] logging {on|off}
networkfirewall name <string> from network <ip_addr> <mask> to hostname <string> [ service <string> ] [ action
{permit|deny} ] logging {on|off}
networkfirewall name <string> from network <ip_addr> <mask> to iprange <ip_addr> <ip_addr> [ service <string> ]
[ action {permit|deny} ] logging {on|off}
networkfirewall name <string> from network <ip_addr> <mask> to network <ip_addr> <mask> [ service <string> ] [
action {permit|deny} ] logging {on|off}
networkfirewall name <string> from network <ip_addr> <mask> to wildcard <ip_addr> <mask> [ service <string> ] [
action {permit|deny} ] logging {on|off}
networkfirewall name <string> from userprofile <string> [ to {any|vpn} ] [ service <string> ] [ action
{permit|deny} ] logging {on|off}
networkfirewall name <string> from userprofile <string> to hostname <string> [ service <string> ] [ action
{permit|deny} ] logging {on|off}
networkfirewall name <string> from userprofile <string> to iprange <ip_addr> <ip_addr> [ service <string> ] [
action {permit|deny} ] logging {on|off}
networkfirewall name <string> from userprofile <string> to network <ip_addr> <mask> [ service <string> ] [
action {permit|deny} ] logging {on|off}
networkfirewall name <string> from userprofile <string> to wildcard <ip_addr> <mask> [ service <string> ] [
action {permit|deny} ] logging {on|off}
networkfirewall name <string> from wildcard <ip_addr> <mask> [ to {any|vpn} ] [ service <string> ] [ action
{permit|deny} ] logging {on|off}
networkfirewall name <string> from wildcard <ip_addr> <mask> to hostname <string> [ service <string> ] [ action
{permit|deny} ] logging {on|off}
networkfirewall name <string> from wildcard <ip_addr> <mask> to iprange <ip_addr> <ip_addr> [ service <string> ]
[ action {permit|deny} ] logging {on|off}
networkfirewall name <string> from wildcard <ip_addr> <mask> to network <ip_addr> <mask> [ service <string> ] [
action {permit|deny} ] logging {on|off}
networkfirewall name <string> from wildcard <ip_addr> <mask> to wildcard <ip_addr> <mask> [ service <string> ] [
action {permit|deny} ] logging {on|off}
ntp enable
ntp interval <number>
ntp server <string> [ {second|third|fourth} ] [ {viavpntunnel} ]
osdetection enable
osdetection method dhcpoption55
osdetection method useragent
osobject <string> osversion <string>
osversion <string> option55 <string>
performancesentinel notificationinterval <number>
ping <ip_addr> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
ping <string> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
ping6 <ipv6_addr> [ interface <string> ] [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number>
]
ping6 <string> [ interface <string> ] [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
probe <ip_addr|mac_addr> [ size <number> ] [ srcmac <mac_addr> ] [ waittime <number> ] [ ttl <number> ] [ count
<number> ]
probe portal [ size <number> ] [ srcmac <mac_addr> ] [ waittime <number> ] [ ttl <number> ] [ count <number> ]
qos airtime enable
qos airtime ratepreferenceweight {none|moderate|high}
qos classifiermap 80211e <number> <number>
qos classifiermap 8021p <number> <number>
qos classifiermap diffserv <number> <number>
qos classifiermap interface <ethx|aggx|redx> <number>
qos classifiermap oui <oui> [ qos <number> ] [ action {permit|deny|log} ] [ comment <string> ]
qos classifiermap service <string> [ qos <number> ] [ action {permit|deny|log} ]
qos classifiermap ssid <string> <number>
qos classifierprofile <string> [ {interface/ssidonly|8021p|80211e|diffserv|interface/ssid|mac|service} ]
qos enable
qos l3police interface <string> enable
qos l3police interface <string> maxdownloadbw <number>
qos l3police interface <string> maxuploadbw <number>
qos l3police voipdetecttimeout <number>
qos markermap 80211e <number> <number>
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 9/315
27/4/2016 Aerohive CLI Guide
qos markermap 8021p <number> <number>
qos markermap 8021p <string> [ <number> <number> ]
qos markermap diffserv <number> <number>
qos markermap diffserv <string> [ <number> <number> ]
qos markerprofile <string> [ {8021p|80211e|diffserv} ]
qos policy <string> [ userprofile <number> <number> ] [ user <number> ] [ qos <number> {strict|wrr} <number>
<number> ]
quit
radio profile <string>
radio profile <string> acsp access channelautoselect timerange <time> <time> [ station <number> ]
radio profile <string> acsp allchannelsmodel enable
radio profile <string> acsp channelmodel 4channels [ <channel_g4> ]
radio profile <string> acsp channelmodel {3channels} [ <channel_g3> ]
radio profile <string> acsp interferenceswitch crcerrthreshold <number>
radio profile <string> acsp interferenceswitch iuthreshold <number>
radio profile <string> acsp interferenceswitch {enable|nostationenable|disable}
radio profile <string> acsp maxtxpower <number>
radio profile <string> ampdu
radio profile <string> amsdu
radio profile <string> backhaul failover [ triggertime <number> ] [ holdtime <number> ]
radio profile <string> bandsteering balanceband threshold <number>
radio profile <string> bandsteering enable
radio profile <string> bandsteering mode {balanceband|prefer5g|force5g}
radio profile <string> bandsteering prefer5g suppressionlimit <number>
radio profile <string> beaconperiod <number>
radio profile <string> benchmark phymode 11a rate {6|9|12|18|24|36|48|54} success <number> usage <number>
radio profile <string> benchmark phymode 11ac rate
{6|9|12|18|24|36|48|54|mcs0/1|mcs1/1|mcs2/1|mcs3/1|mcs4/1|mcs5/1|mcs6/1|mcs7/1|mcs8/1|mcs9/1|mcs0/2|mcs1/2|mcs2/2|mcs3/2|mc
success <number> usage <number>
radio profile <string> benchmark phymode 11b rate {1|2|5.5|11} success <number> usage <number>
radio profile <string> benchmark phymode 11g rate {1|2|5.5|11|6|9|12|18|24|36|48|54} success <number> usage
<number>
radio profile <string> benchmark phymode 11n rate
{6|9|12|18|24|36|48|54|mcs0|mcs1|mcs2|mcs3|mcs4|mcs5|mcs6|mcs7|mcs8|mcs9|mcs10|mcs11|mcs12|mcs13|mcs14|mcs15|mcs16|mcs17|mc
success <number> usage <number>
radio profile <string> channelwidth {20|40|40above|40below|80}
radio profile <string> clientloadbalance crcerrorlimit <number>
radio profile <string> clientloadbalance enable
radio profile <string> clientloadbalance holdtime <number>
radio profile <string> clientloadbalance interferencelimit <number>
radio profile <string> clientloadbalance mode {airtime|stanum}
radio profile <string> clientloadbalance neighborloadqueryinterval <number>
radio profile <string> clientloadbalance staminiairtime <number>
radio profile <string> denyclient {11b|11abg}
radio profile <string> detectbssidspoofing
radio profile <string> dfs
radio profile <string> dfs radardetectonly
radio profile <string> frameburst
radio profile <string> highdensity broadcastprobesuppress oui <oui>
radio profile <string> highdensity continuousprobesuppress enable
radio profile <string> highdensity enable
radio profile <string> highdensity mgmtframetxrate {low|high}
radio profile <string> interferencemap crcerrthreshold <number>
radio profile <string> interferencemap cuthreshold <number>
radio profile <string> interferencemap enable
radio profile <string> interferencemap shortterminterval <number>
radio profile <string> maxclient <number>
radio profile <string> phymode {11a|11b/g|11na|11ng|11ac}
radio profile <string> presence aggrinterval <number>
radio profile <string> presence agingtime <number>
radio profile <string> presence enable
radio profile <string> presence trapinterval <number>
radio profile <string> primarychanneloffset {auto|0|1|2|3}
radio profile <string> receivechain <number>
radio profile <string> safetynet enable
radio profile <string> safetynet timeout <number>
radio profile <string> scan access
radio profile <string> scan access client
radio profile <string> scan access client powersave
radio profile <string> scan access interval <number>
radio profile <string> scan access voice
radio profile <string> sensor channellist <string>
radio profile <string> sensor dwelltime <number>
radio profile <string> shortguardinterval
radio profile <string> shortpreamble
radio profile <string> transmitchain <number>
radio profile <string> txbeamforming [ {explicitonly|auto} ]
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 10/315
27/4/2016 Aerohive CLI Guide
radio profile <string> txrate vhtmcs
{MCS0/1|MCS1/1|MCS2/1|MCS3/1|MCS4/1|MCS5/1|MCS6/1|MCS7/1|MCS8/1|MCS9/1|MCS0/2|MCS1/2|MCS2/2|MCS3/2|MCS4/2|MCS5/2|MCS6/2|MCS
radio profile <string> txrate
{auto|1Mbps|2Mbps|5.5Mbps|6Mbps|9Mbps|11Mbps|12Mbps|18Mbps|24Mbps|36Mbps|48Mbps|54Mbps|MCS0|MCS1|MCS2|MCS3|MCS4|MCS5|MCS6|M
radio profile <string> vht2g
radio profile <string> weaksnrsuppress enable
radio profile <string> weaksnrsuppress threshold <number>
radio profile <string> wmm ac {background|besteffort|video|voice} aifs <number>
radio profile <string> wmm ac {background|besteffort|video|voice} cwmax <number>
radio profile <string> wmm ac {background|besteffort|video|voice} cwmin <number>
radio profile <string> wmm ac {background|besteffort|video|voice} noack
radio profile <string> wmm ac {background|besteffort|video|voice} txoplimit <number>
reboot
reboot date <date> time <time>
reboot offset <time>
reboot {backup|current}
reboot {backup|current} date <date> time <time>
reboot {backup|current} offset <time>
report statistic alarmthreshold client {txdroprate|rxdroprate|txretryrate|airtimeconsumption} <number>
report statistic alarmthreshold interface {crcerrorrate|txdroprate|rxdroprate|txretryrate|airtime
consumption} <number>
report statistic enable
report statistic period <number>
reset config [ {bootstrap} ]
reset webdirectory [ <string> [ {savetoflash} ] ]
reset webdirectory allrunningssid
resetbutton resetconfigenable
roaming cache updateinterval <number> ageout <number>
roaming cachebroadcast neighbortype access enable
roaming cachebroadcast neighbortype backhaul enable
roaming hop <number>
roaming neighbor exclude ip <ip_addr>
roaming neighbor include ip <ip_addr> <netmask>
roaming neighbor queryinterval <number> querytimes <number>
roaming port <number>
route <mac_addr> outgoinginterface <string> nexthop <mac_addr>
routing internalsubnetwork <ip_addr/netmask> [ {tunneldistonly} ]
routing matchmap <string> from {any} to {any|private}
routing matchmap <string> from {any} to {hostname} <string>
routing matchmap <string> from {any} to {iprange} <ip_addr> <ip_addr>
routing matchmap <string> from {any} to {network} <ip_addr/netmask>
routing matchmap <string> from {iprange} <ip_addr> <ip_addr> to {any|private}
routing matchmap <string> from {iprange} <ip_addr> <ip_addr> to {hostname} <string>
routing matchmap <string> from {iprange} <ip_addr> <ip_addr> to {iprange} <ip_addr> <ip_addr>
routing matchmap <string> from {iprange} <ip_addr> <ip_addr> to {network} <ip_addr/netmask>
routing matchmap <string> from {network} <ip_addr/netmask> to {any|private}
routing matchmap <string> from {network} <ip_addr/netmask> to {hostname} <string>
routing matchmap <string> from {network} <ip_addr/netmask> to {iprange} <ip_addr> <ip_addr>
routing matchmap <string> from {network} <ip_addr/netmask> to {network} <ip_addr/netmask>
routing matchmap <string> {iif} <ethx> to {any|private}
routing matchmap <string> {iif} <ethx> to {hostname} <string>
routing matchmap <string> {iif} <ethx> to {iprange} <ip_addr> <ip_addr>
routing matchmap <string> {iif} <ethx> to {network} <ip_addr/netmask>
routing matchmap <string> {userprofile} <string> to {any|private}
routing matchmap <string> {userprofile} <string> to {hostname} <string>
routing matchmap <string> {userprofile} <string> to {iprange} <ip_addr> <ip_addr>
routing matchmap <string> {userprofile} <string> to {network} <ip_addr/netmask>
routing policy <string> id <number> matchmap <string> routemap <string>
routing routemap <string> via <ethx|usbnetx|wifix>
routing routemap <string> via {encrypted|blackhole}
routing routerequest enable
routing routerequest interval <number>
save ble ibeacon firmware
save config <location> bootstrap
save config <location> current
save config <location> current <time> [ <date> ]
save config <location> current now
save config <location> current offset <time>
save config <url> bootstrap [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxyadmin
<string> password <string> ] ]
save config <url> current <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [
proxyadmin <string> password <string> ] ]
save config <url> current [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy
admin <string> password <string> ] ]
save config <url> current offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [
proxyadmin <string> password <string> ] ]
save config [ running current ]
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 11/315
27/4/2016 Aerohive CLI Guide
save config bootstrap <location>
save config current <location>
save config current bootstrap
save config running bootstrap
save config users [ bootstrap ]
save config {current|bootstrap} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [
proxyadmin <string> password <string> ] ]
save dhcpfingerprint {option55} <location>
save dhcpfingerprint {option55} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [
proxyadmin <string> password <string> ] ]
save image <location> <time> [ <date> ] [ limit <number> ]
save image <location> [ {now} ] [ limit <number> ]
save image <location> offset <time> [ limit <number> ]
save image <url> <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy
admin <string> password <string> ] ]
save image <url> [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxyadmin
<string> password <string> ] ]
save image <url> offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxyadmin
<string> password <string> ] ]
save radiusserverkey radsec {cert|ca} <location>
save radiusserverkey radsec {cert|ca} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string>
[ proxyadmin <string> password <string> ] ]
save radiusserverkey {radiusserver|ldapclient} <location>
save radiusserverkey {radiusserver|ldapclient} <url> [ admin <string> password <string> {basic|digest} ] [
proxy <string> [ proxyadmin <string> password <string> ] ]
save serverfiles
save signaturefile <location> [ limit <number> ]
save signaturefile <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxyadmin
<string> password <string> ] ]
save ssid <string> macbind <location>
save supplicant certfile <location>
save supplicant certfile <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxyadmin
<string> password <string> ] ]
save users <location>
save users <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxyadmin <string>
password <string> ] ]
save vpn {cacert|eecert|privatekey} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string>
[ proxyadmin <string> password <string> ] ]
save vpn {eecert|privatekey|cacert} <location>
save webpage [ ppskselfreg ] webdirectory <string> <location>
save webpage [ ppskselfreg ] webdirectory <string> <url> [ admin <string> password <string> {basic|digest} ] [
proxy <string> [ proxyadmin <string> password <string> ] ]
save webserverkey <number> <location> [ comment <string> ]
save webserverkey <number> <url> [ comment <string> ] [ admin <string> password <string> {basic|digest} ] [
proxy <string> [ proxyadmin <string> password <string> ] ]
save {capture} local <string> <location>
save {capture} local <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy
admin <string> password <string> ] ]
schedule <string> once <date> <time> to <date> <time> [ timezone <number> ] [ comment <string> ]
schedule <string> ppsk once <date> <time> to <date> <time> [ timezone <number> ] [ comment <string> ]
schedule <string> ppsk recurrent [ daterange <date> [ to <date> ] ] [ weekday <string> ] timerange <time> to
<time> [ timerange <time> to <time> ] [ timezone <number> ] [ comment <string> ]
schedule <string> recurrent [ daterange <date> [ to <date> ] ] [ weekdayrange
{Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} [ to
{Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} ] ] timerange <time> to <time> [ timerange <time> to
<time> ] [ timezone <number> ] [ comment <string> ]
security macfilter <string> address <mac_addr> {permit|deny} [ comment <string> ]
security macfilter <string> default {permit|deny}
security macfilter <string> oui <oui> {permit|deny} [ comment <string> ]
security wlanidp profile <string>
security wlanidp profile <string> adhoc
security wlanidp profile <string> apdetection clientmacinnet
security wlanidp profile <string> apdetection connected
security wlanidp profile <string> appolicy
security wlanidp profile <string> appolicy apoui
security wlanidp profile <string> appolicy apoui entry <oui>
security wlanidp profile <string> appolicy shortbeacon
security wlanidp profile <string> appolicy shortpreamble
security wlanidp profile <string> appolicy ssid
security wlanidp profile <string> appolicy ssid entry <string>
security wlanidp profile <string> appolicy ssid entry <string> encryption
security wlanidp profile <string> appolicy ssid entry <string> encryption {open|wep|wpa}
security wlanidp profile <string> appolicy wmm
security wlanidp profile <string> mitigate deauthtime <number>
security wlanidp profile <string> mitigate duration <number> quiettime <number>
security wlanidp profile <string> mitigate period <number>
security wlanidp profile <string> stareport
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 12/315
27/4/2016 Aerohive CLI Guide
security wlanidp profile <string> stareport agetime <number>
securityobject <string>
securityobject <string> defaultuserprofileattr <number>
securityobject <string> dhcpserver leasetime <number>
securityobject <string> dhcpserver renewalresponse {renewnakunicast|keepsilent}
securityobject <string> mobiledevicepolicy <string>
securityobject <string> ppskwebserver authuser
securityobject <string> ppskwebserver bindtoppskssid <string>
securityobject <string> ppskwebserver https
securityobject <string> ppskwebserver loginpage <string>
securityobject <string> ppskwebserver loginscript <string>
securityobject <string> ppskwebserver webdirectory <string>
securityobject <string> security aaa radiusserver [ firstretryinterval <number> ] [ maxretries <number> ]
securityobject <string> security aaa radiusserver accountinteriminterval <number>
securityobject <string> security aaa radiusserver accounting {primary|backup1|backup2|backup3} <ip_addr|string>
[ sharedsecret <string> ] [ acctport <number> ] [ viavpntunnel ]
securityobject <string> security aaa radiusserver dynamicauthextension
securityobject <string> security aaa radiusserver idm [ pri ]
securityobject <string> security aaa radiusserver inject OperatorName
securityobject <string> security aaa radiusserver msgauthallmessages
securityobject <string> security aaa radiusserver retryinterval <number>
securityobject <string> security aaa radiusserver {primary|backup1|backup2|backup3} <ip_addr|string> [ shared
secret <string> ] [ authport <number> ] [ acctport <number> ] [ viavpntunnel ]
securityobject <string> security aaa userprofilemapping attributeid <number>
securityobject <string> security aaa userprofilemapping enable
securityobject <string> security aaa userprofilemapping vendorid <number> attributeid <number>
securityobject <string> security additionalauthmethod captivewebportal [ reguserprofileattr <number> ] [
authuserprofileattr <number> ] [ timeout <number> ] [ timerdisplay ]
securityobject <string> security additionalauthmethod captivewebportal anonymousaccess
securityobject <string> security additionalauthmethod captivewebportal authmethod [ {pap|chap|mschapv2} ]
securityobject <string> security additionalauthmethod captivewebportal checkusepolicy
securityobject <string> security additionalauthmethod captivewebportal cloudcwp apikey <string> apinonce
<string>
securityobject <string> security additionalauthmethod captivewebportal cloudcwp customerid <string>
securityobject <string> security additionalauthmethod captivewebportal cloudcwp enable
securityobject <string> security additionalauthmethod captivewebportal cloudcwp serviceid <number>
securityobject <string> security additionalauthmethod captivewebportal cloudcwp urlrootpath <string>
securityobject <string> security additionalauthmethod captivewebportal defaultlanguage {chinese
simple|chinesetraditional|dutch|english|french|german|italian|korean|spanish}
securityobject <string> security additionalauthmethod captivewebportal externalserver {primary} loginpage
<string>
securityobject <string> security additionalauthmethod captivewebportal externalserver {primary} password
encryption uambasic
securityobject <string> security additionalauthmethod captivewebportal externalserver {primary} password
encryption uamshared <string>
securityobject <string> security additionalauthmethod captivewebportal externalserver {primary} {success
register|noroamingatlogin|noradiusauth}
securityobject <string> security additionalauthmethod captivewebportal failureredirect externalpage
<string> [ delay <number> ]
securityobject <string> security additionalauthmethod captivewebportal failureredirect loginpage [ delay
<number> ]
securityobject <string> security additionalauthmethod captivewebportal internalpages {nosuccesspage|no
failurepage}
securityobject <string> security additionalauthmethod captivewebportal internalservers
securityobject <string> security additionalauthmethod captivewebportal loginpagemethod http302
securityobject <string> security additionalauthmethod captivewebportal passthrough vlan <number>
securityobject <string> security additionalauthmethod captivewebportal processsipinfo
securityobject <string> security additionalauthmethod captivewebportal processsipinfo blockredirect
<string>
securityobject <string> security additionalauthmethod captivewebportal reportguestinfo
securityobject <string> security additionalauthmethod captivewebportal selfregviaidm
securityobject <string> security additionalauthmethod captivewebportal selfregviaidm api <string>
securityobject <string> security additionalauthmethod captivewebportal selfregviaidm crlfile <string>
securityobject <string> security additionalauthmethod captivewebportal servername <string>
securityobject <string> security additionalauthmethod captivewebportal servername certdn
securityobject <string> security additionalauthmethod captivewebportal successredirect externalpage
<string> [ delay <number> ]
securityobject <string> security additionalauthmethod captivewebportal successredirect originalpage [ delay
<number> ]
securityobject <string> security additionalauthmethod captivewebportal timerdisplay alert <number>
securityobject <string> security additionalauthmethod macbasedauth [ {authmethod} {pap|chap|mschapv2} ]
securityobject <string> security additionalauthmethod macbasedauth callcheck
securityobject <string> security additionalauthmethod macbasedauth fallbacktoecwp
securityobject <string> security additionalauthmethod mobiledevicemanager aerohive apikey <string> api
instanceid <string>
securityobject <string> security additionalauthmethod mobiledevicemanager aerohive onboard accessssid
<string>
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 13/315
27/4/2016 Aerohive CLI Guide
securityobject <string> security additionalauthmethod mobiledevicemanager airwatch apikey <string>
securityobject <string> security additionalauthmethod mobiledevicemanager airwatch noncompliant disconnect
forvlanchange
securityobject <string> security additionalauthmethod mobiledevicemanager airwatch noncompliant guestupid
<number>
securityobject <string> security additionalauthmethod mobiledevicemanager airwatch noncompliant sendmessage
content <string>
securityobject <string> security additionalauthmethod mobiledevicemanager airwatch noncompliant sendmessage
title <string>
securityobject <string> security additionalauthmethod mobiledevicemanager airwatch noncompliant sendmessage
type {email|sms|push|all}
securityobject <string> security additionalauthmethod mobiledevicemanager airwatch urlenrollment <url>
securityobject <string> security additionalauthmethod mobiledevicemanager airwatch urlrestapi <url>
securityobject <string> security additionalauthmethod mobiledevicemanager {jss|aerohive} urlrootpath <url>
securityobject <string> security additionalauthmethod mobiledevicemanager {jss|airwatch|aerohive} enable
securityobject <string> security additionalauthmethod mobiledevicemanager {jss|airwatch|aerohive} osobject
<string> [ {ios|macos} ]
securityobject <string> security additionalauthmethod mobiledevicemanager {jss|airwatch} httpauth user
<string> password <string>
securityobject <string> security additionalauthmethod mobiledevicemanager {jss|airwatch} pollstatus [
interval <number> ]
securityobject <string> security authmode hostbased
securityobject <string> security authmode {portbased} [ failureuserprofileattr <number> ]
securityobject <string> security eap retries <number>
securityobject <string> security eap timeout <number>
securityobject <string> security ft
securityobject <string> security ft mobilitydomainid <number>
securityobject <string> security initialauthmethod macbasedauth
securityobject <string> security localcache timeout <number>
securityobject <string> security macwhitelist bypasscwp
securityobject <string> security macwhitelist macobject <string>
securityobject <string> security preauth [ interface <ethx|wifix.y|redx|aggx> ]
securityobject <string> security privatepsk
securityobject <string> security privatepsk defaultpskdisabled
securityobject <string> security privatepsk externalserver [ {webportal} ]
securityobject <string> security privatepsk macbindingenable
securityobject <string> security privatepsk macbindingkeyspermac <number>
securityobject <string> security privatepsk macbindingmacsperkey <number>
securityobject <string> security privatepsk ppskserver <ip_addr>
securityobject <string> security privatepsk radiusauth [ {pap|chap|mschapv2} ]
securityobject <string> security privatepsk sameuserlimit <number>
securityobject <string> security privatepsk selfregenable
securityobject <string> security protocolsuite 802.1x
securityobject <string> security protocolsuite open
securityobject <string> security protocolsuite wepopen <number> {hexkey|asciikey} <string> [ default ]
securityobject <string> security protocolsuite wepshared <number> {hexkey|asciikey} <string> [ default ]
securityobject <string> security protocolsuite wep1048021x [ rekeyperiod <number> ]
securityobject <string> security protocolsuite wep408021x [ rekeyperiod <number> ]
securityobject <string> security protocolsuite wpaauto8021x [ rekeyperiod <number> ] [ {nonstrict|strict} ]
[ gmkrekeyperiod <number> ] [ ptktimeout <number> ] [ ptkretry <number> ] [ gtktimeout <number> ] [ gtkretry
<number> ] [ roaming proactivepmkidresponse ] [ ptkrekeyperiod <number> ]
securityobject <string> security protocolsuite wpaautopsk {hexkey|asciikey} <string> [ rekeyperiod <number>
] [ {nonstrict|strict} ] [ gmkrekeyperiod <number> ] [ ptktimeout <number> ] [ ptkretry <number> ] [ gtk
timeout <number> ] [ gtkretry <number> ] [ ptkrekeyperiod <number> ]
securityobject <string> security protocolsuite wpa2aes8021x [ rekeyperiod <number> ] [ {nonstrict|strict} ]
[ gmkrekeyperiod <number> ] [ ptktimeout <number> ] [ ptkretry <number> ] [ gtktimeout <number> ] [ gtkretry
<number> ] [ roaming proactivepmkidresponse ] [ ptkrekeyperiod <number> ]
securityobject <string> security protocolsuite wpa2aespsk {hexkey|asciikey} <string> [ rekeyperiod <number>
] [ {nonstrict|strict} ] [ gmkrekeyperiod <number> ] [ ptktimeout <number> ] [ ptkretry <number> ] [ gtk
timeout <number> ] [ gtkretry <number> ] [ ptkrekeyperiod <number> ]
securityobject <string> security protocolsuite wpa2tkip8021x [ rekeyperiod <number> ] [ {nonstrict|strict} ]
[ gmkrekeyperiod <number> ] [ ptktimeout <number> ] [ ptkretry <number> ] [ gtktimeout <number> ] [ gtkretry
<number> ] [ roaming proactivepmkidresponse ] [ ptkrekeyperiod <number> ]
securityobject <string> security protocolsuite wpa2tkippsk {hexkey|asciikey} <string> [ rekeyperiod
<number> ] [ {nonstrict|strict} ] [ gmkrekeyperiod <number> ] [ ptktimeout <number> ] [ ptkretry <number> ] [
gtktimeout <number> ] [ gtkretry <number> ] [ ptkrekeyperiod <number> ]
securityobject <string> security protocolsuite {wpaauto8021x[wpa2tkip8021x[wpa2aes8021x} reauthinterval
<number>
securityobject <string> security protocolsuite {wpaauto8021x[wpa2tkip8021x|wpaautopsk[wpa2tkippsk[wpa2
aespsk[wpa2aes8021x} replaywindow <number>
securityobject <string> security protocolsuite {wpaauto8021x[wpa2tkip8021x|wpaautopsk[wpa2tkippsk}
localtkipcountermeasure
securityobject <string> security protocolsuite {wpaauto8021x[wpa2tkip8021x|wpaautopsk[wpa2tkippsk}
remotetkipcountermeasure
securityobject <string> security protocolsuite {wpa2aespsk|wpa2aes8021x} mfp {mandatory|optional} [ bip ]
securityobject <string> security roaming cache updateinterval <number> ageout <number>
securityobject <string> userprofileallowed <string>
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 14/315
27/4/2016 Aerohive CLI Guide
securityobject <string> userprofileallowed {all}
securityobject <string> userprofiledeny action ban [ <number> ] [ strict ]
securityobject <string> userprofiledeny action {banforever|disconnect} [ strict ]
securityobject <string> userprofilepolicy <string>
securityobject <string> userprofilesequence {cwpssidmac|cwpmacssid|ssidcwpmac|ssidmaccwp|macssid
cwp|maccwpssid}
securityobject <string> walledgarden hostname <string> [ service {all|web} ]
securityobject <string> walledgarden hostname <string> service protocol <number> port <number>
securityobject <string> walledgarden ipaddress <ip_addr|ip_addr/mask> [ service {all|web} ]
securityobject <string> walledgarden ipaddress <ip_addr|ip_addr/mask> service protocol <number> port <number>
securityobject <string> webdirectory <string>
securityobject <string> webserver [ port <number> ] [ indexfile <string> ] [ successfile <string> ] [ failure
file <string> ] [ ssl serverkey <number> ]
securityobject <string> webserver webpage {mandatoryfield} <number> [ optionalfield <number> ]
service <string> alg {ftp|tftp|sip|dns|http}
service <string> appid <number> [ timeout <number> ]
service <string> protocol <number> [ port <number> ] [ timeout <number> ]
service <string> protocol {tcp|udp|svp} [ port <number> ] [ timeout <number> ]
sflow enable
sflow instance <string> interface <ethx|wifix> collectoraddr <ip_addr> [ collectorport <number> ] [ sampling
rate <number> ] [ pollinginterval <number> ] [ direction {ingress|egress|both} ]
show 802.1xmactable [ interface <ethx> ] [ mac <mac_addr> ]
show aaa
show aaa radiusserver
show aaa radiusserver NAS [ <string> ]
show aaa radiusserver activesession [ username <string> ]
show aaa radiusserver cache
show aaa radiusserver domain
show aaa radiusserver proxy [ server ]
show aaa radiusserverkey {radiusserver|ldapclient}
show accessconsole
show acsp
show acsp channelinfo [ {detail|arbiter} ]
show acsp neighbor
show admin [ active ]
show admin auth
show admin managerip
show alg [ {ftp|tftp|sip|dns|http} ]
show alg sip calls [ <string> ]
show amrp
show amrp Ethlink
show amrp Ethlink <mac_addr>
show amrp bonjour [ <ip_addr> ]
show amrp client [ <mac_addr> ]
show amrp dnxp cache [ <mac_addr> ]
show amrp dnxp neighbor [ <mac_addr> ]
show amrp interface
show amrp interface <ethx|redx|aggx> bmttable
show amrp interface <ethx|redx|aggx> maclearning
show amrp interface <ethx|redx|aggx|mgtx|wifix.y>
show amrp neighbor [ {Ethernet|WiFi} ]
show amrp node <ip_addr|mac_addr>
show amrp node [ all ]
show amrp staticneighbor
show amrp tunnel [ <ip_addr> ]
show amrp tunnel route [ <ip_addr> ]
show application identification [ cdpindex <number> ] [ cdpname <string> ]
show application reporting appstats
show application reporting applications
show application reporting configuration
show application reporting statistics
show arpcache
show auth [ interface <wifix.y|ethx> ]
show auth macbinding <string> [ <mac_addr> ] [ <string> ]
show auth privatepsk
show bandsteering status
show bonjourgateway filter
show bonjourgateway service local [ vlan <number> ] [ detail ]
show bonjourgateway service remote [ vlan <number> ] [ detail ]
show bonjourgateway status
show bonjourgateway vlan
show bootparam
show bootparam countrycode
show cac summary
show capture interface <wifix>
show capture local
show capture remotesniffer
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 15/315
27/4/2016 Aerohive CLI Guide
show capwap client
show clientinfocollection [ ip <ip_addr> ]
show clientloadbalance status
show clientmonitor info
show clientmonitor policy [ <string> ]
show clock
show cmds
show config rollback
show config running
show config running password
show config version
show config {current|backup|bootstrap|default|failed}
show console
show cpu [ {detail} ]
show datacollection
show devicegroup [ <string> ]
show dns
show dns dynamicdns
show domainobject [ <string> ]
show filter [ <number> ]
show forwardingengine counters [ interface <wifix|wifix.y|ethx|mgtx|aggx|redx> ] [ station <mac_addr> ] [ drop ]
show forwardingengine interssidflood
show forwardingengine ipgates
show forwardingengine ipsessions [ srcip <ip_addr> ] [ dstip <ip_addr> ] [ srcport <number> ] [ dstport
<number> ] [ protocol <number> ] [ qos <number> ]
show forwardingengine ipsessions id <number>
show forwardingengine macsessions [ srcmac <mac_addr> ] [ dstmac <mac_addr> ] [ vlan <number> ]
show forwardingengine macsessions id <number>
show forwardingengine maxipsessperstation
show forwardingengine maxmacsessperstation
show forwardingengine openportstoself
show forwardingengine policy
show forwardingengine staticrule
show forwardingengine tunnel selectivemulticastforward
show forwardingengine tunnel tcpmssthreshold
show gretunnel
show highdensity status
show history
show hive <string> connectingthreshold
show hive <string> counter neighbor [ <mac_addr> ]
show hive <string> manage
show hive <string> neighbor [ mac <mac_addr> ]
show hive <string> security wlan dos
show hive [ <string> ]
show hivemanager
show hiveui cas client
show hwinfo
show icsa
show idm
show interface <blex> ibeacon
show interface <blex> ibeaconmonitor list
show interface <ethx> defaultroutevlan
show interface <ethx> pppoe
show interface <ethx|aggx|redx> allowedvlan
show interface <ethx|aggx|redx> maclearning {static|dynamic|all}
show interface <ethx|aggx|redx> manage
show interface <ethx|aggx|redx> qosclassifier
show interface <ethx|aggx|redx> qosmarker
show interface <ethx|aggx|redx> ratelimit
show interface <mgtx.y> manage
show interface <mgtx> dhcp keepalive
show interface <mgtx> dhcpprobe resultssummary
show interface <mgtx> ipv6 dhcp client
show interface <mgtx|ethx|bgdx.y|usbnetx|wifix.y> dhcp client
show interface <mgtx|mgtx.y> dhcpserver [ detail ]
show interface <mgtx|mgtx.y> dhcpserver ipbinding
show interface <mgtx|mgtx.y> dhcpserver reservedaddress
show interface <mgtx|mgtx.y> iphelper
show interface <mgtx|mgtx.y> iphelper maxhops
show interface <wifix.y> multicast
show interface <wifix> channel
show interface <wifix> dfs
show interface <wifix> multicast
show interface <wifix> wlanidp apinfo
show interface <wifix> wlanidp apinfo compliance {compliant|noncompliant}
show interface <wifix> wlanidp apinfo type {rogue|valid|external}
show interface <wifix> wlanidp clientinfo
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 16/315
27/4/2016 Aerohive CLI Guide
show interface <wifix> wlanidp mitigate rogueap [ <mac_addr> ]
show interface <wifix|wifix.y> counter
show interface [ <ethx|mgtx|mgtx.y|wifix|wifix.y|redx|aggx|tunnelx|bgdx.y> ]
show ip natpolicy
show ip natpolicy <string>
show ip natpolicy serviceportlist
show ip pathmtudiscovery
show ip policyroute [ {l3tunnelall|l3tunnelexception|l3tunnelsplit|l3tunneldrop} ]
show ip route
show ip session natpolicy
show ip session natpolicy <string>
show ip tcpmssthreshold
show ippolicy
show ippolicy <string>
show ippolicy userprofile <number|string> [ {fromaccess|toaccess} ] [ from <ip_addr|string> <mask> ] [ to
<ip_addr|string> <mask> ] [ service <string> ] [ action {permit|deny|interstationtrafficdrop} ] [ lines
<number> ]
show ipv6 route
show l3 interface [ ipv6 ]
show librarysippolicy [ <string> ]
show license
show lldp [ {cdp} ] [ {neighbor} ]
show location [ {aeroscout|tzsp} ]
show location aerohive
show location aerohive list
show location aerohive rssi
show location aerohive rssi mac <mac_addr>
show location aerohive rssi oui <oui>
show location {aeroscout|tzsp} counter
show logging
show logging {buffered|flash|debug} [ level {emergency|alert|critical|error|warning|notification|info|debug} ] [
tail <number> ] [ date <date> ] [ time <time> ]
show macobject [ <string> ]
show macpolicy
show macpolicy <string> [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] [ action {permit|deny} ]
[ lines <number> ]
show macpolicy userprofile <number|string> [ {fromaccess|toaccess} ] [ from <mac_addr> [ <number> ] ] [ to
<mac_addr> [ <number> ] ] [ action {permit|deny} ] [ lines <number> ]
show mdnsd [ {cache|authrecord|duplicaterecord|authrecordproxied|duplicaterecordproxied|activeclient
requests|interface|questions|memory|others} ]
show mdnsd counter [ vlan <number> ]
show memory [ {detail} ]
show minpasswordlength
show mobiledevicepolicy [ <string> ]
show mobilitypolicy [ <string> ]
show mobilitythreshold gretunnel permittedload
show networkfirewall
show ntp
show osdetection [ {option55toosdatabase|dhcpfingerprintversion} ]
show osobject [ <string> ]
show performancesentinel
show ppsk schedule [ <string> ]
show proxy
show qos
show qos classifiermap 80211e [ <number> ]
show qos classifiermap 8021p [ <number> ]
show qos classifiermap diffserv [ <number> ]
show qos classifiermap interface <ethx|aggx|redx>
show qos classifiermap oui [ <oui> ]
show qos classifiermap service [ <string> ]
show qos classifiermap ssid <string>
show qos classifierprofile [ <string> ]
show qos counter user [ <mac_addr> ]
show qos counter userprofile [ <string> ]
show qos l3police [ detail ]
show qos l3police interface <string> [ detail ]
show qos l3police statistics [ detail ]
show qos l3police statistics interface <string> [ detail ]
show qos markermap 80211e [ <number> ]
show qos markermap 8021p [ <number> ]
show qos markermap diffserv [ <number> ]
show qos markermap {diffserv|8021p} <string>
show qos markerprofile [ <string> ]
show qos policy [ <string> ]
show radio profile [ <string> ]
show reboot schedule
show report statistic
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 17/315
27/4/2016 Aerohive CLI Guide
show resetbutton
show roaming cache
show roaming cache mac <mac_addr>
show roaming neighbor [ mac <mac_addr> ] [ ip <ip_addr> ]
show route
show routing internalsubnetwork
show routing policy
show routing policy <string>
show routing policy <string> route
show routing routerequest
show routing {matchmap|routemap} [ <string> ]
show runningconfig
show runningconfig password
show runningconfig users [ password ] [ all ]
show runningconfig xauthclients [ password ]
show schedule [ <string> ]
show scheduleindetail
show security macfilter [ <string> ]
show security protocolsuite
show securityobject <string> dhcpserver
show securityobject <string> dnsserver
show securityobject <string> mobiledevicemanager {jss|airwatch|aerohive}
show securityobject <string> mobiledevicepolicy
show securityobject <string> security aaa
show securityobject <string> security macwhitelist
show securityobject <string> security protocolsuite
show securityobject <string> walledgarden
show securityobject <string> webserver
show securityobject [ <string> ]
show service [ <string> ]
show service [ <string> ] counter
show sflow
show sflow instance [ <string> ]
show snmp [ {v3admin} ]
show snmp community [ {readonly} ]
show snmp contact
show snmp location
show snmp traphost
show sshtunnel
show ssid <string> admctl tsinfo [ sta <mac_addr> ]
show ssid <string> counter station [ <mac_addr> ]
show ssid <string> manage
show ssid <string> multicast
show ssid <string> qosclassifier
show ssid <string> qosmarker
show ssid <string> schedule [ detail ]
show ssid <string> security screening [ detail ]
show ssid <string> security wlan dos
show ssid <string> station [ mac <mac_addr> ]
show ssid <string> station ipv6
show ssid <string> usergroup
show ssid [ <string> ]
show ssidschedule
show station [ <mac_addr> ]
show station [ <mac_addr> ] counter
show station ipv6
show supplicant certfile [ <string> ]
show supplicant name [ <string> ]
show system
show system connectiontrap delay
show system diskinfo
show system led
show system power mode
show system power status
show system processes [ state ]
show system temperature
show teacherview resourcemap
show tech
show tech <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxyadmin <string>
password <string> ] ]
show timezone
show track [ <string> ]
show trackwan
show usbdevice
show usbmodem [ modemid <string> ]
show usbmodem descriptor
show usbmodem info
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 18/315
27/4/2016 Aerohive CLI Guide
show usbmodem modeswitch
show usbmodem networkmode
show usbmodem networkservice
show usbmodem rssi
show usbmodem siminfo
show usbmodem status
show user
show usergroup <string> pskdigest [ <string> ]
show usergroup [ <string> ]
show userprofile <string> cac airtimepercentage
show userprofile <string> schedule [ detail ]
show userprofile [ <string> ]
show userprofilepolicy [ <string> ]
show userprofileschedule
show version [ {detail} ]
show video ip <ip_addr> <number>
show video ip <ip_addr> dstportrange <number> <number>
show vlangroup
show vpn gretunnel
show vpn ike configuration
show vpn ike {sa|event}
show vpn ike {sp}
show vpn ipsec sa
show vpn ipsectunnel
show vpn l3tunnelexception
show vpn layer3tunnel
show vpn tunnelid [ <number> ]
show vpn tunnelpolicy
show vpn {socket|timer|memory|queue|ph2|sp|rekey}
show wan db
show wan failover
show wan interface
show wan interface <ethx|usbnetx|wifix|tunnelx>
show webdirectory [ ppskselfreg ] [ <string> ]
show websecurityproxy {websensev1|barracudav1}
show webserverkey
show wlanidp mitigate [ <mac_addr> ]
show wlanidp profile [ <string> ]
snmp contact <string>
snmp location <string>
snmp reader version v3 admin <string> [ auth {md5|sha} password <string> ] [ encryption {aes|des} password
<string> ]
snmp reader version {v1|v2c|any} community <string> [ <string> ]
snmp traphost {v1|v2c} <ip_addr|string> [ port <number> ] [ {viavpntunnel} ] [ community <string> ]
snmp traphost {v3} <ip_addr|string> [ port <number> ] [ {viavpntunnel} ] admin <string>
snmp traphost {v3} admin <string> auth {md5|sha} password <string> [ encryption {aes|des} password <string> ]
snmp trapinfo {oversnmp|overcapwap}
sshtunnel server <string> tunnelport <number> user <string> password <string> [ timeout <number> ]
ssid <string>
ssid <string> 11arateset [ {6|6basic} ] [ {9|9basic} ] [ {12|12basic} ] [ {18|18basic} ] [ {24|24basic} ] [
{36|36basic} ] [ {48|48basic} ] [ {54|54basic} ]
ssid <string> 11acmcsrateset <string>
ssid <string> 11grateset [ {1|1basic} ] [ {2|2basic} ] [ {5.5|5.5basic} ] [ {11|11basic} ] [ {6|6basic} ] [
{9|9basic} ] [ {12|12basic} ] [ {18|18basic} ] [ {24|24basic} ] [ {36|36basic} ] [ {48|48basic} ] [ {54|54
basic} ]
ssid <string> 11nmcsexpandrateset <string>
ssid <string> admctl ac <number> enable
ssid <string> admctl delts sta <mac_addr> tid <number>
ssid <string> blocktowifimcast
ssid <string> clientageout <number>
ssid <string> clientmonitorpolicy <string>
ssid <string> dtimperiod <number>
ssid <string> fragthreshold <number>
ssid <string> hidessid
ssid <string> ignorebroadcastprobe
ssid <string> interstationtraffic
ssid <string> manage all
ssid <string> manage {Telnet|SSH|SNMP|ping}
ssid <string> maxclient <number>
ssid <string> mode compliance
ssid <string> mode legacy
ssid <string> multicast conversiontounicast {auto|always|disable}
ssid <string> multicast cuthreshold <number>
ssid <string> multicast memberthreshold <number>
ssid <string> qosclassifier <string>
ssid <string> qosmarker <string>
ssid <string> rrm enable
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 19/315
27/4/2016 Aerohive CLI Guide
ssid <string> rtsthreshold <number>
ssid <string> schedule <string>
ssid <string> security macfilter <string>
ssid <string> security screening radiusattack
ssid <string> security screening radiusattack action banforever
ssid <string> security screening radiusattack action {alarm|ban} [ [ <number> ] ]
ssid <string> security screening radiusattack threshold <number> [ action {alarm|ban} [ <number> ] ]
ssid <string> security screening radiusattack threshold <number> action banforever
ssid <string> security screening tcpsyncheck
ssid <string> security screening {icmpflood|udpflood|synflood|arpflood|addresssweep|portscan|ipspoof} [
threshold <number> ]
ssid <string> security screening {icmpflood|udpflood|synflood|arpflood|addresssweep|portscan|ipspoof}
action banforever
ssid <string> security screening {icmpflood|udpflood|synflood|arpflood|addresssweep|portscan|ipspoof}
action disconnect
ssid <string> security screening {icmpflood|udpflood|synflood|arpflood|addresssweep|portscan|ipspoof}
action {alarm|drop|ban} <number>
ssid <string> security screening {icmpflood|udpflood|synflood|arpflood|addresssweep|portscan|ipspoof}
threshold <number> action banforever
ssid <string> security screening {icmpflood|udpflood|synflood|arpflood|addresssweep|portscan|ipspoof}
threshold <number> action disconnect
ssid <string> security screening {icmpflood|udpflood|synflood|arpflood|addresssweep|portscan|ipspoof}
threshold <number> action {alarm|drop|ban} <number>
ssid <string> security wlan dos stationlevel frametype {assocreq|auth|eapol} ban <number>
ssid <string> security wlan dos stationlevel frametype {assocreq|auth|eapol} ban forever
ssid <string> security wlan dos {ssidlevel|stationlevel} frametype {probereq|proberesp|assocreq|assoc
resp|disassoc|auth|deauth|eapol|all}
ssid <string> security wlan dos {ssidlevel|stationlevel} frametype {probereq|proberesp|assocreq|assoc
resp|disassoc|auth|deauth|eapol|all} alarm <number>
ssid <string> security wlan dos {ssidlevel|stationlevel} frametype {probereq|proberesp|assocreq|assoc
resp|disassoc|auth|deauth|eapol|all} threshold <number>
ssid <string> securityobject <string>
ssid <string> uapsd
ssid <string> usergroup <string>
ssid <string> wmm
ssid <string> wnm enable
ssid <string> wnm sta <mac_addr> send bstmreq
supplicant <string>
supplicant <string> cacert <string>
supplicant <string> clientcert <string> privatekey <string> [ privatekeypassword <string> ]
supplicant <string> eaptype {md5|peap|tls|ttls}
supplicant <string> password <string>
supplicant <string> username <string> [ password <string> ]
system connectiontrap delay <number>
system disablemulticastping
system environment {indoor|outdoor}
system icmpredirect enable
system led brightness {bright|soft|dim|off}
system powermode {802.3at|802.3af|auto}
system webserver enable
teacherview promptfordenyurl
teacherview resourcemap name <string> ip <ip_addr> port <port>
timeobject <string> once <date> <time> to <date> <time> [ timezone <number> ]
timeobject <string> recurrent [ daterange <date> [ to <date> ] ] [ weekdayrange
{Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} [ to
{Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} ] ] timerange <time> to <time> [ timerange <time> to
<time> ] [ timezone <number> ]
tracert <ip_addr> [ maxhops <number> ] [ timeout <number> ] [ noresolve ]
tracert <string> [ maxhops <number> ] [ timeout <number> ] [ noresolve ]
track <string> [ ip <ip_addr> ]
track <string> action startmeshfailover
track <string> action {enableaccessconsole|disableaccessradio}
track <string> defaultgateway
track <string> enable
track <string> interval <number>
track <string> multidstlogic {and|or}
track <string> retry <number>
trackwan <string>
trackwan <string> defaultgateway
trackwan <string> enable
trackwan <string> interface <ethx|usbnetx|wifix>
trackwan <string> interval <number>
trackwan <string> ip <ip_addr>
trackwan <string> multidstlogic {and|or}
trackwan <string> retry <number>
usbmodem enable
usbmodem mode {ondemand|alwaysconnected|primarywan}
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 20/315
27/4/2016 Aerohive CLI Guide
usbmodem modemid <string>
usbmodem modemid <string> apn [ <string> ]
usbmodem modemid <string> atcmdget {cardinfo|signalstrength} <string>
usbmodem modemid <string> atcmdset {networkmodeauto|networkmodelte|networkmode3g|networkmode2g|modem
reset} <string>
usbmodem modemid <string> connectcmd <string>
usbmodem modemid <string> connectstatuscmd <string> connectedpattern <string> disconnectpattern <string>
usbmodem modemid <string> connecttype {pppdialup|atcmddirectip|qmidirectip}
usbmodem modemid <string> dialupnumber [ <string> ]
usbmodem modemid <string> dialuppassword [ <string> ]
usbmodem modemid <string> dialupusername [ <string> ]
usbmodem modemid <string> disconnectcmd <string>
usbmodem modemid <string> usbnet {cdcether|sierranet}
usbmodem modemid <string> usbserial {option|sierra|cdcacm}
usbmodem modemid <string> vendorid <string> productid <string>
usbmodem modeswitch vendorid <string> productid <string> message <string>
usbmodem networkmode {auto|lte|3g|2g}
usbmodem power cycle
usbmodem power enable
usbmodem resetdevice
usbmodem rssithreshold <number>
usbport power {auto|enable|disable}
user <string>
user <string> group <string>
user <string> password <string>
usergroup <string>
usergroup <string> autogeneration bulknumber <number> bulkinterval <number> <time>
usergroup <string> autogeneration indexrange <number> [ <number> ]
usergroup <string> autogeneration location <string>
usergroup <string> autogeneration passwordlength <number>
usergroup <string> autogeneration prefix <string>
usergroup <string> autogeneration revokeuser <number> [ <number> ]
usergroup <string> autogeneration schedule <string>
usergroup <string> autogeneration sharedsecret <string>
usergroup <string> cachemode {temporary|mandatory}
usergroup <string> expiredtime <date/time>
usergroup <string> passwordgenerationmethod {manual|auto}
usergroup <string> pmkautosave
usergroup <string> pskformat characterpattern {letters|digits|specialcharacters}
usergroup <string> pskformat combopattern {or|and|no}
usergroup <string> pskformat version {0|1}
usergroup <string> pskgenerationmethod usernameandpassword concatenatedcharacters <string>
usergroup <string> pskgenerationmethod {passwordonly|usernameandpassword}
usergroup <string> reauthinterval <number>
usergroup <string> starttime <date/time>
usergroup <string> userattribute <number>
usergroup <string> vlanid <number>
usergroup <string> voicedevice
userprofile <string> [ qospolicy <string> ] [ vlanid <number> ] [ mobilitypolicy <string> ] [ attribute
<number> [ <number> ] ]
userprofile <string> cac airtimepercentage <number> [ sharetime ]
userprofile <string> denyactionforschedule {ban|quarantine}
userprofile <string> ippolicydefaultaction {permit|deny|interstationtrafficdrop}
userprofile <string> ippolicyredirecturl <string>
userprofile <string> l3tunnelaction {all|withexception|split|droptunneltraffic}
userprofile <string> macpolicydefaultaction {permit|deny}
userprofile <string> qosmarkermap {diffserv|8021p} <string>
userprofile <string> schedule <string>
userprofile <string> security deny {ipv4|ipv6}
userprofile <string> security ippolicy [ fromaccess <string> ] [ toaccess <string> ]
userprofile <string> security macpolicy [ fromaccess <string> ] [ toaccess <string> ]
userprofile <string> tunnelpolicy <string>
userprofile <string> vlangroup <string>
userprofile <string> {after|before} <string>
userprofile <string> {performancesentinel} action {log|boost}
userprofile <string> {performancesentinel} enable
userprofile <string> {performancesentinel} guaranteedbandwidth <number>
userprofilepolicy <string>
userprofilepolicy <string> actionforupidchange {switch|sustain|ignore}
userprofilepolicy <string> mdmtimeout <number>
userprofilepolicy <string> rule <number> authattrs <string>
userprofilepolicy <string> rule <number> devicelocation <string>
userprofilepolicy <string> rule <number> groupname <string>
userprofilepolicy <string> rule <number> macobject <string>
userprofilepolicy <string> rule <number> mdmobject <string>
userprofilepolicy <string> rule <number> osobject <string>
userprofilepolicy <string> rule <number> timeobject <string>
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 21/315
27/4/2016 Aerohive CLI Guide
userprofilepolicy <string> rule <number> userprofileattrid <number>
vlangroup <string> <number> [ <number> ]
vpn clientippool <string> local <ip_addr> <ip_addr> netmask <ip_addr>
vpn ipsectunnel <string> clientlist <string> [ clientippool <string> dnsserver <ip_addr> ]
vpn ipsectunnel <string> dpd idleinterval <number> retry <number> retryinterval <number>
vpn ipsectunnel <string> gateway <ip_addr> clientname <string> password <string>
vpn ipsectunnel <string> ike phase1 authmethod {hybrid|rsasig|psk}
vpn ipsectunnel <string> ike phase1 dhgroup {group1|group2|group5}
vpn ipsectunnel <string> ike phase1 mode {main|aggressive}
vpn ipsectunnel <string> ike phase1 psk <string>
vpn ipsectunnel <string> ike phase2 pfsgroup {nopfs|group1|group2|group5}
vpn ipsectunnel <string> ike {phase1|phase2} encryptionalgorithm {3des|aes128|aes192|aes256}
vpn ipsectunnel <string> ike {phase1|phase2} hash {md5|sha1}
vpn ipsectunnel <string> ike {phase1|phase2} lifetime <number>
vpn ipsectunnel <string> localikeid {asn1dn|address|fqdn|ufqdn|keyid} <string>
vpn ipsectunnel <string> natpolicy <string>
vpn ipsectunnel <string> nattraversal enable
vpn ipsectunnel <string> peerikeid {asn1dn|address|fqdn|ufqdn} <string>
vpn l3tunnelexception <ip_addr|ip_addr/mask|string>
vpn tunnelpolicy <string> client ipsectunnel <string> [ primary ]
vpn tunnelpolicy <string> password <string>
vpn tunnelpolicy <string> server ipsectunnel <string>
vpn xauthclientlist <string> clientname <string> password <string>
vpn xauthclientlist <string> local
vpn {clientipsectunnel|serveripsectunnel} <string> [ vpnmode {layer2|layer3} ]
webdirectory <string> linktoresources <string> <string>
webdirectory [ {ppskselfreg} ] <string>
websecurityproxy clientinfocollection enable
websecurityproxy websensev1 accountkey <string>
websecurityproxy {websensev1|barracudav1} accountid <string>
websecurityproxy {websensev1|barracudav1} defaultdomain <string>
websecurityproxy {websensev1|barracudav1} defaultusername <string>
websecurityproxy {websensev1|barracudav1} enable
websecurityproxy {websensev1|barracudav1} httpproxyhost <string>
websecurityproxy {websensev1|barracudav1} httpproxyport <port>
websecurityproxy {websensev1|barracudav1} httpsproxyhost <string>
websecurityproxy {websensev1|barracudav1} httpsproxyport <port>
websecurityproxy {websensev1|barracudav1} subnet <ip_addr/netmask> [ actionifunreachable {allow|block} ]
websecurityproxy {websensev1|barracudav1} whitelist <string>
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 22/315
27/4/2016 Aerohive CLI Guide
OperatorName name is combined with the namespace ID to uniquely identify the owner of the access
network.)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 23/315
27/4/2016 Aerohive CLI Guide
aaa macformat delimiter {dash|dot|colon}
aaa Set parameters for AAA (authentication, authorization, accounting)
Set the MAC address format to use when sending client MAC addresses to an external
macformat
authentication server
delimiter Set the type of delimiter to use when formatting MAC addresses
dash Set a dash ( ) as the MAC address delimiter (Default: colon)
dot Set a dot ( . ) as the MAC address delimiter (Default: colon)
colon Set a colon ( : ) as the MAC address delimiter (Default: colon)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 24/315
27/4/2016 Aerohive CLI Guide
Range: 10100000000)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 26/315
27/4/2016 Aerohive CLI Guide
radiusserver Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS
attrmap
server
userprofileattrname Set the user group ID attribute name that is defined on the LDAP server
Enter the attribute name (132 chars; Note: The attribute type must be "string". Default
<string>
attribute in AD: msRADIUSCallbackNumber; in LDAP server: radiusCallbackNumber)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 27/315
27/4/2016 Aerohive CLI Guide
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
Set the OU (organizational unit) used on the Active Directory server where the AP RADIUS
computerou
server admin has privileges to add the AP as a computer in the domain
Enter the OU (Max: 256 chars; Format: ou/subou/subou; Note: If there are any spaces,
<string>
enclose the entire string in quotation marks.)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 28/315
27/4/2016 Aerohive CLI Guide
dbtype Set the type and location of the user database
activedirectory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
domain Set the domain name of the AD domain controller
Enter the NetBOIS name of the domain (164 chars; Note: The domain name cannot contain
<string>
multiplelevel domains delimited by dots.)
Set the IP address or resolvable domain name for the AD server (Note: The AD server is
server
the same as the domain controller.)
<string> Enter the IP address or domain name (164 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 29/315
27/4/2016 Aerohive CLI Guide
dbtype Set the type and location of the user database
activedirectory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
Enable TLS authentication that the local AP, as an LDAP client, uses with the AD server
tlsenable
(Default: Disabled)
Set the AP to use TCP port 3268 when doing an LDAP search on an AD global catalog server
globalcatalog
(Default: Disabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 30/315
27/4/2016 Aerohive CLI Guide
ldapserver Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
binddn Set the bind DN (distinguished name) under which LDAP searches are done
Enter the bind DN (1256 chars; Note: If there are any spaces, enclose the whole string
<string>
in quotation marks.)
password Set the password which authenticate the bindDN
<string> Enter the password (164 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 31/315
27/4/2016 Aerohive CLI Guide
aaa radiusserver local dbtype ldapserver {primary|backup1|backup2|backup3} protocol {ldap|ldaps}
aaa Set parameters for AAA (authentication, authorization, accounting)
radiusserver Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
dbtype Set the type and location of the user database
ldapserver Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
protocol Set the protocol for communicating with the LDAP server
ldap Set LDAP as the protocol for communicating with the LDAP server (Default: LDAP)
Set LDAPS (Secure LDAP) as the protocol for communicating with the LDAP server (Default:
ldaps
LDAP)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 32/315
27/4/2016 Aerohive CLI Guide
primary Set the library SIP server that is first queried when authenticating users
Enable the AP, acting as a library SIP client, to log in when connecting to the library
loginenable
SIP server (Default: Disabled)
aaa radiusserver local dbtype librarysipserver {primary} loginuser <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radiusserver Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
dbtype Set the type and location of the user database
Set parameters for the local RADIUS server to communicate with a library SIP (Standard
librarysipserver
Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
Set the user name that the local RADIUS server submits when logging in to the library
loginuser
SIP server
<string> Enter the user name (132 chars)
Set the password that the local AP RADIUS server submits when logging in to the library
password
SIP server
<string> Enter the password (132 chars)
<string> Enter the IP address or domain name (Domain name: 132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 33/315
27/4/2016 Aerohive CLI Guide
aaa radiusserver local dbtype local
aaa Set parameters for AAA (authentication, authorization, accounting)
radiusserver Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
dbtype Set the type and location of the user database
local Set the user database on the local AP
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 34/315
27/4/2016 Aerohive CLI Guide
backup3 Set the OD server that is queried if the backup2 server stops responding
domain Set the domain name of the OD domain controller
<string> Enter the name of the domain (164 chars)
fullname Set the full DNS name of the OD domain server
<string> Enter the full DNS name of the domain (164 chars)
radiusserver Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 35/315
27/4/2016 Aerohive CLI Guide
local Set the local Aerohive device as a RADIUS server
Set the authentication method that the local AP, as an LDAP client, uses with the LDAP
ldapauth
server
primary Set the authentication method for the first LDAP server
backup1 Set the authentication method for the second LDAP server
backup2 Set the authentication method for the third LDAP server
backup3 Set the authentication method for the fourth LDAP server
type Set the authentication type to use for LDAP communications
tls Set the authentication type as TLS (Transport Layer Security)
Set the CA certificate that the local AP uses when authenticating itself as an LDAP
cacert
client to an LDAP server
<string> Enter the file name of the CA certificate (132 chars)
Set the client certificate that the local AP uses when authenticating itself to an LDAP
clientcert
server
<string> Enter the file name of the client certificate (132 chars)
privatekey Set the private key that the local AP uses to authenticate itself to an LDAP server
<string> Enter the name of the private key file (132 chars)
privatekeypassword Set the password for the private key that is used when forming a TLS tunnel
<string> Enter the password (132 chars)
verifyserver Set options for verifying the LDAP server (Default: LDAP server verification is try.)
never never verify the identity of the LDAP server (Default: try)
try try verify the identity of the LDAP server (Default: try)
demand demand verify the identity of the LDAP server (Default: try)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 36/315
27/4/2016 Aerohive CLI Guide
aaa radiusserver local nas <string> tls
aaa Set parameters for AAA (authentication, authorization, accounting)
radiusserver Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
Set parameters for communicating with other hive members acting as the RADIUS NAS
nas
(Network Access Server) devices
Enter the IP address or resolvable domain name (132 chars) for a single NAS device or
<string>
the subnet for multiple devices
Set TLS (Transport Layer Security) encryption for securing communications with the
tls
RADIUS NAS devices
aaa radiusserver local staauth cacert <string> servercert <string> privatekey <string> [ private
keypassword <string> ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radiusserver
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 37/315
27/4/2016 Aerohive CLI Guide
local Set the local Aerohive device as a RADIUS server
staauth Set the authentication type and certificate parameters for authenticating users
cacert Set the CA certificate for a TLS (Transport Layer Security) tunnel
<string> Enter the file name of the CA certificate (132 chars)
servercert Set the server certificate used when forming a TLS tunnel
<string> Enter the file name of the server certificate (132 chars)
privatekey Set the private key used when forming a TLS tunnel
<string> Enter the name of the private key file (132 chars)
privatekeypassword Set the password for encrypting the private key used when forming a TLS tunnel
<string> Enter a password (164 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 38/315
27/4/2016 Aerohive CLI Guide
aaa radiusserver local staauth type {peap|ttls} checkindb
aaa Set parameters for AAA (authentication, authorization, accounting)
radiusserver Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local Aerohive device as a RADIUS server
staauth Set the authentication type and certificate parameters for authenticating users
type Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
Set PEAP (Protected Extensible Authentication Protocol) as the RADIUS authentication
peap
type (Default: tls+peap+ttls+leap+md5)
Set TTLS (Tunneled TLS) as the RADIUS authentication type (Default:
ttls
tls+peap+ttls+leap+md5)
Enable the local RADIUS server to query the Active Directory database to check that user
checkindb accounts are stored under the proper baseDN before authenticating them (Default:
Disabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 39/315
27/4/2016 Aerohive CLI Guide
server Set the IP address or resolvable domain name for the RADIUS server
<string> Enter the IP address or domain name (max 32 chars)
sharedsecret Set the shared secret for authenticating communications with a RADIUS server
Enter the shared secret (164 chars; Note: The RADIUS shared secret is case sensitive
<string>
and can contain spaces.)
<port> [1~65535]Enter the RadSec proxy accounting port number (Range: 165535; Default: 1813)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 40/315
27/4/2016 Aerohive CLI Guide
aaa radiusserver proxy radsec authport <port>
aaa Set parameters for AAA (authentication, authorization, accounting)
radiusserver Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local
radsec
device and a RADIUS server
authport Set the RadSec proxy authentication port number
[1~65535]Enter the RadSec proxy authentication port number (Range: 165535; Default:
<port>
1812)
radiusserver Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 41/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 42/315
27/4/2016 Aerohive CLI Guide
backup1 Set the RADIUS server that is queried if the primary server stops responding
backup2 Set the RADIUS server that is queried if the backup1 server stops responding
backup3 Set the RADIUS server that is queried if the backup2 server stops responding
<ip_addr> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
<string> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
sharedsecret Set the shared secret for authenticating communications with a RADIUS server
Enter the shared secret for authenticating communications with a RADIUS server (164
<string>
chars)
authport Set the RADIUS authentication port number
<number> Enter the RADIUS authentication port number (Default: 1812; Range: 165535)
acctport Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 0; Range: 065535)
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when
viavpntunnel the RADIUS server is in a different subnet from the tunnel interface. When they are in
the same subnet, tunneling is automatic.)
accessconsole hidessid
accessconsole Set access console parameters
hidessid Hide the SSID in beacons and ignore broadcast probe requests(Default: disabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 43/315
27/4/2016 Aerohive CLI Guide
accessconsole security protocolsuite {wpa2aespsk|wpa2tkippsk|wpaautopsk} asciikey <string>
accessconsole Set access console parameters
security Set the security parameters for the access console
protocolsuite Set the security protocol suite for the access console
wpa2aespsk Set the security protocol suite as wpa2aespsk
wpa2tkippsk Set the security protocol suite as wpa2tkippsk
wpaautopsk Set the security protocol suite as wpaautopsk
asciikey Set key type as an ASCII string
<string> Enter the ASCII key value (863 chars)
accessconsole telnet
accessconsole Set access console parameters
telnet Enable Telnet manageability of the access console (Default: enabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 44/315
27/4/2016 Aerohive CLI Guide
admin {readwrite|readonly} <string> password <string>
admin Set the administrator parameters
The readwrite admin has the ability to view, set commands and modify his or her own
readwrite password, but not the ability to reset the configuration or add, modify, and delete
other admins
readonly The readonly admin has the ability to view settings
<string> Enter an admin user's name (320 chars)
password Set password for the user
Set password for the user ([minpasswordlength]32 chars, use CLI "show minpassword
<string>
length" to get value of minpasswordlength, default: 8)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 45/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 46/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 47/315
27/4/2016 Aerohive CLI Guide
<number> Enter a number in increments of 60 between 60~3600 (Default: 3600)
reportperiod Set L7 reportperiod related parameters
<number> Enter a number in increments of 60 between 60~3600 (Default: 3600)
application reporting upload <url> timewindow <number> [ admin <string> password <string>
{basic|digest} ]
application Set L7 related parameters
reporting Set L7 application reporting related parameters
upload Set L7 application reporting upload parameters
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/, http://domain:port/path/;
Note: You can substitute 'https' for 'http'.)
timewindow Reporting timewindow
<number> minutes(Range: 130)
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
bonjourgateway enable
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and
bonjourgateway
sharing Bonjour services across subnets/VLANs
enable Enable Bonjour gateway functionality (Default: Enabled)
bonjourgateway filter rule <number> [ from <string> ] <string> [ to <string> ] [ metric <number> ]
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and
bonjourgateway
sharing Bonjour services across subnets/VLANs
Set a filter to control which Bonjour services the local gateway transmits to remote
filter gateways
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 48/315
27/4/2016 Aerohive CLI Guide
Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour
rule
gateways in other subnets
<number> Enter the ID for the rule (Range 1128)
from Set the source from which services are advertised
<string> Enter the source VLAN group name (132 chars)
Enter the text string to filter which services are advertised (164 chars; Note: A
<string> service is advertised if its name matches the string in a rule. You can use asterisks as
wildcards)
to Set the VLAN group to which services are advertised
<string> Enter the destination VLAN group name (132 chars)
Set the maximum number of hops away from the local BDD to accept service advertisements
metric (Note: An immediately neighboring BDD is one hop away, a neighbor of that neighbor is
two hops away, and so on.)
Enter the maximum distance from which service advertisements are acceptable (Range: 0
<number>
100; Default: 0; Note: A value of 0 means that there is no maximum distance.)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 49/315
27/4/2016 Aerohive CLI Guide
<number> Enter the VLAN ID to be probed (Range: 14094; Note: If you are defining a range of
VLANs, this is the starting point of that range.)
<number> Enter the last VLAN ID in the range (Range: 14094)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 50/315
27/4/2016 Aerohive CLI Guide
netdump server" command (Note: If the HiveAP crashes, it saves a core dump file to the TFTP
server in its next rebooting phase)
dumpfile Set the name of the core dump file to be saved to the TFTP server
<string> Enter the name of the core dump file (Default name: .netdump; 132 chars)
cac enable
Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP
cac
calls
enable Enable CAC protection of VoIP traffic
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 51/315
27/4/2016 Aerohive CLI Guide
capture Set packet capture parameters
save Set the packet capture tool to save captured packets to a file
interface Set the packet capture tool to save captured packets to a file on a radio interface
<wifix> Enter the name of a WiFi radio interface, where x = 0 or 1
Enter a local file name or the remote location, path, and file name (Format: filename or
<string>
tftp://server:/path/filename; Default: wifix.dmp)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 52/315
27/4/2016 Aerohive CLI Guide
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
discovery Set CAPWAP client discovery parameters
method Set the CAPWAP discovery method
Enable the broadcast of CAPWAP Discovery Request messages in the local Layer 2 domain as
broadcast
part of the CAPWAP server discovery process (Default: Enabled)
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP
connection
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 53/315
27/4/2016 Aerohive CLI Guide
maxretries Set the maximum number of times to retry making a DTLS connection
<number> Enter the maximum number of retries (Default: 3; Range: 165535)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 54/315
27/4/2016 Aerohive CLI Guide
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 55/315
27/4/2016 Aerohive CLI Guide
client Set CAPWAP client parameters
vhmname Set the name of the virtual HiveManager system
<string> Enter the name of the virtual HiveManager system (164 chars)
capwap ping <string> [ port <number> ] [ count <number> ] [ size <number> ] [ timeout <number> ]
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP
ping
packets similar to those used for CAPWAP heartbeats.)
<string> Enter the IP address or domain name of the CAPWAP server (132 chars)
port Set the destination UDP port number for communicating with the CAPWAP server
Enter the destination UDP port number for communicating with the CAPWAP server (Default:
<number>
12222; Range: 165535)
count Set the number of CAPWAP UDP packets to send
<number> Enter the number of packets to send (Default: 5; Range: 165535)
size Set the size of the UDP packets
<number> Enter the packet size in bytes (Default: 56; Range:11300)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 5; Range: 160)
capwap ping <string> [ port <number> ] flood <number> [ size <number> ] [ timeout <number> ]
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP
ping
packets similar to those used for CAPWAP heartbeats.)
<string> Enter the IP address or domain name of the CAPWAP server (132 chars)
port Set the destination UDP port number for communicating with the CAPWAP server
Enter the destination UDP port number for communicating with the CAPWAP server (Default:
<number>
12222; Range: 165535)
Set the number of batches, each consisting of 100 CAPWAP UDP packets, to send at one
flood
time
<number> Enter the number of batches of packets(Range: 165535)
size Set the size of the UDP packets
<number> Enter the packet size in bytes (Default: 56; Range:11300)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 5; Range: 160)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 56/315
27/4/2016 Aerohive CLI Guide
Clear all certificates that the local Aerohive device uses as a RADIUS server and LDAP
radiusserverkey
client
radiusserver Clear certificates that the local AP uses as a RADIUS server
ldapclient Clear certificates that the local AP uses as a LDAP client
<string> Enter the name of the certificate
clear arpcache
clear Clear dynamic system information or remove all web directories
arpcache Clear the ARP cache
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 57/315
27/4/2016 Aerohive CLI Guide
clear auth username <string>
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
username Clear dynamic authentication information by user name
<string> Enter a user name (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 58/315
27/4/2016 Aerohive CLI Guide
rollback Clear the current configuration rollback point and related settings
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 59/315
27/4/2016 Aerohive CLI Guide
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
dstmac Clear MAC sessions by destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 60/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 61/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 62/315
27/4/2016 Aerohive CLI Guide
clear ssid <string> counter station [ <mac_addr> ]
clear Clear dynamic system information or remove all web directories
ssid Clear SSID info
<string> Enter an SSID profile name (132 chars)
counter Clear counters for stations (wireless clients) associated with the SSID
station Clear counters for all stations or a specific station associated with the SSID
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
clientmonitor enable
clientmonitor Set parameters for Client Monitor
Enable client monitor to detect client issues and report client connection activities
enable
and problems to HiveManager (Default: Enabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 63/315
27/4/2016 Aerohive CLI Guide
<number> ] [ reportinterval <number> ] [ quiettime <number> ]
clientmonitor Set parameters for Client Monitor
policy Set parameters for a Client Monitor policy
<string> Enter the Client Monitor policy name (132 chars)
problemtype Set the problem type which specifies a category of clientcentric problems
association Detect, analyze and report the client association problem
authentication Detect, analyze and report the client authentication problem
networking Detect, analyze and report the client networking problem
Set how many times the problem type is detected to trigger reporting the problem and
triggertimes
related logs
<number> Enter trigger times for the problem type (Range: 110; Default: 1)
reportinterval Set the interval to report the problem and related logs
Enter a report interval in seconds for the problem type (Range: 0 or 303600; Default:
<number>
0; Note: The default value of 0 reports every instance of the problem)
quiettime Set the time period after which the problem elapses
<number> Enter quiet time in seconds for the problem type (Range: 6086400; Default: 300)
clienttracing <mac_addr>
clienttracing Test client tracing
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 64/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 65/315
27/4/2016 Aerohive CLI Guide
device (Note: If the number of retrieved lines exceeds the maximum, press TAB to return
page
the next batch or ENTER to retrieve the next single line. Press the Q key to cancel the
display of all further requested data and return to the command prompt.)
Set the maximum number of lines to display at a time (Default: 22, Range: 10100,
<number>
Disable: 0, which means that there is no maximum limit)
datacollection enable
Set parameters for collecting data about the types and capabilities of devices on the
datacollection
network and the types of applications and IP protocols they use
Enable the local HiveAP to collect data about types and capabilities of devices on the
enable
network and their network usage (Default: Disabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 66/315
27/4/2016 Aerohive CLI Guide
level Specify a logging level
emergency Show emergencylevel log entries (Default: debug)
alert Show log entries from alert to emergency levels (Default: debug)
critical Show log entries from critical to emergency levels (Default: debug)
error Show log entries from error to emergency levels (Default: debug)
warning Show log entries from warning to emergency levels (Default: debug)
notification Show log entries from notification to emergency levels (Default: debug)
info Show log entries from info to emergency levels (Default: debug)
debug Show log entries for all severity levels (Default: debug)
devicelocation <string>
devicelocation Set the device location
<string> Enter a device location (1128 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 67/315
27/4/2016 Aerohive CLI Guide
dns domainname <string>
dns Set DNS (Domain Name System) parameters
domainname Set the domain name suffix for the local AP
<string> Enter the domain name suffix for the local AP (132 chars)
exec aaa idmtest auth username <string> password <string> [ {pap|mschapv2} ] [ proxy <string> ] [
bindssid <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
Test TLS connectivity from the Aerohive device acting as the RadSec or AUTH proxy to the
idmtest
ID Manager gateway
auth Send a RADIUS AccessRequest message from the Aerohive device to the ID Manager
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 68/315
27/4/2016 Aerohive CLI Guide
username Set the user name belonging to an account on the ID Manager
<string> Enter the user name (132 chars)
password Set the password that belongs to the same account as the user name on the ID Manager
<string> Enter the password (164 chars)
Set PAP (Password Authentication Protocol) as the method for sending authentication
pap
requests between the Aerohive device and ID Manager (Default: MSCHAPv2)
Set MSCHAPv2 (Microsoft CHAP Version 2) as the method for sending authentication
mschapv2
requests between the Aerohive device and ID Manager (Default: MSCHAPv2)
proxy Set parameters for connecting to an ID Manager proxy server
<string> Enter the IP address or domain name of the ID Manager proxy server (132 chars)
Set the SSID to which the user name binds for ID Manager testing (Note: By default,
bindssid wired links use the user namepassword pair for testing ID Manager accounts, so the user
name does not need to bind to an SSID.)
<string> Enter the name of the SSID to which you want to bind the user name (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 69/315
27/4/2016 Aerohive CLI Guide
<string> Enter a user name (132 chars)
Set the baseDN (distinguished name) where the user profiles are located in the LDAP tree
basedn
structure
Enter the baseDN (1256 chars; Note: If there are any spaces, enclose the whole string
<string>
in quotation marks.)
domain Set the domain name of the domain controller
<string> Enter a NT domain name (164 chars)
exec aaa netjoin domain <string> fullname <string> server <string> username <string> password
<string> [ computerou <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
netjoin Join the local AP RADIUS server to the domain controller
domain Set the domain name of the AD domain controller
Enter the NetBIOS name of the domain (164 chars; Note: The domain name cannot contain
<string>
multiplelevel domains delimited by dots.)
Set the full name of the domain to which the RADIUS server (local AP) and AD server both
fullname
belong
<string> Enter the full domain name (164 chars)
Set the IP address or resolvable domain name for the AD server (Note: The AD server is
server
the same as the domain controller.)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 70/315
27/4/2016 Aerohive CLI Guide
<string> Enter the IP address or domain name (up to 32 chars)
Set the admin user name that the local AP RADIUS server submits to the AD server (Note:
username For the AP RADIUS server to join the domain, its user account must have domain admin
privileges or higher.)
<string> Enter a user name (132 chars)
password Set the password for the user name
<string> Enter a password (164 chars)
Set the OU (organizational unit) used on the Active Directory server where the AP RADIUS
computerou
server admin has privileges to add the AP as a computer in the domain
Enter the OU (Max: 256 chars; Format: ou/subou/subou; Note: If there are any spaces,
<string>
enclose the entire string in quotation marks.)
password Set the password that belongs to the same account as the user name on the RADIUS server
<string> Enter the password (164 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 71/315
27/4/2016 Aerohive CLI Guide
Set PAP (Password Authentication Protocol) as the method for sending authentication
pap
requests between the HiveAP and RADIUS server (Default: MSCHAPv2)
Set CHAP (ChallengeHandshake Authentication Protocol) as the method for sending
chap
authentication requests between the HiveAP and RADIUS server (Default: MSCHAPv2)
Set MSCHAPv2 (Microsoft CHAP Version 2) as the method for sending authentication
mschapv2
requests between the HiveAP and RADIUS server (Default: MSCHAPv2)
exec activealarmsresending
exec Execute a command to initiate a task immediately
activealarms
Make device resend all active alarms to HiveManager
resending
exec antennaalignment interface <wifix> peer <mac_addr> [ count <number> ] [ interval <number> ] [
textsize <number> ]
exec Execute a command to initiate a task immediately
Set parameters for aligning a directional or sectional antenna connected to a radio in
antennaalignment
backhaul or dual (access and backhaul) mode with a specified peer
interface Set the interface bound to the radio whose antenna you want to align with that of a peer
<wifix> Enter the name of a WiFi radio interface, where x = 0 or 1
Set the MAC address of the peer to which the HiveAP sends antenna alignment request
peer
frames
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
count Set the total number of request frames to send to the peer
<number> Enter the total number of request frames (Default: 60; Range: 11000)
interval Set the interval between each request frame transmission
<number> Enter the interval in seconds (Default: 1; Range: 130)
textsize Set the amount of filler text in each request frame
<number> Enter the amount of filler text in bytes (Default: 16; Range: 162048)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 72/315
27/4/2016 Aerohive CLI Guide
ppsk Remove the PPSK MAC address binding from a PPSK
<string> Enter the PPSK of the station used (132 chars)
exec bypasswanhardening
exec Execute a command to initiate a task immediately
Disable WAN hardening to allow SSH, Telnet, and the remote sniffer tool to access the
device over the WAN interface (Note: Execute this command to allow remote access for
bypasswanhardening
troubleshooting. To restore WAN hardening, enter "no exec bypasswanhardening" or
reboot the device.)
exec capture remotesniffer [ user <string> <string> ] [ hostallowed <string> ] [ localport <number>
] [ promiscuous ]
exec Execute a command to initiate a task immediately
capture Initiate packet capturing
remotesniffer Set parameters for a remote packet sniffer
Set user name and password that the remote sniffer uses when authenticating itself to
user
the HiveAP
<string> Enter the user name (132 chars)
<string> Enter the password (132 chars)
Set the IP address or domain name of the remote packet sniffer that is allowed to
hostallowed
connect to the HiveAP
<string> Enter the IP address or domain name (132 chars)
Set the port number on which the HiveAP listens for connection requests from the remote
localport
sniffer
<number> Enter the port number (Default: 2002; Range: 102465535)
Enable the wifi interfaces to operate in promiscuous mode during packet capturing
promiscuous
(Default: Disabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 73/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 74/315
27/4/2016 Aerohive CLI Guide
rogue Classify APs as rogue
friendly Classify APs as friendly
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
Set a range of MAC addresses
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
exit
exit Exit from the current mode
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 75/315
27/4/2016 Aerohive CLI Guide
filter <number> l3 [ srcip <ip_addr> ] [ dstip <ip_addr> ] [ protocol <number> ] [ srcport <number>
] [ dstport <number> ]
filter Set packet capture filter parameters
<number> Enter a filter ID (Range: 164)
l3 Set packet capture filter for layer 3 parameters
srcip Filter by source IP address
<ip_addr> Enter a source IP address
dstip Filter by destination IP address
<ip_addr> Enter a destination IP address
protocol Filter by protocol number in IP header
<number> Enter a protocol value (UDP:17; TCP:6 ICMP:1)
srcport Filter by source port filter
<number> Enter a source port number
dstport Filter by destination port
<number> Enter a destination port number (HTTP:80; FTP:21; TELNET:23; DHCP:67; TFTP:79)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 76/315
27/4/2016 Aerohive CLI Guide
interssidflood Forward multicast and broadcast traffic between access interfaces to protect SSIDs from
flooding (Default: Enabled)
enable Enable the protection of SSIDs from multicast and broadcast flooding
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 77/315
27/4/2016 Aerohive CLI Guide
action Set the action to apply to packets matching the static packetforwarding rule
drop Drop packets that match the rule
inif Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
forwardingengine staticrule <string> action drop inif <ethx|aggx|redx> srcmac <mac_addr> dstmac
<mac_addr>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
drop Drop packets that match the rule
inif Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
srcmac Set the source MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
forwardingengine staticrule <string> action drop inif <ethx|aggx|redx> srcoui <oui> dstmac
<mac_addr>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
drop Drop packets that match the rule
inif Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC
srcoui
address
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples:
<oui>
Apple iPhone=00:1b:63; DLink Phone=00179a; Vocera=00.09.ef.)
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
forwardingengine staticrule <string> action drop inif <wifix.y> dstmac <mac_addr> txmac
<mac_addr>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 78/315
27/4/2016 Aerohive CLI Guide
drop Drop packets that match the rule
inif Set the inbound interface
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
Set the MAC address of the transmitter; that is the MAC address of the device on the
txmac
network that forwarded the frame to the HiveAP
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
forwardingengine staticrule <string> action drop inif <wifix.y> srcmac <mac_addr> dstmac
<mac_addr> txmac <mac_addr>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
drop Drop packets that match the rule
inif Set the inbound interface
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
srcmac Set the source MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
Set the MAC address of the transmitter; that is the MAC address of the device on the
txmac
network that forwarded the frame to the HiveAP
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
forwardingengine staticrule <string> action drop inif <wifix.y> srcoui <oui> dstmac <mac_addr>
txmac <mac_addr>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
drop Drop packets that match the rule
inif Set the inbound interface
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC
srcoui
address
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples:
<oui>
Apple iPhone=00:1b:63; DLink Phone=00179a; Vocera=00.09.ef.)
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
Set the MAC address of the transmitter; that is the MAC address of the device on the
txmac
network that forwarded the frame to the HiveAP
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
forwardingengine staticrule <string> action pass inif <ethx|aggx|redx> dstmac <mac_addr> outif
<ethx|aggx|redx>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule
Add a static packetforwarding rule that preempts dynamic forwarding decisions
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 79/315
27/4/2016 Aerohive CLI Guide
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
pass Pass packets that match the rule
inif Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
outif Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwardingengine staticrule <string> action pass inif <ethx|aggx|redx> dstmac <mac_addr> outif
<wifix.y> rxmac <mac_addr>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
pass Pass packets that match the rule
inif Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
outif Set the outbound interface
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
Set the MAC address of the receiver; that is the MAC address of the device on the
rxmac
network to which the HiveAP forwards the frame
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
forwardingengine staticrule <string> action pass inif <ethx|aggx|redx> srcmac <mac_addr> dstmac
<mac_addr> outif <ethx|aggx|redx>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
pass Pass packets that match the rule
inif Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
srcmac Set the source MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 80/315
27/4/2016 Aerohive CLI Guide
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
outif Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwardingengine staticrule <string> action pass inif <ethx|aggx|redx> srcmac <mac_addr> dstmac
<mac_addr> outif <wifix.y> rxmac <mac_addr>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
pass Pass packets that match the rule
inif Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
srcmac Set the source MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
outif Set the outbound interface
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
Set the MAC address of the receiver; that is the MAC address of the device on the
rxmac
network to which the HiveAP forwards the frame
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
forwardingengine staticrule <string> action pass inif <ethx|aggx|redx> srcoui <oui> dstmac
<mac_addr> outif <ethx|aggx|redx>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
pass Pass packets that match the rule
inif Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC
srcoui
address
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples:
<oui>
Apple iPhone=00:1b:63; DLink Phone=00179a; Vocera=00.09.ef.)
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
outif Set the outbound interface
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 81/315
27/4/2016 Aerohive CLI Guide
forwardingengine staticrule <string> action pass inif <ethx|aggx|redx> srcoui <oui> dstmac
<mac_addr> outif <wifix.y> rxmac <mac_addr>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
pass Pass packets that match the rule
inif Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC
srcoui
address
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples:
<oui>
Apple iPhone=00:1b:63; DLink Phone=00179a; Vocera=00.09.ef.)
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
outif Set the outbound interface
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
Set the MAC address of the receiver; that is the MAC address of the device on the
rxmac
network to which the HiveAP forwards the frame
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
forwardingengine staticrule <string> action pass inif <wifix.y> dstmac <mac_addr> txmac
<mac_addr> outif <ethx|aggx|redx>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
pass Pass packets that match the rule
inif Set the inbound interface
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
Set the MAC address of the transmitter; that is the MAC address of the device on the
txmac
network that forwarded the frame to the HiveAP
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
outif Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwardingengine staticrule <string> action pass inif <wifix.y> dstmac <mac_addr> txmac
<mac_addr> outif <wifix.y> rxmac <mac_addr>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
pass Pass packets that match the rule
inif Set the inbound interface
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 82/315
27/4/2016 Aerohive CLI Guide
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
Set the MAC address of the transmitter; that is the MAC address of the device on the
txmac
network that forwarded the frame to the HiveAP
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
outif Set the outbound interface
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
Set the MAC address of the receiver; that is the MAC address of the device on the
rxmac
network to which the HiveAP forwards the frame
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
forwardingengine staticrule <string> action pass inif <wifix.y> srcmac <mac_addr> dstmac
<mac_addr> txmac <mac_addr> outif <ethx|aggx|redx>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
pass Pass packets that match the rule
inif Set the inbound interface
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
srcmac Set the source MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
Set the MAC address of the transmitter; that is the MAC address of the device on the
txmac
network that forwarded the frame to the HiveAP
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
outif Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwardingengine staticrule <string> action pass inif <wifix.y> srcmac <mac_addr> dstmac
<mac_addr> txmac <mac_addr> outif <wifix.y> rxmac <mac_addr>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
pass Pass packets that match the rule
inif Set the inbound interface
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
srcmac Set the source MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
Set the MAC address of the transmitter; that is the MAC address of the device on the
txmac
network that forwarded the frame to the HiveAP
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 83/315
27/4/2016 Aerohive CLI Guide
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
outif Set the outbound interface
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
Set the MAC address of the receiver; that is the MAC address of the device on the
rxmac
network to which the HiveAP forwards the frame
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
forwardingengine staticrule <string> action pass inif <wifix.y> srcoui <oui> dstmac <mac_addr>
txmac <mac_addr> outif <ethx|aggx|redx>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
pass Pass packets that match the rule
inif Set the inbound interface
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC
srcoui
address
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples:
<oui>
Apple iPhone=00:1b:63; DLink Phone=00179a; Vocera=00.09.ef.)
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
Set the MAC address of the transmitter; that is the MAC address of the device on the
txmac
network that forwarded the frame to the HiveAP
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
outif Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwardingengine staticrule <string> action pass inif <wifix.y> srcoui <oui> dstmac <mac_addr>
txmac <mac_addr> outif <wifix.y> rxmac <mac_addr>
forwardingengine Set parameters to shape the behavior of the forwarding engine
staticrule Add a static packetforwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packetforwarding rule (132 chars)
action Set the action to apply to packets matching the static packetforwarding rule
pass Pass packets that match the rule
inif Set the inbound interface
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC
srcoui
address
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples:
<oui>
Apple iPhone=00:1b:63; DLink Phone=00179a; Vocera=00.09.ef.)
dstmac Set the destination MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
Set the MAC address of the transmitter; that is the MAC address of the device on the
txmac
network that forwarded the frame to the HiveAP
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
outif Set the outbound interface
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 84/315
27/4/2016 Aerohive CLI Guide
rxmac Set the MAC address of the receiver; that is the MAC address of the device on the
network to which the HiveAP forwards the frame
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
history <number>
history Set the capacity for command history
<number>
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 85/315
27/4/2016 Aerohive CLI Guide
Enter the max number of commands to store in command history (Default: 20; Range: 150)
hive <string>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 86/315
27/4/2016 Aerohive CLI Guide
pollinginterval Set the time interval in minutes for polling the signal strength of neighboring hive
members
<number> Enter the polling time interval (Default: 1 minute; range: 160)
hive <string> security wlan dos stationlevel frametype {assocreq|auth|eapol} ban <number>
hive Create a hive or set hive parameters
<string> Enter a hive profile name (132 chars)
security Set hive security parameters
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
stationlevel Set DoS parameters at stationlevel
frametype Set WLAN DoS (Denial of Service) frame type
assocreq Specify WLAN DoS frame type assocreq
auth Specify WLAN DoS frame type auth
eapol Specify WLAN DoS frame type eapol
ban Set the period of time to ignore frames after a theshold has been crossed
Enter the period of time in seconds to ignore frames after a theshold has been crossed
<number>
(Default: 60; Min: 0 Max: None)
hive <string> security wlan dos stationlevel frametype {assocreq|auth|eapol} ban forever
hive Create a hive or set hive parameters
<string> Enter a hive profile name (132 chars)
security Set hive security parameters
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
stationlevel Set DoS parameters at stationlevel
frametype Set WLAN DoS (Denial of Service) frame type
assocreq Specify WLAN DoS frame type assocreq
auth Specify WLAN DoS frame type auth
eapol Specify WLAN DoS frame type eapol
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 87/315
27/4/2016 Aerohive CLI Guide
ban Set the period of time to ignore frames after a theshold has been crossed
forever Set ban forever
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 88/315
27/4/2016 Aerohive CLI Guide
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
hivelevel Set DoS parameters at hivelevel
stationlevel Set DoS parameters at stationlevel
frametype Set WLAN DoS (Denial of Service) frame type
probereq Specify WLAN DoS frame type probereq
proberesp Specify WLAN DoS frame type proberesp
assocreq Specify WLAN DoS frame type assocreq
assocresp Specify WLAN DoS frame type assocresp
disassoc Specify WLAN DoS frame type disassoc
auth Specify WLAN DoS frame type auth
deauth Specify WLAN DoS frame type deauth
eapol Specify WLAN DoS frame type eapol
all Specify WLAN DoS frame type all
Set the frame threshold in ppm (packets per minute) that must be crossed to trigger an
threshold
alarm
Enter threshold in ppm (Default: hivelevel probereq 12000, proberesp 24000, eapol
6000, auth 6000, assocreq 6000, assocresp 2400, all others 1200; stalevel probereq
<number>
1200 ppm, proberesp 2400, eapol 600, auth 600, assocreq 600, assocresp 240, all
others 120; Min: 0 Max: None)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 89/315
27/4/2016 Aerohive CLI Guide
automatic Set the arbitrator AP to appoint a mitigator AP and start the mitigation process
automatically (Default: semiautomatic)
Set the arbitrator AP to appoint a mitigator AP automatically but start the mitigation
semiautomatic
process manually (Default: semiautomatic)
Set the action that you want detector APs to take after discovering rogue APs and their
action
clients
mitigate Mitigate rogue APs and their clients (Default: Rogue mitigation)
report Report rogue APs and their clients (Default: Rogue mitigation)
hiveui enable
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 90/315
27/4/2016 Aerohive CLI Guide
Enable the NetConfig UI for defining network settings, configuring settings to connect
hiveui
to HiveManager, and uploading a new HiveOS image
enable Enable the HiveUI
hostname <string>
hostname Set the hostname of the AP
<string> Enter the hostname of the AP (132 chars)
interface <blex> ibeacon [ uuid <string> ] [ major <number> ] [ minor <number> ] [ measuredpower
<number> ]
interface Set interface parameters
<blex> Enter the name of the iBeacon interface, where x = 0
ibeacon Select the Bluetooth iBeacon device
uuid Set the UUID (universally unique identifier) of the iBeacon
<string> Enter the uuid (32 chars) (Default: 4165726F686976654E6574776F726B73 (AerohiveNetworks))
major Set the major value of the iBeacon device
<number> Enter the major (Default: 1; Range: 065535)
minor Set the minor value of the iBeacon device
<number> Enter the minor (Default: 1; Range: 065535)
measuredpower Set measured power of the iBeacon device
<number> Enter the measured power value in dBm (Default: 59; Range: 128~127)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 91/315
27/4/2016 Aerohive CLI Guide
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
Assign a Client Monitor policy to automatically detect, analyze and report problems
clientmonitorpolicy
about the clients which access network through the specified Ethernet interface
<string> Enter the Client Monitor policy name (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 92/315
27/4/2016 Aerohive CLI Guide
interface <ethx> pppoe username <string> password <string>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
Set PPPoE (PointtoPoint Protocol over Ethernet) parameters for the WAN interface
pppoe
(Note: This command only applies to a device functioning as a router.)
Set the user name that the device sends to the ISP to authenticate itself when
username
establishing a PPPoE session with the access concentrator
<string> Enter the user name (164 chars)
password Set the password that the device uses to authenticate itself to the ISP
<string> Enter the password (164 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 93/315
27/4/2016 Aerohive CLI Guide
auto Allow traffic whose VLAN ID matches that of the management interface, virtual management
interface, native VLAN, or the default VLAN configured in user profiles
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 94/315
27/4/2016 Aerohive CLI Guide
Enter the name of an Ethernet interface, where x = 0 or 1
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 95/315
27/4/2016 Aerohive CLI Guide
<string> Enter the QoS marker profile name (1 to 32 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 96/315
27/4/2016 Aerohive CLI Guide
interface <ethx|redx|aggx> mode bridgeaccess [ userprofileattribute <number> ]
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<redx> Enter the name of the redundant interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
Set the operational mode for the interface (Default: backhaul except wan in case of
mode
usbnet)
Set the interface in bridgeaccess mode, making it a layer 2 interface to enable the
bridgeaccess bridging of traffic between devices in a single VLAN in a wired LAN segment and the
wireless LAN (Note: The default MAC route is never on an interface in this mode.)
userprofileattribute Map a RADIUS attribute to the user profile
<number> Enter a numeric value for a single RADIUS attribute (Default:0; Range: 04095)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 97/315
27/4/2016 Aerohive CLI Guide
interface Set interface parameters
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 116)
manage Set management service parameters
ping Enable the virtual management interface to respond to pings (Default: Enabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 98/315
27/4/2016 Aerohive CLI Guide
interface <mgtx> dhcp keepalive retry <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
Set parameters for periodically checking network connectivity to DHCP servers on
keepalive
different VLANs
Set the number of times to retry sending a probe that does not elicit a response from a
retry
DHCP server
<number> Enter the retry value (Range: 110; Default: 2)
interface <mgtx> dhcpprobe vlanrange <number> <number> [ timeout <number> ] [ retries <number> ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcpprobe Probe for DHCP servers in one or more VLANs
vlanrange Set the range of VLANs in which to probe for a DHCP server
<number> Enter the start of the VLAN range (Range: 14094)
<number> Enter the end of the VLAN range (Range: 14094)
timeout Set the timeout for waiting for a response to a probe
<number> Enter the timeout value (Default: 10 secs; Range: 160)
Set the number of times to retry sending a probe that does not elicit a response from a
retries
DHCP server
<number> Enter the retry value (Default: 1; Range: 110)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 99/315
27/4/2016 Aerohive CLI Guide
ip Set mgt0 IP address
<ip_addr/netmask> Enter mgt0 IP address/netmask
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 100/315
27/4/2016 Aerohive CLI Guide
interface <mgtx> vlan <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
Set the VLAN for administrative access to the HiveAP, management traffic between HiveAPs
vlan
and HiveManager, and control traffic among hive members
<number> Enter the VLAN ID for the interface (Default: 1; Range: 14094)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 101/315
27/4/2016 Aerohive CLI Guide
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
radiusserverip Set a custom DHCP option ID for a RADIUS authentication or accounting server
accounting Set a custom DHCP option ID for a RADIUS accounting server
Enter the custom DHCP option ID for a RADIUS accounting server (Range: 1255; Suggested
<number>
ID numbers: RADIUS accounting = 231)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 102/315
27/4/2016 Aerohive CLI Guide
<ethx>
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 103/315
27/4/2016 Aerohive CLI Guide
dhcpserver Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
Enter the custom option number (Ranges: 1224, 227254; Note: Numbers 1179 are standard
<number> DHCP options; use with caution. Number 43 is reserved for Vendor specific; Numbers 225
and 226 are reserved for HiveManager.)
integer Set the custom option data type as an integer
<number> Enter the integer (Range: 02147483647)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 104/315
27/4/2016 Aerohive CLI Guide
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
domainname Set the domain name for DHCP clients
<string> Enter the domain name (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 105/315
27/4/2016 Aerohive CLI Guide
interface <mgtx|mgtx.y> dhcpserver options vendorspecific VCI <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 116)
dhcpserver Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
vendorspecific Set the vendorspecific parameter
VCI Set vendor class identifier
<string> Enter the VCI name (132 chars)(Note: VCI of aerohive is AEROHIVE)
interface <mgtx|mgtx.y> dhcpserver options vendorspecific VCI <string> <number> string <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 116)
dhcpserver Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
vendorspecific Set the vendorspecific parameter
VCI Set vendor class identifier
<string> Enter the VCI name (132 chars)(Note: VCI of aerohive is AEROHIVE)
Enter the DHCP vendorspecific suboption ID(Ranges: 1255; Suggested ID numbers and
types: HiveManager: 225 string, 226 IP; syslog: 227 string, 228 IP; private PSK: 229 IP;
<number>
RADIUS authentication: 230 IP; RADIUS accounting: 231 IP; Backup HiveManager: 232
string, 233 IP)
string Set the vendorspecific suboption data type as a string
<string> Enter the string (1253 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 106/315
27/4/2016 Aerohive CLI Guide
Enter the IP address (Note: The DNS server IP address cannot be the same as that of the
<ip_addr>
interface.)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 107/315
27/4/2016 Aerohive CLI Guide
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 116)
dhcpserver Set DHCP server parameters
Use ARP to check that an IP address is not already in use on the network before
arpcheck
assigning it to a DHCP client (Default: Enabled)
Set the DHCP server as authoritative (Default: Authoritative; Note: An authoritative
authoritativeflag DHCP server can send NAKs in response to DHCP requests for addresses in a different
subnet from those in the configured IP pool.)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 108/315
27/4/2016 Aerohive CLI Guide
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 116)
dnsserver Set DNS server parameters
mode Set the mode for responding to domain name resolution queries (Default: split)
Forward queries only for domain names in a match list to internal DNS servers and
split
forward queries for everything else to external DNS servers
nonsplit Forward all queries to internal DNS servers
interface <mgtx|vlanx> dhcpserver options vendorspecific VCI <string> <number> hex <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<vlanx> Dup
dhcpserver Set DHCP server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
vendorspecific Set the vendorspecific parameter
VCI Set vendor class identifier
<string> Enter the VCI name (132 chars)(Note: VCI of aerohive is AEROHIVE)
Enter the DHCP vendorspecific suboption ID(Ranges: 1255; Suggested ID numbers and
types: HiveManager: 225 string, 226 IP; syslog: 227 string, 228 IP; private PSK: 229 IP;
<number>
RADIUS authentication: 230 IP; RADIUS accounting: 231 IP; Backup HiveManager: 232
string, 233 IP)
hex Set the custom option data type as a hexadecimal digit
Enter the hexadecimal digit (1256 chars; Note: For option 46, which sets the NetBIOS
<string>
over TCP/IP node type, the string must be 1, 2, 4, or 8.)
interface <mgtx|vlanx> dhcpserver options vendorspecific VCI <string> <number> integer <number>
interface Set interface parameters
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 109/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 110/315
27/4/2016 Aerohive CLI Guide
radio Set parameters for the wifi radio interface
channel Set the radio channel for the interface
Enter the frequency with an optional suffix (G: GHz; M: MHz; K: KHz;), or the channel
<string> number, or "auto" to allow ACSP (Advanced Channel Selection Protocol) to select a
channel automatically (Default: auto)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 111/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 112/315
27/4/2016 Aerohive CLI Guide
profile Bind an IDP profile to the interface
<string> Enter an IDP profile name (132 chars)
ip natpolicy <string>
ip Set IP parameters
natpolicy Set IP nat policy parameters
<string> Enter IP nat policy name (132 chars)
ip natpolicy <string> type virtualhost insidehost <ip_addr> insideport <port> outsideport <port>
protocol {tcp|udp}
ip Set IP parameters
natpolicy Set IP nat policy parameters
<string> Enter IP nat policy name (132 chars)
type Set the IP nat policy type
virtualhost Set the IP nat policy type virtualhost
insidehost Set the virtualhost inside host
<ip_addr> Enter the IP address for the virtualhost inside host
insideport Set the virtualhost inside port
<port> [1~65535]Enter the port number
outsideport Set the virtualhost outside port
<port> [1~65535]Enter the port number
protocol Set the virtualhost service protocol
tcp Choose tcp protocol for virtual host
udp Choose udp protocol for virtual host
ip pathmtudiscovery enable
ip Set IP parameters
Set Path MTU (Maximum Transmission Unit) Discovery parameters on a device functioning as
pathmtudiscovery
a router or VPN gateway
Enable Path MTU Discovery to learn the maximum packet size that can be sent across the
enable
network between two hosts without fragmentation (Default: Enabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 113/315
27/4/2016 Aerohive CLI Guide
<number>
ip tcpmssthreshold enable
ip Set IP parameters
Set TCP Maximum Segment Size parameters (Note: This setting only applies to a device
tcpmssthreshold
functioning as a router or VPN gateway.)
Enable the monitoring of the MSS option in TCP SYN and SYNACK messagesand, if
necessary, reduce the MSS value as determined by the TCP MSS threshold (Default:
enable
Enabled; Note: If no TCP MSS threshold value is specified, TCP MSS clamping uses the
Path MTU 40 bytes for the IP and TCP headers.)
ip versionpreference {ipv4|ipv6}
ip Set IP parameter
versionpreference Set IP version preference parameters
ipv4 Set version preference to ipv4 (Default: ipv4)
ipv6 Set version preference to ipv6 (Default: ipv4)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 114/315
27/4/2016 Aerohive CLI Guide
ippolicy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask>
] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] [ action {permit|deny|nat|inter
stationtrafficdrop|redirect} ]
ippolicy Set IP policy parameters
<string> Enter an IP policy name (132 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 11023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 11023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (164 chars)
<string> Enter an IP or domain name (164 chars)
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For
<mask> example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP
policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (164 chars)
<string> Enter an IP or domain name (164 chars)
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For
<mask> example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP
policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (132 chars)
action Set action for an IP policy (Default: deny)
permit Set the action to permit (Default: deny)
deny Set the action to deny (Default: deny)
Set the action to translate clients' source IP address to that of mgt0 and source port
nat number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP
and UDP traffic.)
interstationtraffic Set the action to drop traffic between stations if they are both associated with one or
drop more members of the same hive (Default: deny)
redirect redirect http traffic to specified url(Default: deny)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 115/315
27/4/2016 Aerohive CLI Guide
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For
<mask> example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP
policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (132 chars)
action Set action for an IP policy (Default: deny)
deny Set the action to deny (Default: deny)
log Set logging options for packets and sessions that match the IP firewall policy
packetdrop Log dropped packets that the IP firewall policy denies
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 116/315
27/4/2016 Aerohive CLI Guide
<number> Enter the IP policy ID (Range: 11023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (164 chars)
<string> Enter an IP or domain name (164 chars)
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For
<mask> example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP
policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (164 chars)
<string> Enter an IP or domain name (164 chars)
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For
<mask> example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP
policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (132 chars)
action Set action for an IP policy (Default: deny)
permit Set the action to permit (Default: deny)
log Set logging options for packets and sessions that match the IP firewall policy
initiatesession Log session details when a session is created after passing a IP firewall policy lookup
terminatesession Log session details when a session matching a IP firewall policy is terminated
iperf client <ip_addr> [ {port} <number> ] [ {udp} ] [ {interval} <number> ] [ {nodelay} ] [ {dual
test} ] [ {tradeoff} ] [ {listenport} <number> ] [ {window} <number> ] [ {mss} <number> ] [
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 117/315
27/4/2016 Aerohive CLI Guide
{bandwidth} <number> ] [ {time} <number> ] [ {parallel} <number> ]
iperf Set parameters for Iperf, a tool for testing and measuring network performance
client Set Iperf to run in client mode
<ip_addr> Enter the server IP address with which the HiveAP connects as an Iperf client
port Set the port on which the client connects to the server
<number> Enter the port number (Range: 102465535; Default: 5001)
udp Set the transport protocol as UDP (Default: TCP)
interval Set the interval between periodic bandwidth, jitter, and loss reports
Enter the interval in seconds (Range: 160; Default: 0, which means that the report is
<number>
not made periodically)
Transmit small logical packets individually without the delay incurred by putting them
nodelay in batches within a single larger physical packet (Default: Smaller packets are
transmitted without delay)
Set the Iperf tool to do bidirectional upstream and downstream performance testing
dualtest
between the client and server concurrently
Set the Iperf tool to do bidirectional upstream and downstream performance testing at
tradeoff
different times so downstream testing only begins after upstream testing is complete
listenport Set the port on which the server connects to the client
Enter the port number (Range: 102465535; Default: The same port on which the client
<number>
connects to the server)
window Set the TCP window size (socket buffer size)
<number> Enter the TCP window size in kilobytes (Range: 265535; Default: 83.5)
mss Set the maximum TCP segment size (MTU: 40 bytes)
<number> Enter the maximum TCP segment size in bytes (Range: 4065535; Default: 4160)
bandwidth Set the amount of UDP bandwidth to send
<number> Enter the bandwidth in megabits per second (Range: 11000; Default: 1)
time Set the length of transmission time
<number> Enter the time in seconds (Range: 165535; Default: 10)
Set the client to make multiple connections to the server concurrently (Note: This
parallel
option requires multiple thread support on both the client and server.)
<number> Enter the number of parallel client threads to run (Range: 110; Default: 1)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 118/315
27/4/2016 Aerohive CLI Guide
ipv6 Set IPv6 parameters
Set the DHCPv6 shield to block the forwarding of DHCPv6 server messages received on any
dhcpv6shield
access interface
enable Enable the DHCPv6 shield on access interfaces
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 119/315
27/4/2016 Aerohive CLI Guide
kddr enable
kddr Enable/disable the kddr report to HM
enable Enable the kddr feature
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 120/315
27/4/2016 Aerohive CLI Guide
librarysippolicy session length to library patrons accessing the wireless network (Note: Set policies on
a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
<string> Enter a library SIP policy name (132 chars)
id Set an ID number for a rule to add it to the library SIP policy
<number> Enter an ID number (Range: 164)
Set the twoletter character code that identifies the field name of a specific library
field
SIP value
<string> Enter the twoletter character code(2 char)
Check if the field value that the SIP server returns matches the string entered in the
matches
local AP RADIUS server
Check if the field value that the SIP server returns differsfrom the string entered in
differsfrom
the local AP RADIUS server
Check if the field value that the SIP server returns startswith the string entered in
startswith
the local AP RADIUS server
Check if the field value that the SIP server returns occursafter the string entered in
occursafter
the local AP RADIUS server
Check if the field value that the SIP server returns occursbefore the string entered in
occursbefore
the local AP RADIUS server
Check if the field value that the SIP server returns contains the string entered in the
contains
local AP RADIUS server
Enter the string that the AP RADIUS server uses when checking the field values that the
<string> SIP server returns (132 chars; Note: Date format must be YYYYMMDD; Example: 201001
01.)
Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user
usergroup
group includes user profile, VLAN, and session timeout assignments.)
<string> Enter the user group name (132 chars)
action Set the action that the library SIP policy rule applies
permit Notify users assigned to the user group that they are permitted network access
restricted Notify users assigned to the user group that they are given restricted network access
Notify users assigned to the user group that they are denied network access except to
deny
websites defined in a walled garden
additionaldisplay
Set a message to display when a user attempts to access the network
message
<string> Enter a message string (up to 256 chars)
lldp [ {cdp|receiveonly} ]
lldp Set LLDP (Link Layer Discovery Protocol) parameters
cdp Set CDP (Cisco Discovery Protocol) parameters
Enable the HiveAP to receive and cache LLDP advertisements from neighboring network
receiveonly
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 121/315
27/4/2016 Aerohive CLI Guide
devices but not send them
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 122/315
27/4/2016 Aerohive CLI Guide
location aerohive oui <oui>
location Set parameters for location tracking
aerohive Set parameters for the Aerohive location processing engine
oui Add an OUI (organizationally unique identifier) entry to the track list
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples:
<oui>
Apple iPhone=00:1b:63; DLink Phone=00179a; Vocera=00.09.ef.)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 123/315
27/4/2016 Aerohive CLI Guide
location {aeroscout|tzsp} enable
location Set parameters for location tracking
aeroscout Set parameters for the aeroscout location processing engine
Set parameters for the location processing engine that supports TZSP (Tazmen Sniffer
tzsp
Protocol) for packet encapsulation
enable Enable location tracking and reporting to the location processing engine
notification Send log entries from notification to emergency levels (Default: debug)
info Send log entries from info to emergency levels (Default: debug)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 124/315
27/4/2016 Aerohive CLI Guide
debug Send log entries for all severity levels (Default: debug)
logging debug
logging Set logging parameters
debug Enable debug messages
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 125/315
27/4/2016 Aerohive CLI Guide
viavpntunnel the logging server is in a different subnet from the tunnel interface. When they are in
the same subnet, tunneling is automatic.)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 126/315
27/4/2016 Aerohive CLI Guide
deny Set the action to deny (Default: deny)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 127/315
27/4/2016 Aerohive CLI Guide
<string> Enter an MDM object name (132 chars)
enrollstatus Set the enrollment status of the managed mobile device
enrolled Set the MDM enrollment status of the device as enrolled
nonenrolled Set the MDM enrollment status of the device as nonenrolled
unknown Set the MDM enrollment status of the device as unknown
compliancestatus Set a compliance status
compliant Set the compliance status as compliant
noncompliant Set the compliance status as noncompliant
unknown Set the compliance status as unknown
Set an MDM client tag name to indicate the ownership of the managed mobile device (Note:
clienttag BYOD and CID are common ownership tags that describe bringyourowndevice and
corporateissuesdevice situations.)
<string> Enter a tag name (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 128/315
27/4/2016 Aerohive CLI Guide
mobiledevicepolicy <string> rule <number> {before|after} rule <number>
Set a policy that assigns a user profile to traffic from a client based on the
mobiledevicepolicy originally assigned user profile or the MAC address, device domain, and OS of the user's
client
<string> Enter the mobile device policy name (132 chars)
rule Add a rule to the mobile device policy
Enter a number for the rule ID (Range: 165535; Note: If you do not specify a rule ID,
<number>
the HiveAP automatically assigns one.)
before Move the mobile device policy rule before another rule in the policy
after Move the mobile device policy rule after another rule in the policy
rule Set a rule before or after another rule in the mobile device policy
<number> Enter a rule ID number (Range: 165535)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 129/315
27/4/2016 Aerohive CLI Guide
networkfirewall name <string> [ from {any|vpn} ] to hostname <string> [ service <string> ] [ action
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 130/315
27/4/2016 Aerohive CLI Guide
{permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
any Apply the rule regardless of the traffic source
vpn Apply the rule if the traffic comes from a VPN tunnel
to Apply the rule based on the traffic destination (Default: any)
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain
hostname
names are not supported.)
<string> Enter a host or domain name (132 chars)
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> [ from {any|vpn} ] to iprange <ip_addr> <ip_addr> [ service <string> ]
[ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
any Apply the rule regardless of the traffic source
vpn Apply the rule if the traffic comes from a VPN tunnel
to Apply the rule based on the traffic destination (Default: any)
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> [ from {any|vpn} ] to network <ip_addr> <mask> [ service <string> ] [
action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 131/315
27/4/2016 Aerohive CLI Guide
from Apply the rule based on the traffic source (Default: any)
any Apply the rule regardless of the traffic source
vpn Apply the rule if the traffic comes from a VPN tunnel
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
<mask> Enter a netmask
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> [ from {any|vpn} ] to wildcard <ip_addr> <mask> [ service <string> ] [
action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
any Apply the rule regardless of the traffic source
vpn Apply the rule if the traffic comes from a VPN tunnel
to Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
<ip_addr> Enter an IP address
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the
<mask> 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all
addresses matching only the first and fourth octets.)
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from iprange <ip_addr> <ip_addr> [ to {any|vpn} ] [ service <string> ]
[ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
iprange Set a range of IP addresses as the traffic source
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 132/315
27/4/2016 Aerohive CLI Guide
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
to Apply the rule based on the traffic destination (Default: any)
any Apply the rule regardless of the traffic destination
vpn Apply the rule if the traffic destination is a VPN tunnel
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from iprange <ip_addr> <ip_addr> to hostname <string> [ service
<string> ] [ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
iprange Set a range of IP addresses as the traffic source
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
to Apply the rule based on the traffic destination (Default: any)
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain
hostname
names are not supported.)
<string> Enter a host or domain name (132 chars)
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from iprange <ip_addr> <ip_addr> to iprange <ip_addr> <ip_addr> [
service <string> ] [ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
iprange Set a range of IP addresses as the traffic source
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 133/315
27/4/2016 Aerohive CLI Guide
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from iprange <ip_addr> <ip_addr> to network <ip_addr> <mask> [ service
<string> ] [ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
iprange Set a range of IP addresses as the traffic source
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
<mask> Enter a netmask
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from iprange <ip_addr> <ip_addr> to wildcard <ip_addr> <mask> [
service <string> ] [ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
iprange Set a range of IP addresses as the traffic source
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
to
Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 134/315
27/4/2016 Aerohive CLI Guide
<ip_addr> Enter an IP address
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the
<mask> 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all
addresses matching only the first and fourth octets.)
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from network <ip_addr> <mask> [ to {any|vpn} ] [ service <string> ] [
action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
any Apply the rule regardless of the traffic destination
vpn Apply the rule if the traffic destination is a VPN tunnel
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from network <ip_addr> <mask> to hostname <string> [ service <string> ]
[ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain
hostname names are not supported.)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 135/315
27/4/2016 Aerohive CLI Guide
<string> Enter a host or domain name (132 chars)
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from network <ip_addr> <mask> to iprange <ip_addr> <ip_addr> [ service
<string> ] [ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from network <ip_addr> <mask> to network <ip_addr> <mask> [ service
<string> ] [ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 136/315
27/4/2016 Aerohive CLI Guide
service Apply the rule if the traffic uses a specific service (Default: any, which applies the
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from network <ip_addr> <mask> to wildcard <ip_addr> <mask> [ service
<string> ] [ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
network Set a network as the traffic source
<ip_addr> Enter an IP address
<mask> Enter a netmask
to Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
<ip_addr> Enter an IP address
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the
<mask> 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all
addresses matching only the first and fourth octets.)
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 137/315
27/4/2016 Aerohive CLI Guide
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from userprofile <string> to hostname <string> [ service <string> ] [
action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
userprofile Apply the rule if the HiveAP assigns a user profile to the traffic
<string> Enter the user profile name (132 chars)
to Apply the rule based on the traffic destination (Default: any)
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain
hostname
names are not supported.)
<string> Enter a host or domain name (132 chars)
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from userprofile <string> to iprange <ip_addr> <ip_addr> [ service
<string> ] [ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
userprofile Apply the rule if the HiveAP assigns a user profile to the traffic
<string> Enter the user profile name (132 chars)
to Apply the rule based on the traffic destination (Default: any)
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 138/315
27/4/2016 Aerohive CLI Guide
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from userprofile <string> to network <ip_addr> <mask> [ service
<string> ] [ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
userprofile Apply the rule if the HiveAP assigns a user profile to the traffic
<string> Enter the user profile name (132 chars)
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
<mask> Enter a netmask
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from userprofile <string> to wildcard <ip_addr> <mask> [ service
<string> ] [ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
userprofile Apply the rule if the HiveAP assigns a user profile to the traffic
<string> Enter the user profile name (132 chars)
to Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
<ip_addr> Enter an IP address
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the
<mask> 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all
addresses matching only the first and fourth octets.)
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 139/315
27/4/2016 Aerohive CLI Guide
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from wildcard <ip_addr> <mask> [ to {any|vpn} ] [ service <string> ] [
action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the
<mask> 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all
addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
any Apply the rule regardless of the traffic destination
vpn Apply the rule if the traffic destination is a VPN tunnel
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from wildcard <ip_addr> <mask> to hostname <string> [ service <string>
] [ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the
<mask> 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all
addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
Set the domain name of a specific host as the traffic destination (Note: Wildcard domain
hostname
names are not supported.)
<string> Enter a host or domain name (132 chars)
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 140/315
27/4/2016 Aerohive CLI Guide
Log all matching packets that are dropped or the first packet in a permitted session
on
(Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from wildcard <ip_addr> <mask> to iprange <ip_addr> <ip_addr> [
service <string> ] [ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the
<mask> 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all
addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter the first IP address in the range
<ip_addr> Enter the last IP address in the range
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from wildcard <ip_addr> <mask> to network <ip_addr> <mask> [ service
<string> ] [ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the
<mask> 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all
addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
network Set a network as the traffic destination
<ip_addr> Enter an IP address
<mask> Enter a netmask
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 141/315
27/4/2016 Aerohive CLI Guide
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
networkfirewall name <string> from wildcard <ip_addr> <mask> to wildcard <ip_addr> <mask> [ service
<string> ] [ action {permit|deny} ] logging {on|off}
networkfirewall Set a Layer 3 firewall policy (Max: 1024 rules per Aerohive device)
name Assign a name to a Layer 3 firewall policy rule
<string> Enter the rule name (132 chars)
from Apply the rule based on the traffic source (Default: any)
wildcard Set the source address using an IP address and wildcard mask
<ip_addr> Enter an IP address
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the
<mask> 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all
addresses matching only the first and fourth octets.)
to Apply the rule based on the traffic destination (Default: any)
wildcard Set the destination address using an IP address and wildcard mask
<ip_addr> Enter an IP address
Enter an IP wildcard mask in which 0 masks the octet where it appears (For example, the
<mask> 0s in 255.0.0.255 mask the second and third octets, applying the firewall policy to all
addresses matching only the first and fourth octets.)
Apply the rule if the traffic uses a specific service (Default: any, which applies the
service
rule regardless of the service type)
<string> Enter the service name (132 chars)
Set the action the HiveAP takes when traffic matches the specified source, destination,
action
and service (Default: deny)
permit Permit traffic to cross the firewall
deny Do not allow traffic to cross the firewall
logging Set logging options for packets and sessions that match the firewall rule
Log all matching packets that are dropped or the first packet in a permitted session
on (Note: A session is defined by the 5part tuple: source and destination IP address,
source and destination port number, and protocol)
off Do not log packets
ntp enable
ntp Set NTP (Network Time Protocol) parameters
enable Enable the local AP to act as an NTP client
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 142/315
27/4/2016 Aerohive CLI Guide
subnet, tunneling is automatic.)
osdetection enable
osdetection Set the OS (Operating System) detection parameters
enable Enable OS detection to learn client station operating systems (Default: Enabled)
ping <ip_addr> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
ping Perform a ping
<ip_addr> Enter the destination IP address
count Stop pinging after sending the specified number of ICMP echo requests
Enter a number after sending the number of ICMP echo requests the pinging stop (Default:
<number>
5, Range: 165535)
size Set the size of the ICMP packets
<number> Enter the packet size in bytes (Default: 56, Range: 11024)
ttl Set the TTL (time to live)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 143/315
27/4/2016 Aerohive CLI Guide
<number> Enter the TTL (Range: 1255)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 10; Range: 160)
ping <string> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
ping Perform a ping
<string> Enter the destination domain name (132 chars)
count Set the number of ICMP echo requests to send
<number> Enter the number of ICMP echo requests (Default: 5, Range: 165535)
size Set the size of the ICMP packets
<number> Enter the packet size in bytes (Default: 56, Range: 11024)
ttl Set the TTL (time to live)
<number> Enter the TTL (Range: 1255)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 10; Range: 160)
ping6 <ipv6_addr> [ interface <string> ] [ count <number> ] [ size <number> ] [ ttl <number> ] [
timeout <number> ]
ping6 Perform a ping
<ipv6_addr> Enter the destination IPv6 address
The egress interface name, to be converted to IPv6 scope ID if pinging a linklocal
interface
address
<string> Enter the interface name (132 chars)
count Stop pinging after sending the specified number of ICMP echo requests
Enter a number after sending the number of ICMP echo requests the pinging stop (Default:
<number>
5, Range: 165535)
size Set the size of the ICMP packets
<number> Enter the packet size in bytes (Default: 56, Range: 11024)
ttl Set the TTL (time to live)
<number> Enter the TTL (Range: 1255)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 10; Range: 160)
ping6 <string> [ interface <string> ] [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout
<number> ]
ping6 Perform a ping
<string> Enter the destination domain name (132 chars)
The egress interface name, to be converted to IPv6 scope ID if pinging a linklocal
interface
address
<string> Enter the interface name (132 chars)
count Stop pinging after sending the specified number of ICMP echo requests
Enter a number after sending the number of ICMP echo requests the pinging stop (Default:
<number>
5, Range: 165535)
size Set the size of the ICMP packets
<number> Enter the packet size in bytes (Default: 56, Range: 11024)
ttl Set the TTL (time to live)
<number> Enter the TTL (Range: 1255)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 10; Range: 160)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 144/315
27/4/2016 Aerohive CLI Guide
probe portal [ size <number> ] [ srcmac <mac_addr> ] [ waittime <number> ] [ ttl <number> ] [ count
<number> ]
probe Set the probe parameters
portal Set the target of the probe as the MAC address of the HiveAP acting as portal
size Set the probe request packet size (default: 512 bytes)
<number> Enter a packet size (range: 2561400 bytes)
srcmac Set the Source MAC address
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
waittime Set the timeout value (default: 1 second)
<number> Enter an timeout value (range: 130 seconds)
ttl Set the TTL value (default 32)
<number> Enter an TTL value (range: 1255)
count Set probe request count (default: 5)
<number> Enter the probe request count (range: 164)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 145/315
27/4/2016 Aerohive CLI Guide
qos classifiermap 8021p <number> <number>
qos Set QoS (Quality of Service) parameters
classifiermap Map QoS priority markers on incoming packets to Aerohive QoS classes
8021p Map IEEE 802.1p priority markers on incoming packets to Aerohive QoS classes
<number> Enter IEEE 802.1p Priority (Range: 07)
<number> Enter Aerohive QoS class (Range: 07)
qos classifiermap oui <oui> [ qos <number> ] [ action {permit|deny|log} ] [ comment <string> ]
qos Set QoS (Quality of Service) parameters
classifiermap Map QoS priority markers on incoming packets to Aerohive QoS classes
oui Set a MAC OUI (Organizational Unique Identifier) classification table
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples:
<oui>
Apple iPhone=00:1b:63; DLink Phone=00179a; Vocera=00.09.ef.)
qos Set an Aerohive QoS class to the MAC
<number> Enter Aerohive QoS class (Range: 07)
action Set an action to the MAC OUI
permit permit the packet
deny deny the packet
log log the packet
comment Add a comment to the MAC OUI
<string> Enter a comment (Maximum:32 chars) to the MAC
qos enable
qos Set QoS (Quality of Service) parameters
enable Enable QoS (Quality of Service)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 147/315
27/4/2016 Aerohive CLI Guide
maxuploadbw Set the maximum upload bandwidth in Kbps
<number> The maximum upload bandwidth in Kbps (Default: 100 Kbps; Range: 0~20000 Kbps)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 148/315
27/4/2016 Aerohive CLI Guide
markerprofile Set a QoS marker profile
<string> Enter the marker profile name (132 chars)
8021p Use 802.1p priority markers in Layer 2 frame headers as the marking method
80211e Use 802.11e priority markers in wireless frame headers as the marking method
diffserv Use DiffServ DSCP values in Layer 3 packet headers as the marking method
qos policy <string> [ userprofile <number> <number> ] [ user <number> ] [ qos <number> {strict|wrr}
<number> <number> ]
qos Set QoS (Quality of Service) parameters
policy Set a QoS policy to control traffic forwarding
<string> Enter the policy name (132 chars)
userprofile Set QoS policy parameters at the user profile level
<number> Enter the user profile rate limit in kbps (Range: 02000000)
<number> Enter the scheduling weight for the user profile (Range: 01000)
user Set QoS parameters at the user level
<number> Enter the user rate limit in kbps (Range: 02000000)
qos Set QoS parameters at the Aerohive QoS class level
<number> Enter the Aerohive QoS class (Range: 07)
strict Set the scheduling mode as strict to forward traffic without queuing it
Set the scheduling mode as WRR (weighted round robin) to queue traffic and use rate
wrr
limits and weights to prioritize forwarding
<number> Enter the class rate limit in kbps (Range: 02000000)
Enter the scheduling weight (Range: 01000; Note: If the scheduling mode is strict, its
<number>
weight must be zero.)
quit
quit Quit CLI (Command Line Interface)
radio profile <string> acsp access channelautoselect timerange <time> <time> [ station <number> ]
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (132 chars)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
access Set access point interface parameters
channelautoselect Set conditions for automatically selecting radio channels
Set the time range when a new radio channel can be selected (Note: During this time, the
timerange radio reevaluates the channel in use. It might switch to a different channel or
continue using the same channel.)
<time> Enter the start time (Format: hh:mm; Hour Range: 0023; Minute Range: 0059)
<time> Enter the end time (Format: hh:mm; Hour Range: 0023; Minute Range: 0059)
Set the maximum number of stations that can be connected to the HiveAP when selecting a
station
channel (If more are connected during the time range, no channel selection occurs.)
<number> Enter the station maximum (Range: 0100; Default: 0)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 149/315
27/4/2016 Aerohive CLI Guide
<string> Enter a radio profile name (132 chars)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
allchannelsmodel Set all channels from which the radio can select the optimal channel
enable Enable all channels selection
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 150/315
27/4/2016 Aerohive CLI Guide
<string> Enter a radio profile name (132 chars)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
Set parameters for the collection of RF interferencerelated data and switch channels if
interferenceswitch
the threshold is reached
Enable the radio to switch channels if the RF interference threshold is reached (Default
enable
setting: nostationenable)
Enable the radio to switch channels only if the RF interference threshold is reached and
nostationenable
no stations are connected (Default setting: nostationenable)
Disable the radio from switching channels because of RF interferencerelated data
disable
(Default setting: nostationenable)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 151/315
27/4/2016 Aerohive CLI Guide
Set the minimum ratio of 5 GHz clients to 2.4 GHz clients, expressed as a percentage
threshold
(Example: Four 5GHz stations to five total stations is 80%.)
Enter the threshold to begin balancing band usage as a percentage (Range: 0100;
<number>
Default: 80)
radio profile <string> benchmark phymode 11a rate {6|9|12|18|24|36|48|54} success <number> usage
<number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 152/315
27/4/2016 Aerohive CLI Guide
benchmark Set benchmark parameters for gauging the health of client connectivity
phymode Set the physical mode for which you want to measure client connectivity
11a Set benchmark parameters for 11a mode
Set the transmission rate that you expect clients with healthy connectivity to use
rate
(Note: You can set up to 3 rates for the same phymode)
6 Enter the transmission rate
9 Enter the transmission rate
12 Enter the transmission rate
18 Enter the transmission rate
24 Enter the transmission rate
36 Enter the transmission rate
48 Enter the transmission rate
54 Enter the transmission rate
Set the percent of packets that you expect clients with healthy connectivity to transmit
success
successfully
<number> Enter the percent for successfully transmitted packets (Range: 1100)
Set the percent of time that you expect clients with healthy connectivity to transmit at
usage
the defined rate
<number> Enter the percent of time that clients transmit at the defined rate (Range: 1100)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 153/315
27/4/2016 Aerohive CLI Guide
mcs3/2 Enter the transmission rate
mcs4/2 Enter the transmission rate
mcs5/2 Enter the transmission rate
mcs6/2 Enter the transmission rate
mcs7/2 Enter the transmission rate
mcs8/2 Enter the transmission rate
mcs9/2 Enter the transmission rate
mcs0/3 Enter the transmission rate
mcs1/3 Enter the transmission rate
mcs2/3 Enter the transmission rate
mcs3/3 Enter the transmission rate
mcs4/3 Enter the transmission rate
mcs5/3 Enter the transmission rate
mcs6/3 Enter the transmission rate
mcs7/3 Enter the transmission rate
mcs8/3 Enter the transmission rate
mcs9/3 Enter the transmission rate
success Set the percent of packets that you expect clients with healthy conne
<number> Enter the percent for successfully transmitted packets (Range: 1100)
usage Set the percent of time that you expect clients with healthy connecti
<number> Enter the percent of time that clients transmit at the defined rate (
radio profile <string> benchmark phymode 11b rate {1|2|5.5|11} success <number> usage <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (132 chars)
benchmark Set benchmark parameters for gauging the health of client connectivity
phymode Set the physical mode for which you want to measure client connectivity
11b Set benchmark parameters for 11b mode
Set the transmission rate that you expect clients with healthy connectivity to use
rate
(Note: You can set up to 3 rates for the same phymode)
1 Enter the transmission rate
2 Enter the transmission rate
5.5 Enter the transmission rate
11 Enter the transmission rate
Set the percent of packets that you expect clients with healthy connectivity to transmit
success
successfully
<number> Enter the percent for successfully transmitted packets (Range: 1100)
Set the percent of time that you expect clients with healthy connectivity to transmit at
usage
the defined rate
<number> Enter the percent of time that clients transmit at the defined rate (Range: 1100)
radio profile <string> benchmark phymode 11g rate {1|2|5.5|11|6|9|12|18|24|36|48|54} success <number>
usage <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (132 chars)
benchmark Set benchmark parameters for gauging the health of client connectivity
phymode Set the physical mode for which you want to measure client connectivity
11g Set benchmark parameters for 11g mode
Set the transmission rate that you expect clients with healthy connectivity to use
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 154/315
27/4/2016 Aerohive CLI Guide
rate (Note: You can set up to 3 rates for the same phymode)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 155/315
27/4/2016 Aerohive CLI Guide
mcs12 Enter the transmission rate
mcs13 Enter the transmission rate
mcs14 Enter the transmission rate
mcs15 Enter the transmission rate
mcs16 Enter the transmission rate
mcs17 Enter the transmission rate
mcs18 Enter the transmission rate
mcs19 Enter the transmission rate
mcs20 Enter the transmission rate
mcs21 Enter the transmission rate
mcs22 Enter the transmission rate
mcs23 Enter the transmission rate
mcs0/1 Enter the transmission rate
mcs1/1 Enter the transmission rate
mcs2/1 Enter the transmission rate
mcs3/1 Enter the transmission rate
mcs4/1 Enter the transmission rate
mcs5/1 Enter the transmission rate
mcs6/1 Enter the transmission rate
mcs7/1 Enter the transmission rate
mcs0/2 Enter the transmission rate
mcs1/2 Enter the transmission rate
mcs2/2 Enter the transmission rate
mcs3/2 Enter the transmission rate
mcs4/2 Enter the transmission rate
mcs5/2 Enter the transmission rate
mcs6/2 Enter the transmission rate
mcs7/2 Enter the transmission rate
mcs0/3 Enter the transmission rate
mcs1/3 Enter the transmission rate
mcs2/3 Enter the transmission rate
mcs3/3 Enter the transmission rate
mcs4/3 Enter the transmission rate
mcs5/3 Enter the transmission rate
mcs6/3 Enter the transmission rate
mcs7/3 Enter the transmission rate
success Set the percent of packets that you expect client
<number> Enter the percent for successfully transmitted pa
usage Set the percent of time that you expect clients w
<number> Enter the percent of time that clients transmit a
40 Enter the channel width and extensive channel offset (Default: 20 Mhz)
40above Enter the channel width and extensive channel offset (Default: 20 Mhz)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 156/315
27/4/2016 Aerohive CLI Guide
40below Enter the channel width and extensive channel offset (Default: 20 Mhz)
80 Enter the channel width and extensive channel offset (Default: 20 Mhz)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 157/315
27/4/2016 Aerohive CLI Guide
radio profile <string> clientloadbalance neighborloadqueryinterval <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (132 chars)
Enable the HiveAP to engage in client load balancing with neighboring hive members and
clientloadbalance
set client load balancing parameters
neighborloadquery
Set the time interval to query neighboring HiveAPs for load information
interval
<number> Enter the load query time interval in seconds (Range: 1600; Default: 60)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 158/315
27/4/2016 Aerohive CLI Guide
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (132 chars)
Enable frame bursting, which allows the device to send a series of frames in succession
frameburst
without having to give up contorl of the medium(Default: Disabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 159/315
27/4/2016 Aerohive CLI Guide
Set an RF interference threshold based on the rate of CRC (cyclic redundancy check)
crcerrthreshold errors (Note: If the rate of CRC errors exceeds this threshold, the HiveAP alerts
HiveManager to switch from its regular polling interval to a shorter one)
<number> Enter the threshold as a percent (Default: 20; Range: 1560)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 160/315
27/4/2016 Aerohive CLI Guide
radio profile <string> presence aggrinterval <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (132 chars)
presence Set precense parameters for the radio profile
aggrinterval Set the precense aggr interval of the radio profile
Enter a interval number to which the aggregation will be done (Default: 120 sec;Range:
<number>
15 600)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 161/315
27/4/2016 Aerohive CLI Guide
radio profile <string> safetynet enable
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (132 chars)
Enable the HiveAP, when it is in an overloaded state or if the client's SNR is low, to
safetynet
respond to a client making association requests after the timeout period elapses
enable Enable safety net checking (Default: Enabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 162/315
27/4/2016 Aerohive CLI Guide
radio profile <string> scan access voice
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (132 chars)
scan Enable scanning to detect neighboring APs
access Enable scanning for interfaces in access mode (Default: Enabled)
voice Allow scanning to occur while processing voice traffic (Default: Disallowed)
Use explicit transmit beamforming, in which the transmitter uses a steering matrix
explicitonly
calculated by the receiver as a basis for calculating its own steering matrix
Allow the transmitter to choose whether it uses implicit or explicit beamforming rules
auto to calculate its steering matrix based on whether it receives explicit feedback from the
receiver(default)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 164/315
27/4/2016 Aerohive CLI Guide
auto Set the radio to determine its transmission rate automatically (Default: auto; Range: 154 Mbps
1Mbps Set the transmit rate as 1Mbps (Only for 802.11bg and 802.11ng)
2Mbps Set the transmit rate as 2Mbps (Only for 802.11bg and 802.11ng)
5.5Mbps Set the transmit rate as 5.5Mbps (Only for 802.11bg and 802.11ng)
6Mbps Set the transmit rate as 6Mbps
9Mbps Set the transmit rate as 9Mbps
11Mbps Set the transmit rate as 11Mbps (Only for 802.11bg and 802.11ng)
12Mbps Set the transmit rate as 12Mbps
18Mbps Set the transmit rate as 18Mbps
24Mbps Set the transmit rate as 24Mbps
36Mbps Set the transmit rate as 36Mbps
48Mbps Set the transmit rate as 48Mbps
54Mbps Set the transmit rate as 54Mbps
MCS0 Set the transmit rate as MCS0
MCS1 Set the transmit rate as MCS1
MCS2 Set the transmit rate as MCS2
MCS3 Set the transmit rate as MCS3
MCS4 Set the transmit rate as MCS4
MCS5 Set the transmit rate as MCS5
MCS6 Set the transmit rate as MCS6
MCS7 Set the transmit rate as MCS7
MCS8 Set the transmit rate as MCS8
MCS9 Set the transmit rate as MCS9
MCS10 Set the transmit rate as MCS10
MCS11 Set the transmit rate as MCS11
MCS12 Set the transmit rate as MCS12
MCS13 Set the transmit rate as MCS13
MCS14 Set the transmit rate as MCS14
MCS15 Set the transmit rate as MCS15
MCS16 Set the transmit rate as MCS16 (Only for the HiveAP 330, 350, 370 and 390)
MCS17 Set the transmit rate as MCS17 (Only for the HiveAP 330, 350, 370 and 390)
MCS18 Set the transmit rate as MCS18 (Only for the HiveAP 330, 350, 370 and 390)
MCS19 Set the transmit rate as MCS19 (Only for the HiveAP 330, 350, 370 and 390)
MCS20 Set the transmit rate as MCS20 (Only for the HiveAP 330, 350, 370 and 390)
MCS21 Set the transmit rate as MCS21 (Only for the HiveAP 330, 350, 370 and 390)
MCS22 Set the transmit rate as MCS22 (Only for the HiveAP 330, 350, 370 and 390)
MCS23 Set the transmit rate as MCS23 (Only for the HiveAP 330, 350, 370 and 390)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 166/315
27/4/2016 Aerohive CLI Guide
voice Set voice access category parameters
cwmin Set minimal contention window parameters
<number> Set contention window minimal value (Range: 115)
reboot
reboot Reboot the system
reboot {backup|current}
reboot Reboot the system
Load the backup HiveOS image when rebooting (Default image to load when rebooting after
saving a new image: backup; Default image to load when rebooting at all other times:
backup
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 167/315
27/4/2016 Aerohive CLI Guide
current)
current Load the currently running HiveOS image when rebooting
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 168/315
27/4/2016 Aerohive CLI Guide
report statistic enable
report Set the parameters for gathering traffic statistics and reporting them to HiveManager
statistic Set the periodic reporting of interfacelevel and clientlevel traffic statistics
enable Enable the creation of traffic statistics reports
resetbutton resetconfigenable
resetbutton Enable the reset button on the AP chassis to reset the AP config
Enable the reset button to reset the AP to its factory default settings or, if set, to a
resetconfigenable
bootstrap config (Default: enabled)
Enable the broadcasting of roaming cache data to hive neighbors over wireless access
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 169/315
27/4/2016 Aerohive CLI Guide
enable links (Default: Enabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 170/315
27/4/2016 Aerohive CLI Guide
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
outgoinginterface Set outgoing interface
<string> Enter interface name
nexthop Set the MAC address of the next hop in the L2 forwarding route
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 171/315
27/4/2016 Aerohive CLI Guide
any Apply the policy regardless of the traffic source
to Apply the policy based on the traffic destination prefix
network Set a network as the traffic destination
<ip_addr/netmask> Enter an destination IP address
routing matchmap <string> from {iprange} <ip_addr> <ip_addr> to {iprange} <ip_addr> <ip_addr>
routing Set routing parameters
matchmap Set matchmap parameters for a routing policy
<string> Enter match map name (132 chars)
from Apply the policy based on the traffic source prefix
iprange Set a range of IP addresses as the traffic source
<ip_addr> Entry start source IP address
<ip_addr> Entry end source IP address
to Apply the policy based on the traffic destination prefix
iprange Set a range of IP addresses as the traffic destination
<ip_addr> Enter a start IP address
<ip_addr> Enter an end IP address
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 172/315
27/4/2016 Aerohive CLI Guide
<ip_addr> Entry start source IP address
<ip_addr> Entry end source IP address
to Apply the policy based on the traffic destination prefix
network Set a network as the traffic destination
<ip_addr/netmask> Enter an destination IP address
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 173/315
27/4/2016 Aerohive CLI Guide
network Set a network as the traffic destination
<ip_addr/netmask> Enter an destination IP address
userprofile Apply the policy if the HiveAP assigns a user profile to the traffic
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 174/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 175/315
27/4/2016 Aerohive CLI Guide
routing Set routing parameters
routemap Set routemap parameters for a routing policy
<string> Enter route map name (132 chars)
via Specify the nexthop of traffic
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<usbnetx> Enter the name of the wireless USB modem interface, where x = 0
<wifix> Enter the name of a WiFi radio interface, where x = 0 or 1
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 176/315
27/4/2016 Aerohive CLI Guide
save config <location> current <time> [ <date> ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
Save a configuration from the HiveAP to a remote server, from a remote server to the
config
HiveAP, or from DRAM to flash as the current or bootstrap config
Enter the protocol, SCP user name, location, path, file name, and SCP port number
<location> (Range: 1256 chars; Default SCP port number: 22; Format: tftp://location:path/filename,
scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyymmdd)
save config <url> bootstrap [ admin <string> password <string> {basic|digest} ] [ proxy <string> [
proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
Save a configuration from the HiveAP to a remote server, from a remote server to the
config
HiveAP, or from DRAM to flash as the current or bootstrap config
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
Save the config file for the HiveAP to use as its bootstrap configuration, which is the
bootstrap one it loads if it fails to load the current and backup config files or if you enter the
'reset config' command
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 177/315
27/4/2016 Aerohive CLI Guide
ip_addr:port)
proxyadmin Set the name of the proxy administrator
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (164 chars)
save config <url> current <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [
proxy <string> [ proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
Save a configuration from the HiveAP to a remote server, from a remote server to the
config
HiveAP, or from DRAM to flash as the current or bootstrap config
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
Save the config file for the HiveAP to use as its current configuration, which is the
current
one it loads when booting u
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyymmdd)
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
ip_addr:port)
proxyadmin Set the name of the proxy administrator
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (164 chars)
save config <url> current [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy
<string> [ proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
Save a configuration from the HiveAP to a remote server, from a remote server to the
config
HiveAP, or from DRAM to flash as the current or bootstrap config
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
Save the config file for the HiveAP to use as its current configuration, which is the
current
one it loads when booting u
now Save the configuration and reboot the system immediately
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 178/315
27/4/2016 Aerohive CLI Guide
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string>
server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
ip_addr:port)
proxyadmin Set the name of the proxy administrator
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (164 chars)
save config <url> current offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy
<string> [ proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
Save a configuration from the HiveAP to a remote server, from a remote server to the
config
HiveAP, or from DRAM to flash as the current or bootstrap config
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
Save the config file for the HiveAP to use as its current configuration, which is the
current
one it loads when booting u
offset Set a relative time for the system to reboot
Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you
<time>
enter the command; Format: hh:mm:ss)
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
ip_addr:port)
proxyadmin Set the name of the proxy administrator
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (164 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 179/315
27/4/2016 Aerohive CLI Guide
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
Save a configuration from the HiveAP to a remote server, from a remote server to the
config
HiveAP, or from DRAM to flash as the current or bootstrap config
current Save the current configuration to a remote server or to the bootstrap config
Enter the protocol, SCP user name, location, path, file name, and SCP port number
<location> (Range: 1256 chars; Default SCP port number: 22; Format: tftp://location:path/filename,
scp://username@location:path/filename or scp://username@location:port:path/filename)
save config {current|bootstrap} <url> [ admin <string> password <string> {basic|digest} ] [ proxy
<string> [ proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
Save a configuration from the HiveAP to a remote server, from a remote server to the
config
HiveAP, or from DRAM to flash as the current or bootstrap config
current Save the current configuration to a remote server or to the bootstrap config
bootstrap Save the bootstrap configuration to a remote server
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest username, password, and other values to the authorization header in HTTP requests
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 180/315
27/4/2016 Aerohive CLI Guide
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (164 chars)
save dhcpfingerprint {option55} <url> [ admin <string> password <string> {basic|digest} ] [ proxy
<string> [ proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
dhcpfingerprint Save a fingerprint file of DHCP options for client OS detection
Save a fingerprint file of various parameter request lists mapped to client operating
systems (Note: DHCP clients include unique lists in DHCP option 55 when sending
option55
DHCPDISCOVER messages. By comparing those lists with the fingerprints in the file,
client operating systems can be detected.)
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
ip_addr:port)
proxyadmin Set the name of the proxy administrator
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (164 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 181/315
27/4/2016 Aerohive CLI Guide
save image <location> [ {now} ] [ limit <number> ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
Enter the protocol, SCP user name, location, path, file name, and SCP port number
<location> (Range: 1256 chars; Default SCP port number: 22; Format: tftp://location:path/filename,
scp://username@location:path/filename or scp://username@location:port:path/filename)
now Save the image and reboot the system immediately
limit Limit the amount of bandwidth used for uploading the image file
Enter the bandwidth limit in Kbps (Range:101000000; Default: Maximum available
<number>
bandwidth)
save image <url> <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy
<string> [ proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyymmdd)
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
ip_addr:port)
proxyadmin Set the name of the proxy administrator
<string> Enter the proxy administrator name (132 chars)
save image <url> [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [
proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 182/315
27/4/2016 Aerohive CLI Guide
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
now Save the image and reboot the system immediately
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
ip_addr:port)
proxyadmin Set the name of the proxy administrator
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (164 chars)
save image <url> offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [
proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
image Save a HiveOS image to the HiveAP
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
offset Set a relative time for the system to reboot
Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you
<time>
enter the command; Format: hh:mm:ss)
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
ip_addr:port)
proxyadmin Set the name of the proxy administrator
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (164 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 183/315
27/4/2016 Aerohive CLI Guide
cert Save an endentity certificate for the Aerohive device to use when authenticating itself
to a RadSec peer
Save a CA (certificate authority) certificate for the Aerohive device to verify the
ca
certificate of its RadSec peer
Enter the protocol, SCP user name, location, path, file name, and SCP port number
<location> (Range: 1256 chars; Default SCP port number: 22; Format: tftp://location:path/filename,
scp://username@location:path/filename or scp://username@location:port:path/filename)
save radiusserverkey radsec {cert|ca} <url> [ admin <string> password <string> {basic|digest} ] [
proxy <string> [ proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
radiusserverkey Save certificate files for the local Aerohive RADIUS server to use
Save certificates that the local Aerohive device uses when functioning as a RadSec proxy
radsec server (Note: A RadSec proxy server can forward RADIUS requests over a secure TLS tunnel
between RadSec peers.)
Save an endentity certificate for the Aerohive device to use when authenticating itself
cert
to a RadSec peer
Save a CA (certificate authority) certificate for the Aerohive device to verify the
ca
certificate of its RadSec peer
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name that the local device uses to log in to the HTTP server
<string> Enter the login name (132 chars)
password Set the password to enter during the login process
<string> Enter the password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for connecting to an HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domain_name, ip_addr, domain_name:port, or
ip_addr:port)
proxyadmin Set the name that the local device uses to log in to the HTTP proxy server
<string> Enter the login name (132 chars)
password Set the password to enter during the login process
<string> Enter the password (164 chars)
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 184/315
27/4/2016 Aerohive CLI Guide
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
ip_addr:port)
proxyadmin Set the name of the proxy administrator
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (164 chars)
save serverfiles
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
Save certificate and private key files used by the internal web and RADIUS servers and
serverfiles VPN from DRAM to flash memory for persistent storage after reboots (Note: For security
reasons, these files are saved only in DRAM by default.)
save signaturefile <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [
proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
signaturefile Remote image used for L7 application
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest username, password, and other values to the authorization header in HTTP requests
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 185/315
27/4/2016 Aerohive CLI Guide
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (164 chars)
save supplicant certfile <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [
proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
supplicant Save files for wpa supplicant
certfile Save certificate files for the wpa supplicant
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
ip_addr:port)
proxyadmin Set the name of the proxy administrator
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (164 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 186/315
27/4/2016 Aerohive CLI Guide
save users <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxyadmin
<string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
users Save private PSK (preshared key) configurations
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
ip_addr:port)
proxyadmin Set the name of the proxy administrator
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (164 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 187/315
27/4/2016 Aerohive CLI Guide
RADIUS servers, or packet capture tool
vpn Save a VPN certificate or private key file
Save an endentity certificate for the HiveAP to use when authenticating itself to an
eecert
IKE peer
privatekey Save the private key for the HiveAP to use when creating its RSA signature
Save a CA (certificate authority) certificate for the HiveAP to verify its IKE peer's
cacert
certificate
Enter the protocol, SCP user name, location, path, file name, and SCP port number
<location> (Range: 1256 chars; Default SCP port number: 22; Format: tftp://location:path/filename,
scp://username@location:path/filename or scp://username@location:port:path/filename)
save webpage [ ppskselfreg ] webdirectory <string> <url> [ admin <string> password <string>
{basic|digest} ] [ proxy <string> [ proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
webpage Save a file for use with the internal web server
Save a file to the private PSK selfregistration web directory (Note: The HiveAP, as a
ppskselfreg
private PSK server, uses these files to respond to selfregistration requests.)
webdirectory Save a file to a specific web directory
<string> Enter the web directory name
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
ip_addr:port)
proxyadmin Set the name of the proxy administrator
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 188/315
27/4/2016 Aerohive CLI Guide
Enter the protocol, SCP user name, location, path, file name, and SCP port number
<location>
(Range: 1256 chars; Default SCP port number: 22; Format: tftp://location:path/filename,
scp://username@location:path/filename or scp://username@location:port:path/filename)
comment Enter a comment
<string> Enter a comment (max 64 chars)
save webserverkey <number> <url> [ comment <string> ] [ admin <string> password <string>
{basic|digest} ] [ proxy <string> [ proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
webserverkey Save certificate files for the internal web server to use
<number> Enter key file index for the internal web server (Range : 015)
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
comment Set a comment about the certificate file
<string> Enter the comment (164 chars)
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
ip_addr:port)
proxyadmin Set the name of the proxy administrator
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (164 chars)
save {capture} local <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy
<string> [ proxyadmin <string> password <string> ] ]
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web,
save
RADIUS servers, or packet capture tool
capture Save a packet capture file stored locally to a remote server
local Save a locally stored packet capture file to a remote server
<string> Enter the file name to upload to a remote server
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 189/315
27/4/2016 Aerohive CLI Guide
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
ip_addr:port)
proxyadmin Set the name of the proxy administrator
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (164 chars)
schedule <string> once <date> <time> to <date> <time> [ timezone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (132 chars)
once Set a onetime schedule
Enter a start date for the schedule (Format: yyyymmdd; Range: 19700101 to 203512
<date>
31)
Enter a start time for the schedule (Format: hh:mm; Hour Range: 0023; Minute Range: 00
<time>
59)
to Set a date and time range
<date> Enter an end date for the schedule (Format: yyyymmdd; Range: 19700101 to 20351231)
Enter an end time for the schedule (Format: hh:mm; Hour Range: 0023; Minute Range: 00
<time>
59)
Set the time zone for the schedule (Note: If you do not specify a time zone, the time
timezone
zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: 12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
schedule <string> ppsk once <date> <time> to <date> <time> [ timezone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (132 chars)
Set a schedule to determine the validity period for the private PSK users to which the
ppsk
schedule is applied
once Set a onetime schedule
Enter a start date for the schedule (Format: yyyymmdd; Range: 19700101 to 203512
<date>
31)
Enter a start time for the schedule (Format: hh:mm; Hour Range: 0023; Minute Range: 00
<time>
59)
to Set a date and time range
<date> Enter an end date for the schedule (Format: yyyymmdd; Range: 19700101 to 20351231)
Enter an end time for the schedule (Format: hh:mm; Hour Range: 0023; Minute Range: 00
<time>
59)
Set the time zone for the schedule (Note: If you do not specify a time zone, the time
timezone
zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: 12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
schedule <string> ppsk recurrent [ daterange <date> [ to <date> ] ] [ weekday <string> ] timerange
<time> to <time> [ timerange <time> to <time> ] [ timezone <number> ] [ comment <string> ]
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 190/315
27/4/2016 Aerohive CLI Guide
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (132 chars)
Set a schedule to determine the validity period for the private PSK users to which the
ppsk
schedule is applied
recurrent Set a recurrent schedule
Set dates to mark the start and end of the schedule (If you do not want to set start and
daterange
end dates, do not use this option.)
Enter a start date for the schedule (Format: yyyymmdd; Range: 19700101 to 203512
<date>
31)
to Set a date range (If you do not want to set an end date, do not use this option.)
<date> Enter a end date for the schedule (Format: yyyymmdd; Range: 19700101 to 20351231)
weekday Set the weekdays during which private PSK users are valid
Enter one or more numbers to indicate which days the schedule is applied (1=Sunday,
<string> 2=Monday, ... 7=Saturday; Examples: 246=Monday, Wednesday, Friday; 23456=MondayFriday;
1234567=everyday)
timerange Set a time range during which the schedule will be applied on each scheduled day
Enter a start time for the schedule (Format: hh:mm; Hour Range: 0023; Minute Range: 00
<time>
59)
to Set a time range
Enter a end time for the schedule,(Format: hh:mm; Hour Range: 0023; Minute Range: 00
<time>
59)
timerange Set a second time range for the schedule
Enter a second start time for the schedule (Format: hh:mm; Hour Range: 0023; Minute
<time>
Range: 0059)
to Set a time range
Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 0023; Minute
<time>
Range: 0059)
Set the time zone for the schedule (Note: If you do not specify a time zone, the time
timezone
zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: 12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
Thursday Apply the schedule on every Thursday within the date range
Friday Apply the schedule on every Friday within the date range
Saturday Apply the schedule on every Saturday within the date range
Sunday Apply the schedule on every Sunday within the date range
Set a range of weekdays during which the schedule will be applied (Example: monday to
to
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 191/315
27/4/2016 Aerohive CLI Guide
friday)
Monday Apply the schedule on every Monday within the date range
Tuesday Apply the schedule on every Tuesday within the date range
Wednesday Apply the schedule on every Wednesday within the date range
Thursday Apply the schedule on every Thursday within the date range
Friday Apply the schedule on every Friday within the date range
Saturday Apply the schedule on every Saturday within the date range
Sunday Apply the schedule on every Sunday within the date range
timerange Set a time range during which the schedule will be applied on each scheduled day
Enter a start time for the schedule (Format: hh:mm; Hour Range: 0023; Minute Range: 00
<time>
59)
to Set a time range
Enter a end time for the schedule,(Format: hh:mm; Hour Range: 0023; Minute Range: 00
<time>
59)
timerange Set a second time range for the schedule
Enter a second start time for the schedule (Format: hh:mm; Hour Range: 0023; Minute
<time>
Range: 0059)
to Set a time range
Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 0023; Minute
<time>
Range: 0059)
Set the time zone for the schedule (Note: If you do not specify a time zone, the time
timezone
zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: 12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 192/315
27/4/2016 Aerohive CLI Guide
Apple iPhone=00:1b:63; DLink Phone=00179a; Vocera=00.09.ef.)
permit Set the action of the specified OUI to permit
deny Set the action of the specified OUI to deny
comment Enter a comment
<string> Enter a comment (max 64 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 193/315
27/4/2016 Aerohive CLI Guide
appolicy Set an AP policy for the IDP profile
apoui Categorize neighboring APs as compliant by OUI (organizationally unique identifier)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 194/315
27/4/2016 Aerohive CLI Guide
security Set the security parameters
wlanidp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (132 chars)
appolicy Set an AP policy for the IDP profile
ssid Categorize neighboring APs as compliant by SSID (service set identifier)
entry Add an SSID entry
<string> Enter an SSID name
encryption Set approved encryption types for the SSID
security wlanidp profile <string> appolicy ssid entry <string> encryption {open|wep|wpa}
security Set the security parameters
wlanidp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (132 chars)
appolicy Set an AP policy for the IDP profile
ssid Categorize neighboring APs as compliant by SSID (service set identifier)
entry Add an SSID entry
<string> Enter an SSID name
encryption Set approved encryption types for the SSID
open Categorize a neighboring AP as compliant if its SSID uses open (Default: open)
wep Categorize a neighboring AP as compliant if its SSID uses wep (Default: open)
wpa Categorize a neighboring AP as compliant if its SSID uses wpa (Default: open)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 195/315
27/4/2016 Aerohive CLI Guide
duration Set the overall duration for detecting clients of a rogue AP and performing deauth DoS
attacks against the AP and its clients
Enter the duration in seconds (Default: 14400 secs; Range: 0 or 602592000; 0 secs means
<number>
infinite)
Set the period of time after which the mitigation process stops if no clients are
quiettime
connected to the rogue AP
Enter the quiet time in seconds (Default: 3600 secs; Range: 0 or 602592000; 0 means
<number>
that the quiet time is the same length as the mitigation duration)
securityobject <string>
Set parameters for a security object controlling network access through the SSIDs and
securityobject
Ethernet interfaces to which it is applied
<string> Enter the security object name (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 196/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 197/315
27/4/2016 Aerohive CLI Guide
Specify the .cgi file on the private PSK web server through which the user registers
loginpage
(Default: ppskindex.cgi)
Enter the .cgi file name for the registration page (132 chars; Note: The file name
<string>
cannot be index.cgi.)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 198/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 200/315
27/4/2016 Aerohive CLI Guide
userprofilemapping Map an attribute value returned in RADIUSAccept messages to a user profile attribute
Set an ID for a RADIUS attribute that contains the text that maps to the user profile
attributeid
(Default: 11; Note: Attribute ID 11 corresponds to the FilterID RADIUS attribute.)
<number> Enter the RADIUS attribute ID number (Range: 1255)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 201/315
27/4/2016 Aerohive CLI Guide
policy and apply a time and data usage limit to the client (Default: Disabled)
cloudcwp Set a cloud captive web portal for additional user authentication or registration
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 202/315
27/4/2016 Aerohive CLI Guide
customerid Set customer ID for cloud captive web portal
<string> Enter the customer ID (116 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 203/315
27/4/2016 Aerohive CLI Guide
french Set French as default language
german Set German as the default language
italian Set Italian as the default language
korean Set Korean as the default language
spanish Set Spanish as the default language
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 204/315
27/4/2016 Aerohive CLI Guide
securityobject <string> security additionalauthmethod captivewebportal externalserver {primary}
{successregister|noroamingatlogin|noradiusauth}
Set parameters for a security object controlling network access through the SSIDs and
securityobject
Ethernet interfaces to which it is applied
<string> Enter the security object name (132 chars)
security Set security parameters for the security object
Set an additional authentication method in addition to the one in the security protocol
additionalauthmethod
suite
captivewebportal Set a captive web portal for additional user authentication or registration
externalserver Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
Permit network access without first disconnecting the client after it registers on the
successregister external captive web portal (Default: Permit network access only after an initial client
disconnection)
noroamingatlogin Disable roaming support for clients while they log in (Default: Enabled)
Disable RADIUS authentication when the external captive web portal returns an attribute
noradiusauth
indicating that the user has already been authenticated
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 205/315
27/4/2016 Aerohive CLI Guide
security Set security parameters for the security object
Set an additional authentication method in addition to the one in the security protocol
additionalauthmethod
suite
captivewebportal Set a captive web portal for additional user authentication or registration
internalpages Set options for showing pages stored internally on the HiveAP
Do not display the success page stored on the HiveAP when a registration attempt is
nosuccesspage
successful (Default: Display)
Do not display the failure page stored on the HiveAP when a registration attempt is
nofailurepage
unsuccessful (Default: Display)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 206/315
27/4/2016 Aerohive CLI Guide
redirect <string>
Set parameters for a security object controlling network access through the SSIDs and
securityobject
Ethernet interfaces to which it is applied
<string> Enter the security object name (132 chars)
security Set security parameters for the security object
Set an additional authentication method in addition to the one in the security protocol
additionalauthmethod
suite
captivewebportal Set a captive web portal for additional user authentication or registration
processsipinfo Enable the captive web portal to process library SIP information (Default: Enabled)
Set the page that appears when a library patron logs in but is denied network access
blockredirect
because of overdue fines
Enter the URL for the page to which the patron is redirected to submit payment (Max 256
<string>
chars; Format: http:///.html or https: ///.html)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 207/315
27/4/2016 Aerohive CLI Guide
captivewebportal Set a captive web portal for additional user authentication or registration
selfregviaidm Enable self register via ID Mananger (Default: Disabled)
crlfile Set the URL of the CRL file for validate the ID Manager server certificate
<string> Enter the URL of CRL file (1256 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 208/315
27/4/2016 Aerohive CLI Guide
additionalauthmethod Set an additional authentication method in addition to the one in the security protocol
suite
captivewebportal Set a captive web portal for additional user authentication or registration
successredirect Set options for displaying the page shown to a user after a successful registration
originalpage Display the original page that the user requested
Set the length of time to display a message that the registration succeeded before
delay
redirecting the user to an external web page
Enter the length of time that the HiveAP displays the message (Default: 5 seconds;
<number>
Range: 560 seconds)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 209/315
27/4/2016 Aerohive CLI Guide
additionalauthmethod Set an additional authentication method in addition to the one in the security protocol
suite
Use client MAC addresses as user names and passwords for RADIUS authentication (Default:
macbasedauth
Disabled)
Redirect HTTP/HTTPS traffic to an external captive web portal if MACbased
fallbacktoecwp
authentication fails on the RADIUS server
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 210/315
27/4/2016 Aerohive CLI Guide
security Set security parameters for the security object
Set an additional authentication method in addition to the one in the security protocol
additionalauthmethod
suite
mobiledevicemanager Set the mobile device manager parameters
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce
airwatch
client management such as mobile device enrollment
noncompliant Set the noncompliant parameters
disconnectforvlan
Disconnect the station when the VLAN is changed
change
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 211/315
27/4/2016 Aerohive CLI Guide
securityobject <string> security additionalauthmethod mobiledevicemanager airwatch noncompliant
sendmessage type {email|sms|push|all}
Set parameters for a security object controlling network access through the SSIDs and
securityobject
Ethernet interfaces to which it is applied
<string> Enter the security object name (132 chars)
security Set security parameters for the security object
Set an additional authentication method in addition to the one in the security protocol
additionalauthmethod
suite
mobiledevicemanager Set the mobile device manager parameters
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce
airwatch
client management such as mobile device enrollment
noncompliant Set the noncompliant parameters
sendmessage Set the send message parameters
type Set the message type
email Send message using email
sms Send message using SMS (Short Message Service)
push Send message using push
all Send message using all of push, email and SMS
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 212/315
27/4/2016 Aerohive CLI Guide
additionalauthmethod Set an additional authentication method in addition to the one in the security protocol
suite
mobiledevicemanager Set the mobile device manager parameters
Set connection and access parameters for the JSS (JAMF software server) to enforce
jss
client management such as mobile device enrollment
Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to
aerohive
enforce client management such as mobile device enrollment
Set the root URL path to the "/enroll" page on the JSS (Note: A JSS always displays the
urlrootpath device enrollment page at "/enroll", so enter just the root URL path that precedes
"/enroll".)
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path or http://domain:port/path;
Note: You can substitute "https" for "http".)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 213/315
27/4/2016 Aerohive CLI Guide
suite
mobiledevicemanager Set the mobile device manager parameters
Set connection and access parameters for the JSS (JAMF software server) to enforce
jss
client management such as mobile device enrollment
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce
airwatch
client management such as mobile device enrollment
httpauth Set parameters for HTTP authentication when the HiveAP connects to the MDM server
user Set the user name for HTTP authentication
<string> Enter the user name (132 chars)
password Set the password for HTTP authentication
<string> Enter the password (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 214/315
27/4/2016 Aerohive CLI Guide
eap Set parameters for exchanging EAP packets during 802.1X authentication
Set the number of times that the HiveAP will resend an EAP packet when it receives no
retries
response from a client
<number> Enter the number of retries (Default: 3; Range: 15)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 215/315
27/4/2016 Aerohive CLI Guide
security Set security parameters for the security object
Set parameters for a list of MAC addresses, in which the login station would have some
macwhitelist special liberty once its MAC address exists (Note: The whitelist can have up to 8
entries.)
Enable bypassing CWP(captive web portal) authentication process for the stations which
bypasscwp
MAC addresses exist in current security object's MAC white list (Default: Disabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 216/315
27/4/2016 Aerohive CLI Guide
securityobject <string> security privatepsk macbindingenable
Set parameters for a security object controlling network access through the SSIDs and
securityobject
Ethernet interfaces to which it is applied
<string> Enter the security object name (132 chars)
security Set security parameters for the security object
privatepsk Set the parameters for creating individual user PSKs (preshared keys)
macbindingenable Enable the automatic binding of a private PSK to a MAC address (Default: Disabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 217/315
27/4/2016 Aerohive CLI Guide
securityobject Set parameters for a security object controlling network access through the SSIDs and
Ethernet interfaces to which it is applied
<string> Enter the security object name (132 chars)
security Set security parameters for the security object
privatepsk Set the parameters for creating individual user PSKs (preshared keys)
Set a limit for the number of private PSK users that can be authenticated with the same
sameuserlimit
user name and PSK concurrently
Enter the maximum number of private PSK users that can use the same user name and PSK
<number>
concurrently (Default: 0, which means there is no limit; Range: 015)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 219/315
27/4/2016 Aerohive CLI Guide
ptktimeout which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast
traffic
<number> Enter the timeout in milliseconds (Range: 1008000; Default: 4000 milliseconds)
ptkretry Set the maximum number of times the HiveAP will retry sending PTK messages
<number> Enter the maximum number of retries (Range: 110; Default: 3)
Set the interval that the HiveAP waits for client replies during the 2way handshake in
gtktimeout which the HiveAP sends a GTK (group temporal key) to the client for encrypting and
decrypting multicast traffic
<number> Enter the timeout in milliseconds (Range: 1008000; Default: 4000 milliseconds)
gtkretry Set the maximum number of times the HiveAP will retry sending GTK messages
<number> Enter the maximum number of retries (Range: 110; Default: 3)
roaming Set roaming parameters for the protocol suite
proactivepmkid Respond to a client sending an empty PMK (pairwise master key) ID list with a cached PMK
response ID (Default: Disabled)
ptkrekeyperiod Set the period after which a new PTK (pairwise transient key) replaces the current one
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or
<number>
1050000000, where 0 means disabled; Default: 0)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 220/315
27/4/2016 Aerohive CLI Guide
securityobject <string> security protocolsuite wpa2aes8021x [ rekeyperiod <number> ] [ {non
strict|strict} ] [ gmkrekeyperiod <number> ] [ ptktimeout <number> ] [ ptkretry <number> ] [ gtk
timeout <number> ] [ gtkretry <number> ] [ roaming proactivepmkidresponse ] [ ptkrekeyperiod
<number> ]
Set parameters for a security object controlling network access through the SSIDs and
securityobject
Ethernet interfaces to which it is applied
<string> Enter the security object name (132 chars)
security Set security parameters for the security object
protocolsuite Set the security protocol suite for the security object
Set the security protocol suite as WPA2EAP (802.1X) key management, AESCCMP
wpa2aes8021x
encryption, and EAP (802.1X) authentication
rekeyperiod Set the period after which a new group temporal key replaces the current one
Enter the period in seconds after which a new group temporal key replaces the current
<number>
one (Range: 0 or 60050000000, where 0 means disabled; Default: 0)
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of
nonstrict
whether any clients disassociate (Default: nonstrict)
Refresh the GTK whenever a client to which the security object settings are applied
strict
disconnects from the HiveAP (Default: nonstrict)
gmkrekeyperiod Set the GMK (group master key) rekey periodDefault: 0)
Enter the interval in seconds for rekeying GMK (Group Master Key; Default: 0; Range: 0
<number>
or 600Seconds, where 0 means disabled)
Set the interval that the HiveAP waits for client replies during the 4way handshake in
ptktimeout which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast
traffic
<number> Enter the timeout in milliseconds (Range: 1008000; Default: 4000 milliseconds)
ptkretry Set the maximum number of times the HiveAP will retry sending PTK messages
<number> Enter the maximum number of retries (Range: 110; Default: 3)
Set the interval that the HiveAP waits for client replies during the 2way handshake in
gtktimeout which the HiveAP sends a GTK (group temporal key) to the client for encrypting and
decrypting multicast traffic
<number> Enter the timeout in milliseconds (Range: 1008000; Default: 4000 milliseconds)
gtkretry Set the maximum number of times the HiveAP will retry sending GTK messages
<number> Enter the maximum number of retries (Range: 110; Default: 3)
roaming Set roaming parameters for the protocol suite
proactivepmkid Respond to a client sending an empty PMK (Pairwise Master Key) ID list with a cached PMK
response ID (Default: disabled)
ptkrekeyperiod Set the period after which a new PTK (pairwise transient key) replaces the current one
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or
<number>
1050000000, where 0 means disabled; Default: 0)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 221/315
27/4/2016 Aerohive CLI Guide
strict Refresh the GTK whenever a client to which the security object settings are applied
disconnects from the HiveAP (Default: nonstrict)
gmkrekeyperiod Set the GMK (group master key) rekey periodDefault: 0)
Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600
<number>
50000000 Seconds, where 0 means disabled)
Set the interval that the HiveAP waits for client replies during the 4way handshake in
ptktimeout which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast
traffic
<number> Enter the timeout in milliseconds (Range: 1008000; Default: 4000 milliseconds)
ptkretry Set the maximum number of times the HiveAP will retry sending PTK messages
<number> Enter the maximum number of retries (Range: 110; Default: 3)
Set the interval that the HiveAP waits for client replies during the 2way handshake in
gtktimeout which the HiveAP sends a GTK (group temporal key) to the client for encrypting and
decrypting multicast traffic
<number> Enter the timeout in milliseconds (Range: 1008000; Default: 4000 milliseconds)
gtkretry Set the maximum number of times the HiveAP will retry sending GTK messages
<number> Enter the maximum number of retries (Range: 110; Default: 3)
ptkrekeyperiod Set the period after which a new PTK (pairwise transient key) replaces the current one
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or
<number>
1050000000, where 0 means disabled; Default: 0)
Set the interval that the HiveAP waits for client replies during the 2way handshake in
gtktimeout which the HiveAP sends a GTK (group temporal key) to the client for encrypting and
decrypting multicast traffic
<number> Enter the timeout in milliseconds (Range: 1008000; Default: 4000 milliseconds)
gtkretry Set the maximum number of times the HiveAP will retry sending GTK messages
<number> Enter the maximum number of retries (Range: 110; Default: 3)
roaming Set roaming parameters for the protocol suite
proactivepmkid Respond to a client sending an empty PMK (pairwise master key) ID list with a cached PMK
response ID (Default: Disabled)
ptkrekeyperiod Set the period after which a new PTK (pairwise transient key) replaces the current one
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 222/315
27/4/2016 Aerohive CLI Guide
<number> Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or
1050000000, where 0 means disabled; Default: 0)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 223/315
27/4/2016 Aerohive CLI Guide
tkippsk[wpa2aespsk[wpa2aes8021x} replaywindow <number>
Set parameters for a security object controlling network access through the SSIDs and
securityobject
Ethernet interfaces to which it is applied
<string> Enter the security object name (132 chars)
security Set security parameters for the security object
protocolsuite Set the security protocol suite for the security object
wpaauto8021x[wpa2 Set a window size within which the HiveAP accepts replies to previously sent messages
tkip8021x during 4way handshakes (no)
wnd::[0~10]Enter the ackets prior to the one most recently sent to which the HiveAP will accept a reply
number of p (Default: 0; Range: 010)
wpaautopsk[wpa2 aespsk[wpa2aes8021x Set a window size within which the HiveAP accepts replies to
tkippsk[wpa2 previously sent messages during 4way handshakes (no)
wnd::[0~10]Enter the ackets prior to the one most recently sent to which the HiveAP will accept a reply
number of p (Default: 0; Range: 010)
Set a window size within which the HiveAP accepts replies to previously sent messages
replaywindow
during 4way handshakes
Enter the number of packets prior to the one most recently sent to which the HiveAP will
<number>
accept a reply (Default: 0; Range: 010)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 224/315
27/4/2016 Aerohive CLI Guide
wpa2aespsk Set the security protocol suite as WPA2PSK (preshared key) key management, AESCCMP
encryption, and open authentication
Set the security protocol suite as WPA2EAP (802.1X) key management, AESCCMP
wpa2aes8021x
encryption, and EAP (802.1X) authentication
mfp Enable 802.11w support of MFP (Management Frame Protection)
mandatory Require that clients support MFP
optional Use MFP only if clients support it
bip Set broadcast/multicast integrity protocol
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 225/315
27/4/2016 Aerohive CLI Guide
<string> Enter the security object name (132 chars)
Set parameters for denying network access to users if they do not belong to an allowed
userprofiledeny
user profile
action Set an action which will be taken if a user profile is not allowed to access this SSID
banforever Set the action to ban network access indefinitely
disconnect Set the action to disconnect the station from the HiveAP
Set the behavior to deauthenticate all connected stations whenever a user profile bound
strict to the security object changes (Note: When stations reauthenticate, the user profile
changes take effect.)
securityobject <string> walledgarden hostname <string> service protocol <number> port <number>
Set parameters for a security object controlling network access through the SSIDs and
securityobject
Ethernet interfaces to which it is applied
<string> Enter the security object name (132 chars)
walledgarden Set the parameters for a walled garden in which unregistered users can access specified
servers (Maximum: 64 IP address and host name entries combined)
hostname Set the host name of a server in the walled garden
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 226/315
27/4/2016 Aerohive CLI Guide
<string> Enter the domain name (164 chars)
Set the service permitted to reach the server (Maximum: 8 services per IP address or
service
host name entry)
protocol Set the protocol of the service that you want to permit
<number> Enter the protocol number (Note: UDP: 17; TCP: 6; All: 0; Range: 0255)
port Set the port number
<number> Enter the port number (Range: 165535)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 227/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 228/315
27/4/2016 Aerohive CLI Guide
port Set the destination port number for the transport protocol
<number> Enter the port number (Range: 065535)
timeout Set the service session timeout
Set the session timeout value in seconds (Range: 065535; Default TCP: 300; UDP: 100;
<number>
Other: 100)
sflow enable
sflow Set sflow related parameters
enable Enable sflow (Default: Disabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 229/315
27/4/2016 Aerohive CLI Guide
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
show aaa
show Show settings, parameters, or dynamically generated information
aaa Show parameters for AAA (authentication, authorization, accounting)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 230/315
27/4/2016 Aerohive CLI Guide
radiusserverkey Show all certificates that the local AP uses as a RADIUS server and LDAP client
radiusserver Show certificates that the local AP uses as a RADIUS server
ldapclient Show certificates that the local AP uses as a LDAP client
show accessconsole
show Show settings, parameters, or dynamically generated information
accessconsole Show access console status and parameters
show acsp
show Show settings, parameters, or dynamically generated information
acsp Show parameters for ACSP (Advanced Channel Selection Protocol)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 231/315
27/4/2016 Aerohive CLI Guide
show Show settings, parameters, or dynamically generated information
alg Show ALG (Application Level Gateway) information
sip Show SIP (Session Initiation Protocol) information
calls Show information for all currently active SIP calls
<string> Enter the call ID to show information for a specific SIP call (1 128 chars)
show amrp
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 232/315
27/4/2016 Aerohive CLI Guide
show amrp interface
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
Show AMRP statistics for access interfaces reporting client associations and backhaul
interface
interfaces exchanging route information with other AMRP nodes
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 233/315
27/4/2016 Aerohive CLI Guide
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 234/315
27/4/2016 Aerohive CLI Guide
show Show settings, parameters, or dynamically generated information
application Show L7 information
reporting Show L7 application reporting information
configuration Show L7 application reporting configuration
show arpcache
show Show settings, parameters, or dynamically generated information
arpcache Show arp cache table
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 235/315
27/4/2016 Aerohive CLI Guide
service Show the Bonjour services that the local gateway discovered locally and those it learned
from other gateways
Show all the services that the local Bonjour gateway collected from hosts onits
local
immediate subnet
vlan Show the services that the local Bonjour gateway knows are available on a specific VLAN
<number> Enter the VLAN ID number (Range: 14094)
detail Show detailed information about Bonjour services
show bootparam
show Show settings, parameters, or dynamically generated information
bootparam Show boot parameter information
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 236/315
27/4/2016 Aerohive CLI Guide
capture Show packet capture parameters
local Show local captured files
show clock
show Show settings, parameters, or dynamically generated information
clock Show the date, time of the internal clock
show cmds
show Show settings, parameters, or dynamically generated information
cmds Show CLI (Command Line Interface) commands including ones derived from optional keywords
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 237/315
27/4/2016 Aerohive CLI Guide
show config running
show Show settings, parameters, or dynamically generated information
Show parameters for the current configuration file, which is a flash file containing
config
default and admindefined settings
running Show the running configuration
show console
show Show settings, parameters, or dynamically generated information
console Show console parameter
show datacollection
show Show settings, parameters, or dynamically generated information
Show parameters for collecting data about the types and capabilities of devices on the
datacollection
network and their network usage
show dns
show Show settings, parameters, or dynamically generated information
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 238/315
27/4/2016 Aerohive CLI Guide
dns Show DNS (Domain Name System) parameters
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 239/315
27/4/2016 Aerohive CLI Guide
<ip_addr> Source IP address
dstip Filter by destination IP
<ip_addr> Destination IP address
srcport Filter by source port
<number> source IP port (Range: 165535)
dstport Filter by destination port
<number> destination IP port (Range: 165535)
protocol Filter by protocol
<number> protocol (Range: 1255)
qos Filter by QoS value
<number> QoS value (Range: 07)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 240/315
27/4/2016 Aerohive CLI Guide
show forwardingengine openportstoself
show Show settings, parameters, or dynamically generated information
forwardingengine Show forwarding engine parameters
Show permitted services destined for the HiveAP itself when it is set to drop all non
openportstoself
management traffic
show gretunnel
show Show settings, parameters, or dynamically generated information
gretunnel Show GRE (Generic Routing Encapsulation) tunnel information
show history
show Show settings, parameters, or dynamically generated information
history Show command history
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 241/315
27/4/2016 Aerohive CLI Guide
hive Show hive parameters
<string> Enter a hive profile name (132 chars)
counter Show detailed statistics (counters) for neighboring hive members
neighbor Show statistics for all neighbors or a single neighbor in this hive
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
show hivemanager
show Show settings, parameters, or dynamically generated information
hivemanager Show HiveManager parameters
show hwinfo
show Show settings, parameters, or dynamically generated information
hwinfo Show hardware information
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 242/315
27/4/2016 Aerohive CLI Guide
show icsa
show Show settings, parameters, or dynamically generated information
icsa Show ICSA (International Computer Security Association) parameters
show idm
show Show settings, parameters, or dynamically generated information
idm Show ID Manager information
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 243/315
27/4/2016 Aerohive CLI Guide
dynamic Show dynamically learned MAC address entries
all Show statically defined and dynamically learned MAC address entries
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 244/315
27/4/2016 Aerohive CLI Guide
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcpprobe Show DHCP probe parameters
resultssummary Show a summary of DHCP probe results
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 245/315
27/4/2016 Aerohive CLI Guide
show interface <mgtx|mgtx.y> iphelper
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges: x: 0; y: 116)
iphelper Show IP helper address information
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 246/315
27/4/2016 Aerohive CLI Guide
<wifix> Enter the name of a WiFi radio interface, where x = 0 or 1
wlanidp Show WLAN IDP (intrusion detection and prevention) parameters
apinfo Show IDP AP statistics for the radio interface
compliance Show one compliance type of IDP AP statistics for the radio interface
compliant Show compliant type of IDP AP statistics for the radio interface
noncompliant Show noncompliant type of IDP AP statistics for the radio interface
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 247/315
27/4/2016 Aerohive CLI Guide
<wifix.y> Enter the name of a WiFi radio subinterface (Ranges: x: 01; y: 116)
<redx> Enter the name of the redundant interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<tunnelx> Enter the name of the tunnel interface, where x = 0 or 1
<bgdx.y> Enter the name of the BGD (Bonjour Gateway Daemon) interface (Ranges: x: 0; y: 116)
show ip natpolicy
show Show settings, parameters, or dynamically generated information
ip Show IP parameters
natpolicy Show parameters for a IP nat policy
show ip pathmtudiscovery
show Show settings, parameters, or dynamically generated information
ip Show IP parameters
pathmtudiscovery Show the Path MTU Discovery status
show ip route
show Show settings, parameters, or dynamically generated information
ip Show IP parameters
route Show IP routing table
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 248/315
27/4/2016 Aerohive CLI Guide
show ip tcpmssthreshold
show Show settings, parameters, or dynamically generated information
ip Show IP parameters
tcpmssthreshold Show the TCP MSS threshold parameters
show ippolicy
show Show settings, parameters, or dynamically generated information
ippolicy Show parameters for IP policy
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 249/315
27/4/2016 Aerohive CLI Guide
<number> Enter a num (Range: 132)
show license
show Show settings, parameters, or dynamically generated information
license Show license information
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 250/315
27/4/2016 Aerohive CLI Guide
rssi Show the RSSI readings of tracked stations
show logging
show Show settings, parameters, or dynamically generated information
logging Show logging information
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 251/315
27/4/2016 Aerohive CLI Guide
date Show messages start date
<date> Show messages date (Format: yyyymmdd; Range: 19700101 to 20351231)
time Show messages start time
<time> Show messages time (Format: hh:mm:ss)
show macpolicy
show Show settings, parameters, or dynamically generated information
macpolicy Show parameters for MAC policy
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 252/315
27/4/2016 Aerohive CLI Guide
deny Set the action
lines Set the most number of MAC policy to show
<number> Enter a num (Range: 132)
show minpasswordlength
show Show settings, parameters, or dynamically generated information
minpasswordlength Show the minimum password length
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 253/315
27/4/2016 Aerohive CLI Guide
gretunnel tunnels (Note: This only applies to portals in a L3 roaming environment.)
Show the level determining how much tunneled traffic from mobile users the local AP
permittedload
accepts
show networkfirewall
show Show settings, parameters, or dynamically generated information
networkfirewall Show all rules in the Layer 3 firewall policy
show ntp
show Show settings, parameters, or dynamically generated information
ntp Show NTP (Network Time Protocol) parameters
show performancesentinel
show Show settings, parameters, or dynamically generated information
performancesentinel Show performance sentinel parameters
show proxy
show Show settings, parameters, or dynamically generated information
proxy Show proxy parameters
show qos
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 254/315
27/4/2016 Aerohive CLI Guide
show qos classifiermap 8021p [ <number> ]
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
classifiermap Show the mapping of QoS priority markers on incoming packets to Aerohive QoS classes
8021p Show mapping of IEEE 802.1p priority markers on incoming packets to Aerohive QoS classes
<number> Enter IEEE 802.1p priority (Range: 07)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 255/315
27/4/2016 Aerohive CLI Guide
classifierprofile profile to see the parameters of just that one
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 256/315
27/4/2016 Aerohive CLI Guide
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
markermap Show the mapping of Aerohive QoS classes to QoS priority markers on outgoing packets
Show mapping of Aerohive QoS classes to IEEE 802.11e priority markers on outgoing
80211e
packets
<number> Enter the Aerohive QoS class (Range: 07)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 257/315
27/4/2016 Aerohive CLI Guide
show Show settings, parameters, or dynamically generated information
show resetbutton
show Show settings, parameters, or dynamically generated information
Show the state of reset button to reset the AP to its factory default settings or, if
resetbutton
set, to a bootstrap config
show route
show Show settings, parameters, or dynamically generated information
route Show route parameters
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 258/315
27/4/2016 Aerohive CLI Guide
show routing policy <string>
show Show settings, parameters, or dynamically generated information
routing Show routing parameters
policy Show parameters for a routing policy
<string> Enter routing policy name (132 chars)
show runningconfig
show Show settings, parameters, or dynamically generated information
runningconfig Show currently running configurations
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 259/315
27/4/2016 Aerohive CLI Guide
original string from an obscured one, but not if the string is replaced with asterisks.)
show scheduleindetail
show Show settings, parameters, or dynamically generated information
scheduleindetail Show detailed information about all previously defined schedules
show sflow
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 261/315
27/4/2016 Aerohive CLI Guide
show Show settings, parameters, or dynamically generated information
show sshtunnel
show Show settings, parameters, or dynamically generated information
sshtunnel Show SSH (Secure Shell) tunnel parameters
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 262/315
27/4/2016 Aerohive CLI Guide
show Show settings, parameters, or dynamically generated information
ssid Show SSID (Service Set Identifier) profile names and individual profile parameters
<string> Enter an SSID profile name (132 chars)
Show detailed statistics (counters) for stations (wireless clients) associated with the
counter
SSID
station Show statistics for all stations or a specific station associated with the SSID
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 263/315
27/4/2016 Aerohive CLI Guide
ssid Show SSID (Service Set Identifier) profile names and individual profile parameters
<string> Enter an SSID profile name (132 chars)
security Show SSID security parameters
wlan Show SSID WLAN parameters
dos Show SSID DoS parameters
show ssidschedule
show Show settings, parameters, or dynamically generated information
ssidschedule Show the status of all SSID schedules
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 264/315
27/4/2016 Aerohive CLI Guide
counter Show detailed statistics (counters) for stations (wireless clients) associated with the
HiveAP
show system
show Show settings, parameters, or dynamically generated information
system Show system information
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 265/315
27/4/2016 Aerohive CLI Guide
power Show power information
status Show power status information
show tech
show Show settings, parameters, or dynamically generated information
Show the output of many "show" commands that display all the important settings and
tech
runtime data
show tech <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxyadmin
<string> password <string> ] ]
show Show settings, parameters, or dynamically generated information
Show the output of many "show" commands that display all the important settings and
tech
runtime data
Enter the HTTP protocol, remote server domain name, port, directory path, and file name
<url> (Default port: 80; 1256 chars; Format: http://domain/path/file,
http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (132 chars)
password Set the password for the server administrator
<string> Enter the server password (164 chars)
Set the access authentication scheme as basic, which appends a user name and password
basic
encoded with the Base64 algorithm to the authorization header in HTTP requests
Set the access authentication scheme as digest, which appends an MD5 checksum of the
digest
username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy
<string> server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or
ip_addr:port)
proxyadmin Set the name of the proxy administrator
<string> Enter the proxy administrator name (132 chars)
password Set the password for the proxy administrator
show timezone
show Show settings, parameters, or dynamically generated information
timezone Show time zone
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 266/315
27/4/2016 Aerohive CLI Guide
show track [ <string> ]
show Show settings, parameters, or dynamically generated information
track Show IP tracking information
<string> Show IP tracking information for the group (132 chars)
show trackwan
show Show settings, parameters, or dynamically generated information
trackwan Show Wan interface IP tracking information
show usbdevice
show Show settings, parameters, or dynamically generated information
Show the following information about the internal USB hub and any device connected to
the USB port: bus number, device number, vendor ID, and product ID (Note: You can learn
usbdevice
the vendor name by looking up the vendor ID and product ID in the USB ID list at
http://www.linuxusb.org/usb.ids)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 267/315
27/4/2016 Aerohive CLI Guide
usbmodem Show parameters of usbmodem
Show RSSI (Received Signal Strength Indication) and BER (Bit Error Rate) of the attached
rssi USB modem (Note: This information might not be available when the modem has an active
PPP connection.)
show user
show Show settings, parameters, or dynamically generated information
user Show all user
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 268/315
27/4/2016 Aerohive CLI Guide
show userprofilepolicy [ <string> ]
show Show settings, parameters, or dynamically generated information
userprofilepolicy Show parameters for a user profile mapping policy
<string> Enter a policy name
show userprofileschedule
show Show settings, parameters, or dynamically generated information
userprofileschedule Show the status of all user profile schedules
show vlangroup
show Show settings, parameters, or dynamically generated information
vlangroup Show the settings and status of the Bonjour gateway
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 269/315
27/4/2016 Aerohive CLI Guide
vpn Show VPN information and VPN objects
ike Show IKE information
sa Show the cookies and creation times of IKE phase1 security associations
event Show the most recent IKE events (Note: You can see up to a maximum of 32 IKE events.)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 270/315
27/4/2016 Aerohive CLI Guide
queue #hidden
ph2 #hidden
sp #hidden
rekey #hidden
show wan db
show Show settings, parameters, or dynamically generated information
wan Show brd wan info
db Show brd wan database info
show webserverkey
show Show settings, parameters, or dynamically generated information
webserverkey Show web server key files information
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 271/315
27/4/2016 Aerohive CLI Guide
reported them, and those that attacked them
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address.
<mac_addr>
Examples: 1111:1111:1111, 111111111111, 1111.1111.1111 ...)
snmp reader version v3 admin <string> [ auth {md5|sha} password <string> ] [ encryption {aes|des}
password <string> ]
snmp Set SNMP (Simple Network Management Protocol) parameters
Set the SNMP community mode as readonly (Note: This setting allows the NMS, or network
reader
management station, to read MIB data on the AP but not receive traps from it.)
version Set the SNMP community version
v3 Set the SNMP community version as SNMP v3
admin Set the admin with readonly privileges for viewing MIB data
<string> Enter the admin name (132 chars)
Set the algorithm for authenticating communications between the SNMP agent on the AP and
auth
the NMS
md5 Set the authentication algorithm as MD5 (Message Digest Algorithm 5)
sha Set the authentication algorithm as SHA1 (Secure Hash Algorithm 1)
password Set the password used during the authentication process
<string> Enter the authentication password (864 chars)
Set the algorithm for encrypting communications between the SNMP agent on the AP and the
encryption
NMS
aes Set the encryption algorithm as AES (Advanced Encryption Standard)
des Set the encryption algorithm as DES (Data Encryption Standard)
password Set the password used during the encryption process
<string> Enter the password (864 chars)
any Set the community version to support both SNMP v1 and v2c
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 272/315
27/4/2016 Aerohive CLI Guide
on the AP and the NMS (Note: This string acts like a password or a shared secret.)
<string> Enter the domain name (132 chars) or the IP address and netmask for the NMS
snmp traphost {v3} admin <string> auth {md5|sha} password <string> [ encryption {aes|des} password
<string> ]
snmp Set SNMP (Simple Network Management Protocol) parameters
Set parameters for the SNMP trap host (Note: This is an NMS, or network management
traphost
station, that can receive SNMP traps from the AP.)
v3 Set the trap format for SNMP v3
admin Set the admin with privileges for receiving traps
<string> Enter the admin name (132 chars)
Set the algorithm for authenticating communications between the SNMP agent on the AP and
auth
the NMS
md5 Set the authentication algorithm as md5 (Message Digest Algorithm 5)
sha Set the authentication algorithm as SHA1 (Secure Hash Algorithm 1)
password Set the password used during the authentication process
<string> Enter the authentication password (864 chars)
Set the algorithm for encrypting communications between the SNMP agent on the AP and the
encryption
NMS
aes Set the encryption algorithm as AES (Advanced Encryption Standard)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 273/315
27/4/2016 Aerohive CLI Guide
<string> Enter the password (864 chars)
sshtunnel server <string> tunnelport <number> user <string> password <string> [ timeout <number> ]
Set SSH (Secure Shell) tunnel parameters so that Aerohive Technical Support can access
sshtunnel
the AP remotely
Set the domain name or IP address of the Aerohive SSH server and, optionally, its port
server
number
Enter the domain name (164 chars) or IP address and, optionally, the port number
<string>
(Default port: 22; Range: 102565535; Format: name:port or ip:port)
tunnelport Set the port number that the SSH server uses to identify the tunnel
<number> Enter the port for identifying the SSH tunnel (Range: 102565535)
user Set the user name for logging in to the SSH server
<string> Enter the user name (132 chars)
password Set password for logging in to the SSH server
<string> Enter the password (132 chars)
Set the length of time during which the tunnel between the AP and the Aerohive SSH
timeout
server will be up
<number> Enter the tunnel timeout value in minutes (Range: 06000, Default: 0 (disable))
ssid <string>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 274/315
27/4/2016 Aerohive CLI Guide
ssid <string> 11acmcsrateset <string>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (132 chars)
11acmcsrateset Set the 802.11ac MCS rate indexes for which the SSID advertizes its support
Enter specific MCS rates (Range: 1256 chars; Format: Use commas as separators. Example:
<string>
mcs2/1,mcs8/1,mcs4/2,mcs8/2,mcs9/2,mcs3/3)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 275/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 276/315
27/4/2016 Aerohive CLI Guide
ssid <string> ignorebroadcastprobe
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (132 chars)
ignorebroadcastprobe Ignore broadcasted probe requests
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 277/315
27/4/2016 Aerohive CLI Guide
ssid <string> multicast conversiontounicast {auto|always|disable}
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (132 chars)
Set parameters for sending IP datagrams to a group of interested receivers in a single
multicast
transmission
conversiontounicast Set the method for converting multicast frames to unicast frames (Default: Disabled)
Convert from multicast to unicast automatically whenever the channel utilization or
auto
multicast group membership count is below their respective thresholds
Always convert from multicast to unicast regardless of channel utilization and group
always
membership numbers
disable Disable convert from multicast to unicast
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 278/315
27/4/2016 Aerohive CLI Guide
<string> Enter an SSID profile name (132 chars)
rtsthreshold Set the RTS (request to send) threshold for the SSID
Enter the packet size for the RTS (request to send) threshold for the SSID (Default:
<number>
2346 bytes; Range: 12346)
ssid <string> security screening radiusattack threshold <number> [ action {alarm|ban} [ <number> ] ]
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (132 chars)
security Set the security parameters for the SSID
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 279/315
27/4/2016 Aerohive CLI Guide
screening Set the security screen parameters
radiusattack Enable the screening method of RADIUS attack procection (Default: Disabled)
Set the length of time during which 10 RADIUS rejections for the same source MAC address
threshold
is considered unacceptable
<number> Enter the length of time in seconds (Range: 13600; Default: 5)
action Set the action to perform if an alarm is triggered (Default: alarm)
alarm Send an alarm but continue to pass traffic
ban Disconnect the station and ban it from reconnecting for a period of time
Enter the amount of time in seconds to perform the action (Range: 1100000000; Default:
<number>
10 for an alarm, 3600 for a ban)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 280/315
27/4/2016 Aerohive CLI Guide
spoof} action banforever
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (132 chars)
security Set the security parameters for the SSID
screening Set the security screen parameters
icmpflood Enable the screening method for protection against ICMP floods (Default: Disabled)
udpflood Enable the screening method for protection against UDP floods (Default: Disabled)
synflood Enable the screening method for protection against TCP SYN floods (Default: Disabled)
arpflood Enable the screening method for protection against ARP floods (Default: Disabled)
addresssweep Enable the screening method for protection against IP address sweeps (Default: Disabled)
portscan Enable the screening method for protection against port scans (Default: Disabled)
ipspoof Enable the screening method for protection against IP spoofing (Default: Disabled)
action Set the action to perform if an alarm is triggered (Default: alarm)
banforever Disconnect the station and ban it from reconnecting indefinitely
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 281/315
27/4/2016 Aerohive CLI Guide
ssid <string> security screening {icmpflood|udpflood|synflood|arpflood|addresssweep|portscan|ip
spoof} threshold <number> action banforever
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (132 chars)
security Set the security parameters for the SSID
screening Set the security screen parameters
icmpflood Enable the screening method for protection against ICMP floods (Default: Disabled)
udpflood Enable the screening method for protection against UDP floods (Default: Disabled)
synflood Enable the screening method for protection against TCP SYN floods (Default: Disabled)
arpflood Enable the screening method for protection against ARP floods (Default: Disabled)
addresssweep Enable the screening method for protection against IP address sweeps (Default: Disabled)
portscan Enable the screening method for protection against port scans (Default: Disabled)
ipspoof Enable the screening method for protection against IP spoofing (Default: Disabled)
Set the threshold: packets per second for synflood and arpflood, air time for icmp
threshold flood and udpflood, milliseconds every 10 packets for addresssweep and portscan, IP
addresses for ipspoof
Enter the threshold value (Defaults and Ranges: ICMP flood: 20%, 1100%; UDP flood 50%,
1100%; SYN flood: 1000 pkts/sec, 11000000 pkts/sec; ARP flood 100 pkts/sec, 11000000
<number>
pkts/sec; address sweep and port scan: 100 ms/10 pkts, 110000 ms; IP spoof: 3 src
IPs/src MAC, 210 IPs; RADIUS attack: 5 secs/10 rejects, 13600 secs)
action Set the action to perform if an alarm is triggered (Default: alarm)
banforever Disconnect the station and ban it from reconnecting indefinitely
udpflood Enable the screening method for protection against UDP floods (Default: Disabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 282/315
27/4/2016 Aerohive CLI Guide
synflood Enable the screening method for protection against TCP SYN floods (Default: Disabled)
arpflood Enable the screening method for protection against ARP floods (Default: Disabled)
addresssweep Enable the screening method for protection against IP address sweeps (Default: Disabled)
portscan Enable the screening method for protection against port scans (Default: Disabled)
ipspoof Enable the screening method for protection against IP spoofing (Default: Disabled)
Set the threshold: packets per second for synflood and arpflood, air time for icmp
threshold flood and udpflood, milliseconds every 10 packets for addresssweep and portscan, IP
addresses for ipspoof
Enter the threshold value (Defaults and Ranges: ICMP flood: 20%, 1100%; UDP flood 50%,
1100%; SYN flood: 1000 pkts/sec, 11000000 pkts/sec; ARP flood 100 pkts/sec, 11000000
<number>
pkts/sec; address sweep and port scan: 100 ms/10 pkts, 110000 ms; IP spoof: 3 src
IPs/src MAC, 210 IPs; RADIUS attack: 5 secs/10 rejects, 13600 secs)
action Set the action to perform if an alarm is triggered (Default: alarm)
alarm Send an alarm but continue to pass traffic
drop Drop traffic for a period of time
ban Disconnect the station and ban it from reconnecting for a period of time
Enter the amount of time in seconds to perform the action (Range: 11000000000; Default:
<number>
10 for alarm, 1 for drop, 3600 for ban)
ssid <string> security wlan dos stationlevel frametype {assocreq|auth|eapol} ban <number>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (132 chars)
security Set the security parameters for the SSID
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
stationlevel Set DoS parameters at stationlevel
frametype Set WLAN DoS (Denial of Service) frame type
assocreq Specify WLAN DoS frame type assocreq
auth Specify WLAN DoS frame type auth
eapol Specify WLAN DoS frame type eapol
ban Set the period of time to ignore frames after a theshold has been crossed
Enter the period of time in seconds to ignore frames after a theshold has been crossed
<number>
(Default: 60; Min: 0 Max: None)
ssid <string> security wlan dos stationlevel frametype {assocreq|auth|eapol} ban forever
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (132 chars)
security Set the security parameters for the SSID
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
stationlevel Set DoS parameters at stationlevel
frametype Set WLAN DoS (Denial of Service) frame type
assocreq Specify WLAN DoS frame type assocreq
auth Specify WLAN DoS frame type auth
eapol Specify WLAN DoS frame type eapol
ban Set the period of time to ignore frames after a theshold has been crossed
forever Set ban forever
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 283/315
27/4/2016 Aerohive CLI Guide
security Set the security parameters for the SSID
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
ssidlevel Set DoS parameters at ssidlevel
stationlevel Set DoS parameters at stationlevel
frametype Set WLAN DoS (Denial of Service) frame type
probereq Specify WLAN DoS frame type probereq
proberesp Specify WLAN DoS frame type proberesp
assocreq Specify WLAN DoS frame type assocreq
assocresp Specify WLAN DoS frame type assocresp
disassoc Specify WLAN DoS frame type disassoc
auth Specify WLAN DoS frame type auth
deauth Specify WLAN DoS frame type deauth
eapol Specify WLAN DoS frame type eapol
all Specify WLAN DoS frame type all
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 284/315
27/4/2016 Aerohive CLI Guide
proberesp Specify WLAN DoS frame type proberesp
assocreq Specify WLAN DoS frame type assocreq
assocresp Specify WLAN DoS frame type assocresp
disassoc Specify WLAN DoS frame type disassoc
auth Specify WLAN DoS frame type auth
deauth Specify WLAN DoS frame type deauth
eapol Specify WLAN DoS frame type eapol
all Specify WLAN DoS frame type all
Set the frame threshold in ppm (packets per minute) that must be crossed to trigger an
threshold
alarm
Enter threshold in ppm (Default: ssidlevel probereq 12000, proberesp 24000, eapol
6000, auth 6000, assocreq 6000, assocresp 2400, all others 1200; stalevel probereq
<number>
1200 ppm, proberesp 2400, eapol 600, auth 600, assocreq 600, assocresp 240, all
others 120; Min: 0 Max: None)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 285/315
27/4/2016 Aerohive CLI Guide
bstmreq Frame to be send: BSTM Request frames
supplicant <string>
supplicant Set parameters for a supplicant object for HiveOS
<string> Enter the supplicant name (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 286/315
27/4/2016 Aerohive CLI Guide
<number> Enter the value (Range: 130; Default:30)
system disablemulticastping
system Set system parameters
disablemulticastping Disable responses to multicast pings (Default: Enabled)
teacherview promptfordenyurl
Set parameters for TeacherView, a tool for controlling student access to the network and
teacherview
monitoring their activity
Enable the use of an access denial notification, which the student receives when
promptfordenyurl accessing a blocked URL (Default: Enabled; Note: When disabled, the student does not
receive a denial of access. Instead, the connection simply times out.)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 287/315
27/4/2016 Aerohive CLI Guide
ip Set the IP address where the resource is located
<ip_addr> Enter the IP address
port Set the port number associated with the resource
<port> [1~65535]Enter the port number (Range: 165535)
Tuesday Apply the schedule on every Tuesday within the date range
Wednesday Apply the schedule on every Wednesday within the date range
Thursday Apply the schedule on every Thursday within the date range
Friday Apply the schedule on every Friday within the date range
Saturday Apply the schedule on every Saturday within the date range
Sunday Apply the schedule on every Sunday within the date range
timerange Set a time range during which the schedule will be applied on each scheduled day
Enter a start time for the schedule (Format: hh:mm; Hour Range: 0023; Minute Range: 00
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 288/315
27/4/2016 Aerohive CLI Guide
<time> 59)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 289/315
27/4/2016 Aerohive CLI Guide
enableaccessconsole Enable the virtual access console
disableaccessradio Disable all radios in access mode
trackwan <string>
Set parameters to track the reachability of one or more devices through the WAN
trackwan
interface
<string> Enter the name for a group of one or more targets to track (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 290/315
27/4/2016 Aerohive CLI Guide
trackwan Set parameters to track the reachability of one or more devices through the WAN
interface
<string> Enter the name for a group of one or more targets to track (132 chars)
interface Set the WAN interface through which to track targets
<ethx> Enter the name of an Ethernet interface, where x = 0 or 1
<usbnetx> Enter the name of the wireless USB modem interface, where x = 0
<wifix> Enter the name of a WiFi radio interface, where x = 0 or 1
usbmodem enable
usbmodem Set parameters of usbmodem
enable Enable usbmodem (Default: Enabled)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 291/315
27/4/2016 Aerohive CLI Guide
<string> Enter the name of modemid (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 292/315
27/4/2016 Aerohive CLI Guide
usbmodem modemid <string> connecttype {pppdialup|atcmddirectip|qmidirectip}
usbmodem Set parameters of usbmodem
modemid Set modem identifier
<string> Enter the name of modemid (132 chars)
connecttype Set a USB modem connecttype and save them into USB modem db
pppdialup Choose the USB modem connection type as pppdialup
atcmddirectip Choose the USB modem connection type as atcmddirectip
qmidirectip
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 293/315
27/4/2016 Aerohive CLI Guide
usbserial Set the USB modem serial driver info and save them into USB modem db
usbmodem resetdevice
usbmodem Set parameters of usbmodem
resetdevice Reset the usbmodem device
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 294/315
27/4/2016 Aerohive CLI Guide
<number> Enter rssi threshold (Range: 125 ~ 1; Default: 82)
user <string>
user Add one user or change user parameters
<string> Enter the user name (132 chars)
usergroup <string>
usergroup Set user group parameters
<string> Enter the user group name (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 295/315
27/4/2016 Aerohive CLI Guide
usergroup <string> autogeneration location <string>
usergroup Set user group parameters
<string> Enter the user group name (132 chars)
autogeneration Generate the password automatically
Set the user's physical location, which is combined with other factors (user name,
location
shared secret, ...) when generating the password automatically
<string> Enter the location (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 296/315
27/4/2016 Aerohive CLI Guide
mandatory Set usergroup cache mode to mandatory
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 297/315
27/4/2016 Aerohive CLI Guide
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 298/315
27/4/2016 Aerohive CLI Guide
userprofile Set parameters for a user profile
<string> Enter the user profile name (132 chars)
qospolicy Assign QoS policy to the user profile
<string> Enter the QoS policy name (132 chars)
vlanid Set the default VLAN ID for the user profile
<number> Enter the default VLAN ID for the user profile (Range: 14094)
mobilitypolicy Assign mobility policy to the user profile
<string> Enter the mobility policy name (132 chars)
attribute Map a RADIUS attribute or a range of attributes to the user profile
Enter a numeric value for a single RADIUS attribute or the starting value for a range
<number>
(Range: 04095)
Set a range of RADIUS attributes
<number> Enter the ending value for a RADIUS attribute range (Range: 04095)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 299/315
27/4/2016 Aerohive CLI Guide
userprofile Set parameters for a user profile
<string> Enter the user profile name (132 chars)
l3tunnelaction Set the behavior for routing traffic through Layer3 VPN tunnels (Default: split)
all Tunnel all outbound traffic to the VPN gateway
Tunnel all outbound traffic to the VPN gateway other than that listed as a Layer3 tunnel
withexception
exception
Tunnel traffic whose destination is the network behind the VPN gateway and forward all
split
other outbound traffic to the default gateway defined on the branch router
droptunneltraffic Drop all traffic whose destination is the network behind the VPN gateway
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 300/315
27/4/2016 Aerohive CLI Guide
userprofile <string> security macpolicy [ fromaccess <string> ] [ toaccess <string> ]
userprofile Set parameters for a user profile
<string> Enter the user profile name (132 chars)
security Set the security parameters for the user profile
Apply Layer 2 MAC firewall policies to traffic belonging to the user profile that is
macpolicy
received and transmitted on an access interface
fromaccess Set the MAC policy for traffic from wired or wireless clients
<string> Enter the name of a previously defined MAC firewall policy
toaccess Set the MAC policy for traffic transmitted to wired or wireless clients
<string> Enter the name of a previously defined MAC firewall policy
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 301/315
27/4/2016 Aerohive CLI Guide
<number> Enter the minimum guaranteed bandwidth (Default: 500 Kbps; Range: 100500000)
userprofilepolicy <string>
userprofilepolicy Set the user profile mapping policy
<string> Enter a policy name (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 302/315
27/4/2016 Aerohive CLI Guide
<string> Enter a policy name (132 chars
rule Set a rule for user profile mapping policy
<number> Enter the rule number (Range: 116)
Set the MAC object name that the authentication process must return for this test
macobject
condition to be true
<string> Enter MAC object name (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 303/315
27/4/2016 Aerohive CLI Guide
vpn ipsectunnel <string> dpd idleinterval <number> retry <number> retryinterval <number>
vpn Set parameters for VPN (virtual private network) tunneling
ipsectunnel Set IPsec tunnel parameters
<string> Enter the name of the IPsec tunnel entry (132 chars)
dpd Set DPD (Dead Peer Detection) parameters for the IPsec tunnel
idleinterval Set the interval for sending DPD RUThere messages
<number> Enter the interval in seconds (Range: 065535; Default: 10; Note: 0 disables DPD)
Set the number of times to retry sending a DPD RUThere message when it does not elicit
retry
a response
<number> Enter the number of messages to retry sending (Range: 165535; Default: 5)
retryinterval Set the interval for resending DPD RUThere messages
<number> Enter the retry interval in seconds (Range: 160; Default: 3)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 304/315
27/4/2016 Aerohive CLI Guide
<string> Enter the name of the IPsec tunnel entry (132 chars)
ike Set IKE (Internet Key Exchange) parameters
phase1 Set IKE phase 1 parameters
authmethod Set the authentication method for IKE phase 1 negotiations
Set peer authentication in hybrid mode (Default: Hybrid mode, in which the VPN server
hybrid authenticates itself with an RSA signature and the client authenticates itself through
Xauth.)
Set both VPN peersserver and clientto authenticate themselves with RSA signatures
rsasig
(Default: Hybrid mode)
psk Set both VPN peersserver and clientto authenticate themselves with a preshared key
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 305/315
27/4/2016 Aerohive CLI Guide
group1 Use DiffieHellman group 1 (Default: DiffieHellman group 2)
group2 Use DiffieHellman group 2 (Default: DiffieHellman group 2)
group5 Use DiffieHellman group 5 (Default: DiffieHellman group 2)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 306/315
27/4/2016 Aerohive CLI Guide
ufqdn Set the IKE identity type as a user FQDN (Example: psmith@aerohive.com)
keyid Set the IKE identity type as a keyid (Example: tunnelgroupname as test)
Enter the IP address, or user FQDN (email address), or FQDN, or ASN.1 DN (1128 chars)
<string>
or KEYID (132 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 307/315
27/4/2016 Aerohive CLI Guide
vpn tunnelpolicy <string> password <string>
vpn Set parameters for VPN (virtual private network) tunneling
tunnelpolicy Set the IPsec tunnel policy
<string> Enter a tunnel policy name (132 chars)
Set the password for the GRE tunnel check (Note: The password on the server and client
password
must match for the GRE tunnel check to succeed.)
<string> Enter a password (832 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 309/315
27/4/2016 Aerohive CLI Guide
Proxy HTTP and HTTPS traffic bound for the Internet to a web security server for
websecurityproxy
filtering
websensev1 Use the Websense web filtering solution
barracudav1 Use the Barracuda Networks web filtering solution
Set the domain name or IP address of the web security server to which HTTP packets are
httpproxyhost
proxied
<string> Enter the domain name or IP address of the server (164 chars)
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 310/315
27/4/2016 Aerohive CLI Guide
Through the Aerohive CLI, you can log in to a HiveAP and perform the following operations:
To access the CLI, you can make a direct serial connection through the console port (on HiveAP models that have one) or a Telnet or SSH
connection over the network through the Ethernet interface or an SSID on a Wifi subinterface to the mgt0 interface. Each method is
described in the following sections:
For an introduction to the CLI and some useful tips, see the following sections:
You can make a direct serial connection from your management system to the HiveAP and log in to the CLI. For details and pin assignments,
see the Aerohive Deployment Guide. Follow these steps:
1. Connect the power cable to the HiveAP and turn on the power.
2. Depending on the HiveAP model, connect one end of an RS‐232 (or "null modem") serial cable or an RJ‐45‐to‐DB‐9 serial cable to the
serial port (or Com port) on your management system.
3. Connect the other end of the cable to the console port on the HiveAP.
4. On your management system, run a VT100 terminal emulation program, such as Tera Term Pro (a free terminal emulator) or Hilgraeve
Hyperterminal (provided with Windows operating systems). Use the following settings:
Using Telnet
You can make a Telnet connection from your management system to the HiveAP across an Ethernet or WiFi network (or even just across an
Ethernet cable between your management system and the HiveAP). Because Telnet uses a client/server relationship, you need a Telnet
client on your management system. (All Windows operating systems include a Telnet client.) The client connects to the Telnet server on
the HiveAP using TCP port 23.
Because a Telnet connection requires that the HiveAP already have an IP address, you must first make a serial connection to the device and
assign it an address using the interface command:
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 311/315
27/4/2016 Aerohive CLI Guide
where ip_addr netmask define an address on the network that is accessible from your management system. See "Using the Console Port".
By default, Telnet manageability is disabled on HiveAPs. You must first access the HiveAP by another means‐ console, SSH, HiveManager, or
a management AP‐and enable it. Use the following commands to enable Telnet through an Ethernet interface and through an SSID (for
wireless Telnet access):
1. With the HiveAP connected to a power source, connect an Ethernet cable from the Ethernet port on the HiveAP to a switch that is on
the same network as your management system. Optionally, you can connect the Ethernet cable from the HiveAP directly to your
management system.
Note: Because the Ethernet port on the HiveAP is autosensing, the cable can have either straight‐through or cross‐over wiring. For
details, see the Aerohive Deployment Guide.
After you have created an SSID and enabled Telnet access to the mgt0 interface through that SSID, you can form a wireless association with
the HiveAP and use Telnet to access the CLI wirelessly.
2. On your management system, run the Telnet client and connect to the Telnet server on the HiveAP. In Windows, for example, do the
following:
Microsoft Telnet>
3. At the Microsoft Telnet> prompt, enter the IP address of the mgt0 interface, and then press Enter. The Telnet client on the
management system connects to the Telnet server on the HiveAP. The login prompt appears.
3. Log in using your user name and password. The default user name is admin and the default password is aerohive.
Using SSH
You can make an SSH2 (Secure Shell version 2) connection from an SSH client on your management system to the SSH server on the HiveAP
across an Ethernet or WiFi network. SSH allows you to open a remote command shell securely and run commands on the SSH server. You
need an SSHv2 client, such as puTTY (a free SSHv2 client), on your management system. The client connects to the SSHv2 server on the
HiveAP using TCP port 22.
Because an SSH connection requires that the HiveAP already have an IP address, you must first make a serial connection to the device and
assign it an address using the interface command:
where ip_addr netmask define an address on the network that is accessible from your management system. See "Using the Console Port".
By default, SSH manageability is enabled on Ethernet interfaces and SSIDs.
1. With the HiveAP connected to a power source, connect an Ethernet cable from the Ethernet port on the HiveAP to a switch that is on
the same network as your management system. Optionally, you can connect the Ethernet cable from the HiveAP directly to your
management system.
Note: Because the Ethernet port on the HiveAP is autosensing, the cable can have either straight‐through or cross‐over wiring. For
details, see the Aerohive Deployment Guide.
After you have created an SSID, you can form a wireless association with the HiveAP and use SSH to access the CLI wirelessly.
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 312/315
27/4/2016 Aerohive CLI Guide
2. On your management system, run the SSHv2 client and connect to the SSHv2 server on the HiveAP. Using puTTY, for example, do the
following:
1. Launch puTTY, and then click Session in the Category menu tree.
2. In the Host Name (or IP address) field, enter the IP address of the mgt0 interface, and then select SSH.
3. Click SSH in the Category menu tree, and make sure that the Preferred SSH protocol version is 2 or 2 only.
The SSH client on the management system connects to the SSH server on the HiveAP. The login prompt appears.
3. Log in using your user name and password. The default user name is admin and the default password is aerohive.
keyword commands for setting various parameters. Examples are the admin and interface commands.
show commands for displaying parameters or dynamically generated data. Examples are the show service and show memory
commands.
action commands for executing some type of action. Examples are ping, save, and reboot commands.
To see a list of commands, and their accompanying CLI Help, type a question mark ( ? ). For example, to display all the keyword and action
commands, enter a question mark at the command prompt:
aerohive#?
aerohive#show ?
To see all the commands beginning with a particular character or string of characters, enter the character or character string followed
immediately by a question mark; that is, do not include a space between the last character and the question mark. For example, to see all
the commands beginning with "a", enter the following:
aerohive#a?
Similar to the above methods for seeing lists of commands, you can use a question mark within commands to see subsequent choices. For
example, to see the options following clock, enter the following:
aerohive#clock ?
date‐time Set the date and time for the internal clock
time‐zone Set the time zone for the internal clock
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 313/315
27/4/2016 Aerohive CLI Guide
Searching for a Text String
If you want to find a command that uses a particular character or string of characters, you can do a search using the following command:
where string is the word or string of characters you want to find. For example, if you want to see all the commands in which the word
"enable" appears, enter the following:
qos enable
...
Searching for just the string of letters "ena" produces similar results:
qos enable
Note: You can search for more than one word by enclosing them within quotation marks. For example, you can do a search for "qos class"
to see the commands containing "qos classifier".
You can filter the output of a show command to include or exclude certain text strings. To do this use the following syntax: show cmd | {
exclude | include } string. For example, to find the MAC address 0016:cf8d:56bc among a number of associated stations in SSID "west",
enter the following command:
If you want to filter a space‐separated string, put the string within quotation marks. For example, to filter a MAC address ending with "20"
on the eth0 interface, enter the following:
The Aerohive CLI supports command line completion (or "tab completion"), which allows you to complete the remainder of an unambiguous
word by pressing the TAB key. For example:
If the remainder of the word is ambiguous, pressing TAB twice shows the possibilities. For example:
aerohive#show qos c
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 314/315
27/4/2016 Aerohive CLI Guide
Useful Keyboard Shortcuts
The following keyboard commands are useful to know and can make your work with the CLI more efficient. Note that the plus sign ( + )
indicates that both keys must be pressed simultaneously. For example, CTRL + s means "press the CTRL key and the s key at the same
time". If there is no plus sign between adjacent key names, press them sequentially. For example, ESC b means "press the ESC key and then
press the b key".
http://docs.aerohive.com/330000/docs/help/english/documentation/cli_guide_ap230_66r1.htm#cmd7 315/315