User Guide for the CiscoWorks Wireless LAN Solution Engine, 2.5
Managing the WLSE System via the CLI
Downloads: This chapterpdf (PDF - 337.0KB) The complete bookPDF (PDF - 7.77MB) | Feedback

Managing the WLSE via the CLI

Table Of Contents

Managing the WLSE via the CLI

Logging In and Out via CLI

Logging In

Logging Out

User Management via CLI

Managing User Accounts

Creating and Modifying User Accounts

Deleting User Accounts

Setting Up TACACS+ or RADIUS Authentication for CLI Login

Backing Up and Restoring via CLI

Setting Up the Backup Location

Specifying the Backup Location

Displaying the Backup Location

Removing the Backup Location

Backing Up the WLSE

Restoring WLSE Configuration

Installing a Replacement WLSE

Removing the Old WLSE

Installing the Replacement WLSE

Copying Configuration Data to another WLSE

Upgrading WLSE Software via CLI

Rebooting the WLSE via CLI

Shutting Down and Powering Off the WLSE

Setting WLSE System Date and Time

Setting the System Clock Using NTP

Setting the System Clock Manually

Configuring Ethernet Interfaces

Configuring Protocols on Ethernet Interfaces

Configuring Interface Parameters

Managing Devices on Both Interfaces

Configuring the Mail Route via CLI

Administering Management Services via CLI

Viewing System Information via CLI

Recovery Management

Erasing System Configuration and Resetting to Factory Defaults

Using the Maintenance Image

Booting from the Maintenance Image

Using the Recovery CD

Reimaging the WLSE

Using the Rescue Image

Recovering from the Loss of All Administrator Passwords

Recovering on a WLSE 1130

Recovering on a WLSE 1105


Managing the WLSE via the CLI


This chapter describes the major system administration tasks that you can perform by using the command line interface (CLI). These tasks are for both WLSE 1105 and WLSE 1130. For details on all CLI commands, see "Using the Command Line Interface (CLI)."


Note For administrative tasks performed from the Web interface, see the WLSE online help or the preceding chapters in this guide.


This chapter contains the following topics:

Logging In and Out via CLI

User Management via CLI

Backing Up and Restoring via CLI

Upgrading WLSE Software via CLI

Shutting Down and Powering Off the WLSE

Rebooting the WLSE via CLI

Setting WLSE System Date and Time

Configuring Ethernet Interfaces

Administering Management Services via CLI

Viewing System Information via CLI

Recovery Management

Logging In and Out via CLI

Use the following commands to log in and out of the WLSE.

Logging In

To use the CLI to log in:


Step 1 Attach a console or connect via Telnet or SSH to the WLSE.

If you are using a console, make sure you are attaching it to the correct port:

For the WLSE 1105, use the serial port on the front panel; do not use the serial port on the back panel as the console port.

For the WLSE 1130, use the serial port on the back panel as the console port.

For more information about the location of the serial ports and connecting to them, see the Installation and Configuration Guide for the Wireless LAN Solution Engine, Release 2.5 for CiscoWorks 1130 information or the Quick Start Guide for the CiscoWorks 1105 Wireless LAN Solution Engine.

Step 2 At the login prompt, enter admin or use another account that has CLI privileges.

Step 3 At the password prompt, enter the password.

Result: The system prompt appears.



Note Users must have CLI privileges to use the CLI. Users who have only level 0 privileges can use only a subset of the CLI commands. Users who have level 15 privileges can use all commands. For information on setting these privileges via CLI, see Managing User Accounts. For information on setting CLI privileges via the Web interface, see Managing User Accounts.


Logging Out

To log out, use the exit command.

User Management via CLI

This section contains the following topics:

Managing User Accounts

Setting Up TACACS+ or RADIUS Authentication for CLI Login

Managing User Accounts

You can create users via the CLI and grant them CLI privileges. Such users appear in the user management screens of the Web interface, but they do not have access to the Web interface features unless you modify them in the Web interface to add access.

Creating and Modifying User Accounts

To create or modify user accounts:


Step 1 Log in. For more information, see Logging In and Out via CLI.

Step 2 Enter the following command for each user account you want to add or modify:

username name password password privilege 0 | 15

where:

name is the username of the account.

password is the user's password.

privilege 0 allows access to a subset of the CLI commands (see Privilege Level 0 Commands). This is the default and is assigned to the account even if you omit this argument.

privilege 15 allows access to all CLI commands.

Step 3 To allow access to the Web interface, log into the Web interface and modify the user's account to add roles and privileges (see Managing User Accounts or the online help).


Deleting User Accounts

To delete a user, enter the following command:

no username name

where name is the user to be deleted.

Setting Up TACACS+ or RADIUS Authentication for CLI Login

You can use an authentication server for logging in through Telnet or SSH. This requires configuring the authentication server and setting up the authentication module on the WLSE.

To configure the authentication server, add the WLSE as a client, configure the shared secret, and add the users. The users must also exist on the WLSE; see Creating and Modifying User Accounts.

To set up the WLSE's RADIUS module, enter the following command:

auth cli radius secret server

where secret is the shared secret and server is the hostname or IP address of the authentication server.

To set up the WLSE's TACACS+ module:

auth cli tacacs secret server

where secret is the shared secret and server is the hostname or IP address of the authentication server.

For more information about using alternative authentication, see auth, and Overview: Authentication Modules.

Backing Up and Restoring via CLI

You should backup the WLSE at regular intervals and before software updates or system recoveries.

Before attempting to backup or restore your WLSE, make sure you have the following:

A remote FTP host to serve as the backup location.

A valid username and password on the backup location.

A backup directory on the backup location that has the proper permissions for the username and password you will be using.

Backups preserve the database, flash memory (network information and users' CLI privileges), and the user configuration (including users, roles, templates, firmware images, device credentials, policies, and threshold settings).

Backups do not preserve startup templates, the mail route, and AAA server trend data. Also, the four system-defined user roles will be reset to their default privileges.

This section contains procedures for specifying the backup location, backing up the WLSE, and restoring the WLSE.


Note You can replace one WLSE with another by backing up and restoring the data from the old WLSE to the new one. See Installing a Replacement WLSE.



Note You can restore a backup made on one WLSE to another WLSE. For information, see Copying Configuration Data to another WLSE.


Setting Up the Backup Location

Before backing up, you must specify an FTP server as the backup location.

Specifying the Backup Location

To specify the backup location:


Step 1 Log in. For more information, see Logging In and Out via CLI.

Step 2 Enter the following command:

backupconfig hostname username password directory 

where:

hostname is the hostname or IP address of the backup system.

username is the username of a user on the backup system.

password is the password of the user on the backup system.

directory is the pathname of the backup directory, if different from user's default directory.

This backup location information will be used by the backup, listbackup, and restore commands.


Displaying the Backup Location

If a backup location has been specified, you can display the hostname and username by entering the following command:

show backupconfig

Removing the Backup Location

To remove the backup location, enter the following command:

no backupconfig

Backing Up the WLSE

When backing up via the CLI, you can perform manual, one-time backups. To schedule regular backups, use the Web interface; for information, see Backing Up and Restoring Data.


Note WLSE operations continue during the backup.


To back up the WLSE:


Step 1 Log in. For more information, see Logging In and Out via CLI.

Step 2 Make sure the backup location has been configured. See Setting Up the Backup Location.

Step 3 To test the availability of the backup location enter:

backup test

Step 4 To backup the WLSE, enter:

backup

Result: The WLSE will be backed up to the location you specified in the backupconfig command.


Restoring WLSE Configuration


Note The WLSE shuts down during the restore operation and reboots afterwards.


To restore the WLSE configuration:


Step 1 Log in. For more information, see Logging In and Out via CLI.

Step 2 To list the available backups, enter:

listbackup

Step 3 Enter the following command:

restore backup_name

where backup_name is the name of the backup you want to restore.

To restore without overwriting the WLSE flash memory, use the following command:

restore -n backup_name

The flash memory contains the WLSE's network settings (WLSE hostname, IP address, domain name, name servers, NTP server) and users' CLI privileges.


For information about restoring from WLSE to another, see:

Installing a Replacement WLSE

Copying Configuration Data to another WLSE

Installing a Replacement WLSE

This section describes tasks you should perform when installing a replacement WLSE (replacing an existing WLSE with a new one). If you are simply using a backup from one WLSE to restore data on another WLSE, see Copying Configuration Data to another WLSE.

Removing the Old WLSE

Before removing the old WLSE:


Step 1 Log in to the old WLSE. For more information, see Logging In and Out via CLI.

Step 2 Record the WLSE's configuration (the information that you entered when you initially set up the WLSE). Use the following command to display the configuration:

show config

Step 3 Back up the data from the old WLSE. See Backing Up and Restoring via CLI for details.

Step 4 Enter the following command:

shutdown

Step 5 Power down and remove the old system.


Installing the Replacement WLSE

To install the replacement WLSE:


Step 1 Install and power on the new WLSE, using the instructions in the Installation and Configuration Guide for the Wireless LAN Solution Engine, Release 2.5.

Step 2 If you are using the same basic network information (for example, IP address and hostname) that you used on the old WLSE:

a. Run the setup program.

b. Enter the following command to restore all the configuration data from the old system, including the basic network information:

restore backup_name

Step 3 If you are not using the same basic configuration (for example, IP address and hostname) that you used on the old WLSE:

a. Run the setup program.

b. Enter the following command to restore all the configuration data from the old system except the basic network information:

restore -n backup_name


Copying Configuration Data to another WLSE

You can back up data from one WLSE and copy it to another by using the backup and restore features. If you are replacing one WLSE with another, see Installing a Replacement WLSE.


Note You cannot restore a backup from a WLSE 1130 to a WLSE 1105.



Step 1 Back up the data on the original WLSE. For more information, see Backing Up and Restoring via CLI.

Step 2 If you have installed a new WLSE and have not configured it yet, run the setup program and complete the configuration.

For information on the setup program and additional configuration steps, use the Installation and Configuration Guide for the Wireless LAN Solution Engine, Release 2.5.

Step 3 Restore the configuration data from your backup by entering the following command. Use the backup image name as the argument.

restore -n backup_name


Note Be sure to use the -n option. Otherwise, the network information in flash memory will be overwritten and you will have to erase the WLSE's configuration and run the setup program to reenter the network information.



Upgrading WLSE Software via CLI

For information about installing software updates on the WLSE by using the CLI, see the Installation and Configuration Guide for the Wireless LAN Solution Engine, Release 2.5.

Rebooting the WLSE via CLI

Rebooting the system restarts its management services, even if the services were stopped prior to the reboot.

To restart the WLSE:


Step 1 Log in. See Logging In and Out via CLI.

Step 2 Enter the following command:

reload

You are prompted to verify the reload. Enter yes to confirm or no to cancel the 
reload.

Caution All processes running on the system stop and restart when you run the reload command. The WLSE will not respond while it is reloading.


Shutting Down and Powering Off the WLSE


Caution If you power off the WLSE improperly, you might disable the system.

To shut down the WLSE:


Step 1 Log in. See Logging In and Out via CLI.

Step 2 Enter the following command:

shutdown

Step 3 Power off the WLSE.


Setting WLSE System Date and Time

The WLSE uses Universal Coordinated Time (UTC) for the system time and date. The WLSE uses UTC to display the time and date when you are connected via Telnet/SSH or the console and when you are viewing log files. The WLSE uses the client's local time to display the time and date when connected via the Web interface.

You can set and maintain the system date and time by:

Setting the System Clock Using NTP (the recommended method).

Setting the System Clock Manually.


Note You can set the current local (browser) time on the Web interface. For information, see the online help or the Installation and Configuration Guide for the Wireless LAN Solution Engine, Release 2.5.


To display the system time, use the show clock command. For more information on this command, see show clock.

Setting the System Clock Using NTP

NTP is the recommended method for configuring time and date on the system. If your network uses NTP to set the date and time on devices, you can specify the NTP servers on the WLSE. If NTP is not enabled, you can set the system clock to UTC manually as described in Setting the System Clock Manually.

To specify NTP servers:


Step 1 Log in. See Logging In and Out via CLI.

Step 2 Enter the following command:

ntp server ip-address

where ip-address is the IP address of an NTP server.


To remove NTP servers and disable NTP:


Step 1 Log in. See Logging In and Out via CLIl

Step 2 Enter the following command for each NTP server that you specified:

no ntp server ip_address


Caution If you do not set the system clock manually after disabling NTP, the system clock might become inaccurate.


Setting the System Clock Manually

If your network does not use NTP to set the system time on devices and the time is not set correctly, set the date and time to manually.

To set the date and time manually:


Step 1 Log in. See Logging In and Out via CLI.

Step 2 Enter the following command:

clock set hh:mm:ss month day year

where:

hh:mm:ss is the current time (for example, 13:32:00).

month is the current month (for example, December).

day is the day of the month (for example, 31).

year is the current year (for example, 2003).


For more information about the clock command, see show clock.

Configuring Ethernet Interfaces

The WLSE 1105 uses 10/100 Mbps Ethernet connectors. The WLSE 1130 uses 10/100/1000 Mbps Ethernet connectors. The Ethernet 0 interface is configured during initial setup of the WLSE, and all protocols are enabled on the Ethernet 0 interface.


Note The Ethernet interface labeled "A" on the WLSE 1130 back panel corresponds to Ethernet 0 in software (such as CLI commands). The Ethernet interface labeled "B" corresponds to Ethernet 1 in software.


This section contains the following topics:

Configuring Protocols on Ethernet Interfaces.

Configuring Interface Parameters.

Managing Devices on Both Interfaces.

Configuring Protocols on Ethernet Interfaces

All protocols are enabled by default on the Ethernet 0 interface. On the Ethernet 1 interface of the WLSE 1130, all protocols except for CDP are enabled.

Any Ethernet interface can be individually configured to allow or prevent connections via the following protocols:

Cisco Discovery Protocol (CDP)

Hypertext transfer protocol (HTTP)

Hypertext transfer protocol secure (HTTPS)

Internet Control Message Protocol (ICMP)

Secure shell (SSH) 1 and 2

Simple network management protocol (SNMP)

Telnet

To allow or prevent protocols on an Ethernet interface:


Step 1 Log in. See Logging In and Out via CLI.

Step 2 To allow CDP on an interface, enter the following command:

cdp run port

where port is the Ethernet interface, either eth0 or eth1.

To disable CDP, enter the following command:

no cdp run port

For more information on this command, see cdp.

Step 3 To allow or prevent any of the other protocols on an interface, use the firewall command. For information on this command, see firewall.


Configuring Interface Parameters

To enable or disable Ethernet interfaces and set parameters on the interfaces (IP address, gateway information, speed, half/full duplex), use the following command.

interface eth[ernet][0-5] {[ up | down ] | ipaddress netmask
[ default-gateway address ] [ up | down ] }
[ auto | speed [ 10 | 100 | 1000 ]] duplex [ half | full ]
mtu [ 46-1500 ]

For detailed information on this command, see interface.

Managing Devices on Both Interfaces

The Ethernet 0 interface is configured by the setup program during initial setup of the WLSE. If you are using both interfaces to manage devices, you must configure the second interface as follows:

Make sure CDP is enabled on the Ethernet 1 interface—See Configuring Protocols on Ethernet Interfaces.

Configure Ethernet 1 interface parameters—See Configuring Interface Parameters.

Use the following command to configure a static route to the default gateway for the Ethernet 1 interface to reach the networks connected to the Ethernet 1 interface:

route { network address } netmask { network netmask }
gateway { gateway address } 

If you do not configure the static route, the WLSE will use only the default gateway configured on the Ethernet 0 interface and will be unable to manage the devices on the networks connected to the Ethernet 1 interface. For more information on the route command, see route.

Configuring the Mail Route via CLI

To ensure that email arrives at its proper destination, you can specify an SMTP server. This affects email notifications about firmware and configuration jobs, emailing reports, and emailing fault notifications.

To specify a mail server:


Step 1 Log in as the admin user.

Step 2 Enter the following command:

mailroute server

where server is the IP address or hostname of the email server.


Administering Management Services via CLI

The WLSE allows you to stop and start all management services at once. All commands that affect management services affect all of them, and the logs that collect services information collect information about all of them.

You can stop and restart the management services if the system is not responding correctly. This should cause the services to reset and function properly again. Management services are restarted automatically when you reboot the WLSE.

To stop management services, enter the following command:

services stop

To start management services, enter the following command:

services start

To view management services status, enter the following command:

services status

Viewing System Information via CLI

To view system information, use the following CLI commands.

Table 9-1 Commands for Viewing System Information 

Command
Information Displayed

show anilog

ANI log

show auth-cli

Type of authentication used for secure CLI access

show auth-http

Type of authentication used for secure HTTP access

show backupconfig

Current backup and restore location and username

show bootlog

Messages from the last system boot

show cdp neighbor

The WLSE's nearest neighbor on the network

show cdp run

CDP configuration of the WLSE

show collectorlog

Collector log

show config

System configuration

show daemonslog

Daemons log

show dmgtdlog

Daemon manager log

show import

Imported hosts file

show install logs

Software updates and images in the repository

show ipchains

IP chains for Ethernet interface

show hosts

System hosts file

show maillog

Email log

show process

Statistics for active processes

show repository

Status or access log of repository

show route

Routes that are currently configured

show securitylog

Security log

show snmp-server

WLSE's SNMP configuration

show ssh-version

Type of SSH enabled on the WLSE

show syslog

Syslog

show tech

Information necessary for Cisco TAC to assist you

show tomcatlog

Tomcat log

show telnetenable

Telnet status

show webaccesslog

Web access log

show weberror log

Web error log

show websslaccesslog

Web SSL log


Recovery Management

Use the following procedures to recover from problems:

Erasing System Configuration and Resetting to Factory Defaults

Using the Maintenance Image.

Reimaging the WLSE.

Using the Rescue Image

Recovering from the Loss of All Administrator Passwords

Erasing System Configuration and Resetting to Factory Defaults

To erase the system configuration and reset the WLSE to factory default:


Step 1 Log in as the admin user.

Step 2 Enter the following command. This command resets the WLSE to factory defaults, but leaves the database and logs in place.

erase config


Note This command stops and restarts system services.


Step 3 To purge the database, enter the following command:

reinitdb


Note This command stops and restarts system services.




Note After the system reboots, you must reconfigure the system using the setup program, as described in the Installation and Configuration Guide for the Wireless LAN Solution Engine, Release 2.5.


Using the Maintenance Image

The WLSE's maintenance image consists of an operating system image and default system configuration stored in flash memory. You can use the maintenance image to recover from serious problems.

The following commands are available while the WLSE is running the maintenance image:

reload

erase config

fsck—This command is available only in the maintenance and rescue images.

While the maintenance image is running, you can do the following tasks, which you cannot do when the system is booted normally from the disk:

Recover from loss of all administrative passwords. See Recovering from the Loss of All Administrator Passwords.

Perform disk filesystem integrity checks or recover from filesystem corruption. See fsck.

Booting from the Maintenance Image

As a security measure, you can boot from the maintenance image only while connected to the system console.


Step 1 Connect a console to the WLSE's console port, and log on as admin.

For the WLSE 1105, use the serial port on the front panel; do not use the serial port on the back panel as a console port.

For the WLSE 1130, the serial/console port is on the back panel.

Step 2 Reboot the system by doing one of the following:

Enter the following command to reload the system if it is running:

reload

Power on the system, if it is powered off.

Power the system off and then back on if you cannot log in because you have lost all user account passwords.

Step 3 When the LILO boot: prompt appears, press the Tab key.

Step 4 When the boot: prompt appears, enter:

CiscoBreR

Step 5 After you complete all necessary tasks, reboot the system by entering the following command and allowing the system to boot from the disk (the default boot order)

reload


Using the Recovery CD

With the Recovery CD included with your WLSE, you can reimage the WLSE (see Reimaging the WLSE) or boot from the rescue image (see Using the Rescue Image).

Reimaging the WLSE


Note Although every effort has been made to validate the accuracy of the software version on the Recovery CD, you must review the WLSE's software versions on http://www.cisco.com and download any necessary software updates. See the Readme files included with the updates to perform the update procedure.



Caution This procedure will destroy all data and install a new image. You will need to replace the data by restoring a backup. For information on backups, see Backing Up the WLSE.

To reimage your WLSE, perform the following steps:


Step 1 Connect a console to the WLSE's serial port.

For the WLSE 1105, use the serial port on the front panel; do not use the serial port on the back panel as a console port.

For the WLSE 1130, the serial/console port is on the back panel.

Step 2 Log in as the admin user, and enter the password created when the WLSE was configured.

Step 3 Put the Recovery CD in the WLSE's CD drive. For the location of the CD drive, see the Installation and Configuration Guide for the Wireless LAN Solution Engine, Release 2.5 for the WLSE 1130 or the Quick Start Guide for the CiscoWorks 1105 Wireless LAN Solution Engine.

Step 4 Enter the following command. The WLSE will reboot.

reload

Step 5 At the following prompt, enter yes:


Caution If you do not want to re-image the WLSE, enter rescue. For more information about the rescue image, see Using the Rescue Image.

Do you wish to continue (Yes/[No]/Rescue) yes

Step 6 When the WLSE ejects the Recovery CD, remove it.

Step 7 At the following prompt, enter yes:

Do you wish to reload and start the install?(yes/[no]) yes

Result: The WLSE is re-imaged and reboots.


Using the Rescue Image

The rescue image is similar to the maintenance image, but is accessible via the Recovery CD. The rescue image is mainly used to aid technical support when diagnosing issues. Use the rescue image if you cannot use the maintenance image, but need to. You can use the rescue image to boot the system to perform some system administration tasks and disaster recovery. For information about the uses of the maintenance image, see Using the Maintenance Image.

You are limited to the following commands while the system is running the rescue image: reload, erase config, and fsck.

To boot from the rescue image, perform the following steps:


Step 1 Connect a console to the WLSE's serial port.

For the WLSE 1105, use the serial port on the front panel; do not use the serial port on the back panel as a console port.

For the WLSE 1130, the serial/console port is on the back panel.

Step 2 Log in as the admin user. The admin user's password was created when the WLSE was initially configured.

Step 3 Put the Recovery CD in the WLSE's CD drive.

For the location of the WLSE 1130 CD drive, see the Installation and Configuration Guide for the Wireless LAN Solution Engine, Release 2.5 for the WLSE 1130.

For the location of the WLSE 1105 CD drive, see the Quick Start Guide for the CiscoWorks 1105 Wireless LAN Solution Engine.

Step 4 Enter the following command. The WLSE will reboot.

reload

Step 5 At the following prompt, enter rescue. The WLSE will reboot.

Do you wish to continue (yes/[no]/rescue):

Step 6 After the WLSE comes up, the setup login prompt appears. Configure the system from the setup program, as described in the Installation and Configuration Guide for the Wireless LAN Solution Engine, Release 2.5.


Recovering from the Loss of All Administrator Passwords

If you cannot log on to the system and perform administrative tasks, perform the following procedure:

Recovering on a WLSE 1130

Recovering on a WLSE 1105

Recovering on a WLSE 1130

To recover from the loss of all administrator passwords:


Step 1 Connect a console to the console port on the back panel.

Step 2 Power the system off, then power it back on. Boot messages appear, and then following prompt appears:

-----------------------------------
0: CiscoBre
1: CiscoBreR
-----------------------------------

Step 3 Use and Up Arrow and Down Arrow keys to select 1 to boot into CiscoBreR and press Enter. The following prompt appears:

[root@CiscoMaintImage/]#

Step 4 Enter the following command. This erases the WLSE's configuration, returns the WLSE to factory defaults, and reloads the WLSE.

[root@CiscoMaintImage/]# erase config

Step 5 After the WLSE starts up, the setup login prompt appears. Use the setup program to configure the system. This allows you to add a password for the admin user.


Recovering on a WLSE 1105

To recover from the loss of all administrator passwords:


Step 1 Connect a console to the serial port on the front panel; do not use the serial port on the back panel as a console port.

Step 2 Put the recovery CD in the CD drive.

Step 3 Enter the following command:

reload

Step 4 When the "Yes/No/Rescue/Reboot" option appears, enter:

rescue

Step 5 When the shell prompt appears, enter:

erase config

This command erases the WLSE's configuration.

Step 6 When the "Yes/No/Rescue/Reboot" option appears, enter:

reboot

After the WLSE starts up, a long prompt appears:

localhostlogin:

Step 7 Log in as the user "setup" and configure the system. This allows you to add a password for the admin user.

For more information about setup, see the Installation and Configuration Guide for the Wireless LAN Solution Engine, Release 2.5.