CLI Commands for Security on the Switch
Summit 300-48 Switch Software User Guide 111
CLI Commands for Security on the Switch
Security Profile Commands
Table 50 lists the CLI commands for creating security profiles.
Table 51 lists the properties for the security profile configuration command.
Table 50: Security Profile Commands
Command Description
create security-profile <name> {copy <name>} Creates a new profile identified by the string name.
The optional copy argument specifies the name of
an existing profile from which the system copies the
initial values
delete security-profile <name> Deletes the named security profile. The named
profile must not be currently attached to any active
port on the switch.
config security profile <name> <property> Sets up the security profile. See Table 51 for
property descriptions. Changes take effect
immediately and are propagated to all ports sharing
the named profile. If the command fails, none of the
changes is propagated to any of the ports.
config security-profile <name> dot11-auth <dot11-auth>
network-auth <network-auth> encryption <encryption
Use this command to enable dot11 authentication,
network authentication, and encryption type. Table 52
lists the authentication and encryption types.
configure security-profile <name> wpa-psk
[hex|passphrase] <pre-shared-secret>
Configures the pre shared key for this security profile
if the network-auth specified is wpa-psk.
configure security-profile <name> wep default-key-index
<number 0-3>
Configures the default key index for the security
profile in case of static WEP encryption.
configure security-profile <name> wep key add [0-3]
[hex|plaintext] <key>
Adds the specified static WEP key at the specified
index.
configure security-profile <name> wep key delete [0-3] Deletes the specified static WEP key.
configure security-profile <name> dot1x-wpa-timers
group-update-timer <minutes 10-1440>
Configures the time interval at which group keys for
dot1x and WPA clients are updated. This is valid only
if network-auth is dot1x, WPA or WPA-PSK.
configure security-profile <name> dot1x-wpa-timers
pairwise-update-timer <minutes 10-1440>
Configures the time interval at which group keys for
dot1x and WPA clients are updated. This is valid only
if network-auth is dot1x, WPA or WPA-PSK.
configure security-profile <name> dot1x-wpa-timers
reauth-period <seconds 60-600>
Configures the time interval at which dot1x and WPA
clients are re-authenticated. This is valid only if
network-auth is dot1x or WPA.
show security-profile {<name>} Shows the configured parameters of the security
profile.
Table 51: Security Profile Command Property Values
Case Default Ranges Action
ssid-in-beacon <value> on off | on Turns on whether the SSID is published
in the beacon or not. If you set this to
off then the beacon does not contain
the SSID and the client must know the
SSID before it can associate. Sniffing on
the beacon shows an empty SSID.
To Next Page
Loading...
