Can't find what you need?

• Ask the Community
• Create a Case
Reset Search



Common CLI commands, and what they're used for.

« Go Back


TitleCommon CLI commands, and what they're used for.
While complete CLI configuration is not recommended, commands can come in handy for particular purposes. The list below are some commonly used commands, with the syntax and purpose of the command explained. For a full list of CLI commands, please reference our CLI reference guides:
Extreme IQ
  • exec _test tcp-service host <HiveManager IP> port 22: Fill in the particular HiveManager address where the brackets are. This will tell you if traffic can get through on port 22. 
  • exec aaa net-join primary username <user name of AD or domain controler admin> password <adminstrators password>: This will automatically join the device with the Active directory or the domain controller. If you are having problems joining an Active Directory with your AAA server settings, use this to test. As an example, if the admin account for the AD had a user name of “admin” and a password of “Aerohive1” the command would be: exec aaa net-join primary username admin password Aerohive1.
  • Exec avc reset: Reset the application signatures to default.
  • interface <wifiX> radio antenna type {omni|directional}: To set antenna to omni mode or directional.
  • int mgt0 ip <IP Address>/<Subnet Mask abbreviation>: To set static IP address for AP. For example, if the address were with a subnet mask of /24, the command would be:
    int mgt0 ip
  • no capwap client transport port: Will erase any static CAPWAP transport values (UDP vs HTTP) and let the AP go back to using UDP as the primary, and HTTP as the backup, to cycle between the two until it can connect. 
  • no int eth0 dhcp: Turns off DHCP.
  • show acsp neighbor: Shows neighboring APs, and the signal strength coming from said APs. If normal AP, the Rssi(dBm) should be -70 or lower. If meshing, the Rssi (dBm) should be low 60’s with AP that is the other end of the Mesh connection.
  • show boot-param: Will show what country code is in use.
  • capwap client transport http: Will change the CAPWAP client transport mode to use only HTTP.
  • clear auth station mac <client MAC>: To manually de-authenticate a client device.
  • clear auth local-cache: To clear the local cache on an AP.
  • clear auth roaming-cache: To clear the roaming cache on an AP.
  • clear web-directory [ {ppsk-self-reg} ]: To clear a PPSK web directory.
  • Dns server-ip <address>: To set a DNS server IP manually.
  • exec aaa ldap-search username [username]: Runs a Radius test to look up users on an LDAP server.
  • exec aaa radius-test [radius server IP address] username [username] password [password]: Runs a Radius test.
  • no int mgt0 dhcp client,  int mgt0 dhcp client: These commands will cycle the DHCP and give a new IP address.
  • int mgt0 dhcp-probe vlan-range # #: This is a vlan probe from the command line. If you want to run a range you would replace the #'s with the range to be tested, like VLAN 1-5, for example:
    int mgt0 dhcp-probe vlan-range 1 5

    If you want to test a single VLAN you would enter that VLAN number twice. For example, testing VLAN 5:
    int mgt0 dhcp-probe vlan-range 5 5.
  • int mgtX  dhcp-server options ntp1 [ip address of ntp server]: Sets the NTP server manually.
  • interface eth0 rate-limit multicast 0, interface eth0 rate-limit multicast enable: These commands will limit the rate of multicast allowed through the APs. You can change the 0 to whatever value you like. For multicast flooding issues, this is a good test but not a good long term solution.
  • int wifi0 radio channel exclude <channel number>: To exclude a specific channel number.
  • interface <wifiX> radio tx-power-control  #: Will set a specified max transmit power for clients of the AP.
  • Interface <wifix> radio tx-power-control auto: Will allow the AP to specify the client transmit power based on the RF environment.
  • interface <wifix> radio power <number>: Will set the radio power.
  • int mgt0 vlan #: Will manually set the APs VLAN.
  • LLdp max-power 252: This will manually set the AP to pull 25.2 power from the switch port as long as it is poe+ capable. 
  • Reboot date <date in yyyy-mm-dd format> <time>: Sets a scheduled reboot 
  • show acsp: Will show wifi0 and wifi1 states.
  • Show acsp channel-info detail | inc channel: Will show detailed channel info, such as channel cost, interference, number of neighboring devices, penalties on the channel etc.
  • show cmd | include X: Will show you all commands that include whatever phrase or word you enter as X. 
  • show dns: Will show current DNS settings. 
  • show hw: Will show hardware information.
  • show int: Will show interface information.
  • show int mgt0: Will show the APs current IP address.
  • show int mgt0.1 dhcp-server detail: Will show DHCP lease, make sure you specify the right mgt interface.
  • clear int <> dhcp-server lease all: Will clear the DHCP leases. 
  • show lldp: Will show what power the AP is using. AT should be sending 15.4, AF show be sending 25.2.
  • show log buff | inc radius: Will show radius proxy authentication attempts.
  • sh int mgt0 dhcp client: Shows what DHCP server you’re using. 
  • show int switchport: Will show the status of your switch ports.
  • show int wifi(0 or 1): Displays stats for the radio (0= 2.4GHz, 1 = 5GHz).
  • Show int wifi (0 or 1) count: Displays specific numbers for RX, TX, and CRC counts.
  • show int wifi0 count | inc crc: Will show the CRC rate.
  • show int wifi0 count | inc retry: Will show the retry rate, the higher the number the worse it is.
  • show log buffer: Will display the APs current buffered log.
  • _Show process monitor cpu status: This will give you an output of what has been taking up the most CPU time. Note that Auth should be one of the top processes here, as the AP is mostly authenticating clients.
  • _show protocol-suite ssid all: Shows the passwords associated with the SSID’s on the AP in clear text.
  • _show rt-sta: This will give you as much information about clients that the AP has – MAC, IP Address, Username, OS, etc.
  • _show radsec elct-pool: Will show the election process and who is in the pool.
  • show ssid: Will show what SSIDs are currently being broadcast.
  • show system processes state: Displays a system summary with information such as CPU and memory utilization or different processes.
  • show system power stat: Will show if the AP is using AT or AF power from the switch. Check the tech specs for an AP to see which power level it needs to operate correctly. 
  • show sys _reboot: Will show the last reboot time on an AP.
  • show sys temp: Will show internal temperature of AP (does not work on all models. For example, it does not work on 121s or 390s, but does work on 330s, etc). 
  • show time: Will show the time zone set on the AP.
  • show clock: Will show the date and clock time on the AP.
  • clock date-time <yyyy-mm-dd> <hh:mm:ss>: To set the time manually.
  • show web directory, show web directory (name of web directory): will show the name of the web directory available, used for the second command. Will show if the captive web portal directory is on the AP.
  • ssid <string> multicast conversion-to-unicast {auto|always|disable}​​​:Where <string> is, enter the SSID this will apply to. This command will switch IP multicast traffic to unicast or vice versa depending on the last word in the command. 
  • system power-mode <802.3af/802.3at/auto>: Will set the PoE power mode manually. 
  • _test auth mac-bind show <ssid profile name> <mac address>: Will show which PPSK credentials are tied to which mac address (if you have MAC binding enabled).
  • exec auth <SSID> ppsk-mac-unbinding mac-ppsk <mac-address> <password>: To unbind a MAC address from a PPSK using MAC binding.
  • _test bgd show 7: Will disable and enable the Bonjour Gateway keep-alives (which are used to determine if Bonjour services are still alive on the network) These will cycle through the keep-alive state, essentially rebooting the process. Test Bonjour Gateway show 7, Enable local service keepalive. Test Bonjour Gateway show Done.
  • _test radsec cert-creation force: Will force the certificate on to the radsec proxy AP.
  • Show idm cert: Will show you what is in use currently.
  • tracert [webaddress]: This is a trace route, it will show where the traffic drops. Example- tracert 
  • user-profile <string> security deny {ipv4|ipv6}: Where <string> is, enter the name of the user profile this is applying to. This will block IPv4/IPv6 traffic depending on which option you enter at the end of the command.

    *This can only be used with the HiveOS 6.8r1 or higher
Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255