Access Point Command Line Interface
Applies To: WatchGuard Cloud-managed Access Points (AP130, AP230W, AP330, AP332CR, AP430CR, AP432)
To get access to the Command Line Interface (CLI), you can connect to your access point through SSH. If you cannot contact and manage the access point from WatchGuard Cloud, the CLI enables you to perform management and troubleshooting commands.
From the CLI of the device, you can perform these functions:
-
View current device statistics
-
View system and process logs
-
Update or import a feature key
-
Update the firmware
-
Reboot the device
-
Change the IP address and VLAN settings
-
Perform troubleshooting diagnostics tasks (ping, traceroute, telnet, and more)
-
Reset the access point to factory default settings
To connect to the CLI, you can use an SSH client located on the same network as the access point.
The access point has an admin account and password for CLI access. You set this password when you add the access point to WatchGuard Cloud. For more information about how to set the device password, go to Access Point Device Password.
Connect to the Access Point CLI
To connect to the access point CLI:
- Open your terminal application.
- Verify that your connection type is set to SSH and the parameters are set to:
- Host name / IP address — The IP address of the access point. You can find the local IP address for the access point on the Device Summary page in WatchGuard Cloud.
- Port — 22
- Start the connection.
The connection window shows a welcome message and the access point login prompt. - At the login prompt, type the user name admin. Press Enter.
- At the password prompt, type the password you set for the device in WatchGuard Cloud. Press Enter.
If you have not yet added the access point to WatchGuard Cloud and set a device password, the default password for the CLI is watchguard.
Access Point CLI Commands
The access point CLI includes these commands:
- stat — View access point status and statistics.
- main — View a summary of the device status and statistics, including IP address information, device firmware version, and status of the connection to WatchGuard Cloud.
- syslog — View the system log file.
- process — View the system processes.
- sys — View and configure the access point system information.
- ip — Configure access point IP address settings.
- dhcpact [1 | 0] — 1: Enable DHCP, 0: Enable Static IP address
- ipaddr — IP address
- ipsubn — IP subnet mask
- gateway — Default gateway
- pdns — Primary DNS
- sdns — Secondary DNS
- link6 — Use link-local address
- ipaddr6 — IPv6 address
- sublen6 — IPv6 subnet prefix length
- gateway6 — IPv6 gateway
- pdns6 — IPv6 Primary DNS
- sdns6 — IPv6 Secondary DNS
- accept — Accept the static IP address settings (you must reboot the access point to apply the new IP address settings).
- mgmt — Manage the access point configuration.
- mvlan — Configure the management VLAN settings.
- backup revertfac — Revert the device to factory-default settings.
Caution: This command will immediately revert the access point to factory-default settings with no additional confirmation.
- fkupdate — Update the device feature key from your WatchGuard account.
- fkimport — Import the device feature key. You must manually paste the device feature key text.
- fkautosync [enable | disable] — Disable or enable automatic feature key synchronization.
- fwgrade fwup — Upgrade the access point firmware.
Supported upgrade URL formats:
http://<server_address>/file_name
https://<server_address>/file_name
ftp://account:password@<server_address>/file_name
tftp://<server_address>/file_name - tpm — (firmware 1.1.26 or higher) Show the RSA/TPM signing and binding public keys of the access point. To test the keys, see the tpmtest diagnostic tool in the diag command menu.
- diag — Perform IPv4 diagnostic and troubleshooting tools.
- ping — Ping a destination address.
- trace — Perform a trace route to a destination address.
- route — Show route information.
- arp — Show ARP (Address Resolution Protocol) information.
- telnet — Telnet to a destination address.
- sptest — Perform a speed test from the access point with an iperf3 server. You can specify the server by IP address or domain name. For best results with a public iperf3 server, use a local regional server.
- tpmtest — (firmware 1.1.26 or higher) Test the RSA/TPM signing and binding public keys of the access point. Use this command when you troubleshoot access point connection issues to WatchGuard Cloud with a WatchGuard Technical Support representative.
Use tpmtest signing to test the signing public key. This is the key used by the access point when it registers with WatchGuard Cloud.
Use tpmtest binding to test the binding public key.
Paste the key, then press CTRL-D to validate the key. Press CTRL-C to cancel. - diagv6 — Perform IPv6 diagnostic and troubleshooting tools.
- ping6 — Ping a destination address.
- trace6 — Perform a trace route to a destination address.
- telnet6 — Telnet to a destination address.
- sptest6 — Perform a speed test from the access point with an iperf3 server. You can specify the server by IP address or domain name. For best results with a public iperf3 server, use a local regional server.
- tree — View the command tree to navigate the CLI interface.
- exit — Return to the previous menu.
- help — Get help with the CLI commands.
- reboot — Reboot the access point.
- logout — Log out of the CLI session.
Configure Access Point Device Settings