53-1001947-01 September 2010 Brocade Mobility 7131N-FGR Access Point Product Reference Guide Supporting software release 4.0.0.
Copyright © 2010 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron, SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
Table of Contents 1 Introduction 1 New features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 IP filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 MU rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Media types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Direct-sequence spread spectrum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 MU association process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Importing a CA certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Creating self certificates for accessing the VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Creating a certificate for onboard Radius authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring content filtering settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 Configuring rogue AP detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Moving rogue APs to the allowed AP list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 Using MUs to detect rogue devices . .
System Radius commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454 System Network Time Protocol (NTP) commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 System Log commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Sample switch configuration file for IPSec and independent WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 557 A Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563 Physical characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563 Electrical characteristics . . . . . . . . . . . . . . . . . . . . .
About This Document In this chapter • Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Web support sites . . . . . .
Text formatting The narrative-text formatting conventions that are used are as follows: bold text Identifies command names Identifies the names of user-manipulated GUI elements Identifies keywords Identifies text to enter at the GUI or CLI italic text Provides emphasis Identifies variables Identifies document titles code text Identifies CLI output For readability, command names in the narrative portions of this guide are presented in mixed lettercase: for example, controllerShow.
CAUTION A Caution statement alerts you to situations that can be potentially hazardous to you or cause damage to hardware, firmware, software, or data. DANGER A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you. Safety labels are also attached directly to products to warn of these conditions or situations. Notice to the reader This document may contain references to the trademarks of the following corporations.
• Serial number of the unit • Model number or product name • Software type and version number Brocade responds to calls by email, telephone or fax within the time limits set forth in support agreements. If you purchased your Enterprise Mobility business product from a Brocade business partner, contact that business partner for support. Customer Support Web Sites Brocade's Support Central Web site, located at http://www.brocade.
Chapter 1 Introduction In this chapter • New features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 • Feature overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 • Theory of operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 New features The two models available to the Brocade Mobility 7131N-FGR Access Point include: • BR-7131N-66040-FGR (802.11an and 802.11bgn capable) • BR-7131N-66040-FWW (802.11an and 802.11bgn capable) New features The following features are now available with the introduction of the new 4.
New features 1 Per radio MU limit Prior to this new 4.0 AP firmware baseline, an access point allowed a total of 127 MU associations, regardless of the number of radios on the AP. With a dual-radio AP, if there were already 127 MUs associated to one radio, that were no slots available for a MU to associate with another radio. With the new 4.0 firmware, an AP can reserve slots on each radio so MUs of one radio type (11a/n or 11bg/n) have better chances for AP association.
1 Feature overview IPSec VPN support A VPN ensures data privacy between two end points, even while using a communication medium which is itself insecure (like the Internet). VPNs create a secure tunnel between two end points as if they are directly connected over a secure connection. Traffic is secured using a robust IPSec encryption technique. You can get the safety of a VPN in a WLAN by hosting the VPN server at the access point, and the VPN client software on the MU.
Feature overview • • • • • • • • • • • • 1 Mesh networking Additional LAN subnet On-board Radius Server authentication Hotspot support Routing Information Protocol (RIP) Manual date and time settings Dynamic DNS Auto negotiation Adaptive AP Rogue AP enhancements Radius time-based authentication QBSS support 802.11n support Brocade provides full life-cycle support for either a new or existing 802.11n mobility deployment, from network design to day-to-day support. For information on deploying your 802.
1 Feature overview A radio in sensor mode supports three basic features: NOTE The functions described below are conducted on the WIPS server side, not on the access point. • Wireless Termination - The access point attempts to force an unwanted (or unauthorized) connection to disconnect. • Wireless Sniffing - All received frames are reported to the WIPS server. This feature provides the WIPS server with visibility into the activity on the wireless network.
Feature overview 1 CAUTION Users cannot define a radio as a sensor when one of the access point radios is functioning as a rogue AP detector. To use one of the radios as a WIPS sensor, you must disable its current detector method(s) first, then set the radio for WIPS sensor support. For information on disabling rogue AP detection, see “Configuring rogue AP detection” on page 195.
1 Feature overview For detailed information on locating the access point’s MAC addresses, see “Viewing WAN statistics” on page 216 and “Viewing LAN statistics” on page 218. For information on access point MAC address assignments, see “MAC address assignment” on page 22. Multiple mounting options The access point attaches to a wall, mounts under a ceiling or above a ceiling (attic). Choose a mounting option based on the physical environment of the coverage area.
Feature overview BSSID MAC Address Hexadecimal Addition BSSID #1 00:23:68:72:20:DC Same as Radio MAC address BSSID #2 00:23:68:72:20:DD Radio MAC address +1 BSSID #3 00:23:68:72:20:DE Radio MAC address +2 BSSID #4 00:23:68:72:20:DF Radio MAC address +3 1 For detailed information on strategically mapping BSSIDs to WLANs, see “Configuring the 802.11a/n or 802.11b/g/n radio” on page 142. For information on access point MAC address assignments, see “MAC address assignment” on page 22.
1 Feature overview EAP Authentication The Extensible Authentication Protocol (EAP) feature provides access points and their associated MUs an additional measure of security for data transmitted over the wireless network. Using EAP, authentication between devices is achieved through the exchange and verification of certificates. EAP is a mutual authentication method whereby both the MU and AP are required to prove their identities.
Feature overview 1 VPN tunnels Virtual Private Networks (VPNs) are IP-based networks using encryption and tunneling providing users remote access to a secure LAN. In essence, the trust relationship is extended from one LAN across the public network to another LAN, without sacrificing security. A VPN behaves like a private network; however, because the data travels through the public network, it needs several layers of security. The access point can function as a robust VPN gateway.
1 Feature overview Updatable firmware Brocade periodically releases updated versions of device firmware to the Brocade Web site. If the firmware version displayed on the System Settings screen (see “Configuring system settings” on page 56) is older than the version on the Web site, Brocade recommends updating the access point to the latest firmware version for full feature functionality. For detailed information on updating the firmware using SFTP, see “Updating device firmware” on page 94.
Feature overview 1 Support for CAM and PSP MUs The access point supports both CAM and PSP powered MUs. CAM (Continuously Aware Mode) MUs leave their radios on continuously to hear every beacon and message transmitted. These systems operate without any adjustments by the access point. A beacon is a uniframe system packet broadcast by the AP to keep the network synchronized.
1 Feature overview Configuration file import/export functionality Configuration settings for an access point can be downloaded from the current configuration of another access point. This affords the administrator the ability to save the current configuration before making significant changes or restoring a default configuration. A configuration file from a dual radio Brocade Mobility 7131N-FGR Access Point can be imported to another dual radio model Brocade Mobility 7131N-FGR Access Point.
Feature overview 1 the wireless client adds the connection as a port on its bridge module. This causes the access point (in client bridge mode) to begin forwarding configuration packets to the base bridge. An access point in base bridge mode allows the access point radio to accept client bridge connections. The two bridges communicate using the Spanning Tree Protocol (STP).
1 Feature overview Policy screen enables the administrator to set WLAN access based on user groups defined within the User Database screen. Each user is authorized based on the access policies applicable to that user. Access policies allow an administrator to control access to a user groups based on the WLAN configurations. For detailed information on configuring the access point for AAA Radius Server support, see “Configuring user authentication” on page 201.
Feature overview 1 Auto negotiation Auto negotiation enables the access point to automatically exchange information about data transmission speed and duplex capabilities. Auto negotiation is helpful when using the access point in an environment where different devices are connected and disconnected on a regular basis. For information on configuring the auto negotiation feature, see “Configuring the LAN interface” on page 99 or “Configuring WAN settings” on page 111.
1 Theory of operations For information on enabling QBSS and defining the channel utilization transmission interval, see “Configuring the 802.11a/n or 802.11b/g/n radio” on page 142. Theory of operations To understand access point management and performance alternatives, users need familiarity with functionality and configuration options. The access point includes features for different interface connections and network management.
Theory of operations 1 Access points with the same ESSID define a coverage area. A valid ESSID is an alphanumeric, case-sensitive identifier up to 32 characters. An MU searches for an access point with a matching ESSID and synchronizes (associates) to establish communications. This device association allows MUs within the coverage area to move about or roam. As the MU roams from cell to cell, it associates with a different access point.
1 Theory of operations The serial port provides a Command Line Interface (CLI) connection. The serial link supports a direct serial connection. The access point is a Data Terminal Equipment (DTE) device with male pin connectors for the RS-232 port. Connecting the access point to a PC requires a null modem serial cable. Direct-sequence spread spectrum Spread spectrum (broadband) uses a narrowband signal to spread the transmission over a segment of the radio frequency band or spectrum.
Theory of operations 1 MUs perform partial scans at programmed intervals, when missing expected beacons or after excessive transmission retries. In a partial scan, the MU scans access points classified as proximate on the access point table. For each channel, the MU tests for Clear Channel Assessment (CCA). The MU broadcasts a probe with the ESSID and broadcast BSS_ID when the channel is transmission-free. It sends an ACK to a directed probe response from the access point and updates the table.
1 Theory of operations Management access options Managing the access point includes viewing network statistics and setting configuration options. Statistics track the network activity of associated MUs and data transfers on the AP interfaces. The access point requires one of the following connection methods to perform a custom installation and manage the network: • Secure Java-Based WEB UI - (use Sun Microsystems’ JRE 1.
Chapter 2 Hardware Installation In this chapter • Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Package contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Access point placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 Package contents Package contents Check package contents for the correct model and accessories.
Access point placement 2 • Install the access point at an ideal height of 10 feet from the ground. • Orient the access point antennas vertically for best reception. • Point the access point antennas downward if attaching to the ceiling. To maximize the access point’s radio coverage area, Brocade recommends conducting a site survey to define and document radio interference obstacles before installing the access point.
2 Power options The 2.4 GHz antenna suite includes the following models: Part No. Antenna Type Approximate Gain (dBi) ML-2499-11PNA2-01R Wide Angle Directional 8.5 ML-2499-HPA3-01R Omni-Directional Antenna 3.3 ML-2499-BYGA2-01R Yagi Antenna 13.9 ML-2452-APA2-01 Dual-Band 3/4 ML-2452-PTA2M3X3-2 Facade with 6 Element Antenna Module 3/5 ML-2452-PTA3M3-036 3 Port MIMO Antenna 4.75/5.5 NOTE An additional adapter is required to use ML-2499-11PNA2-01 and ML-2499-BYGA2-01 model antennae.
Mounting a Brocade Mobility 7131N-FGR Access Point 2 Mounting a Brocade Mobility 7131N-FGR Access Point A Brocade Mobility 7131N-FGR Access Point can attach to a wall, mount under a suspended T-Bar or above a ceiling (plenum or attic) following the same installation instructions. Choose one of the following mounting options based on the physical environment of the coverage area. Do not mount the access point in a location that has not been approved in a site survey.
2 Mounting a Brocade Mobility 7131N-FGR Access Point 1. Xerox copy the template (on the previous page) to a blank piece of paper. Do not reduce or enlarge the scale of the template. CAUTION If printing the mounting template (on the previous page) from an electronic PDF, dimensionally confirm the template by measuring each value for accuracy.
Mounting a Brocade Mobility 7131N-FGR Access Point 2 2. Tape the template to the wall mounting surface. • If the installation requires the antenna be positioned vertically, the centerline reference (of the template) needs to be positioned vertically. The cabling shall exit the access point in a vertical direction. • If the installation requires the antenna be positioned horizontally, the vertical centerline (of the template) needs to be positioned horizontally.
2 Mounting a Brocade Mobility 7131N-FGR Access Point The access point is ready to configure. For information on an access point default configuration, see “Getting Started” on page 39. For specific details on system configurations, see “System Configuration” on page 55. Suspended ceiling T-bar installations A suspended ceiling mount requires holding the access point up against the T-bar of a suspended ceiling grid, and twisting the chassis onto the T-bar.
Mounting a Brocade Mobility 7131N-FGR Access Point 2 CAUTION Ensure the safety wire and cabling used in the T-Bar installation is securely fastened to the building structure in order to provide a safe operating environment. 11. Rotate the access point chassis 45 degrees counter-clockwise. The clips click as they fasten to the T-bar. 12. The access point is ready to configure. For information on an access point default configuration, see “Getting Started” on page 39.
2 Mounting a Brocade Mobility 7131N-FGR Access Point wire suitable for supporting the weight of the device. The safety wire should be a standard ceiling suspension cable or equivalent steel wire between 1.59mm (.062in.) and 2.5mm (.10in.) in diameter. The mounting hardware required to install the access point above a ceiling consists of: • • • • • Light pipe Badge for light pipe Decal for badge Safety wire (strongly recommended) Security cable (optional) To install the access point above a ceiling: 1.
LED indicators 2 11. Attach the radio antennas to their correct connectors. For more information on available antennas, see “Antenna options” on page 25. 12. Brocade recommends attaching safety wire to the access point’s safety wire tie point or security cable (if used) to the access point’s lock port. 13. Align the ceiling tile into its former ceiling space. 14. Cable the access point using an approved line cord and power supply.
2 LED indicators NOTE Depending on how the 5 GHz and 2.4 GHz radios are configured, the LEDs will blink at different intervals between amber and yellow (5 GHz radio) and emerald and yellow (2.4 GHz radio). The LEDs on the top housing of the access point are clearly visible in wall and below ceiling installations.
LED indicators 2 Dual radio (2.4/5 GHz) LEDs A dual radio (2.4/5 Ghz) model access point has the following unique LED behavior: LED 1 LED 2 (LAN) LED 3 (WAN) LED 4 - 5 GHz LED 5 - 2.4 GHz LED 6 Blinking Red indicates booting.Solid Red defines the diagnostic mode. White defines normal operation. Green defines normal GE1 operation. Green defines normal GE2 operation. Blinking Amber indicates 802.11a activity. A 5 second Amber and Yellow blink rate defines 802.11an activity.
2 Setting up MUs Setting up MUs 802.11n MUs Third-party 802.11n clients can connect to the access point using default settings with no additional user intervention. However, there could be instances where the specific (high-performance) 802.11n settings cannot be sustained due to adverse radio traffic conditions within the network. When this occurs, Brocade recommends changing the Windows XP settings so the adapter can use settings defined for legacy (802.11a/bg) adapter operation.
Setting up MUs 2 NOTE If re-enabling the adapter for 802.11 support, ensure additional 802.11n settings (Aggregation, Channel Width, Guard Interval and so on) are also enabled to ensure optimal operation. 8. Click OK to save the updates to the adapter’s configuration.
2 38 Setting up MUs Brocade Mobility 7131N-FGR Product Reference Guide 53-1001947-01
Chapter 3 Getting Started In this chapter • Installing the access point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Initially connecting to the access point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Basic configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3 Initially connecting to the access point • Command Line Interface (CLI) via Serial, Telnet and SSH. The access point CLI is accessed through the RS232 port, via Telnet or SSH. The CLI follows the same configuration conventions as the device user interface with a few documented exceptions. For details on using the CLI to manage the access point, see “CLI Reference” on page 245. • Config file - Readable text file; Importable/Exportable via SFTP.
Basic configuration 3 • Stop Bits - 1 • No Parity • No Flow Control 4. Press or to access the access point CLI. 5. Enter the default username of “admin” and the default password of “admin123.” As this is the first time you are logging into the access point, you are prompted to enter a new password and set the county code. Refer to “Country codes” on page 564 for a list of each available countries two digit country code. 6. At the CLI prompt (admin>), type “summary.
3 Basic configuration 3. Scroll down to the bottom of the Advanced tab and ensure the Use TLS 1.0 option is selected. Remember, the Brocade Mobility 7131N-FGR Access Point does not support SSL 2.0 or SSL 3.0. 4. Enter the IP address of the Brocade Mobility 7131N-FGR Access Point within Internet Explorer. Select the Continue to this Website (not recommended) option. The default IP address of the WAN port is 10.1.1.1.
Basic configuration 3 Configuring the access point For the basic setup described in this guide, the Java-based Web UI will be used to configure the access point. The GE1/POE port’s default setting is static (with a default IP address of 192.168.0.1). For this example, the access point’s WAN interface will be used to connect to the access point. The default WAN IP address is 10.1.1.1. For optimal viewing of the Web UI, the screen resolution should be set to 1024 x 768 pixels or greater.
3 Basic configuration The export function will always export the encrypted Admin User password. The import function will import the Admin Password only if the access point is set to factory default. If the access point is not configured to factory default settings, the Admin User password WILL NOT get imported.
Basic configuration 3 3. Refer to the AP-71xx System Settings field to define the following parameters: System Name Assign a System Name to define a title for this access point. The System Name is useful if multiple devices are being administered. Country Select the Country for the Brocade Mobility 7131N-FGR Access Point’s country of operation. The access point prompts for the correct country code on the first login.
3 Basic configuration NOTE The System Name and Country are also configurable within the System Settings screen. Refer to “Configuring system settings” on page 56 (if necessary) to set a system location and admin email address for the Brocade Mobility 7131N-FGR Access Point or to view other default settings. 4. Refer to the new Radio Configuration field to define how WLAN and WIPS are supported by the access point’s radio(s). Remember, the options available depend on the radio model SKU deployed.
Basic configuration 3 Set a minimum set of parameters for using the WAN interface. a. Select the Enable WAN Interface checkbox to enable a connection between the Brocade Mobility 7131N-FGR Access Point and a larger network or outside world through the WAN port. Disable this option to effectively isolate the Brocade Mobility 7131N-FGR Access Point’s WAN connection. No connections to a larger network or the Internet will be possible. MUs cannot communicate beyond the configured subnets. b.
3 Basic configuration f. Specify the address of a Primary DNS Server. The ISP or a network administrator provides this address. g. Optionally, use the Enable PPP over Ethernet checkbox to enable Point-to-Point Protocol over Ethernet (PPPoE) for a high-speed connection that supports this protocol. Most DSL providers are currently using or deploying this protocol. PPPoE is a data-link protocol for dialup connections. PPPoE will allow the access point to use a broadband modem (DSL, cable modem, etc.
Basic configuration 3 f. If using the static or DHCP Server option, enter the Primary DNS Server numerical IP address. g. If using the DHCP Server option, use the Address Assignment Range parameter to specify a range of IP address reserved for mapping clients to IP addresses. If a manually (static) mapped IP address is within the IP address range specified, that IP address could still be assigned to another client.
3 Basic configuration 10. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the Brocade Mobility 7131N-FGR Access Point Quick Setup screen to the last saved configuration. Configuring basic WLAN security settings To configure a basic security policy for a WLAN: NOTE A VPN tunnel must also be established to ensure the access point is using a secure connection to the external server providing NTP, syslog or Radius resources.
Basic configuration 3 4. Configure the Key Rotation Settings as required to set Broadcast Key Rotation and the update interval. Broadcast Key Rotation Select the Broadcast Key Rotation checkbox to enable or disable broadcast key rotation. When enabled, the key indices used for encrypting/decrypting broadcast traffic will be alternatively rotated on every interval specified in the Broadcast Key Rotation Interval. Enabling broadcast key rotation enhances the broadcast traffic security on the WLAN.
3 Basic configuration Defining an IPSec VPN tunnel A secure IPSec VPN tunnel must be established between the Brocade Mobility 7131N-FGR Access Point and the external server providing the access point’s external NTP, syslog or Radius resources. Ensure the IP address of the external NTP, syslog or Raidus resource is known, as it must be supplied to the access point for the access point to properly access and communicate with the external resource. To define the attributes of the VPN tunnel: 1.
Basic configuration Remote Subnet Mask Enter the subnet mask for the tunnel’s remote network for the tunnel. The remote subnet mask is the subnet setting for the remote network the tunnel connects to. Remote Gateway Enter a numerical (non-DNS) remote gateway IP address for the tunnel. The remote gateway IP address is the gateway address on the remote network the VPN tunnel connects to. 3 4. Select the Auto (IKE) Key Exchange checkbox and the IKE Settings button.
3 Basic configuration Station Address The station address is the IP address of the target MU. Refer to the MU Stats Summary screen for associated MU IP address information. Number of pings Defines the number of packets to be transmitted to the MU. The default is 100. Packet Length Specifies the length of each packet transmitted to the MU during the test. The default length is 100 bytes. 4. Click the Ping button to begin transmitting packets to the specified MU address.
Chapter 4 System Configuration In this chapter • Configuring system settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring power settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Adaptive AP setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring data access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4 Configuring system settings • Updating device firmware Configuring system settings Use the System Settings screen to specify the name and location of the Brocade Mobility 7131N-FGR Access Point, assign an email address for the network administrator, restore the AP’s default configuration or restart the AP. To configure System Settings for the Brocade Mobility 7131N-FGR Access Point: CAUTION The access point’s country of operation is set from within the System Settings screen.
Configuring system settings System Name Specify a device name for the Brocade Mobility 7131N-FGR Access Point. Brocade recommends selecting a name serving as a reminder of the user base the Brocade Mobility 7131N-FGR Access Point supports (engineering, retail, etc.). This name will appear in the WIPS server when one of the radios is configured as a sensor and the WIPS functionality connects to the WIPS server.
4 Configuring system settings 3. Refer to the Factory Defaults field to restore either a full or partial default configuration. CAUTION Restoring the access point’s configuration back to default settings changes the administrative password back to “admin123.” If restoring the configuration back to default settings, be sure you change the administrative password accordingly.
Configuring power settings 4 NOTE The Apply button is not needed for restoring the Brocade Mobility 7131N-FGR Access Point default configuration or restarting the Brocade Mobility 7131N-FGR Access Point. 7. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the System Settings screen to the last saved configuration. 8. Click Logout to securely exit the Brocade Mobility 7131N-FGR Access Point applet.
4 Configuring power settings Radios at full power The table below describes the maximum transmit power available to each radio (at varying data rates) when the access point is receiving full DC power and is not compromised in its power budget. These values should be viewed as the safe limit for the access point’s radio at full power and should not be exceeded. Rates (Mbps) MCS Indices EVM Bandwidth Maximum Transmit Power 2.
Configuring power settings Rates (Mbps) MCS Indices EVM Bandwidth Maximum Transmit Power 2.4 GHz Maximum Transmit Power 5 GH 1 -9 20MHz 20 NA 2 -9 20MHz 20 NA 5.
4 Configuring power settings 1. Select System Configuration -> Power Settings from the menu tree. 2. Refer to the following to assess the access point’s current power state. Once known, determine how available power resources are applied to the access point’s radios. NOTE Within the Power Configuration field, an installation professional selects a power mode based on the different power resources available to that access point’s SKU.
Adaptive AP setup 4 a Power Status Refer to the (read only) power status field to review the power available to the AP. For a Brocade Mobility 7131N-FGR Access Point, the options are 3at, 3af or Full Power. Power Mode When the access point is powered on for the first time, the system determines the power budget available to the access point. Using the Auto setting (default setting), the access point automatically determines the best power configuration based on the available power budget.
4 Adaptive AP setup NOTE The Adaptive AP Setup screen does not display the AAP’s adoption status or adopted switch. This information is available using the access point’s CLI. To review AAP adoption status and adopted switch information, see “BR7131N>admin(system.aap-setup)>show” on page 410. To configure the access point’s switch discovery method and connection medium: 1. Select System Configuration -> Adaptive AP Setup from the menu tree. 2.
Configuring data access Switch Interface Use the Switch Interface drop-down menu to specify the interface used by the switch for connectivity with the access point. Options include LAN1, LAN2 and WAN. The default setting is LAN1. Enable AP-Switch Tunnel This setting is required to enable an IPSec VPN from the AAP to the Wireless Switch. Keep-alive Period The Keepalive interval defines a period (in seconds) the AAP uses to terminate its connection to the switch if no data is received.
4 Configuring data access The Access screen also has a new facility allowing customers to create a login message with customer generated text. When enabled (using either the access point Web UI or CLI), the login message displays when the user is logging into the access point. If the login message is disabled, the default login screen displays with no message. To configure access for the Brocade Mobility 7131N-FGR Access Point: 1. Select System Configuration -> Access from the menu tree. 2.
Configuring data access Authentication Timeout Defines the maximum time (between 30 - 120 seconds) allowed for SSH authentication to occur before executing a timeout. The minimum permissible value is 30 seconds. SSH Keepalive Interval The SSH Keepalive Interval defines a period (in seconds) after which if no data has been received from a client, SSH sends a message through the encrypted channel to request a response from the client.
4 Configuring data access 8. Refer to the Login Message field to optionally define a message displayed to the customer as they login into the access point. Message Settings Click the Message Settings button to display a screen used to create a text message. Once displayed, select the Enable Login Message checkbox to allow your customized message to be displayed when the user is logging into the access point.
Managing certificate authority (CA) certificates 4 Managing certificate authority (CA) certificates Certificate management includes the following sections: • Importing a CA certificate • Creating self certificates for accessing the VPN Importing a CA certificate A certificate authority (CA) is a network authority that issues and manages security credentials and public keys for message encryption. The CA signs all digital certificates that it issues with its own private key.
4 Managing certificate authority (CA) certificates 1. Select System Configuration -> Certificate Mgmt -> CA Certificates from the menu tree. 2. Copy the content of the CA Certificate message (using a text editor such as notepad) and click on Paste from Clipboard. The content of the certificate displays in the Import a root CA Certificate field. 3. Click the Import root CA Certificate button to import it into the CA Certificate list. 4.
Managing certificate authority (CA) certificates 4 1. Select System Configuration -> Certificate Mgmt -> Self Certificates from the Brocade Mobility 7131N-FGR Access Point menu tree. 2. Click on the Add button to create the certificate request. The Certificate Request screen displays. 3. Complete the request form with the pertinent information. Only 4 values are required, the others optional. Key ID Enter a logical name for the certificate to help distinguish between certificates.
4 Managing certificate authority (CA) certificates 5. Click the Generate Request button. The generated certificate request displays in Self Certificates screen text box. 6. Click the Copy to Clipboard button. The content of certificate request is copied to the clipboard. Create an email to your CA, paste the content of the request into the body of the message and send it to the CA. The CA signs the certificate and will send it back. Once received, copy the content from the email into the clipboard. 7.
Managing certificate authority (CA) certificates 4 Creating a certificate for onboard Radius authentication The Brocade Mobility 7131N-FGR Access Point can use its on-board Radius Server to generate certificates to authenticate MUs for use with the access point. In addition, a Windows 2000 or 2003 Server is used to sign the certificate before downloading it back to the access point’s on-board Radius server and loading the certificate for use with the access point.
4 Managing certificate authority (CA) certificates Email Enter a organizational email address (avoid using a personal address if possible) to associate the request with the proper requesting organization. Domain Name Ensure the Domain name is the name of the CA Server. This value must be set correctly to ensure the certificate is properly generated. IP Address Enter the IP address of this access point (as you are using the access point’s onbard Radius server).
Configuring SNMP settings 4 If you do not have administrative privileges, ensure the Web Server option has been selected from the Certificate Template drop-down menu. Click Submit. 13. Select the Base 64 encoded checkbox option from within the Certificate Issued screen and select the Download CA Certificate link. A File Download screen displays prompting the user to select the download location for the certificate. 14. Click the Save button and save the certificate to a secure location. 15.
4 76 Configuring SNMP settings Feature MIB Feature MIB LAN Configuration Symbol-AP_MIB Subnet Configuration Symbol-CC-WS2000-MIB-2.0 VLAN Configuration Symbol-AP_MIB DHCP Server Configuration Symbol-CC-WS2000-MIB-2.0 802.1x Port Authentication Symbol-AP_MIB Advanced DHCP Server configuration Symbol-CC-WS2000-MIB-2.0 Ethernet Type Filter Configuration Symbol-AP_MIB WAN IP Configuration Symbol-CC-WS2000-MIB-2.
Configuring SNMP settings 4 SNMP allows a network administrator to manage network performance, find and solve network problems, and plan for network growth. The Brocade Mobility 7131N-FGR Access Point supports SNMP management functions for gathering information from its network components, communicating that information to specified users and configuring the access point. All the fields available within the access point are also configurable within the MIB.
4 Configuring SNMP settings SNMP v1/v2c community definitions allow read-only or read/write access to Brocade Mobility 7131N-FGR Access Point management information. The SNMP community includes users whose IP addresses are specified on the SNMP Access Control screen. A read-only community string allows a remote device to retrieve information, while a read/write community string allows a remote device to modify settings.
Configuring SNMP settings 4 3. Configure the SNMP v3 User Definitions field (if SNMP v3 is used) to add and configure SNMP v3 user definitions. SNMP v3 user definitions allow read-only or read/write access to management information as appropriate. Add Click Add to create a new entry for an SNMP v3 user. Delete Select Delete to remove an entry for an SNMP v3 user. Username Specify a username by typing an alphanumeric string of up to 31 characters.
4 Configuring SNMP settings SNMP v3 Engine ID The Brocade Mobility 7131N-FGR Access Point SNMP v3 Engine ID field lists the unique SNMP v3 Engine ID for the Brocade Mobility 7131N-FGR Access Point. This ID is used in SNMP v3 as the source for a trap, response or report. It is also used as the destination ID when sending get, getnext, getbulk, set or inform commands. 6. Click Apply to save any changes to the SNMP Access screen.
Configuring SNMP settings 4 1. Select System Configuration - > SNMP Access from the Brocade Mobility 7131N-FGR Access Point menu tree. Click on the SNMP Access Control button from within the SNMP Access screen. 2. Configure the SNMP Access Control screen to add the IP addresses of those users receiving SNMP access.
4 Configuring SNMP settings Enabling SNMP traps SNMP provides the ability to send traps to notify the administrator that trap conditions are met. Traps are network packets containing data relating to network devices, or SNMP agents, that send the traps. SNMP management applications can receive and interpret these packets, and optionally can perform responsive actions. SNMP trap generation is programmable on a trap-by-trap basis.
Configuring SNMP settings Add Click Add to create a new SNMP v1/v2c Trap Configuration entry. Delete Click Delete to remove a selected SNMP v1/v2c Trap Configuration entry. Destination IP Specify a numerical (non DNS name) destination IP address for receiving the traps sent by the Brocade Mobility 7131N-FGR Access Point SNMP agent. Port Specify a destination User Datagram Protocol (UDP) port for receiving traps. The default is 162.
4 Configuring SNMP settings 6. Click Logout to securely exit the Brocade Mobility 7131N-FGR Access Point Access Point applet. A prompt displays confirming the logout before the applet is closed. Configuring specific SNMP traps Use the SNMP Traps screen to enable specific traps on the Brocade Mobility 7131N-FGR Access Point. Brocade recommends defining traps to capture unauthorized devices operating within the Brocade Mobility 7131N-FGR Access Point coverage area.
Configuring SNMP settings MU associated Generates a trap when an MU becomes associated with one of the Brocade Mobility 7131N-FGR Access Point’s WLANs. MU unassociated Generates a trap when an MU becomes unassociated with (or gets dropped from) one of the Brocade Mobility 7131N-FGR Access Point’s WLANs. MU denied association Generates a trap when an MU is denied association to a Brocade Mobility 7131N-FGR Access Point WLAN.
4 Configuring SNMP settings System Cold Start Generates a trap when the Brocade Mobility 7131N-FGR Access Point re-initializes while transmitting, possibly altering the SNMP agent's configuration or protocol entity implementation. Configuration Changes Generates a trap whenever changes to the Brocade Mobility 7131N-FGR Access Point’s configuration file are saved. Rogue AP Detection Generates a trap if a Rogue AP is detected by the Brocade Mobility 7131N-FGR Access Point.
Configuring SNMP settings 4 2. Configure the RF Trap Thresholds field to define device threshold values for SNMP traps. NOTE Average Bit Speed,% of Non-Unicast, Average Signal, Average Retries,% Dropped and % Undecryptable are not access point statistics. Pkts/s Enter a maximum threshold for the total throughput in Pps (Packets per second). Throughput Set a maximum threshold for the total throughput in Mbps (Megabits per second).
4 Configuring Network Time Protocol (NTP) Minimum number of packets required for a trap to fire Enter the minimum number of packets that must pass through the device before an SNMP rate trap is sent. Brocade recommends using the default setting of 1000 as a minimum setting for the field. 4. Click Apply to save any changes to the SNMP RF Traps screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost. 5.
Configuring Network Time Protocol (NTP) 4 2. From within the Current Time field, click the Refresh button to update the time since the screen was displayed by the user. The Current Time field displays the current time based on the Brocade Mobility 7131N-FGR Access Point system clock. If NTP is disabled or if there are no servers available, the system time displays the Brocade Mobility 7131N-FGR Access Point uptime starting at 1970-01-01 00:00:00, with the time and date advancing. 3.
4 Logging configuration Enable NTP on Brocade Mobility 7131N-FGR Access Point Select the Enable NTP on Brocade Mobility 7131N-FGR Access Point checkbox to allow a connection between the Brocade Mobility 7131N-FGR Access Point and one or more specified NTP servers. A preferred, first alternate and second alternate NTP server cannot be defined unless this checkbox is selected. Preferred Time Server Specify the numerical (non DNS name) IP address and port of the primary NTP server.
Logging configuration 4 2. Configure the Log Options field to save event logs, set the log level and optionally port the Brocade Mobility 7131N-FGR Access Point’s log to an external server. View Log Click View to save a log of events retained on the Brocade Mobility 7131N-FGR Access Point. The system displays a prompt requesting the administrator password before saving the log. After the password has been entered, click Get File to display a dialogue with buttons to Open or Save the log.txt file.
4 Importing/exporting configurations Enable logging to an external syslog server The Brocade Mobility 7131N-FGR Access Point can log events to an external syslog (system log) server. Select the Enable logging to an external syslog server checkbox to enable the server to listen for incoming syslog messages and decode the messages into a log for viewing.
Importing/exporting configurations 4 Use the Config Import/Export screen to configure an import or export operation for Brocade Mobility 7131N-FGR Access Point configuration settings. To create an importable/exportable Brocade Mobility 7131N-FGR Access Point configuration file: 1. Select System Configuration - > Config Import/Export from the Brocade Mobility 7131N-FGR Access Point menu tree. 2. Configure the SFTP Import/Export field to import/export configuration settings.
4 Updating device firmware Import Configuration Click the Import Configuration button to import the configuration file from the server with the assigned filename and login information. The system displays a confirmation window indicating the administrator must log out of the Brocade Mobility 7131N-FGR Access Point after the operation completes for the changes to take effect. Click Yes to continue the operation. Click No to cancel the configuration file import.
Updating device firmware 4 The access point’s automatic update feature updates the access point’s firmware and configuration file automatically when the access point is reset or when the access point initiates a DHCP request. The firmware is automatically updated each time firmware versions are found to be different between what is running on the access point and the firmware file located on the server.
4 Updating device firmware updated firmware is installed. For information on using the access point CLI to import and export the access point’s configuration, see “BR7131N>admin(system.cmgr)> impcert” on page 428 and “BR7131N>admin(system.cmgr)> expcert” on page 427. If a firmware update is required, use the Firmware Update screen to specify a filename and define a file location for updating the firmware. NOTE The firmware file must be available from a SFTP site to perform the update.
Updating device firmware 4 CAUTION If using a Linux server configured to support the “bf” option, an automatic firmware update is not be triggered unless both the Enable Automatic Firmware Update and Enable Automatic Configuration Update options are selected. If the Configuration Update option is disabled, the access point will not download the configuration file. Without the configuration file, the access point cannot parse for the firmware file name required to trigger the firmware update.
4 98 Updating device firmware Brocade Mobility 7131N-FGR Product Reference Guide 53-1001947-01
Chapter Network Management 5 In this chapter • Configuring the LAN interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 • Configuring WAN settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 • Enabling Wireless LANs (WLANs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 • Configuring router settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 • Configuring IP filtering . . . .
5 Configuring the LAN interface 1. Select Network Configuration -> LAN from the Brocade Mobility 7131N-FGR Access Point menu tree. 2. Configure the LAN Settings field to enable the Brocade Mobility 7131N-FGR Access Point LAN1 and/or LAN2 interface, assign a timeout value, enable 802.1q trunking, configure WLAN mapping and enable 802.1x port authentication. 100 Enable Select the LAN1 and/or LAN2 checkbox to allow the forwarding of data traffic over the specified LAN connection.
Configuring the LAN interface VLAN Name Click the VLAN Name button to launch the VLAN Name screen to create VLANs and assign them VLAN IDs. For more information, see “Configuring VLAN support” on page 102. WLAN Mapping Click the WLAN Mapping button to launch the VLAN Configuration screen to map existing WLANs to one of the two LANs and define the WLAN’s VLAN membership (up to 16 mappings are possible per access point). For more information, see “Configuring VLAN support” on page 102. 5 3.
5 Configuring the LAN interface half duplex Select this option to transmit data to and from the access point, but not at the same time. Using a half duplex transmission, the access point can send data over its LAN port then immediately receive data from the same direction in which the data was transmitted. Like a full-duplex transmission, a half-duplex transmission can carry data in both directions, just not at the same time.
Configuring the LAN interface 5 Access Point. The Brocade Mobility 7131N-FGR Access Point sends this MAC address to a host housing a copy of the Dynamic VLAN database. This database houses the records of MAC addresses and VLAN assignments. The VLAN database looks up the MAC to determine what VLAN is assigned to it. If it is not in the database, it simply uses a default VLAN assignment. The VLAN assignment is sent to the Brocade Mobility 7131N-FGR Access Point.
5 Configuring the LAN interface 4. Assign a unique VLAN ID (from 1 to 4095) to each VLAN added or modified. The VLAN ID associates a frame with a specific VLAN and provides the information the Brocade Mobility 7131N-FGR Access Point needs to process the frame across the network. Therefore, it may be practical to assign a name to a VLAN representative or the area or type of network traffic it represents.
Configuring the LAN interface 5 The Management VLAN uses a default tag value of 1. The Management VLAN is used to distinguish VLAN traffic flows for the LAN. The trunk port marks the frames with special tags as they pass between the Brocade Mobility 7131N-FGR Access Point and its destination, these tags help distinguish data traffic. Authentication servers (such as Radius) must be on the same Management VLAN. Additionally, DHCP and BOOTP servers must be on the same Management VLAN as well. 9.
5 Configuring the LAN interface 1. Select Network Configuration -> LAN -> LAN1 (or LAN2) from the Brocade Mobility 7131N-FGR Access Point menu tree. 2. Configure the DHCP Configuration field to define the DHCP settings used for the LAN. NOTE When setting the LAN interface to be a DHCP Server and adding an IP address, the primary DNS IP address might not be updated, with only the secondary address getting updated. Ensure the primary address is the same as the IP address of the LAN.
Configuring the LAN interface This interface uses static IP Address Select the This interface uses static IP Address button, and manually enter static network address information in the areas provided. This interface is a DHCP Server The Brocade Mobility 7131N-FGR Access Point can be configured to function as a DHCP server over the LAN1 or LAN2 connection. Select the This interface is a DHCP Server button and manually enter static network address information in the areas provided.
5 Configuring the LAN interface 3. Refer to the IP Filtering field to optionally enable the IP filtering feature, and (if enabled) apply existing IP filters (and their rules and permissions) to LAN1 or LAN2. Enable IP Filtering Selecting this checkbox allows the LAN to employ filter policies and rules to determine which IP packets are processed normally over the LAN and which are discarded. If discarded, a packet is deleted and ignored (as if never received).
Configuring the LAN interface 5 3. Specify a lease period in seconds for available IP addresses using the DHCP Lease Time (Seconds) parameter. An IP address is reserved for re-connection for the length of time you specify. The default interval is 86400 seconds. 4. Click the Add button to create a new table entry within the Reserved Clients field. If a statically mapped IP address is within the IP address range in use by the DHCP server, that IP address may still be assigned to another client.
5 Configuring the LAN interface 1. Select Network Configuration-> LAN -> LAN1 (or LAN2)-> Type Filter from the Brocade Mobility 7131N-FGR Access Point menu tree. The Ethernet Type Filter Configuration screen displays for the LAN. No Ethernet types are displayed (by default) when the screen is first launched. 2. Use the all ethernet types, except drop-down menu to designate whether the Ethernet Types defined for the LAN are allowed or denied for use by the Brocade Mobility 7131N-FGR Access Point. 3.
Configuring WAN settings 5 5. Click Apply to save any changes to the LAN1 or LAN2 Ethernet Type Filter Configuration screen. Navigating away from the screen without clicking Apply results in all changes to the screens being lost. 6. Click Cancel to securely exit the LAN1 or LAN2 Ethernet Type Filter Configuration screen without saving your changes. 7. Click Logout to securely exit the Access Point applet. A prompt displays confirming the logout before the applet is closed.
5 Configuring WAN settings NOTE Brocade recommends that the WAN and LAN ports should not both be configured as DHCP clients. 112 Enable WAN Interface Select the Enable WAN Interface checkbox to enable a connection between the Brocade Mobility 7131N-FGR Access Point and a larger network or outside world through the WAN port. Disable this option to effectively isolate the Brocade Mobility 7131N-FGR Access Point’s WAN. No connections to a larger network or the Internet are possible.
Configuring WAN settings More IP Addresses Click the More IP Addresses button to specify additional static IP addresses for the Brocade Mobility 7131N-FGR Access Point. Additional IP addresses are required when users within the WAN need dedicated IP addresses, or when servers need to be accessed (addressed) by the outside world. The More IP Addresses screen allows the administrator to enter up to seven additional WAN IP addresses for the Brocade Mobility 7131N-FGR Access Point WAN.
5 Configuring WAN settings NOTE Be aware that the access point can (incorrectly) carry over previously configured static IP information and maintain two connected routes once it gets an IP address from a PPPOE connection. Enable Use the checkbox to enable Point-to-Point over Ethernet (PPPoE) for a high-speed connection that supports this protocol. Most DSL providers are currently using or deploying this protocol. PPPoE is a data-link protocol for dialup connections.
Configuring WAN settings 5 6. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the WAN screen to the last saved configuration. 7. Click Logout to securely exit the Access Point applet. A prompt displays confirming the logout before the applet is closed. Configuring Network Address Translation (NAT) settings Network Address Translation (NAT) converts an IP address in one network to a different IP address or set of IP addresses in another network.
5 Configuring WAN settings WAN IP Address The WAN IP addresses on the NAT screen are dynamically generated from address settings applied on the WAN screen. NAT Type Specify the NAT Type as 1 to 1 to map a WAN IP address to a single host (local) IP address. 1 to 1 mapping is useful when users need dedicated addresses, and for public-facing servers connected to the Brocade Mobility 7131N-FGR Access Point. Set the NAT Type as 1 to Many to map a WAN IP address to multiple local IP addresses.
Configuring WAN settings 5 4. Configure the Port Forwarding screen to modify the following: Add Click Add to create a local map that includes the name, transport protocol, start port, end port, IP address and Translation Port for incoming packets. Delete Click Delete to remove a selected local map entry. Name Enter a name for the service being forwarded. The name can be any alphanumeric string and is used for identification of the service.
5 Configuring WAN settings 6. Click Cancel to undo any changes made on Port Forwarding screen. This reverts all settings for the Port Forwarding screen to the last saved configuration. Configuring Dynamic DNS The access point supports the Dynamic DNS service. Dynamic DNS (or DynDNS) is a feature offered by www.dyndns.com which allows the mapping of domain names to dynamically assigned IP addresses via the WAN port.
Enabling Wireless LANs (WLANs) 5 4. Enter the DynDNS Password for the account you wish to use for the access point. 5. Provide the Hostname for the DynDNS account you wish to use for the access point. 6. Click the Update DynDNS button to update the access point’s current WAN IP address with the DynDNS service. NOTE DynDNS supports devices directly connected to the Internet. Having VPN enabled, and the DynDNS Server on the other side of the VPN is not supported. 7.
5 Enabling Wireless LANs (WLANs) 1. Select Network Configuration -> Wireless from the Brocade Mobility 7131N-FGR Access Point menu tree. If a WLAN is defined, that WLAN displays within the Wireless Configuration screen. When the Brocade Mobility 7131N-FGR Access Point is first booted, WLAN1 exists as a default WLAN available immediately for connection. 2.
Enabling Wireless LANs (WLANs) Security Policy The Security Policy field displays the security profile configured for the target WLAN. For information on configuring security for a WLAN, see “Enabling authentication and encryption schemes” on page 164. QoS Policy The QoS Policy field displays the quality of service currently defined for the WLAN. This policy outlines which data types receive priority for the user base comprising the WLAN.
5 Enabling Wireless LANs (WLANs) 3. Set the parameters in the Configuration field as required for the WLAN. CAUTION When using the access point’s hotspot functionality, ensure MUs are re-authenticated when changes are made to the characteristics of a hotspot enabled WLAN, as MUs within the WLAN will be dropped from device association. 122 ESSID Enter the Extended Services Set Identification (ESSID) associated with the WLAN. The WLAN name is auto-generated using the ESSID until changed by the user.
Enabling Wireless LANs (WLANs) Available On Use the Available On checkboxes to define whether the WLAN you are creating or editing is available to clients on either the 802.11a/n or 802.11b/g/n radio (or both radios). The Available On checkbox should only be selected for a mesh WLAN if this target access point is to be configured as a base bridge or repeater (base and client bridge) on the radio.
5 Enabling Wireless LANs (WLANs) Security Policy Use the scroll down Security Policies menu to select the security scheme best suited for the new or revised WLAN. Click the Create button to launch the New Security Policy screen where a new policy can be created to suit the needs of the WLAN. For more information, see “Configuring WLAN security policies” on page 125. MU Access Control Select an ACL policy suiting the WLAN‘s MU introperability requirements from the drop-down menu.
Enabling Wireless LANs (WLANs) 5 6. Refer to the IP Filtering field to optionally enable the IP filtering feature, and (if enabled) apply existing IP filters (and their rules and permissions) to the WLAN. Enable IP Filtering Selecting this checkbox allows the WLAN to employ filter policies and rules to determine which IP packets are processed normally over the WLAN and which are discarded. If discarded, a packet is deleted and ignored (as if never received).
5 Enabling Wireless LANs (WLANs) NOTE When the Brocade Mobility 7131N-FGR Access Point is first launched, a single security policy (default) is available and mapped to WLAN 1. It is anticipated numerous additional security policies will be created as the list of WLANs grows. Configuring a WLAN security scheme with a discussion of all the authentication and encryption options available is beyond the scope of this .
Enabling Wireless LANs (WLANs) 5 To create or edit ACL policies for WLANs: 1. Select Network Configuration -> Wireless -> MU ACL from the Brocade Mobility 7131N-FGR Access Point menu tree. The Mobile Unit Access Control List Configuration screen displays with existing ACL policies and their current WLAN (if mapped to a WLAN). NOTE When the Brocade Mobility 7131N-FGR Access Point is first launched, a ACL policy (default) is available and mapped to WLAN 1.
5 Enabling Wireless LANs (WLANs) Either the New MU ACL Policy or Edit MU ACL Policy screens display. 3. Assign a name to the new or edited ACL policy that represents an inclusion or exclusion policy specific to a particular type of MU traffic you may want to use with a single or group of WLANs. More than one WLAN can use the same ACL policy. 4. Configure the parameters within the Mobile Unit Access Control List field to allow or deny MU access to the Brocade Mobility 7131N-FGR Access Point.
Enabling Wireless LANs (WLANs) 5 Setting the WLAN Quality of Service (QoS) policy The Brocade Mobility 7131N-FGR Access Point can keep a list of QoS policies that can be used from the New WLAN or Edit WLAN screens to map to individual WLANs. Use the Quality of Service Configuration screen to configure WMM policies that can improve the user experience for audio, video and voice applications by shortening the time between packet transmissions for higher priority (multimedia) traffic.
5 Enabling Wireless LANs (WLANs) 2. Click the Create button to configure a new QoS policy, or select a policy and click the Edit button to modify an existing QoS policy. The access point supports a maximum of 16 QoS policies.
Enabling Wireless LANs (WLANs) 5 3. Assign a name to the new or edited QoS policy that makes sense to the Brocade Mobility 7131N-FGR Access Point traffic receiving priority. More than one WLAN can use the same QoS policy. 4. Select the Support Voice prioritization checkbox to allow legacy voice prioritization. Certain products may not receive priority over other voice or data traffic.
5 Enabling Wireless LANs (WLANs) 7. Select the Enable Wi-Fi Multimedia (WMM) QoS Extensions checkbox to configure the Brocade Mobility 7131N-FGR Access Point’s QoS Access Categories. The Access Categories are not configurable unless the checkbox is selected. Access Categories include: Background Backgrounds traffic is typically of a low priority (file transfers, print jobs ect.). Background traffic typically does not have strict latency (arrival) and throughput requirements.
Enabling Wireless LANs (WLANs) 5 U-APSD (WMM Power Save) support The access point now supports Unscheduled Automatic Power Save Delivery (U-APSD), often referred to as WMM Power Save. U-APSD provides a periodic frame exchange between a voice capable MU and the access point during a VoIP call, while legacy power management is still utilized for typical data frame exchanges. The access point and its associated MU activate the new U-APSD power save approach when a VoIP traffic stream is detected.
5 Enabling Wireless LANs (WLANs) 2. Click the Configure Hotspot button within the WLAN screen to display the Hotspot Configuration screen for that target WLAN. 3. Refer to the HTTP Redirection field to specify how the Login, Welcome, and Fail pages are maintained for this specific WLAN. The pages can be hosted locally or remotely. . Use Default Files Select the Use Default Files checkbox if the login, welcome and fail pages reside on the access point.
Enabling Wireless LANs (WLANs) 5 NOTE If an external URL is used, the external Web pages are required to forward user credentials to the access point, which in turn forwards them to the authentication Server (either onboard or external server) in order to grant users Web access. Login Page URL Define the complete URL for the location of the Login page. The Login screen will prompt the hotspot user for a username and password to access the Welcome page.
5 Enabling Wireless LANs (WLANs) Enable Accounting Select the Enable Accounting checkbox to enable a Radius Accounting Server used for Radius authentication for a target hotspot user. Server Address Specify an IP address for the external Radius Accounting server used to provide Radius accounting for the hotspot. If using this option, an internal Radius server cannot be used. The IP address of the internal Radius server is fixed at 127.0.0.1 and cannot be used for the external Radius server.
Enabling Wireless LANs (WLANs) 5 NOTE If using an external Web Server over the WAN port, and the hotspot’s HTTP pages (login or welcome) redirect to the access point’s WAN IP address for CGI scripts, the IP address of the external Web server and the access point’s WAN IP address should be entered in the White List.
5 Enabling Wireless LANs (WLANs) With dual-radio model Brocade Mobility 7131N-FGR Access Point, the Radio Configuration screen enables you to configure one radio for 802.11a (or a/n) use and the other for 802.11b/g (or b/g/n) support. The new Brocade Mobility 7131N-FGR Access Point is available in two different dual radio models. The two models available to the Brocade Mobility 7131N-FGR Access Point series are: • BR-7131N-66040-FGR (802.11a/n and 802.11b/g/n capable) • BR-7131N-66040-FWW (802.
Enabling Wireless LANs (WLANs) 5 1. Select Network Configuration -> Wireless -> Radio Configuration from the Brocade Mobility 7131N-FGR Access Point menu tree. Review the Radio Function to assess if this radio is currently functioning as a WLAN radio or has been dedicated as a WIPS sensor. Refer to RF Band of Operation parameter to ensure you are enabling the correct radio. After the settings are applied within this Radio Configuration screen, the Radio Status and MUs connected values update.
5 Enabling Wireless LANs (WLANs) 4. If the Base Bridge checkbox has been selected, use the Max# Client Bridges parameter to define the client bridge load on a particular base bridge. The maximum number of client bridge connections per radio is 12, with 24 representing the maximum for dual-radio models. CAUTION An access point is Base Bridge mode logs out whenever a Client Bridge associates to the Base Bridge over the LAN connection. This problem is not experienced over the access point’s WAN connection.
Enabling Wireless LANs (WLANs) 7. 5 With dual-radio model Brocade Mobility 7131N-FGR Access Point, refer to the Mesh Timeout drop-down menu to define whether one of the radio’s beacons on an existing WLAN or if a client bridge radio uses an uplink connection. The following drop-down menu options are available: Disabled When disabled, both radios are up at boot time and beaconing. If one radio (radio 1) does not have a mesh connection, the other radio (radio 2) is not affected.
5 Enabling Wireless LANs (WLANs) Once the target radio has been enabled from the Radio Configuration screen, configure the radio’s properties by selecting it from the Brocade Mobility 7131N-FGR Access Point menu tree. For more information, see “Configuring the 802.11a/n or 802.11b/g/n radio” on page 142. Configuring the 802.11a/n or 802.11b/g/n radio Configure an 802.11a/n or 802.11b/g/n radio by selecting the radio’s name (as defined using the 802.11a/n or 802.
Enabling Wireless LANs (WLANs) Placement Use the Placement drop-down menu to specify whether the radio is located outdoors or indoors. Default placement depends on the country of operation selected for the Brocade Mobility 7131N-FGR Access Point. MAC Address The Brocade Mobility 7131N-FGR Access Point, like other Ethernet devices, has a unique, hardware encoded Media Access Control (MAC) or IEEE address. MAC addresses determine the device sending or receiving data.
5 144 Enabling Wireless LANs (WLANs) 802.11 b/g/n mode For radio1, specify B, G and N, B and G, G Only, B only or N Only to define whether the 802.11b/g/n radio transmits in the 2.4 Ghz band exclusively for 802.11b (legacy) clients or transmits in the 2.4 Ghz band for 802.11g/n clients. Selecting b and g enables the Brocade Mobility 7131N-FGR Access Point to transmit to both b and g clients if legacy clients (802.11b) partially comprise the network.
Enabling Wireless LANs (WLANs) Channel Selection Brocade Mobility 7131N-FGR Product Reference Guide 53-1001947-01 5 The following channel selection options exist: User Selected - This is the default setting. If 20/40 MHz is selected as the Channel Width (supporting 11n), the Secondary Channel drop-down menu becomes enabled. The user must define the primary channel first.
5 146 Enabling Wireless LANs (WLANs) Power Level Use the drop-down menu to defines the transmit power of the 802.11a/n or 802.11b/g/n antenna(s). The values are expressed in dBm and mW. Set Rates Click the Set Rates button to define minimum and maximum data transmit rates for the radio. Use the Basic Rates drop-down menu to select the rates available for either the 2.4 GHz or 5 GHz radio band. The menu options differ, based on the radio band. For 2.
Enabling Wireless LANs (WLANs) 5 4. Configure the Performance field to set the preamble, thresholds values and QoS values for the radio. Support Short Preamble Brocade Mobility 7131N-FGR Product Reference Guide 53-1001947-01 The preamble is approximately 8 bytes of packet header generated by the access point and attached to a packet prior to transmission from the 802.11b radio. The preamble length for 802.11b transmissions is rate dependant. A short preamble is 50% shorter than a long preamble.
5 148 Enabling Wireless LANs (WLANs) RTS Threshold RTS allows the Brocade Mobility 7131N-FGR Access Point to use RTS (Request To Send) on frames longer than the specified length. The default is 2341bytes. Set RF QoS Click the Set RF QoS button to display the Set RF QOS screen to set QoS parameters for the radio. Do not confuse with the QoS configuration screen used for a WLAN. The Set RF QoS screen initially appears with default values displayed.
Enabling Wireless LANs (WLANs) Set Aggregation 5 Select the Enable Transmit A-MSDU checkbox (within the A-MSDU Aggregation field) to enable the aggregation of MAC Service frames. When enabled, long frames can be both sent and received (up to 4 KB). The A-MSDU buffer limit is not user configurable. If disabled, no AMSDU packets are transmitted by the access point. Select the Enable Transmit A-MPDU checkbox (within the A-MPDU Aggregation field) to allow the aggregation of MAC Protocol frames.
5 Enabling Wireless LANs (WLANs) 6. Refer to the QBSS Load Element Settings field to determine whether channel usage data is transmitted to associated devices. 7. Enable QBSS load element When enabled, the access point communicates channel usage data to associated devices using an interval you define. The QBSS load represents the percentage of time the channel is in use by the access point and the access point’s MU count.
Enabling Wireless LANs (WLANs) WLAN Lists the WLAN names available to the 802.11a/n or 802.11b/g/n radio that can be assigned to a BSSID. BSSID Assign a BSSID value of 1 through 4 to a WLAN in order to map the WLAN to a specific BSSID. BC/MC Cipher A read only field displaying the downgraded BC/MC (Broadcast/Multicast) cipher for a WLAN based on the BSSID and VLAN ID to which it has been mapped.
5 Enabling Wireless LANs (WLANs) 1. Select Network Configuration -> Wireless -> Rate Limit from the Brocade Mobility 7131N-FGR Access Point menu tree. 2. Select the enable Rate Limiting option to globally enable MU rate limiting for each of the access point’s 16 WLANs. Once enabled, MU rate limiting still needs to be enabled for a specific WLAN, then the rate limit allocation needs to be defined for MU traffic within that specific WLAN.
Configuring router settings 5 Configuring router settings The Brocade Mobility 7131N-FGR Access Point router uses routing tables and protocols to forward data packets from one network to another. The Brocade Mobility 7131N-FGR Access Point router manages traffic within the network, and directs traffic from the WAN to destinations on the Brocade Mobility 7131N-FGR Access Point managed LAN. Use the Brocade Mobility 7131N-FGR Access Point Router screen to view the router's connected routes.
5 Configuring router settings Routing Information Protocol (RIP) is an interior gateway protocol that specifies how routers exchange routing-table information. The Router screen also allows the administrator to select the type of RIP and the type of RIP authentication used by the switch. For more information on configuring RIP, see “Setting the RIP configuration” on page 154. 5. Use the User Defined Routes field to add or delete static routes.
Configuring router settings 5 3. If RIP v2 or RIP v2 (v1 compat) is the selected RIP type, the RIP v2 Authentication field becomes active. Select the type of authentication to use from the Authentication Type drop-down menu. Available options include: None This option disables the RIP authentication. Simple This option enable RIP version 2’s simple authentication mechanism. This setting activates the Password (Simple Authentication) field.
5 Configuring IP filtering 6. Click the OK button to return to the Router screen. From there, click Apply to save the changes. Configuring IP filtering Use the access point’s IP filtering functionality to determine which IP packets are processed normally by the access point and which are discarded. If discarded, a packet is deleted and ignored (as if never received). The allow/deny mechanism used by IP filtering makes it similar to an access control list (ACL).
Configuring IP filtering 5 1. Select Network Configuration -> IP Filtering from the Brocade Mobility 7131N-FGR Access Point menu tree. When the IP Filtering screen is initially displayed, there are no default filtering policies, and they must be created. NOTE With IP Filtering, users can only define a destination port, not a source port. 2. Click the Add button to define the attributes of a new IP Filtering policy. The following policy (or filtering rule) attributes require definition.
5 Configuring IP filtering Src End Providing this address completes a range of source (data origination) addresses than can either be allowed or denied access to the LAN1, LAN2 or WLAN. Dst Start Creates a range beginning destination IP address to be either allowed or denied IP packet forwarding. Setting the Dst End value the same as the Dst Start allows or denies just this address without defining a range.
Configuring IP filtering 5 a. Select Network Configuration -> Wireless from the Brocade Mobility 7131N-FGR Access Point menu tree. b. Click the Create button to apply the filter to a new WLAN, or highlight an existing WLAN and click the Edit button. Either the New WLAN or Edit WLAN screen displays. c. Select the Enable IP Filtering button in the lower portion of the screen. d. Select the IP Filtering button.
5 160 Configuring IP filtering Brocade Mobility 7131N-FGR Product Reference Guide 53-1001947-01
Chapter 6 Configuring Access Point Security In this chapter • Configuring security options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Setting passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Enabling authentication and encryption schemes . . . . . . . . . . . . . . . . . . . • Configuring 802.1x EAP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring WPA2-CCMP (802.11i) . . . . . . .
6 Setting passwords • To display security policy screens used to configure the authetication and encryption schemes available to the Brocade Mobility 7131N-FGR Access Point, see “Enabling authentication and encryption schemes” on page 164. These security policies can be used on more than one WLAN. • To create a security policy supporting 802.1x EAP, see “Configuring 802.1x EAP settings” on page 165. • To create a security policy supporting WPA2-CCMP, see “Configuring WPA2-CCMP (802.11i)” on page 169.
Setting passwords 6 If the default login is successful, the Change Admin Password window displays. Change the default login and password to significantly decrease the likelihood of hacking. CAUTION Restoring the access point’s configuration back to default settings changes the administrative password back to “admin123.” If restoring the configuration back to default settings, be sure you change the administrative password accordingly. 5.
6 Enabling authentication and encryption schemes Enabling authentication and encryption schemes To complement the built-in firewall filters on the WAN side of the Brocade Mobility 7131N-FGR Access Point, the WLAN side of the Brocade Mobility 7131N-FGR Access Point supports authentication and encryption schemes. Authentication is a challenge-response procedure for validating user credentials such as username, password, and sometimes secret-key information.
Configuring 802.1x EAP settings 6 Select this button to disable authentication. This is the default Manually Pre-Shared Key / No Authentication value for the Authentication field. 802.1x EAP Select the 802.1x EAP button to display the 802.1x EAP Settings field within the New Security Policy screen. For specific information on configuring EAP, see “Configuring 802.1x EAP settings” on page 165. 5. Enable and configure an Encryption option if necessary for the target security policy. WPA2/CCMP (802.
6 Configuring 802.1x EAP settings The 802.1x EAP Settings field displays within the New Security Policy screen. 4. Ensure the Name of the security policy entered suits the intended configuration or function of the policy. 5. If using the access point’s Internal Radius server, leave the Radius Server drop-down menu in the default setting of Internal. If an external Radius server is used, select External from the drop-down menu.
Configuring 802.1x EAP settings Radius Server Address If using an External Radius Server, specify the numerical (non-DNS) IP address of a primary Remote Dial-In User Service (Radius) server. Optionally, specify the IP address of a secondary server. The secondary server acts as a failover server if the primary server cannot be contacted. An ISP or a network administrator provides these addresses.
6 Configuring 802.1x EAP settings 7. Enable Syslog Select the Enable Syslog checkbox to enable Radius accounting syslog messages relating to EAP events to be written to the specified syslog server. Syslog Server IP Address Enter the IP address of the destination syslog server to be used to log EAP events. Select the Reauthentication tab as required to define authentication connection policies, intervals and maximum retries.
Configuring WPA2-CCMP (802.11i) 6 9. Click the Apply button to save any changes made within the 802.1x EAP Settings field (including all 5 selectable tabs) of the New Security Policy screen. 10. Click the Cancel button to undo any changes made within the 802.1x EAP Settings field and return to the WLAN screen. This reverts all settings for the 802.1x EAP Settings field to the last saved configuration. Configuring WPA2-CCMP (802.11i) WPA2 is a newer 802.
6 Configuring WPA2-CCMP (802.11i) 5. Configure the Key Rotation Settings field as required to set Broadcast Key Rotation and the update interval. Broadcast Key Rotation Select the Broadcast Key Rotation checkbox to enable or disable broadcast key rotation. When enabled, the key indices used for encrypting/decrypting broadcast traffic will be alternatively rotated on every interval specified in the Broadcast Key Rotation Interval.
Configuring firewall settings 7. 6 Configure the Fast Roaming (802.1x only) field as required to enable additional Brocade Mobility 7131N-FGR Access Point roaming and key caching options. This feature is applicable only when using 802.1x EAP authentication with WPA2/CCMP. Pre-Authentication Selecting this option enables an associated MU to carry out an 802.1x authentication with another Brocade Mobility 7131N-FGR Access Point before it roams to it.
6 Configuring firewall settings 1. Select Network Configuration -> Firewall from the Brocade Mobility 7131N-FGR Access Point menu tree. 2. Refer to the Global Firewall Disable field to enable or disable the Brocade Mobility 7131N-FGR Access Point firewall. Disable Firewall Select the Disable Firewall checkbox to disable all firewall functions on the Brocade Mobility 7131N-FGR Access Point. This includes firewall filters, NAT, VP, content filtering, and subnet access.
Configuring firewall settings SYN Flood Attack Check 6 A SYN flood attack requests a connection and then fails to promptly acknowledge a destination host's response, leaving the destination host vulnerable to a flood of connection requests. Source Routing Check A source routing attack specifies an exact route for a packet's travel through a network, while exploiting the use of an intermediate host to gain access to a private host.
6 Configuring firewall settings Color Access Type Description Green Full Access No protocol exceptions (rules) are specified. All traffic may pass between these two areas. Yellow Limited Access One or more protocol rules are specified. Specific protocols are either enabled or disabled between these two areas. Click the table cell of interest and look at the exceptions area in the lower half of the screen to determine the protocols that are either allowed or denied.
Configuring firewall settings Allow or Deny all protocols, except Use the drop-down menu to select either Allow or Deny. The selected setting applies to all protocols except those with enabled checkboxes and any traffic that is added to the table. For example, if the adoption rule is to Deny access to all protocols except those listed, access is allowed only to those selected protocols. Pre configured Rules The following protocols are preconfigured with the Brocade Mobility 7131N-FGR Access Point.
6 Configuring firewall settings Available protocols Protocols that are not pre-configured can be specified using the drop down list within the Transport column within the Subnet Access and Advanced Subnet Access screens. They include: • ALL - Enables all of the protocol options displayed in the drop-down menu (as described below). • TCP - Transmission Control Protocol is a set of rules for sending data as message units over the Internet. TCP manages individual data packets.
Configuring firewall settings 6 1. Select Network Configuration -> Firewall -> Advanced Subnet Access from the Brocade Mobility 7131N-FGR Access Point menu tree. 2. Configure the Settings field as needed to override the settings in the Subnet Access screen and import firewall rules into the Advanced Subnet Access screen.
6 Configuring VPN tunnels Del (Delete) Click Del to remove the selected rule from the table. The index numbers for all the rows below the deleted row decrease by 1. Move Up Clicking the Move Up button moves the selected rule up by one row in the table. The index numbers for the affected rows adjust to reflect the new order. Move Down Clicking the Move Down button moves the selected rule down by one row in the table. The index numbers for the affected rows adjust to reflect the new order.
Configuring VPN tunnels 6 When connecting to another site using a VPN, the traffic is encrypted so if anyone intercepts the traffic, they cannot see what it is unless they can break the encryption. The traffic is encrypted from your computer through the network to the VPN. At that point the traffic is decrypted. Use the VPN screen to add and remove VPN tunnels. To configure an existing VPN tunnel, select it from the list in the VPN Tunnels field.
6 Configuring VPN tunnels Remote Gateway The Remote Gateway column lists a remote gateway IP address for each tunnel. The numeric remote gateway is the gateway IP address on the remote network the VPN tunnel connects to. Ensure the address is the same as the WAN port address of the target gateway AP or switch. Key Exchange Type The Key Exchange Type column lists the key exchange type for passing keys between both ends of a VPN tunnel. If Manual Key Exchange is selected, this column displays Manual.
Configuring VPN tunnels Manual Key Exchange Selecting Manual Key Exchange requires you to manually enter keys for AH and/or ESP encryption and authentication. Click the Manual Key Settings button to configure the settings. Manual Key Settings Select Manual Key Exchange and click the Manual Key Settings button to open a screen where AH authentication and ESP encryption/authentication can be configured and keys entered. For more information, see “Configuring manual key settings” on page 183.
6 Configuring VPN tunnels 1. Ensure the WAN ports are connected via the internet 2. Select Network Configuration -> WAN -> VPN from the Brocade Mobility 7131N-FGR Access Point menu tree. 3. Enter any tunnel name (tunnel names do not need to match). 4. Enter the WAN port IP address of AP #1 in the Local WAN IP field 5. Enter the LAN IP subnet and mask of AP #2 in the Remote Subnet and Remote Subnet Mask fields, 6. Enter the WAN port IP address of AP #2 in the Remote Gateway field 7.
Configuring VPN tunnels 6 Notice the status displays "NOT_ACTIVE". This screen automatically refreshes to get the current status of the VPN tunnel. Once the tunnel is active, the IKE_STATE changes from NOT_CONNECTED to SA_MATURE. 19. On AP #2, repeat the same steps as above. However, replace AP #2 information with AP #1 information. 20. Once both tunnels are established, ping each side to ensure connectivity.
6 Configuring VPN tunnels 1. Select Network Configuration -> WAN -> VPN from the Brocade Mobility 7131N-FGR Access Point menu tree. 2. Refer to the VPN Tunnel Config field, select the Manual Key Exchange radio button and click the Manual Key Settings button. 3. Configure the Manual Key Settings screen to modify the following: NOTE When entering Inbound or Outbound encryption or authentication keys, an error message could display stating the keys provided are “weak”.
Configuring VPN tunnels AH Authentication AH provides data authentication and anti-replay services for the VPN tunnel. Select the required authentication method from the drop-down menu: • None - Disables AH authentication. The rest of the fields are not active. • SHA1 - Enables Secure Hash Algorithm 1, requiring 160-bit (40-character hexadecimal) keys. Inbound AH Authentication Key Configure a key for computing the integrity check on inbound traffic with the selected authentication algorithm.
6 Configuring VPN tunnels Inbound ESP Authentication Key Define a key for computing the integrity check on the inbound traffic with the selected authentication algorithm. The key must be 32/40 hexadecimal (0-9, A-F) characters in length. The key must match the corresponding outbound key on the remote security gateway. Outbound ESP Authentication Key Enter a key for computing the integrity check on outbound traffic with the selected authentication algorithm.
Configuring VPN tunnels 6 3. Configure the Auto Key Settings screen to modify the following: Use Perfect Forward Secrecy Forward secrecy is a key-establishment protocol guaranteeing the discovery of a session key or long-term private key does not compromise the keys of other sessions. Select Yes to enable Perfect Forward Secrecy. Select No to disable Perfect Forward Secrecy.
6 Configuring VPN tunnels ESP Encryption Algorithm Use this menu to select the encryption and authentication algorithms for this VPN tunnel. • 3DES - Selects the 3DES algorithm. No keys are required to be manually provided. • AES 128-bit - Selects the Advanced Encryption Standard algorithm with 128-bit. No keys are required to be manually provided. • AES 192-bit - Selects the Advanced Encryption Standard algorithm with 192-bit. No keys are required to be manually provided.
Configuring VPN tunnels 6 3. Configure the IKE Key Settings screen to modify the following: Operation Mode The Phase I protocols of IKE are based on the ISAKMP identity-protection and aggressive exchanges. IKE main mode refers to the identity-protection exchange, and IKE aggressive mode refers to the aggressive exchange. • Main - Standard IKE mode for communication and key exchange. • Aggressive - Aggressive mode is faster, but less secure than Main mode.
6 190 Configuring VPN tunnels Remote ID Type Select the type of ID to be used for the Brocade Mobility 7131N-FGR Access Point end of the tunnel from the Remote ID Type drop-down menu. • IP - Select the IP option if the remote ID type is the IP address specified as part of the tunnel. • FQDN - Select FQDN if the remote ID type is a fully qualified domain name (such as brocade.com).
Configuring VPN tunnels 6 4. Click Ok to return to the VPN screen. Click Apply to retain the settings made on the IKE Settings screen. 5. Click Cancel to return to the VPN screen without retaining the changes made to the IKE Settings screen. Viewing VPN status Use the VPN Status screen to display the status of the tunnels configured on the Brocade Mobility 7131N-FGR Access Point as well as their lifetime, transmit and receive statistics. The VPN Status screen is read-only with no configurable parameters.
6 Configuring content filtering settings Outb SPI The Outb SPI column displays the outbound Security Parameter Index (SPI) for each tunnel. The SPI is used locally by the Brocade Mobility 7131N-FGR Access Point to identify a security association. There are unique outbound and inbound SPIs. Inb SPI The Inb SPI column displays the inbound Security Parameter Index (SPI) for each of the tunnels. The SPI is used locally by the Brocade Mobility 7131N-FGR Access Point to identify a security association.
Configuring content filtering settings 6 1. Select Network Configuration -> WAN -> Content Filtering from the Brocade Mobility 7131N-FGR Access Point menu tree. 2. Configure the HTTP field to configure block Web proxies and URL extensions. Block Outbound HTTP HyperText Transport Protocol (HTTP) is the protocol used to transfer information to and from Web sites. HTTP Blocking allows for blocking of specific HTTP commands going outbound on the Brocade Mobility 7131N-FGR Access Point WAN port.
6 Configuring content filtering settings Block Outbound SMTP Commands Simple Mail Transport Protocol (SMTP) is the Internet standard for host-to-host mail transport. SMTP generally operates over TCP on port 25. SMTP filtering allows the blocking of any or all outgoing SMTP commands. Check the box next to the command to disable that command when using SMTP across the Brocade Mobility 7131N-FGR Access Point’s WAN port. • HELO - (Hello) Identifies the SMTP sender to the SMTP receiver.
Configuring rogue AP detection 7. 6 Click Logout to securely exit the Access Point applet. A prompt displays confirming the logout before the applet is closed. Configuring rogue AP detection It is possible that not all of the devices identified by the Brocade Mobility 7131N-FGR Access Point are operating legitimately within the Brocade Mobility 7131N-FGR Access Point’s radio coverage area.
6 Configuring rogue AP detection 1. Select Network Configuration -> Wireless -> Rogue AP Detection from the Brocade Mobility 7131N-FGR Access Point menu tree. CAUTION Users cannot define a rogue detection method when one of the access point radios is functioning as a WIPS sensor. To use one of the radios as a detector, you must disable WIPS sensor mode first, then set a radio for the desired detection method. 2.
Configuring rogue AP detection RF Scan by Detector Radio If the access point is a dual-radio model, select the RF Scan by Detector Radio checkbox to enable the selected 11a or 11b/g radio to scan for rogue APs. For example, if 11b/g is selected, the existing 11a radio would act as the “detector radio,” scanning on all 11b/g channels while the existing 11b/g radio continues to service MUs. The assumption is, when planning to do an all channel scan on one band, the MUs would also be on that band.
6 Configuring rogue AP detection Moving rogue APs to the allowed AP list The Active APs screen enables the user to view the list of detected rogue APs and, if necessary, select and move an AP into a list of allowed devices. This is helpful when the settings defined within the Rogue AP Detection screen inadvertently detect and define a device as a rogue AP. To move detected rogue APs into a list of allowed APs: 1.
Configuring rogue AP detection 6 For more information on the displaying information on detected rogue APs, see “Displaying rogue AP details” on page 199. 7. To remove the Rogue AP entries displayed within the e Rogue APs field, click the Clear Rogue AP List button. Brocade only recommends clearing the list of Rogue APs when the devices displaying within the list do not represent a threat to the access point managed network. 8. Click Apply to save any changes to the Active APs screen.
6 Configuring rogue AP detection BSSID/MAC Displays the MAC address of the rogue AP. This information could be useful if the MAC address is determined to be a Brocade MAC address and the device is interpreted as non-hostile and the device should be defined as an allowed AP. ESSID Displays the ESSID of the rogue AP. This information could be useful if the ESSID is determined to be non-hostile and the device should be defined as an allowed AP.
Configuring user authentication 6 2. Highlight an MU from within the Rogue AP enabled MUs field and click the scan button. The target MU begins scanning for rogue devices using the detection parameters defined within the Rogue AP Detection screen. To modify the detection parameters, see “Configuring rogue AP detection” on page 195. Those devices detected as rogue APs display within the Scan Result table.
6 Configuring user authentication Configuring the Radius Server The Radius Server screen enables an administrator to define data sources and specify authentication information for the Radius Server. To configure the Radius Server: 1. Select System Configuration -> User Authentication -> Radius Server from the menu tree. CAUTION Ensure IPSec has been properly configured to protect communications with the external Radius server. Changes will not be applied otherwise. 2.
Configuring user authentication 6 3. Use the TTLS/PEAP Configuration field to specify the Radius Server default EAP type, EAP authentication type and a Server or CA certificate (if used). EAP Type Use the EAP Type checkboxes to enable the default EAP type(s) for the Radius server. Options include: • PEAP - Select the PEAP checkbox to enable both PEAP types (GTC and MSCHAP-V2) available to the access point. PEAP uses a TLS layer on top of EAP as a carrier for other EAP modules.
6 Configuring user authentication Server Certificate If you have a server certificate from a CA and wish to use it on the Radius server, select it from the drop-down menu. Only certificates imported to the access point are available in the menu. For information on creating a certificate, see “Creating self certificates for accessing the VPN” on page 70. CA Certificate You can also choose an imported CA Certificate to use on the Radius server.
Configuring user authentication 6 1. Select System Configuration -> User Authentication -> RADIUS Server -> LDAP from the menu tree. CAUTION Ensure IPSec has been properly configured to protect communications with the external LDAP server. Changes will not be applied otherwise. NOTE For the onboard Radius server to work with Windows Active Directory or open LDAP as the database, the user has to be present in a group within the organizational unit.
6 Configuring user authentication LDAP Server IP Enter the IP address of the external LDAP server acting as the data source for the Radius server. The LDAP server must be accessible from the WAN port or from the access point’s active subnet. Port Enter the TCP/IP port number for the LDAP server acting as a data source for the Radius. The default port is 389. Login Attribute Specify the login attribute used by the LDAP server for authentication. In most cases, the default value should work.
Configuring user authentication 6 CAUTION If using a proxy server for Radius authentication, the Data Source field within the Radius server screen must be set to Local. If set to LDAP, the proxy server will not be successful when performing the authentication. To verify the existing settings, see “Configuring the Radius Server” on page 202.
6 Configuring user authentication Retry Count Enter a value between 3 and 6 to indicate the number of times the access point attempts to reach a proxy server before giving up. Timeout Enter a value between 5 and 10 to indicate the number of elapsed seconds causing the access point to time out on a request to a proxy server. 3. Use the Add button to add a new proxy server. Define the following information for each entry: Suffix Enter the domain suffix (such as myisp.com or mycompany.
Configuring user authentication 6 1. Select System Configuration -> User Authentication -> User Database from the menu tree. Refer to the Groups field for a list of all groups in the local Radius database. The groups are listed in the order added. Although groups can be added and deleted, there is no capability to edit a group name. 2. Click the Add button and enter the name of the group in the new blank field in the Groups table. 3.
6 Configuring user authentication Mapping users to groups Once users have been created within the Users screen, their access privileges need to be configured for inclusion to one, some or all of the groups also created within the Users screen. To map users to groups for group authentication privileges: 1. If you are not already in the Users screen, select System Configuration -> User Authentication -> User Database from the menu tree. Existing users and groups display within their respective fields.
Configuring user authentication 6 Defining user access permissions by group An external AAA server maintains the users and groups database used by the access point for access permissions. Various kinds of access policies can be applied to each group. Individual groups can be associated with their own time-based access policy. Each group’s policy has a user defined interval defining the days and hours access is permitted.
6 Configuring user authentication 1. The Access Policy screen displays the following fields: Groups The Groups field displays the names of those existing groups that can have access intervals applied to them. Click the Edit button to display a screen designed to create access intervals for specific days and hours. A mechanism also exists for mapping specific WLANs to these intervals. For more information, see “Editing group access permissions” on page 212.
Configuring user authentication 6 4. Define up to 10 access policies for the selected group within the Time Based Access Policy field. Use the drop-down menus on the left-hand side of the screen to define the day of the week for which each policy applies. If continual access is required, select the All Days option. If continual access is required during Monday through Friday, but not Saturday or Sunday, select the Weekdays option.
6 Configuring user authentication 6. Click Apply to save any changes to the Edit Access Policy screen. Navigating away from the screen without clicking Apply results in all changes to the screen being lost. 7. 214 Click Cancel if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the Edit Access Policy screen to the last saved configuration.
Chapter 7 Monitoring Statistics In this chapter • Viewing WAN statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing LAN statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing wireless statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing radio statistics summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing MU statistics summary . . .
7 Viewing WAN statistics Viewing WAN statistics Use the Brocade Mobility 7131N-FGR Access Point WAN Stats screen to view real-time statistics for monitoring the Brocade Mobility 7131N-FGR Access Point activity through its Wide Area Network (WAN) port. The Information field of the WAN Stats screen displays basic WAN information, generated from settings on the WAN screen.
Viewing WAN statistics IP Addresses The displayed Internet Protocol (IP) addresses for the Brocade Mobility 7131N-FGR Access Point WAN port. Mask The Mask field displays the subnet mask number for the Brocade Mobility 7131N-FGR Access Point’s WAN connection. This value is set on the WAN screen. Refer to “Configuring WAN settings” on page 111 to change the subnet mask.
7 Viewing LAN statistics TX Packets TX packets are data packets sent over the WAN connection. The displayed number is a cumulative total since the WAN was last enabled or the Brocade Mobility 7131N-FGR Access Point was last restarted. To begin a new data collection, see “Configuring system settings” on page 56. TX Bytes TX bytes are bytes of information sent over the WAN connection.
Viewing LAN statistics 7 1. Select Status and Statistics -> LAN Stats -> LAN1 Stats (or LAN2 Stats) from the Brocade Mobility 7131N-FGR Access Point menu tree. 2. Refer to the Information field to view the following Brocade Mobility 7131N-FGR Access Point device address information: Status Displays whether this particular LAN has been enabled as viable subnet from within the LAN Configuration screen.
7 Viewing LAN statistics Speed The LAN 1 or LAN 2 connection speed is displayed in Megabits per second (Mbps), for example, 54Mbps. If the throughput speed is not achieved, examine the number of transmit and receive errors, or consider increasing the supported data rate. To change the data rate of the 802.11a/n or 802.11b/g/n radio, see “Configuring the 802.11a/n or 802.11b/g/n radio” on page 142. Duplex Displays whether the current LAN connection is full or half duplex.
Viewing LAN statistics TX Packets TX packets are data packets sent over the Brocade Mobility 7131N-FGR Access Point LAN port. The displayed number is a cumulative total since the LAN connection was last enabled or the Brocade Mobility 7131N-FGR Access Point was last restarted. To begin a new data collection, see “Configuring system settings” on page 56. TX Bytes TX bytes are bytes of information sent over the LAN port.
7 Viewing LAN statistics 1. Select Status and Statistics -> LAN Stats -> LAN1 Stats (or LAN2 Stats) > STP Stats from the Brocade Mobility 7131N-FGR Access Point menu tree. 2. Refer to the Spanning Tree Info field to for details on spanning tree state, and root access point designation. 222 Spanning Tree State Displays whether the spanning tree state is currently enabled or disabled.
Viewing wireless statistics Bridge Hello Time The Bridge Hello Time is the time between each bridge protocol data unit sent. This time is equal to 2 seconds (sec) by default, but can tuned between 1 and 10 sec. For information on setting the Bridge Hello Time, see “Setting the LAN configuration for mesh networking support” on page 523. The 802.1d specification recommends the Hello Time be set to a value less than half of the Max Message age value.
7 Viewing wireless statistics If a WLAN is not displayed within the Wireless Statistics Summary screen, see “Enabling Wireless LANs (WLANs)” on page 119 to enable the WLAN. For information on configuring the properties of individual WLANs, see “Creating/editing individual WLANs” on page 121. To view Brocade Mobility 7131N-FGR Access Point WLAN Statistics: 1. Select Status and Statistics -> Wireless Stats from the Brocade Mobility 7131N-FGR Access Point menu tree. 2.
Viewing wireless statistics Retries Displays the average number of retries per packet. An excessive number could indicate possible network or hardware problems. Clear All WLAN Stats Click this button to reset each of the data collection counters to zero in order to begin new data collections. Do not clear the WLAN stats if currently in an important data gathering activity or risk losing all data calculations to that point. 7 3.
7 Viewing wireless statistics 1. Select Status and Statistics -> Wireless Stats -> WLANx Stats (x = target WLAN) from the Brocade Mobility 7131N-FGR Access Point menu tree. 2. Refer to the Information field to view specific WLAN address, MU and security scheme information for the WLAN selected from the Brocade Mobility 7131N-FGR Access Point menu tree. ESSID Displays the Extended Service Set ID (ESSID) for the target WLAN. Radio/s Displays the name of the 802.11a/n or 802.
Viewing wireless statistics Pkts per second The Total column displays the average total packets per second crossing the selected WLAN. The Rx column displays the average total packets per second received on the selected WLAN. The Tx column displays the average total packets per second sent on the selected WLAN. The number in black represents this statistic for the last 30 seconds and the number in blue represents this statistic for the last hour.
7 Viewing radio statistics summary Avg Num of Retries Displays the average number of retries for all MUs associated with the selected WLAN. The number in black represents average retries for the last 30 seconds and the number in blue represents average retries for the last hour. Dropped Packets Displays the percentage of packets which the AP gave up on for all MUs associated with the selected WLAN.
Viewing radio statistics summary 7 1. Select Status and Statistics -> Radio Stats from the Brocade Mobility 7131N-FGR Access Point menu tree. 2. Refer to the Radio Summary field to reference Brocade Mobility 7131N-FGR Access Point radio information. Type Displays the type of radio (either 802.11a/n or 802.11b/g/n) currently deployed by the Brocade Mobility 7131N-FGR Access Point. To configure the radio type, see “Setting the WLAN’s radio configuration” on page 137.
7 Viewing radio statistics summary Do not clear the radio stats if currently in an important data gathering activity or risk losing all data calculations to that point. For information on viewing radio statistics particular to the Brocade Mobility 7131N-FGR Access Point radio type displayed within the AP Stats Summary screen, see “Viewing radio statistics” on page 230. 4. Click the Logout button to securely exit the Access Point applet.
Viewing radio statistics summary HW Address The Media Access Control (MAC) address of the Brocade Mobility 7131N-FGR Access Point housing the 802.11a/n radio. The MAC address is set at the factory and can be found on the bottom of the access point. For more information on how access point MAC addresses are assigned, see “MAC address assignment” on page 22. Radio Type Displays the radio type (either 802.11a/n or 802.11b/g/n). Power The power level in milliwatts (mW) for RF signal strength.
7 Viewing radio statistics summary Approximate RF Utilization The approximate RF utilization of the Brocade Mobility 7131N-FGR Access Point radio. This value is calculated as throughput divided by average bit speed. The number in black represents this statistic for the last 30 seconds and the number in blue represents this statistic for the last hour. % Non-unicast pkts Displays the percentage of total radio packets that are non-unicast. Non-unicast packets include broadcast and multicast packets.
Viewing radio statistics summary 7. 7 Click the Logout button to securely exit the Access Point applet. Retry histogram Refer to the Retry Histrogram screen for an overview of the retries transmitted by an access point radio and whether those retries contained any data packets. Use this information in combination with the error fields within a Radio Stats screen to assess overall radio performance. To display a Retry Histogram screen for an access point radio: 1.
7 Viewing MU statistics summary Viewing MU statistics summary Use the MU Stats Summary screen to display overview statistics for mobile units (MUs) associated with the Brocade Mobility 7131N-FGR Access Point. The MU List field displays basic information such as IP Address and total throughput for each associated MU. The MU Stats screen is view-only with no user configurable data fields.
Viewing MU statistics summary Retries Displays the average number of retries per packet. A high number retries could indicate possible network or hardware problems. Hotspot Displays whether this radio is currently supporting a hotspot. 7 3. Click the Refresh button to update the data collections displayed without resetting the data collections to zero. 4. Click the Echo Test button to display a screen for verifying the link with an associated MU.
7 Viewing MU statistics summary IP Address Displays the IP address of the MU. WLAN Association Displays the name of the WLAN the MU is associated with. Use this information to assess whether the MU is properly grouped within that specific WLAN. PSP State Displays the current PSP state of the MU. The PSP Mode field has two potential settings. PSP indicates the MU is operating in Power Save Protocol mode. In PSP, the MU runs enough power to check for beacons and is otherwise inactive.
Viewing MU statistics summary 7. Avg MU Signal Displays RF signal strength in dBm for the target MU. The number in black represents signal information for the last 30 seconds and the number in blue represents signal information for the last hour. Avg MU Noise Displays RF noise for the target MU. The number in black represents noise for the last 30 seconds, the number in blue represents noise for the last hour. Avg MU SNR Displays the Signal to Noise Ratio (SNR) for the target MU.
7 Viewing the mesh statistics summary Packet Length Specify the length of each data packet transmitted to the target MU during the ping test. The default is 100 bytes. Packet Data Defines the data to be transmitted as part of the test. 4. Click the Ping button to begin transmitting ping packets to the station address specified.
Viewing the mesh statistics summary 7 1. Select Status and Statistics -> Mesh Stats from the Brocade Mobility 7131N-FGR Access Point menu tree. The Mesh Statistics Summary screen displays the following information: Conn Type Displays whether the bridge has been defined as a base bridge or a client bridge. For information on defining configuring the access point as either a base or client bridge, see “Configuring mesh networking support” on page 523.
7 Viewing known access point statistics 4. Click the Logout button to securely exit the Access Point applet. A prompt displays confirming the logout before the applet is closed. Viewing known access point statistics The Brocade Mobility 7131N-FGR Access Point has the capability of detecting and displaying the properties of other Brocade access points located within its coverage area.
Viewing known access point statistics 7 1. Select Status and Statistics -> Known AP Stats from the Brocade Mobility 7131N-FGR Access Point menu tree. The Known AP Statistics screen displays the following information: IP Address The network-assigned Internet Protocol address of the located AP. MAC Address The unique 48-bit, hard-coded Media Access Control address, known as the devices station identifier. This value is hard coded at the factory by the manufacturer and cannot be changed.
7 Viewing known access point statistics The Known AP Details screen displays the target AP’s MAC address, IP address, radio channel, number of associated MUs, packet throughput per second, radio type(s), model, firmware version, ESS and client bridges currently connected to the AP radio. Use this information to determine whether this AP provides better MU association support than the locating access point or warrants consideration as a member of a different mesh network. 4.
Viewing known access point statistics 7 “auto-select” and “preferred list” settings. Additionally, LAN1 and LAN2 IP mode settings will only be sent if the sender’s AP mode is DHCP or BOOTP. The WAN’s IP mode will only be sent if the sender’s IP mode is DHCP. 6. Click the Start Flash button to flash the LEDs of other Brocade Mobility 7131N-FGR Access Points detected and displayed within the Known AP Statistics screen.
7 244 Viewing known access point statistics Brocade Mobility 7131N-FGR Product Reference Guide 53-1001947-01
Chapter 8 CLI Reference In this chapter • Connecting to the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Admin and common commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Network commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • System commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8 Connecting to the CLI 1. If this is your first time connecting to your access point, keep in mind the access point uses a static IP WAN address (10.1.1.1). Additionally, the access point’s LAN port is set as a DHCP client. 2. Enter the default username of admin and the default password of admin123. If this is your first time logging into the access point, you are unable to access any of the access point’s commands until the country code is set. A new password will also need to be created.
Admin and common commands 8 Admin and common commands BR7131N>admin> Displays admin configuration options. The items available under this command are shown below. Syntax help Displays general user interface help. passwd Changes the admin password. summary Shows a system summary. network Goes to the network submenu system Goes to the system submenu. stats Goes to the stats submenu. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash.
8 Admin and common commands BR7131N>admin>help Displays general CLI user interface help. Syntax help Displays command line help using combinations of function keys for navigation. Example admin>help ? * Restriction of “?”: : : : : : : : display command help - Eg. ?, show ?, s? “?” after a function argument is treated as an argument Eg. admin
Admin and common commands 8 BR7131N>admin>passwd Changes the password for the admin login. Syntax passwd Changes the admin password for Brocade Mobility 7131N-FGR Access Point access. This requires typing the old admin password and entering a new password and confirming it. Passwords can be between 8 and11 characters. The access point CLI treats the following as invalid characters: ' " \ & $ ^ * + ? [ ( {|,<> In order to avoid problems when using the access point CLI, these characters should be avoided.
8 Admin and common commands BR7131N>admin>summary Displays the Brocade Mobility 7131N-FGR Access Point’s system summary. Syntax summary Displays a summary of high-level characteristics and settings for the WAN, LAN and WLAN. Example admin>summary AP-7131N-FGR firmware version 4.0.0.
Admin and common commands 8 BR7131N>admin>.. Displays the parent menu of the current menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up one level in the directory structure. Example admin(network.lan)>..
8 Admin and common commands BR7131N>admin> / Displays the root menu, that is, the top-level CLI menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up to the top level in the directory structure. Example admin(network.
Admin and common commands 8 BR7131N>admin>save Saves the configuration to system flash. The save command appears in all of the submenus under admin. In each case, it has the same function, to save the current configuration. Syntax save Saves configuration settings. The save command works at all levels of the CLI. The save command must be issued before leaving the CLI for updated settings to be retained.
8 Admin and common commands BR7131N>admin>quit Exits the command line interface session and terminates the session. The quit command appears in all of the submenus under admin. In each case, it has the same function, to exit out of the CLI. Once the quit command is executed, the login prompt displays again.
Network commands 8 Network commands BR7131N>admin(network)> Displays the network submenu. The items available under this command are shown below. lan Goes to the LAN submenu. wan Goes to the WAN submenu. wireless Goes to the Wireless Configuration submenu. firewall Goes to the Firewall submenu. router Goes to the Router submenu. ipfilter Goes to the IP Filter submenu .. Goes to the parent menu. / Goes to the root menu. save Saves the current configuration to the system flash.
8 Network commands Network LAN commands BR7131N>admin(network.lan)> Displays the LAN submenu. The items available under this command are shown below. show Shows current Brocade Mobility 7131N-FGR Access Point LAN parameters. set Sets LAN parameters. bridge Goes to the mesh configuration submenu. wlan-mapping Goes to the WLAN/Lan/Vlan Mapping submenu. dhcp Goes to the LAN DHCP submenu. type-filter Goes to the Ethernet Type Filter submenu. ipfpolicy Goes to the LAN IP Filter Policy submenu. ..
Network commands 8 BR7131N>admin(network.lan)> show Displays the Brocade Mobility 7131N-FGR Access Point LAN settings. Syntax show Shows the settings for the Brocade Mobility 7131N-FGR Access Point LAN1 and LAN2 interfaces. Example admin(network.lan)>show Warning: This will display secure information, Do you want to continue? (n/y?)y LAN On Ethernet Port LAN Ethernet Timeout : LAN1 : disable 802.
8 Network commands BR7131N>admin(network.lan)> set Sets the LAN parameters for the LAN port. Syntax set lan Enables or disables the Brocade Mobility 7131N-FGR Access Point LAN interface. name Defines the LAN name by index. ethernet-port-lan Defines which LAN (LAN1 or LAN2) is active on the Ethernet port.
Network commands admin(network.lan)>set admin(network.lan)>set admin(network.lan)>set admin(network.lan)>set admin(network.lan)>set admin(network.lan)>set admin(network.lan)>set admin(network.lan)>set 8 auto-negotiation disable speed 100M duplex full dns 1 192.168.0.1 wins 1 192.168.0.254 trunking disable username phil passwd ea0258c1 For information on configuring the LAN using the applet (GUI), see “Configuring the LAN interface” on page 99.
8 Network commands Network LAN, bridge commands BR7131N>admin(network.lan.bridge)> Displays the Brocade Mobility 7131N-FGR Access Point Bridge submenu. show Displays the mesh configuration parameters for the Brocade Mobility 7131N-FGR Access Point’s LANs. set Sets the mesh configuration parameters for the Brocade Mobility 7131N-FGR Access Point’s LANs.. .. Moves to the parent menu. / Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI and exits the session.
Network commands 8 BR7131N>admin(network.lan.bridge)> show Displays the mesh bridge configuration parameters for the Brocade Mobility 7131N-FGR Access Point’s LANs. Syntax show Displays mesh bridge configuration parameters for the Brocade Mobility 7131N-FGR Access Point’s LANs. Example admin(network.lan.
8 Network commands BR7131N>admin(network.lan.bridge)> set Sets the mesh configuration parameters for the Brocade Mobility 7131N-FGR Access Point’s LANs. Syntax set priority Sets bridge priority time in seconds (0-65535) for specified LAN. hello Sets bridge hello time in seconds (0-10) for specified LAN. msgage Sets bridge message age time in seconds (6-40) for specified LAN.
Network commands 8 Network LAN, WLAN-Mapping commands BR7131N>admin(network.lan.wlan-mapping)> Displays the WLAN/Lan/Vlan Mapping submenu. show Displays the VLAN list currently defined for the Brocade Mobility 7131N-FGR Access Point. set Sets the Brocade Mobility 7131N-FGR Access Point VLAN configuration. create Creates a new Brocade Mobility 7131N-FGR Access Point VLAN. edit Edits the properties of an existing Brocade Mobility 7131N-FGR Access Point VLAN. delete Deletes a VLAN.
8 Network commands BR7131N>admin(network.lan.wlan-mapping)> show Displays the VLAN list currently defined for the Brocade Mobility 7131N-FGR Access Point.. These parameters are defined with the set command. Syntax show name Displays the existing list of VLAN names. vlan-cfg Shows WLAN-VLAN mapping and VLAN configuration. lan-wlan Displays a WLAN-LAN mapping summary. wlan Displays the WLAN summary list. Example admin(network.lan.
Network commands 8 For information on displaying the VLAN screens using the applet (GUI), see “Configuring VLAN support” on page 102.
8 Network commands BR7131N>admin(network.lan.wlan-mapping)> set Sets VLAN parameters for the Brocade Mobility 7131N-FGR Access Point. Syntax set mgmt- tag Defines the Management VLAN tag index (1 or 2) to tag number (1-4095). native-tag Sets the Native VLAN tag index (1 or 2) to tag number (1-4095). mode Sets WLAN VLAN mode (WLAN 1-16) to either dynamic or static. Example admin(network.lan.wlan-mapping)>set mgmt-tag 1 10 admin(network.lan.
Network commands 8 BR7131N>admin(network.lan.wlan-mapping)> create Creates a VLAN for the Brocade Mobility 7131N-FGR Access Point. Syntax create vlan-id Defines the VLAN ID (1-4095). vlan-name Specifies the name of the VLAN (1-31 characters in length). Example admin(network.lan.wlan-mapping)> admin(network.lan.wlan-mapping)>create 5 vlan-5 For information on creating VLANs using the applet (GUI), see “Configuring VLAN support” on page 102.
8 Network commands BR7131N>admin(network.lan.wlan-mapping)> edit Modifies a VLAN’s name and ID. Syntax edit name Modifies an exisiting VLAN name (1-31 characters in length) id Modifies an existing VLAN ID (1-4095) characters in length) For information on editing VLANs using the applet (GUI), see “Configuring VLAN support” on page 102.
Network commands 8 BR7131N>admin(network.lan.wlan-mapping)> delete Deletes a specific VLAN or all VLANs. Syntax delete < VLAN id> Deletes a specific VLAN ID (1-16). all Deletes all defined VLAN entries. For information on deleting VLANs using the applet (GUI), see “Configuring VLAN support” on page 102.
8 Network commands BR7131N>admin(network.lan.wlan-mapping)> lan-map Maps an Brocade Mobility 7131N-FGR Access Point VLAN to a WLAN. Syntax lan-map Maps an existing WLAN to an enabled LAN. All names and IDs are case-sensitive. Defines enabled LAN name. All names and IDs are case-sensitive. admin(network.lan.wlan-mapping)>lan-map wlan1 lan1 For information on mapping VLANs using the applet (GUI), see “Configuring VLAN support” on page 102.
Network commands 8 BR7131N>admin(network.lan.wlan-mapping)> vlan-map Maps an Brocade Mobility 7131N-FGR Access Point VLAN to a WLAN. Syntax vlan-map Maps an existing WLAN to an enabled LAN. All names and IDs are case-sensitive. Defines the existing VLAN name. All names and IDs are case-sensitive. admin(network.lan.wlan-mapping)>vlan-map wlan1 vlan1 For information on mapping VLANs using the applet (GUI), see “Configuring VLAN support” on page 102.
8 Network commands Network LAN, DHCP commands BR7131N>admin(network.lan.dhcp)> Displays the Brocade Mobility 7131N-FGR Access Point DHCP submenu. The items available are displayed below. 272 show Displays DHCP parameters. set Sets DHCP parameters. add Adds static DHCP address assignments. delete Deletes static DHCP address assignments. list Lists static DHCP address assignments. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash.
Network commands 8 BR7131N>admin(network.lan.dhcp)> show Shows DHCP parameter settings. Syntax show Displays DHCP parameter settings for the Brocade Mobility 7131N-FGR Access Point. These parameters are defined with the set command. Example admin(network.lan.dhcp)>show **LAN1 DHCP Information** DHCP Address Assignment Range: Starting IP Address : 192.168.0.100 Ending IP Address : 192.168.0.254 Lease Time : 86400 **LAN2 DHCP Information** DHCP Address Assignment Range: Starting IP Address : 192.168.0.
8 Network commands BR7131N>admin(network.lan.dhcp)> set Sets DHCP parameters for the LAN port. Syntax set range lease Sets the DHCP assignment range from IP address to IP address for the specified LAN (1-lan1, 2-lan2). Sets the DHCP lease time in seconds (1-999999) for the specified LAN. Example admin(network.lan.dhcp)>set range 1 192.168.0.100 192.168.0.254 admin(network.lan.dhcp)>set lease 1 86400 admin(network.lan.
Network commands 8 BR7131N>admin(network.lan.dhcp)> add Adds static DHCP address assignments. Syntax add Adds a reserved static IP address to a MAC address for the specified LAN Example admin(network.lan.dhcp)>add 1 00A0F8112233 192.160.24.6 admin(network.lan.dhcp)>add 1 00A0F1112234 192.169.24.7 admin(network.lan.
8 Network commands BR7131N>admin(network.lan.dhcp)> delete Deletes static DHCP address assignments. Syntax delete Deletes the static DHCP address entry (1-30) for the specified LAN. all Deletes all static DHCP addresses. Example admin(network.lan.
Network commands 8 BR7131N>admin(network.lan.dhcp)> list Lists static DHCP address assignments. Syntax list Lists the static DHCP address assignments for the specified LAN (1-LAN1, 2 LAN2). Example admin(network.lan.dhcp)>list 1 ----------------------------------------------------------------------------Index MAC Address IP Address ----------------------------------------------------------------------------1 2 3 4 5 00A0F8112233 00A0F8102030 00A0F8112234 00A0F8112235 00A0F8112236 10.1.
8 Network commands Network Type Filter commands BR7131N>admin(network.lan.type-filter)> Displays the Brocade Mobility 7131N-FGR Access Point Type Filter submenu. The items available under this command include: 278 show Displays the current Ethernet Type exception list. set Defines Ethernet Type Filter parameters. add Adds an Ethernet Type Filter entry. delete Removes an Ethernet Type Filter entry. .. Goes to the parent menu. / Goes to the root menu.
Network commands 8 BR7131N>admin(network.lan.type-filter)> show Displays the Brocade Mobility 7131N-FGR Access Point’s current Ethernet Type Filter configuration. Syntax show Displays the existing Type-Filter configuration for the specified LAN. Example admin(network.lan.
8 Network commands BR7131N>admin(network.lan.type-filter)> set Defines the Brocade Mobility 7131N-FGR Access Point Ethernet Type Filter configuration. Syntax set mode allow or deny Allows or denies the Brocade Mobility 7131N-FGR Access Point from processing a specified Ethernet data type for the specified LAN. Example admin(network.lan.
Network commands 8 BR7131N>admin(network.lan.type-filter)> add Adds an Ethernet Type Filter entry. Syntax add Adds entered Ethernet Type to list of data types either allowed or denied Brocade Mobility 7131N-FGR Access Point processing permissions for the specified LAN (either LAN1 or LAN2). Example admin(network.lan.type-filter)> admin(network.wireless.type-filter)>add 1 8137 admin(network.wireless.type-filter)>add 2 0806 admin(network.wireless.
8 Network commands BR7131N>admin(network.lan.type-filter)> delete Removes an Ethernet Type Filter entry individually or the entire Type Filter list. Syntax delete Deletes the specified Ethernet Type index entry (1 through 16). all Deletes all Ethernet entries currently in list. Example admin(network.lan.type-filter)>delete 1 1 admin(network.lan.
Network commands 8 Network WAN commands BR7131N>admin(network.wan)> Displays the WAN submenu. The items available under this command are shown below. show Displays the Brocade Mobility 7131N-FGR Access Point WAN configuration and the Brocade Mobility 7131N-FGR Access Point’s current PPPoE configuration. set Defines the Brocade Mobility 7131N-FGR Access Point’s WAN and PPPoE configuration. nat Displays the NAT submenu, wherein Network Address Translations (NAT) can be defined.
8 Network commands BR7131N>admin(network.wan)> show Displays the Brocade Mobility 7131N-FGR Access Point WAN port parameters. Syntax show Shows the general IP parameters for the WAN port along with settings for the WAN interface. Example admin(network.wan)>show Warning: This will display secure information, Do you want to continue? (n/y?)y Status Primary DNS Server Secondary DNS Server : enable : 0.0.0.0 : 0.0.0.
Network commands 8 BR7131N>admin(network.wan)> set Defines the configuration of the Brocade Mobility 7131N-FGR Access Point WAN port. Syntax se t wan enable/disable Enables or disables the Brocade Mobility 7131N-FGR Access Point WAN port. dhcp enable/disable Enables or disables WAN DHCP Client mode. ipadr mask Sets the subnet mask for the Brocade Mobility 7131N-FGR Access Point WAN interface. dgw Sets the default gateway IP address to . dns
8 Network commands For an overview of the WAN configuration options available using the applet (GUI), see “Configuring WAN settings” on page 111.
Network commands 8 Network WAN NAT commands BR7131N>admin(network.wan.nat)> Displays the NAT submenu. The items available under this command are shown below. show Displays the Brocade Mobility 7131N-FGR Access Point’s current NAT parameters for the specified index. set Defines the Brocade Mobility 7131N-FGR Access Point NAT settings. add Adds NAT entries. delete Deletes NAT entries. list Lists NAT entries. .. Goes to the parent menu. / Goes to the root menu.
8 Network commands BR7131N>admin(network.wan.nat)> show Displays Brocade Mobility 7131N-FGR Access Point NAT parameters. Syntax show Displays Brocade Mobility 7131N-FGR Access Point NAT parameters for the specified NAT index (1-8). Example admin(network.wan.nat)>show 2 WAN IP Mode WAN IP Address NAT Type Inbound Mappings : : : : enable 157.235.91.2 1-to-many Port Forwarding unspecified port forwarding mode unspecified port fwd. ip address one to many nat mapping : enable : 111.223.222.
Network commands 8 BR7131N>admin(network.wan.nat)> set Sets NAT inbound and outbound parameters. Syntax se type t Sets the type of NAT translation for WAN address index (1-8) to (none, 1-to-1, or 1-to-many). ip Sets NAT IP mapping associated with WAN address to the specified IP address .
8 Network commands BR7131N>admin(network.wan.nat)> add Adds NAT entries.
Network commands 8 BR7131N>admin(network.wan.nat)> delete Deletes NAT entries. Syntax delete Deletes a specified NAT index entry associated with the WAN. all Deletes all NAT entries associated with the WAN. Example admin(network.wan.
8 Network commands BR7131N>admin(network.wan.nat)> list Lists Brocade Mobility 7131N-FGR Access Point NAT entries for the specified index. Syntax list Lists the inbound NAT entries associated with the WAN index (1-8). Example admin(network.wan.nat)>list 1 ----------------------------------------------------------------------------index name Transport start port end port internal ip translation ----------------------------------------------------------------------------1 special tcp 20 21 192.168.
Network commands 8 Network WAN, VPN commands BR7131N>admin(network.wan.vpn)> Displays the VPN submenu. The items available under this command include: add Adds VPN tunnel entries. set Sets key exchange parameters. delete Deletes VPN tunnel entries. list Lists VPN tunnel entries reset Resets all VPN tunnels. stats Lists security association status for the VPN tunnels. ikestate Displays an Internet Key Exchange (IKE) summary. .. Goes to the parent menu. / Goes to the root menu.
8 Network commands BR7131N>admin(network.wan.vpn)> add Adds a VPN tunnel entry. Syntax add Creates a tunnel (1 to 13 characters) to gain access through local WAN IP from the remote subnet with address and subnet mask using the remote gateway . Example admin(network.wan.vpn)>add 2 SJSharkey 209.235.44.31 206.107.22.46 255.255.255.224 206.107.22.
Network commands 8 BR7131N>admin(network.wan.vpn)> set Sets VPN entry parameters. Syntax set type Sets the tunnel type to Auto or Manual for the specified tunnel name. authalgo Sets the authentication algorithm for to (None, MD5, or SHA1). authkey Sets the AH authentication key (if type is Manual) for tunnel with the direction set to IN or OUT, and the manual authentication key set to .
8 Network commands salife ike opmode Sets the Operation Mode of IKE for to Main or Aggr(essive). myidtype Sets the Local ID type for IKE authentication for (1 to 13 characters) to (IP, FQDN, or UFQDN). remidtype Sets the Remote ID type for IKE authentication for (1 to 13 characters) to (IP, FQDN, or UFQDN).
Network commands 8 BR7131N>admin(network.wan.vpn)> delete Deletes VPN tunnel entries. Syntax delete all Deletes all VPN entries. Deletes VPN entries . Example admin(network.wan.vpn)>list -------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP -------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 SJSharkey Manual 206.107.22.
8 Network commands BR7131N>admin(network.wan.vpn)> list Lists VPN tunnel entries. Syntax list Lists all tunnel entries. Lists detailed information about tunnel named . The must match case with the name of the VPN tunnel entry. Example admin(network.wan.
Network commands 8 BR7131N>admin(network.wan.vpn)> reset Resets all of the Brocade Mobility 7131N-FGR Access Point’s VPN tunnels. Syntax reset Resets all VPN tunnel states. Example admin(network.wan.vpn)>reset VPN tunnels reset. admin(network.wan.vpn)> For information on configuring VPN using the applet (GUI), see “Configuring VPN tunnels” on page 178.
8 Network commands BR7131N>admin(network.wan.vpn)> stats Lists statistics for all active tunnels. Syntax stats Display statistics for all VPN tunnels. Example admin(network.wan.
Network commands 8 BR7131N>admin(network.wan.vpn)> ikestate Displays statistics for all active tunnels using Internet Key Exchange (IKE). Syntax ikestate Displays status about Internet Key Exchange (IKE) for all tunnels. In particular, the table indicates whether IKE is connected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key. Example admin(network.wan.
8 Network commands BR7131N>admin(network.wan.content)> Displays the Outbound Content Filtering menu. The items available under this command include: 302 addcmd Adds control commands to block outbound traffic. delcmd Deletes control commands to block outbound traffic. list Lists application control commands. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI.
Network commands 8 BR7131N>admin(network.wan.content)> addcmd Adds control commands to block outbound traffic. Syntax addcmd web Adds WEB commands to block outbound traffic. proxy Adds a Web proxy command. activex Adds activex files. file Adds Web URL extensions (10 files maximum) smtp Adds SMTP commands to block outbound traffic.
8 Network commands BR7131N>admin(network.wan.content)> delcmd Deletes control commands to block outbound traffic. Syntax delcmd web Deletes WEB commands to block outbound traffic. proxy Deletes a Web proxy command. activex Deletes activex files. file Deletes Web URL extensions (10 files maximum) smtp Deletes SMTP commands to block outbound traffic.
Network commands 8 BR7131N>admin(network.wan.content)> list Lists application control commands. Syntax list web Lists WEB application control record. smtp Lists SMTP application control record. ftp Lists FTP application control record. Example admin(network.wan.content)>list web HTTP Files/Commands Web Proxy ActiveX filename : deny : allow : admin(network.wan.
8 Network commands Network WAN, Dynamic DNS commands BR7131N>admin(network.wan.dyndns)> Displays the Dynamic DNS submenu. The items available under this command include: set Sets Dynamic DNS parameters. update Sets key exchange parameters. show Shows the Dynamic DNS configuration. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI.
Network commands 8 BR7131N>admin(network.wan.dyndns)> set Sets the access point’s Dynamic DNS configuration. Syntax set mode enable/disable Enables or disbales the Dynamic DNS service for the access point. username Enter a 1 - 32 character username for the account used for the access point. password Enter a 1 - 32 character password for the account used for the access point. hostname Enter a 1 - 32 character hostname for the account used for the access point.
8 Network commands BR7131N>admin(network.wan.dyndns)> update Updates the access point’s current WAN IP address with the DynDNS service. Syntax update Updates the access point’s current WAN IP address with the DynDNS service. Example admin(network.wan.dyndns)>update IP Address Hostname : 157.235.91.231 : greengiant For an overview of the Dynamic DNS options available using the applet (GUI), see “Configuring Dynamic DNS” on page 118.
Network commands 8 BR7131N>admin(network.wan.dyndns)> show Shows the current Dynamic DNS configuration. Syntax show Shows the access point’s current Dynamic DNS configuration. Example admin(network.wan.dyndns)>show Warning: This will display secure information, Do you want to continue? (n/y?)y DynDNS Configuration Mode Username Password Hostname : : : : enable percival ******** greengiant DynDNS Update Response IP Address Hostname Status : 157.235.91.
8 Network commands Network wireless commands BR7131N>admin(network.wireless) Displays the Brocade Mobility 7131N-FGR Access Point wireless submenu. The items available under this command include: 310 wlan Displays the WLAN submenu used to create and configure up to 16 WLANs per Brocade Mobility 7131N-FGR Access Point. security Displays the security submenu used to create encryption and authentication based security policies for use with Brocade Mobility 7131N-FGR Access Point WLANs.
Network commands 8 Network WLAN commands BR7131N>admin(network.wireless.wlan)> Displays the Brocade Mobility 7131N-FGR Access Point wireless LAN (WLAN) submenu. The items available under this command include: show Displays the Brocade Mobility 7131N-FGR Access Point’s current WLAN configuration. create Defines the parameters of a new WLAN. edit Modifies the properties of an existing WLAN. delete Deletes an existing WLAN. hotspot Displays the WLAN hotspot menu.
8 Network commands BR7131N>admin(network.wireless.wlan)> show Displays the Brocade Mobility 7131N-FGR Access Point’s current WLAN configuration. Syntax show summary wlan Displays the current configuration for existing WLANs. Displays the configuration for the requested WLAN (WLAN 1 through 16). Example admin(network.wireless.
Network commands 8 BR7131N>admin(network.wireless.wlan)> create Defines the parameters of a new WLAN. Syntax create show wlan Displays newly created WLAN and policy number. set ess Defines the ESSID for a target WLAN. wlan-name Determines the name of this particlular WLAN (1-32). 5.0GHz Enables or disables access to the Brocade Mobility 7131N-FGR Access Point 5.0 GHz radio. 2.
8 Network commands ESS Identifier WLAN Name 802.11n (5.0 GHz) Radio 802.11n (2.
Network commands 8 BR7131N>admin(network.wireless.wlan)> edit Edits the properties of an existing WLAN policy. Syntax edit Edits the properties of an existing (and specified) WLAN policy (1 -16). show Displays the WLANs pamaters and summary. set Edits the same WLAN parameters that can be modified using the create command. change Completes the WLAN edits and exits the CLI session. .. Cancel the WLAN edits and exit the CLI session.
8 Network commands BR7131N>admin(network.wireless.wlan)> delete Deletes an existing WLAN. Syntax delete Deletes a target WLAN using the name supplied. all Deletes all WLANs defined (except default WLAN). For information on deleting a WLAN using the applet (GUI), see “Creating/editing individual WLANs” on page 121.
Network commands 8 BR7131N>admin(network.wireless.wlan.hotspot)> Displays the Hotspot submenu. The items available under this command include: show Show hotspot parameters. redirection Goes to the hotspot redirection menu. radius Goes to the hotspot Radius menu. white-list Goes to the hotspot white-list menu. save Saves the configuration to system flash. quit Quits the CLI. .. Goes to the parent menu. / Goes to the root menu.
8 Network commands BR7131N>admin(network.wireless.wlan.hotspot)> show Displays the current Brocade Mobility 7131N-FGR Access Point Rogue AP detection configuration. Syntax show hotspot Shows hotspot parameters per wlan index (1-16). Example admin(network.wireless.wlan.hotspot)>show hotspot 1 Warning: This will display secure information, Do you want to continue? (n/y?)y WLAN1 Hotspot Mode Hotspot Page Location External Login URL External Welcome URL External Fail URL : enable : default : www.
Network commands 8 BR7131N>admin(network.wireless.wlan.hotspot)> redirection Goes to the hotspot redirection menu. Syntax redirection set Sets the hotspot http-re-direction by index (1-16) for the specified URL. Shows hotspot http-redirection details for specifiec index (1-16) for specified page (login, welcome, fail) and target URL.. show Shows hotspot http-redirection details. save Saves the updated hotspot configuration to flash memory. quit Quits the CLI session. ..
8 Network commands BR7131N>admin(network.wireless.wlan.hotspot)> radius Goes to the hotspot Radius menu. Syntax set Sets the Radius hotspot configuration. show Shows Radius hotspot server details. save Saves the configuration to system flash. quit Quits the CLI. .. Goes to the parent menu. / Goes to the root menu. For information on configuring the Hotspot options available to the access point using the applet (GUI), see “Configuring WLAN hotspot support” on page 133.
Network commands 8 BR7131N>admin(network.wireless.wlan.hotspot.radius)> set Sets the Radius hotspot configuration. Syntax set server Sets the Radius hotpost server IP address per wlan index (1-16) port Sets the Radius hotpost server port per wlan index (1-16) secret Sets the Radius hotspot server shared secret password.
8 Network commands BR7131N>admin(network.wireless.wlan.hotspot.radius)> show Shows Radius hotspot server details. Syntax show radius Displays Radius hotspot server details per index (1-16) Example admin(network.wireless.wlan.hotspot.
Network commands 8 BR7131N>admin(network.wireless.wlan.hotspot)> white-list Goes to the hotspot white-list menu. Syntax white-list add Adds hotspot whitelist rules by index (1-16) for specified IP address. clear Clears hotspot whitelist rules for specified index (1-16). show Shows hotspot whitelist rules for specified index (1-16). save Saves the updated hotspot configuration to flash memory. quit Quits the CLI session. .. Goes to the parent menu. / Goes to the root menu.
8 Network commands Network security commands BR7131N>admin(network.wireless.security)> Displays the Brocade Mobility 7131N-FGR Access Point wireless security submenu. The items available under this command include: show Displays the Brocade Mobility 7131N-FGR Access Point’s current security configuration. create Creates a security policy. edit Edits the properties of an existing security policy. delete Removes a specific security policy. .. Goes to the parent menu. / Goes to the root menu.
Network commands 8 BR7131N>admin(network.wireless.security)>show Displays the Brocade Mobility 7131N-FGR Access Point’s current security configuration. Syntax show summary policy Displays list of existing security policies (1-16). Displays the specified security policy . Example admin(network.wireless.
8 Network commands BR7131N>admin(network.wireless.security)>create Defines the parameter of Brocade Mobility 7131N-FGR Access Point security policies. Syntax create Defines the parameters of a security policy. show set Displays new or existing security policy parameters. sec-name Sets the name of the security policy.
Network commands adv 8 retry Sets the maximum number of MU retries to (1-10). syslog Enable or disable syslog messages. ip Defines syslog server IP address. mu-quiet
8 Network commands preaut h pkt-tim
Network commands 8 BR7131N>admin(network.wireless.security.edit)> Edits the properties of a specific security policy. Syntax show set Displays the new or modified security policy parameters. Edits security policy parameters. The values subject to modification, are the same ones created using the BR7131N>admin(network.wireless.security)>create command. change Completes policy changes and exits the session. .. Cancels the changes made and exits the session. Example admin(network.wireless.
8 Network commands BR7131N>admin(network.wireless.security)> delete Deletes a specific security policy. Syntax delete Removes the specified security policy from the list of supported policies. Removes all security policies except the default policy. For information on configuring the encryption and authentication options available to the access point using the applet (GUI), see “Configuring security options” on page 161.
Network commands 8 Network ACL commands BR7131N>admin(network.wireless.acl)> Displays the Brocade Mobility 7131N-FGR Access Point Mobile Unit Access Control List (ACL) submenu. The items available under this command include: show Displays the Brocade Mobility 7131N-FGR Access Point’s current ACL configuration. create Creates an MU ACL policy. edit Edits the properties of an existing MU ACL policy. delete Removes an MU ACL policy. .. Goes to the parent menu. / Goes to the root menu.
8 Network commands BR7131N>admin(network.wireless.acl)> show Displays the Brocade Mobility 7131N-FGR Access Point’s current ACL configuration. Syntax show summary policy Displays the list of existing MU ACL policies. Displays the requested MU ACL index policy. Example admin(network.wireless.
Network commands 8 BR7131N>admin(network.wireless.acl)> create Creates an MU ACL policy. Syntax create show set Displays the parameters of a new ACL policy. acl-name Sets the MU ACL policy name. mode Sets the ACL mode for the defined index (1-16). Allowed MUs can access the Brocade Mobility 7131N-FGR Access Point managed LAN. Options are deny and allow. add-addr or delete Adds specified MAC address to list of ACL MAC addresses.
8 Network commands BR7131N>admin(network.wireless.acl.edit)> Edits the properties of an existing MU ACL policy. Syntax show Displays MU ACL policy and its parameters. set Modifies the properties of an existing MU ACL policy. add-addr Adds an MU ACL table entry. delete Deletes an MU ACL table entry, including starting and ending MAC address ranges. change Completes the changes made and exits the session. .. Cancels the changes made and exits the session.
Network commands 8 BR7131N>admin(network.wireless.acl)> delete Removes an MU ACL policy. Syntax delete Deletes a partilcular MU ACL policy index. all Deletes all MU ACL policies. For information on configuring the ACL options available to the access point using the applet (GUI), see “Configuring a WLAN Access Control List (ACL)” on page 126.
8 Network commands Network radio configuration commands BR7131N>admin(network.wireless.radio)> Displays the Brocade Mobility 7131N-FGR Access Point Radio submenu. The items available under this command include: 336 show Summarizes Brocade Mobility 7131N-FGR Access Point radio parameters at a high-level. set Defines the access point radio configuration. radio1 Displays the 2.4 GHz radio submenu. radio2 Displays the 5.0 GHz radio submenu. .. Goes to the parent menu. / Goes to the root menu.
Network commands 8 BR7131N>admin(network.wireless.radio)> show Displays the Brocade Mobility 7131N-FGR Access Point’s current radio configuration. Syntax show Displays the Brocade Mobility 7131N-FGR Access Point’s current radio configuration. Example admin(network.wireless.radio)>show Radio Configuration Radio 1 Name Radio Mode Radio Function RF Band of Operation Maximum MUs : : : : : Radio 1 enable WLAN 802.11n(2.
8 Network commands BR7131N>admin(network.wireless.radio)> set Sets the Brocade Mobility 7131N-FGR Access Point’s radio configuration and defines the RF band of operation. Syntax set radio-config Sets the radio configuration. max-mus > Defines the maximum number of MUs assigned to the specified radio (idx 1 or 2). The range can be defined between 0 and 127. This command does not apply to single radio access points. mesh-base Enables or disables base bridge mode.
Network commands 8 Two Radio SKU set radio-config 1 Radio 1 WLAN, Radio 2 WIPS 2 Radio 1 WIPS, Radio 2 WLAN 3 Radio 1 WLAN, Radio 2 WLAN 4 Radio 1 WIPS, Radio 2 WIPS 5 Radio 1 WLAN, Radio 2 Disabled 6 Radio 1 Disabled, Radio 2 WLAN 7 Radio 1 Disabled, Radio 2 Disabled For information on the options available to the access point, see “Setting the WLAN’s radio configuration” on page 137.
8 Network commands BR7131N>admin(network.wireless.radio.802-11n[2.4 GHz])> Displays a specific 802.11n 2.4 GHz radio 1 submenu. The items available under this command include: Syntax show Displays 802.11n (2.4 GHz) radio settings. set Defines specific 802.11n (2.4 GHz) radio parameters. advanced Displays the Adavanced radio settings submenu. mesh Goes to the Wireless AP Connections submenu. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash.
Network commands 8 BR7131N>admin(network.wireless.radio.802-11n[2.4 GHz])>show Displays specific 802.11n (2.4 GHz) radio settings. Syntax show radio Displays specific 802.11n (2.4 GHz) radio settings. rates Displays specific 802.11n (2.4 GHz) radio rate settings. aggr Displays specific 802.11n (2.4 GHz) aggregation settings. qos Displays specific 802.11n (2.4 GHz) radio WMM QoS settings. Example admin(network.wireless.radio.802-11n[2.
8 Network commands 11 12 13 14 15 Supported Supported Supported Supported Supported 52.0 78.0 104.0 117.0 130.0 Mbps Mbps Mbps Mbps Mbps 108.0 162.0 216.0 243.0 270.0 Mbps Mbps Mbps Mbps Mbps admin(network.wireless.radio.802-11n[2.4 GHz])> admin(network.wireless.radio.802-11n[2.
Network commands 8 BR7131N>admin(network.wireless.radio.802-11n[2.4 GHz])> set Defines specific 802.11n (2.4 GHz) radio parameters. Syntax set placement Defines the Brocade Mobility 7131N-FGR Access Point radio placement as indoors or outdoors. ch-mode Determines how the radio channel is selected (user, auto-20 or auto-40). channel Defines the radio channel used. Channel allowed depends on actual country of operation. power Defines the antenna power transmit level.
8 Network commands For information on configuring the Radio 1 Configuration options available to the access point using the applet (GUI), see “Configuring the 802.11a/n or 802.11b/g/n radio” on page 142.
Network commands 8 BR7131N>admin(network.wireless.radio.802-11n[2.4 GHz].advanced)> Displays the advanced submenu for the 802.11n (2.4 GHz) radio. The items available under this command include: Syntax show Displays advanced radio settings for the 802.11n (2.4 GHz) radio. set Defines advanced parameters for the 802.11n (2.4 GHz) radio. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI.
8 Network commands BR7131N>admin(network.wireless.radio.802-11n[2.4 GHz].advanced)> show Displays the BSSID to WLAN mapping for the 802.11n (2.4 GHz) radio. Syntax show advanced Displays advanced settings for the 802.11n (2.4 GHz) radio. wlan Displays WLAN summary list for the 802.11n (2.4 GHz) radio. Example admin(network.wireless.radio.802-11n[2.4 GHz].
Network commands 8 BR7131N>admin(network.wireless.radio.802-11n[2.4 GHz].advanced)> set Defines advanced parameters for the target 802.11n (2.4 GHz) radio. Syntax set wlan Defines advanced WLAN to BSSID mapping for the target radio. bss Sets the BSSID to primary WLAN definition. Example admin(network.wireless.radio.802-11n[2.4 GHz].advanced)>set wlan demoroom 1 admin(network.wireless.radio.802-11n[2.4 GHz].
8 Network commands BR7131N>admin(network.wireless.radio.802-11n[2.4 GHz].mesh)> Displays the mesh configuration submenu for the 802.11n (2.4 GHz) radio. The items available under this command include: Syntax 348 show Displays mesh settings and status for the 802.11n (2.4 GHz) radio. set Defines mesh parameters for the 802.11n (2.4 GHz) radio. add Adds a 802.11n (2.4 GHz) radio mesh connection. delete Deletes a 802.11n (2.4 GHz) radio mesh connection. .. Goes to the parent menu.
Network commands 8 BR7131N>admin(network.wireless.radio.802-11n[2.4 GHz].mesh)> show Displays mesh settings and status for the 802.11n (2.4 GHz) radio. Syntax show config Displays the connection list configuration. status Shows the available mesh connection status. Example admin(network.wireless.radio.802-11n[2.4 GHz].mesh)>show config Mesh Connection Auto Select : enable admin(network.wireless.radio.802-11n[2.4 GHz].
8 Network commands BR7131N>admin(network.wireless.radio.802-11n[2.4 GHz].mesh)> set Defines mesh parameters for the 802.11n (2.4 GHz) radio. Syntax set Enables or disables auto select mesh connections. Example admin(network.wireless.radio.802-11n[2.4 GHz].mesh)>set auto-select enable admin(network.wireless.radio.802-11n[2.4 GHz].
Network commands 8 BR7131N>admin(network.wireless.radio.802-11n[2.4 GHz].mesh)> add Adds a 802.11n (2.4 GHz) radio mesh connection. Syntax add Defines the connection priority (1-16). Sets the access point MAC address. Example admin(network.wireless.radio.802-11n[2.4 GHz].
8 Network commands BR7131N>admin(network.wireless.radio.802-11n[2.4 GHz].mesh)> delete Deletes a 802.11n (2.4 GHz) radio mesh connection by specified index or by removing all entries. Syntax delete Deletes a mesh connection by specified index (1-16). Removes all mesh connections. Example admin(network.wireless.radio.802-11n[2.4 GHz].
Network commands 8 BR7131N>admin(network.wireless.radio.802-11n[5.0 GHz])> Displays a specific 802.11n (5.0 GHz) radio 2 submenu. The items available under this command include: Syntax show Displays 802.11n (5.0 GHz) radio settings set Defines specific 802.11n (5.0 GHz) radio parameters. advanced Displays the Advanced radio settings submenu. mesh Goes to the Mesh Connections submenu. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash.
8 Network commands BR7131N>admin(network.wireless.radio.802-11n[5.0 GHz])> show Displays specific 802.11n (5.0 GHz) radio settings. Syntax show radio Displays specific 802.11n (5.0 GHz) radio settings. rates Displays specific 802.11n (5.0 GHz) radio rate settings. aggr Displays specific 802.11n (5.0 GHz) aggregation settings. qos Displays specific 802.11n (5.0 GHz) radio WMM QoS settings. Example admin(network.wireless.radio.802-11n[5.
Network commands 14 15 Supported Supported 117.0 Mbps 130.0 Mbps 8 243.0 Mbps 270.0 Mbps admin(network.wireless.radio.802-11n[5.0 GHz])> admin(network.wireless.radio.802-11n[5.0 GHz])>show aggr Radio Aggregation Settings Enable Transmit A-MSDU Receive A-MSDU Buffer Limit :enable :3839 bytes Enable Transmit A-MPDU Transmit A-MPDU Size Limit Receive A-MPDU Size Limit Receive A-MPDU Minimum Spacing :enable :65536 bytes :65536 bytes :0 usec admin(network.wireless.radio.802-11n[5.
8 Network commands BR7131N>admin(network.wireless.radio.802-11n[5.0 GHz])> set Defines specific 802.11n (5.0 GHz) radio parameters. Syntax set placement Defines the Brocade Mobility 7131N-FGR Access Point radio placement as indoors or outdoors. ch-mode Determines how the radio channel is selected. channel Defines the actual channel used by the radio. Channel allowed depends on actual country of operation. power Defines the antenna power transmit level. Depends on radio type, channel and country.
Network commands 8 BR7131N>admin(network.wireless.radio.802-11n[5.0 GHz].advanced)> Displays the advanced submenu for the 802.11n (5.0 GHz) radio. The items available under this command include: Syntax show Displays advanced radio settings for the 802.11n (5.0 GHz) radio. set Defines advanced parameters for the 802.11n (5.0 GHz) radio. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI.
8 Network commands BR7131N>admin(network.wireless.radio.802-11n[5.0 GHz].advanced)> show Displays the BSSID to WLAN mapping for the 802.11n (5.0 GHz) radio. Syntax show advanced Displays advanced settings for the 802.11n (5.0 GHz) radio. wlan Displays WLAN summary list for 802.11n (5.0 GHz) radio. Example admin(network.wireless.radio.802-11n[5.0 GHz].
Network commands 8 BR7131N>admin(network.wireless.radio.802-11n[5.0 GHz].advanced)> set Defines advanced parameters for the target 802.11n (5.0 GHz) radio. Syntax set wlan Defines advanced WLAN to BSSID mapping for the target 5.0 GHz radio. bss Sets the BSSID to primary WLAN definition. Example admin(network.wireless.radio.802-11n[5.0 GHz].advanced)>set wlan demoroom 1 admin(network.wireless.radio.802-11n[5.0 GHz].
8 Network commands BR7131N>admin(network.wireless.radio.802-11n[5.0 GHz].mesh)> Displays the mesh configuration submenu for the 802.11n (5.0 GHz) radio. The items available under this command include: Syntax 360 show Displays mesh settings and status for the 802.11n (5.0 GHz) radio. set Defines mesh parameters for the 802.11n (5.0 GHz) radio. add Adds a 802.11n (5.0 GHz) radio mesh connection. delete Deletes a 802.11n (5.0 GHz) radio mesh connection. .. Goes to the parent menu.
Network commands 8 BR7131N>admin(network.wireless.radio.802-11n[5.0 GHz].mesh)> show Displays mesh settings and status for the 802.11n (5.0 GHz) radio. Syntax show config Displays the connection list configuration. status Shows the available mesh connection status. Example admin(network.wireless.radio.802-11n[5.0 GHz].mesh)>show config Mesh Connection Auto Select : enable admin(network.wireless.radio.802-11n[5.0 GHz].
8 Network commands BR7131N>admin(network.wireless.radio.802-11n[5.0 GHz].mesh)> set Defines mesh parameters for the 802.11n (5.0 GHz) radio. Syntax set Enables or disables auto select mesh connections. Example admin(network.wireless.radio.802-11n[5.0 GHz].mesh)>set auto-select enable admin(network.wireless.radio.802-11n[5.0 GHz].
Network commands 8 BR7131N>admin(network.wireless.radio.802-11n[5.0 GHz].mesh)> add Adds a 802.11n (5.0 GHz) radio mesh connection. Syntax add Defines the connection priority (1-16). Sets the access point MAC address. Example admin(network.wireless.radio.802-11n[5.0 GHz].
8 Network commands BR7131N>admin(network.wireless.radio.802-11n[5.0 GHz].mesh)> delete Deletes a 802.11n (5.0 GHz) radio mesh connection by specified index or by removing all entries. Syntax delete Deletes a mesh connection by specified index (1-16). Removes all mesh connections. Example admin(network.wireless.radio.802-11n[5.0 GHz].
Network commands 8 Network Quality of Service (QoS) commands BR7131N>admin(network.wireless.qos)> Displays the Brocade Mobility 7131N-FGR Access Point Quality of Service (QoS) submenu. The items available under this command include: show Displays Brocade Mobility 7131N-FGR Access Point QoS policy information. create Defines the parameters of the QoS policy. edit Edits the settings of an existing QoS policy. delete Removes an existing QoS policy. .. Goes to the parent menu.
8 Network commands BR7131N>admin(network.wireless.qos)> show Displays the Brocade Mobility 7131N-FGR Access Point’s current QoS policy by summary or individual policy. Syntax show summary policy Displays all exisiting QoS policies that have been defined. Displays the configuration for the requested QoS policy. Example admin(network.wireless.
Network commands 8 BR7131N>admin(network.wireless.qos.create)> Defines an Brocade Mobility 7131N-FGR Access Point QoS policy. Syntax show set Displays QoS policy parameters. qos-name Sets the QoS name for the specified index entry. vop Enables or disables support (by index) for legacy VOIP devices. mcast Defines primary and secondary Multicast MAC address. wmm-qos Enables or disables the QoS policy index specified.
8 Network commands BR7131N>admin(network.wireless.qos.edit)> Edits the properties of an existing QoS policy. Syntax show set Displays QoS policy parameters. qos-name Sets the QoS name for the specified index entry. vop Enables or disables support (by index) for legacy VOIP devices. mcast Defines primary and secondary Multicast MAC address. wmm-qos Enables or disables the QoS policy index specified.
Network commands 8 BR7131N>admin(network.wireless.qos)> delete Removes a QoS policy. Syntax delete Deletes the specified QoS polciy index, or all of the policies (except default policy). For information on configuring the WLAN QoS options available to the access point using the applet (GUI), see “Setting the WLAN Quality of Service (QoS) policy” on page 129.
8 Network commands Network rate limiting commands BR7131N>admin(network.wireless.rate-limiting)> Displays the Brocade Mobility 7131N-FGR Access Point Rate Limiting submenu. The items available under this command include: 370 show Displays Rate Limiting information for how data is processed by the Brocade Mobility 7131N-FGR Access Point. set Defines Rate Limiting parameters for the Brocade Mobility 7131N-FGR Access Point. .. Goes to the parent menu. / Goes to the root menu.
Network commands 8 BR7131N>admin(network.wireless.rate-limiting)> show Displays the Brocade Mobility 7131N-FGR Access Point’s current Rate Limiting configuration. Syntax show summary Displays the current Rate Limiting configuration for defined WLANs. wlan Example admin(network.wireless.rate-limiting>show summary Per MU Rate Limiting : disable admin(network.wireless.
8 Network commands BR7131N>admin(network.wireless.rate-limiting)> set Defines the Brocade Mobility 7131N-FGR Access Point Rate Limiting configuration. Syntax set mode Enables or disables Rate Limiting. For information on configuring the Rate Limiting options available to the access point using the applet (GUI), see “Configuring MU rate limiting” on page 151.
Network commands 8 Network Rogue-AP commands BR7131N>admin(network.wireless.rogue-ap)> Displays the Rogue AP submenu. The items available under this command include: show Displays the current Brocade Mobility 7131N-FGR Access Point Rogue AP detection configuration. set Defines the Rogue AP detection method. mu-scan Goes to the Rogue AP mu-uscan submenu. allowed-list Goes to the Rogue AP Allowed List submenu. active-list Goes the Rogue AP Active List submenu.
8 Network commands BR7131N>admin(network.wireless.rogue-ap)> show Displays the current Brocade Mobility 7131N-FGR Access Point Rogue AP detection configuration. Syntax show Displays the current Brocade Mobility 7131N-FGR Access Point Rogue AP detection configuration. Example admin(network.wireless.
Network commands 8 BR7131N>admin(network.wireless.rogue-ap)> set Defines the Brocade Mobility 7131N-FGR Access Point ACL rogue AP method. Syntax se t mu-scan Enables or disables to permit MUs to scan for rogue APs. interval Define an interval for associated MUs to beacon in attempting to locate rogue APs. Value not available unless mu-scan is enabled. on-channel Enables or disables on-channel detection.
8 Network commands BR7131N>admin(network.wireless.rogue-ap.mu-scan)> Displays the Rogue-AP mu-scan submenu. Syntax 376 add Add all or just one scan result to Allowed AP list. show Displays all APs located by the MU scan. start Initiates scan immediately by the MU. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI.
Network commands 8 BR7131N>admin(network.wireless.rogue-ap.mu-scan)> start Initiates an MU scan from a user provided MAC address. Syntax start Initiates MU scan from user provided MAC address. For information on configuring the Rogue AP options available to the access point using the applet (GUI), see “Configuring rogue AP detection” on page 195.
8 Network commands BR7131N>admin(network.wireless.rogue-ap.mu-scan)> show Displays the results of an MU scan. Syntax show Displays all APs located by the MU scan. For information on configuring the Rogue AP options available to the access point using the applet (GUI), see “Configuring rogue AP detection” on page 195.
Network commands 8 BR7131N>admin(network.wireless.rogue-ap.allowed-list)> Displays the Rogue-AP allowed-list submenu. show Displays the rogue AP allowed list add Adds an AP MAC address and ESSID to the allowed list. delete Deletes an entry or all entries from the allowed list. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI.
8 Network commands BR7131N>admin(network.wireless.rogue-ap.allowed-list)> show Displays the Rogue AP allowed List. Syntax show Displays the rogue-AP allowed list. Example admin(network.wireless.rogue-ap.
Network commands 8 BR7131N>admin(network.wireless.rogue-ap.allowed-list)> add Adds an AP MAC address and ESSID to existing allowed list. Syntax add Adds an AP MAC address and ESSID to existing allowed list. “fffffffffffffffff” means any MAC Use a “*” for any ESSID. Example admin(network.wireless.rogue-ap.allowed-list)>add 00A0F83161BB 103 admin(network.wireless.rogue-ap.
8 Network commands BR7131N>admin(network.wireless.rogue-ap.allowed-list)> delete Deletes an AP MAC address and ESSID to existing allowed list. Syntax delete (1-50) Deletes an AP MAC address and ESSID (or all addresses) from the allowed list. For information on configuring the Rogue AP options available to the access point using the applet (GUI), see “Configuring rogue AP detection” on page 195.
Network commands 8 BR7131N>admin(network.wireless.wips)> Displays the WIPS submenu. The items available under this command include: show Displays the current WLAN Intrusion Prevention configuration. set Sets WLAN Intrusion Prevention parameters. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI.
8 Network commands BR7131N>admin(network.wireless.wips)> show Shows the WLAN Intrusion Prevention configuration. Syntax show Displays the WLAN Intrusion Prevention configuration. Example admin(network.wireless.wips>show Warning: This will display secure information, Do you want to continue? (n/y?)y WIPS Server #1 IP Address : 192.168.0.21 WIPS Server #2 IP Address : 10.1.1.1 admin(network.wireless.
Network commands 8 BR7131N>admin(network.wireless.wips)>set Sets the WLAN Intrusion Prevention configuration. Syntax set Defines the WLAN Intrusion Prevention Server IP Address (for server IPs 1 and 2). Example admin(network.wireless.wips)>set server 1 192.168.0.21 admin(network.wireless.
8 Network commands BR7131N>admin(network.wireless.mu-locationing)> Displays the MU Locationing submenu. The items available under this command include: 386 show Displays the current MU Locationing configuration. set Defines MU Locationing parameters. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI.
Network commands 8 BR7131N>admin(network.wireless.mu-locationing)> show Displays the MU probe table configuration Syntax show Displays the MU probe table configuration. Example admin(network.wireless.mu-locationing)>show MU Probe Table Mode MU Probe Table Size : disable : 200 admin(network.wireless.
8 Network commands BR7131N>admin(network.wireless.mu-locationing)> set Defines the MU probe table configuration used for locating MUs. Syntax set Defines the MU probe table configuration. mode Enables/disables a mu probe scan. size Defines the number of MUs in the table (the maximum allowed is 200). Example admin(network.wireless.mu-locationing)>set admin(network.wireless.mu-locationing)>set mode enable admin(network.wireless.mu-locationing)>set size 200 admin(network.wireless.
Network commands 8 Network firewall commands BR7131N>admin(network.firewall)> Displays the Brocade Mobility 7131N-FGR Access Point firewall submenu. The items available under this command include: show Displays the Brocade Mobility 7131N-FGR Access Point’s current firewall configuration. set Defines the Brocade Mobility 7131N-FGR Access Point’s firewall parameters. access Enables/disables firewall permissions through the LAN and WAN ports.
8 Network commands BR7131N>admin(network.firewall)> show Displays the Brocade Mobility 7131N-FGR Access Point firewall parameters. Syntax show Shows all Brocade Mobility 7131N-FGR Access Point firewall settings. Example admin(network.
Network commands 8 BR7131N>admin(network.firewall)> set Defines the Brocade Mobility 7131N-FGR Access Point firewall parameters. Syntax set mode Enables or disables the firewall. nat-timeout Defines the NAT timeout value. syn Enables or disables SYN flood attack check. src Enables or disables source routing check. win Enables or disables Winnuke attack check. ftp Enables or disables FTP bounce attack check.
8 Network commands BR7131N>admin(network.firewall)> access Enables or disables firewall permissions through LAN to WAN ports. Syntax show Displays LAN to WAN access rules. set Sets LAN to WAN access rules. add Adds LAN to WAN exception rules. delete Deletes LAN to WAN access exception rules. list Displays LAN to WAN access exception rules. for the specified LAN. .. Goes to parent menu / Goes to root menu. save Saves configuration to system flash. quit Quits and exits the CLI session.
Network commands 8 BR7131N>admin(network.firewall)> advanced Displays whether an Brocade Mobility 7131N-FGR Access Point firewall rule is intended for inbound traffic to an interface or outbound traffic from that interface.. Syntax show Shows advanced subnet access parameters. set Sets advanced subnet access parameters. import Imports rules from subnet access. inbound Goes to the Inbound Firewall Rules submenu. outbound Goes to the Outbound Firewall Rules submenu. .. Goes to the parent menu.
8 Network commands Network router commands BR7131N>admin(network.router)> Displays the router submenu. The items available under this command are: 394 show Displays the existing Brocade Mobility 7131N-FGR Access Point router configuration. set Sets the RIP parameters. add Adds user-defined routes. delete Deletes user-defined routes. list Lists user-defined routes. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI.
Network commands 8 BR7131N>admin(network.router)> show Shows the access point route table. Syntax show Shows the access point route table. Example admin(network.router)>show routes ---------------------------------------------------------------------------index destination netmask gateway interface metric ---------------------------------------------------------------------------1 192.168.2.0 255.255.255.0 0.0.0.0 lan1 0 2 192.168.1.0 255.255.255.0 0.0.0.0 lan2 0 3 192.168.0.0 255.255.255.0 0.0.0.
8 Network commands BR7131N>admin(network.router)> set Shows the access point route table. Syntax set auth Sets the RIP authentication type (none, simple or MD5). dir Sets RIP direction (rx, tx or both) id Sets MD5 authetication ID (1-256) for specific index (1-2). key Sets MD5 authetication key (up to 16 characters) for specified inded (1-2). passwd Sets the password (up to 16 characters) for simple authentication. type Defines the RIP type (off, ripv1, ripv2, or ripv1v2).
Network commands 8 BR7131N>admin(network.router)> add Adds user-defined routes. Syntax ad d Adds a route with destination IP address , IP netmask , destination gateway IP address , interface LAN1, LAN2 or WAN , and metric set to (1-65536). Example admin(network.router)>add 192.168.3.0 255.255.255.0 192.168.2.1 LAN1 1 admin(network.
8 Network commands BR7131N>admin(network.router)> delete Deletes user-defined routes. Syntax delete Deletes the user-defined route (1-20) from list. all Deletes all user-defined routes. Example admin(network.router)>list ---------------------------------------------------------------------------index destination netmask gateway interface metric ---------------------------------------------------------------------------1 192.168.2.0 255.255.255.0 192.168.0.1 lan1 1 2 192.168.1.0 255.255.
Network commands 8 BR7131N>admin(network.router)> list Lists user-defined routes. Syntax list Displays a list of user-defined routes. Example admin(network.router)>list ---------------------------------------------------------------------------index destination netmask gateway interface metric ---------------------------------------------------------------------------1 192.168.2.0 255.255.255.0 192.168.0.1 lan1 1 2 192.168.1.0 255.255.255.0 0.0.0.0 lan2 0 3 192.168.0.0 255.255.255.0 0.0.0.
8 System commands System commands BR7131N>admin(system)> Displays the System submenu. The items available under this command are shown below. 400 restart Restarts the Brocade Mobility 7131N-FGR Access Point. show Shows Brocade Mobility 7131N-FGR Access Point system parameter settings. set Defines Brocade Mobility 7131N-FGR Access Point system parameter settings. lastpw Displays last debug password. exec Goes to a Linux command menu. arp Dispalys the access point’s arp table.
System commands 8 BR7131N>admin(system)>restart Restarts the Brocade Mobility 7131N-FGR Access Point access point. Syntax restart Restarts the Brocade Mobility 7131N-FGR Access Point. Example admin(system)>restart ********************************WARNING*********************************** ** Unsaved configuration changes will be lost when the access point is reset. ** Please be sure to save changes before resetting.
8 System commands BR7131N>admin(system)>show Displays high-level system information helpful to differentiate this access point. Syntax show Displays Brocade Mobility 7131N-FGR Access Point system information. Example admin(system)>show system name system location admin email address system uptime : : : : AP-7131N Atlanta Field Office johndoe@mycompany.com 0 days 4 hours 41 minutes AP-7131N firmware version country code ap-mode serial number : 4.0.0.
System commands 8 BR7131N>admin(system)>set Sets Brocade Mobility 7131N-FGR Access Point system parameters. Syntax set name Sets the Brocade Mobility 7131N-FGR Access Point system name to (1 to 59 characters). The access point does not allow intermediate space characters between characters within the system name. For example, “BR7131N sales” must be changed to “BR7131Nsales” to be a valid system name.
8 System commands BR7131N>admin(system)>lastpw Displays last expired debug password.
System commands 8 BR7131N>admin(system)>arp Dispalys the access point’s arp table. Example admin(system)>arp IP Address HWtype HWaddress Flags Mask 157.235.92.210 157.235.92.179 157.235.92.248 157.235.92.180 157.235.92.3 157.235.92.181 157.235.92.80 157.235.92.95 157.235.92.161 157.235.92.
8 System commands Power setup commands BR7131N>admin(system)>power-setup Displays the Power Setup submenu. show Displays the current power setting configuration. set Defines the access point’s power setting configuration. .. Goes to the parent menu. / Goes to the root menu. save Saves the current configuration to the Brocade Mobility 7131N-FGR Access Point system flash. quit Quits the CLI and exits the current session.
System commands 8 BR7131N>admin(system.power-setup)>show Displays the access point’s current power configuration. Syntax show Displays the access point’s current power configuration. Example admin(system.power-setup)>show Power Mode Power Status 3af Power Option 3at Power Option Default Radio : : : : : 3af Mid Power option default Radio2 admin(system.power-setup)> For information on configuring power settings using the applet (GUI), see “Configuring power settings” on page 59.
8 System commands BR7131N>admin(system.power-setup)>set Sets Brocade Mobility 7131N-FGR Access Point’s power consumption configuration. Syntax set mode Sets the power mode to either Auto or 3af. power-option Defines the power option. def-radio Defines the radio receiving access port resource priority (1-Radio1, 2-Radio2). admin(system.power-setup)>set mode Auto admin(system.power-setup)>set power-option 3af option admin(system.
System commands 8 Adaptive AP setup commands BR7131N>admin(system)>aap-setup Displays the Adaptive AP submenu. show Displays Adaptive AP information. set Defines the Adaptive AP configuration. delete Deletes static switch address assignments. .. Goes to the parent menu. / Goes to the root menu. save Saves the current configuration to the Brocade Mobility 7131N-FGR Access Point system flash. quit Quits the CLI and exits the current session.
8 System commands BR7131N>admin(system.aap-setup)>show Displays the access point’s Adaptive AP configuration. Syntax show Displays the access point’s Adaptive AP configuration. Example admin(system.
System commands 8 BR7131N>admin(system.aap-setup)>set Sets Brocade Mobility 7131N-FGR Access Point’s Adaptive AP configuration. Syntax set auto-discovery Sets the switch auto-discovery mode (enable/disable). ipadr Defines the switch IP address used. name Defines the switch name for DNS lookups (up to 127 characters). port Sets the port. passphrase Defines the pass phrase or key for switch connection. tunnel-to-switch Enables/disables the tunnel between switch and access point.
8 System commands BR7131N>admin(system.aap-setup)>delete Deletes static switch address assignments. Syntax delete Deletes static switch address assignments by selected index. Deletes all assignments. Example admin(system.aap-setup)>delete 1 admin(system.aap-setup)> For information on configuring Adaptive AP using the applet (GUI), see “Adaptive AP setup” on page 63. For an overview of adaptive AP functionality and its implications, see “Adaptive AP” on page 545.
System commands 8 System access commands BR7131N>admin(system)>access Displays the access point access submenu. show Displays Brocade Mobility 7131N-FGR Access Point system access capabilities. set Goes to the Brocade Mobility 7131N-FGR Access Point system access submenu. .. Goes to the parent menu. / Goes to the root menu. save Saves the current configuration to the Brocade Mobility 7131N-FGR Access Point system flash. quit Quits the CLI and exits the current session.
8 System commands BR7131N>admin(system.access)>set Defines the permissions to access the Brocade Mobility 7131N-FGR Access Point applet, CLI, SNMP as well as defining their timeout values. Syntax set applet app-timeout Defines the applet HTTP/HTTPS access parameters. ssh Sets the applet timeout. Default is 300 Mins. Sets the CLI SSH access parameters. auth-timout Disables the radio interface if no data activity is detected after the interval defined. Default is 120 seconds.
System commands 8 BR7131N>admin(system.access)>show Displays the current Brocade Mobility 7131N-FGR Access Point access permissions and timeout values. Syntax show Shows all of the current system access settings for the Brocade Mobility 7131N-FGR Access Point.. Example admin(system.
8 System commands System Certificate Management commands BR7131N>admin(system)>cmgr Displays the Certificate Manager submenu. The items available under this command include: 416 genreq Generates a Certificate Request. delself Deletes a Self Certificate. loadself Loads a Self Certificate signed by CA. listself Lists the self certificate loaded. loadca Loads trusted certificate from CA. delca Deletes the trusted certificate. listca Lists the trusted certificate loaded.
System commands 8 BR7131N>admin(system.cmgr)> genreq Generates a certificate request. Syntax genre q [-ou ] [-on ] [-cn ] [-st ] ... ...
8 System commands BR7131N>admin(system.cmgr)> delself Deletes a self certificate. Syntax delself Deletes the self certificate named . Example admin(system.cmgr)>delself MyCert2 For information on configuring self certificate settings using the applet (GUI), see “Creating self certificates for accessing the VPN” on page 70.
System commands 8 BR7131N>admin(system.cmgr)> loadself Loads a self certificate signed by the Certificate Authority. Syntax loadself Load the self certificate signed by the CA with name . For information on configuring self certificate settings using the applet (GUI), see “Creating self certificates for accessing the VPN” on page 70.
8 System commands BR7131N>admin(system.cmgr)> listself Lists the loaded self certificates. Syntax listself Lists all self certificates that are loaded. For information on configuring self certificate settings using the applet (GUI), see “Creating self certificates for accessing the VPN” on page 70.
System commands 8 BR7131N>admin(system.cmgr)> loadca Loads a trusted certificate from the Certificate Authority. Syntax loadca Loads the trusted certificate (in PEM format only) that is pasted into the command line. For information on configuring certificate settings using the applet (GUI), see “Importing a CA certificate” on page 69.
8 System commands BR7131N>admin(system.cmgr)> delca Deletes a trusted certificate. Syntax delca Deletes the trusted certificate. For information on configuring certificate settings using the applet (GUI), see “Importing a CA certificate” on page 69.
System commands 8 BR7131N>admin(system.cmgr)> listca Lists the loaded trusted certificate. Syntax listca Lists the loaded trusted certificates. For information on configuring certificate settings using the applet (GUI), see “Importing a CA certificate” on page 69.
8 System commands BR7131N>admin(system.cmgr)> showreq Displays a certificate request in PEM format. Syntax showreq Displays a certificate request named generated from the genreq command. For information on configuring certificate settings using the applet (GUI), see “Importing a CA certificate” on page 69.
System commands 8 BR7131N>admin(system.cmgr)> delprivkey Deletes a private key. Syntax delprivkey Deletes private key named . For information on configuring certificate settings using the applet (GUI), see “Creating self certificates for accessing the VPN” on page 70.
8 System commands BR7131N>admin(system.cmgr)> listprivkey Lists the names of private keys. Syntax listprivkey Lists all private keys and displays their certificate associations. For information on configuring certificate settings using the applet (GUI), see “Importing a CA certificate” on page 69.
System commands 8 BR7131N>admin(system.cmgr)> expcert Exports the certificate file to a user defined location. Syntax expcert Exports the access point’s CA or Self certificate file. To export certificate information from a Brocade Mobility 7131N-FGR Access Point: admin(system.cmgr)>expcert ? : : : : type: sftp file name: Certificate file name Server options for this file are the same as that for the configuration file admin(system.cmgr)>expcert sftp AP-71x1certs.
8 System commands BR7131N>admin(system.cmgr)> impcert Imports the target certificate file. Syntax impcert Imports the target certificate file. To import certificate information from a Brocade Mobility 7131N-FGR Access Point: admin(system.cmgr)>impcert ? : : : : type: sftp file name: Certificate file name Server options for this file are the same as that for the configuration file admin(system.cmgr)>impcert sftp AP-7131Ncerts.
System commands 8 System SNMP commands BR7131N>admin(system)> snmp Displays the SNMP submenu. The items available under this command are shown below. access Goes to the SNMP access submenu. traps Goes to the SNMP traps submenu. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI.
8 System commands System SNMP access commands BR7131N>admin(system.snmp.access) Displays the SNMP Access menu. The items available under this command are shown below. 430 show Shows SNMP v3 engine ID. add Adds SNMP access entries. delete Deletes SNMP access entries. list Lists SNMP access entries. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI.
System commands 8 BR7131N>admin(system.snmp.access)> show Shows the SNMP v3 engine ID. Syntax show eid Shows the SNMP v3 Engine ID. Example admin(system.snmp.access)>show eid AP-7131N snmp v3 engine id : 000001846B8B4567F871AC68 admin(system.snmp.access)> For information on configuring SNMP access settings using the applet (GUI), see “Configuring SNMP access control” on page 80.
8 System commands BR7131N>admin(system.snmp.access)> add Adds SNMP access entries for specific v1v2 and v3 user definitions. Syntax ad d acl v1v2c Adds an entry to the SNMP access control list with as the starting IP address and and as the ending IP address. > : comm - community string 1 to 31 characters : access - read/write access - (ro,rw) : oid - string 1 to 127 chars - E.g. 1.3.6.
System commands 8 BR7131N>admin(system.snmp.access)> delete Deletes SNMP access entries for specific v1v2 and v3 user definitions. Syntax delete acl v1v2c v3 Deletes entry (1-10) from the access control list. all Deletes all entries from the access control list. Deletes entry (1-10) from the v1/v2 configuration list. all Deletes all entries from the v1/v2 configuration list. Deletes entry (1-10) from the v3 user definition list.
8 System commands BR7131N>admin(system.snmp.access)> list Lists SNMP access entries. Syntax list acl Lists SNMP access control list entries. v1v2c v3 Lists SNMP v1/v2c configuration. Lists SNMP v3 user definition by index (1-10). all Lists all SNMP v3 user definitions. Example admin(system.snmp.access)>list acl ---------------------------------------------------------------index start ip end ip ---------------------------------------------------------------1 209.236.24.1 209.236.24.
System commands 8 System SNMP traps commands BR7131N>admin(system.snmp.traps) Displays the SNMP traps submenu. The items available under this command are shown below. show Shows SNMP trap parameters. set Sets SNMP trap parameters. add Adds SNMP trap entries. delete Deletes SNMP trap entries. list Lists SNMP trap entries. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI.
8 System commands BR7131N>admin(system.snmp.traps)> show Shows SNMP trap parameters. Syntax show trap Shows SNMP trap parameter settings. rate-trap Shows SNMP rate-trap parameter settings. Example admin(system.snmp.
System commands 8 BR7131N>admin(system.snmp.traps)> set Sets SNMP trap parameters. Syntax set mu-assoc enable/disable Enables/disables the MU associated trap. mu-unassoc enable/disable Enables/disables the MU unassociated trap. mu-deny-assoc enable/disable Enables/disables the MU association denied trap. mu-deny-auth enable/disable Enables/disables the MU authentication denied trap. snmp-auth enable/disable Enables/disables the authentication failure trap.
8 System commands BR7131N>admin(system.snmp.traps)> add Adds SNMP trap entries. Syntax ad d v1v 2 Adds an entry to the SNMP v1/v2 access list with the destination IP address set to , the destination UDP port set to , the community string set to (1 to 31 characters), and the SNMP version set to .
System commands 8 BR7131N>admin(system.snmp.traps)> delete Deletes SNMP trap entries. Syntax delete v1v2c v3 Deletes entry from the v1v2c access control list. all Deletes all entries from the v1v2c access control list. Deletes entry from the v3 access control list. all Deletes all entries from the v3 access control list. Example admin(system.snmp.
8 System commands BR7131N>admin(system.snmp.traps)> list Lists SNMP trap entries. Syntax list v1v2c v3 Lists SNMP v1/v2c access entries. Lists SNMP v3 access entry . all Lists all SNMP v3 access entries. Example admin(system.snmp.traps)>add v1v2 203.223.24.2 162 mycomm v1 admin(system.snmp.
System commands 8 System user database commands BR7131N>admin(system)> userdb Goes to the user database submenu. Syntax user Goes to the user submenu. group Goes to the group submenu. save Saves the configuration to system flash. .. Goes to the parent menu. / Goes to the root menu. For information on configuring User Database permissions using the applet (GUI), see “Defining user access permissions by group” on page 211.
8 System commands Adding and removing users from the user databse BR7131N>admin(system.userdb)> user Adds and remvoves users from the user database and defines user passwords. Syntax add Adds a new user. delete Deletes a new user. clearall Removes all existing user IDs from the system. set Sets a password for a user. show Displays the current user database configuration. save Saves the configuration to system flash. .. Goes to the parent menu. / Goes to the root menu.
System commands 8 BR7131N>admin(system.userdb.user)> add Adds a new user to the user database. Syntax add Adds a new user ID and password string (8-19 characters) to the user database. Example admin(system.userdb.user>add george password admin(system.userdb.user> For information on configuring User Database permissions using the applet (GUI), see “Defining user access permissions by group” on page 211.
8 System commands BR7131N>admin(system.userdb.user)> delete Removes a new user to the user database. Syntax delete Removes a user ID and password string from the user database. Example admin(system.userdb.user>delete george admin(system.userdb.user> For information on configuring User Database permissions using the applet (GUI), see “Defining user access permissions by group” on page 211.
System commands 8 BR7131N>admin(system.userdb.user)>clearall Removes all existing user IDs from the system. Syntax clearall Removes all existing user IDs from the system. Example admin(system.userdb.user>clearall admin(system.userdb.user> For information on configuring User Database permissions using the applet (GUI), see “Defining user access permissions by group” on page 211.
8 System commands BR7131N>admin(system.userdb.user)>set Sets a password for a user. Syntax set Sets user and password string (8-19 characters) for a specific user. Example admin(system.userdb.user>set george password admin(system.userdb.user> For information on configuring User Database permissions using the applet (GUI), see “Defining user access permissions by group” on page 211.
System commands 8 Adding and removing groups from the user database BR7131N>admin(system.userdb)> group Adds and remvoves groups from the user database. Syntax create Creates a group name. delete Deletes a group name. clearall Removes all existing group names from the system. add Adds a user to an existing group. remove Removes a user from an existing group. show Displays existing groups. save Saves the configuration to system flash. .. Goes to the parent menu. / Moves back to root menu.
8 System commands BR7131N>admin(system.userdb.group> create Creates a group name. Once defined, users can be added to the group. Syntax create Creates a group name string. Once defined, users can be added to the group. Example admin(system.userdb.group>create 2 admin(system.userdb.group> For information on configuring User Database permissions using the applet (GUI), see “Defining user access permissions by group” on page 211.
System commands 8 BR7131N>admin(system.userdb.group> delete Deletes an existing group. Syntax delete Deletes an existing group name string. Example admin(system.userdb.group>delete 2 admin(system.userdb.group> For information on configuring User Database permissions using the applet (GUI), see “Defining user access permissions by group” on page 211.
8 System commands BR7131N>admin(system.userdb.group> clearall Removes all existing group names from the system. Syntax clearall Removes all existing group names from the system. Example admin(system.userdb.group>clearall admin(system.userdb.group> For information on configuring User Database permissions using the applet (GUI), see “Defining user access permissions by group” on page 211.
System commands 8 BR7131N>admin(system.userdb.group> add Adds a user to an existing group. Syntax add Adds a user to an existing group . Example admin(system.userdb.group>add lucy group x admin(system.userdb.group> For information on configuring User Database permissions using the applet (GUI), see “Defining user access permissions by group” on page 211.
8 System commands BR7131N>admin(system.userdb.group> remove Removes a user from an existing group. Syntax remove Removes a user from an existing group . Example admin(system.userdb.group>remove lucy group x admin(system.userdb.
System commands 8 BR7131N>admin(system.userdb.group> show Displays existing groups. Syntax show Displays existing groups and users, users Displays configured user IDs for a group. groups Displays configured groups. Example admin(system.userdb.group>show groups Warning: This will display secure information, Do you want to continue? (n/y?)y List of Group Names : engineering : marketing : demo room admin(system.userdb.
8 System commands System Radius commands BR7131N>admin(system)> radius Goes to the Radius system submenu. Syntax eap Goes to the EAP submenu. policy Goes to the access policy submenu. ldap Goes to the LDAP submenu. proxy Goes to the proxy submenu. client Goes to the client submenu. set Sets Radius parameters. show Displays Radius parameters. save Saves the configuration to system flash. quit Quits the CLI. .. Goes to the parent menu. / Goes to the root menu.
System commands 8 BR7131N>admin(system.radius)> set/show Syntax set Sets the Radius user database. show all Displays the Radius user database. Example admin(system.radius)>set database local admin(system.radius)>show all Database : local admin(system.radius)> For information on configuring Radius using the applet (GUI), see “Configuring user authentication” on page 201.
8 System commands 8.4.6.1 BR7131N>admin(system.radius)> eap Goes to the EAP submenu. Syntax peap Goes to the Peap submenu. ttls Goes to the TTLS submenu. import Imports the requested EAP certificates. set Defines EAP parameters. show Displays the EAP configuration. save Saves the configuration to system flash. quit Quits the CLI. .. Goes to the parent menu. / Goes to the root menu.
System commands 8 BR7131N>admin(system.radius.eap)> peap Goes to the Peap submenu. Syntax set Defines Peap parameters. show Displays the Peap configuration. save Saves the configuration to system flash. quit Quits the CLI. .. Goes to the parent menu. / Goes to the root menu. For information on configuring PEAP Radius using the applet (GUI), see “Configuring user authentication” on page 201.
8 System commands BR7131N>admin(system.radius.eap.peap> set/show Defines and displays Peap parameters Syntax set Sets the Peap authentication . show Displays the Peap authentication type. Example admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.peap)>show PEAP Auth Type : gtc For information on configuring EAP PEAP Radius values using the applet (GUI), see “Configuring user authentication” on page 201.
System commands 8 BR7131N>admin(system.radius.eap)> ttls Goes to the TTLS submenu. Syntax set Defines TTLS parameters. show Displays the TTLS configuration. save Saves the configuration to system flash. quit Quits the CLI. .. Goes to the parent menu. / Goes to the root menu. For information on configuring EAP TTLS Radius values using the applet (GUI), see “Configuring user authentication” on page 201.
8 System commands BR7131N>admin(system.radius.eap.ttls> set/show Defines and displays TTLS parameters Syntax set Sets the default TTLS authentication . show Displays the TTLS authentication . Example admin(system.radius.eap.ttls)>set auth pap admin(system.radius.eap.ttls)>show TTLS Auth Type : pap For information on configuring EAP TTLS Radius values using the applet (GUI), see “Configuring user authentication” on page 201.
System commands 8 8.4.6.2 BR7131N>admin(system.radius)> policy Goes to the access policy submenu. Syntax set Sets a group’s WLAN access policy. access-tim e Goes to the time based login submenu. show Displays the group’s access policy. save Saves the configuration to system flash. quit Quits the CLI. .. Goes to the parent menu. / Goes to the root menu. For information on configuring Radius access policies using the applet (GUI), see “Configuring user authentication” on page 201.
8 System commands BR7131N>admin(system.radius.policy> set Defines the group’s WLAN access policy. Syntax set Defines the group’s WLAN access policy (defined as a string) Example admin(system.radius.policy)>set engineering 16 admin(system.radius.policy)> For information on configuring Radius WLAN policy values using the applet (GUI), see “Configuring user authentication” on page 201.
System commands 8 BR7131N>admin(system.radius.policy> access-time Goes to the time-based login submenu. Syntax set Defines a target group’s access time permissions. Access time is in DayDDDD-DDDD format. show Displays the group’s access time rule. save Saves the configuration to system flash. quit Quits the CLI. .. Goes to the parent menu. / Goes to the root menu. Example admin(system.radius.policy.
8 System commands BR7131N>admin(system.radius.policy> show Displays a group’s access policy. Syntax show Displays a group’s access policy. Example admin(system.radius.policy)>show Warning: This will display secure information, Do you want to continue? (n/y?)y List of Access Policies engineering marketing demo room test demo : : : : 16 10 3 No Wlans admin(system.radius.
System commands 8 8.4.6.3 BR7131N>admin(system.radius)> ldap Goes to the LDAP submenu. Syntax set Defines the LDAP parameters. show all Displays existing LDAP parameters. save Saves the configuration to system flash. quit Quits the CLI. .. Goes to the parent menu. / Goes to the root menu. For information on configuring a Radius LDAP server using the applet (GUI), see “Configuring LDAP authentication” on page 204.
8 System commands BR7131N>admin(system.radius.ldap)> set Defines the LDAP parameters. Syntax set Defines the LDAP parameters. ipadr Sets LDAP IP address. binddn Sets LDAP bind distinguished name. basedn Sets LDAP base distinguished name. passwd Sets LDAP server password. login Sets LDAP login attribute. pass_attr Sets LDAP password attribute. groupname Sets LDAP group name attribute. filter Sets LDAP group membership filter. membership Sets LDAP group membership attribute.
System commands 8 BR7131N>admin(system.radius.ldap)> show all Displays existing LDAP parameters. Syntax show all Displays existing LDAP parameters. Example admin(system.radius.ldap)>show all Warning: This will display secure information, Do you want to continue? (n/y?)y LDAP Server IP : 0.0.0.
8 System commands 8.4.6.4 BR7131N>admin(system.radius)> proxy Goes to the Radius proxy server submenu. Syntax add Adds a proxy realm. delete Deletes a proxy realm. clearall Removes all proxy server records. set Sets proxy server parameters. show Displays current Radius proxy server parameters. save Saves the configuration to system flash. quit Quits the CLI. .. Goes to the parent menu. / Goes to the root menu.
System commands 8 BR7131N>admin(system.radius.proxy)> add Adds a proxy. Syntax add Adds a proxy realm. name Realm name. ip1 Authentication server IP address. sec Shared secret password. Example admin(system.radius.proxy)>add lancelot 157.235.241.22 1812 muddy admin(system.radius.proxy)> For information on configuring Radius proxy server values using the applet (GUI), see “Configuring a proxy Radius Server” on page 206.
8 System commands BR7131N>admin(system.radius.proxy)> delete Adds a proxy. Syntax delete Deletes a realm name. Example admin(system.radius.proxy)>delete lancelot admin(system.radius.proxy)> For information on configuring Radius proxy server values using the applet (GUI), see “Configuring LDAP authentication” on page 204.
System commands 8 BR7131N>admin(system.radius.proxy)> clearall Removes all proxy server records from the system. Syntax clearall Removes all proxy server records from the system. Example admin(system.radius.proxy)>clearall admin(system.radius.proxy)> For information on configuring Radius proxy server values using the applet (GUI), see “Configuring a proxy Radius Server” on page 206.
8 System commands BR7131N>admin(system.radius.proxy)> set Sets Radius proxy server parameters. Syntax set Sets Radius proxy server parameters. delay Defines retry delay time (in seconds) for the proxy server. count Defines retry count value for the proxy server. Example admin(system.radius.proxy)>set delay 10 admin(system.radius.proxy)>set count 5 admin(system.radius.
System commands 8 8.4.6.5 BR7131N>admin(system.radius)> client Goes to the Radius client submenu. Syntax add Adds a Radius client to list of available clients. delete Deletes a Radius client from list of available clients. show Displays a list of configured clients. save Saves the configuration to system flash. quit Quits the CLI. .. Goes to the parent menu. / Goes to the root menu.
8 System commands BR7131N>admin(system.radius.client> add Adds a Radius client to those available to the Radius server. Syntax add Adds a proxy. ip Client’s IP address. mask Network mask address of the client. secret Shared secret password. Example admin(system.radius.client)>add 157.235.132.11 255.255.255.225 muddy admin(system.radius.client)> For information on configuring Radius client values using the applet (GUI), see “Configuring the Radius Server” on page 202.
System commands 8 BR7131N>admin(system.radius.client> delete Removes a specified Radius client from those available to the Radius server. Syntax delete ip Removes a specified Radius client from those available to the Radius server Example admin(system.radius.client)>delete 157.235.132.11 admin(system.radius.client)> For information on configuring Radius client values using the applet (GUI), see “Configuring the Radius Server” on page 202.
8 System commands BR7131N>admin(system.radius.client> show Displays a list of configured Radius clients. Syntax show Removes a specified Radius client from those available to the Radius server. Example admin(system.radius.client)>show Warning: This will display secure information, Do you want to continue? (n/y?)y ---------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret ---------------------------------------------------------------------------1 157.
System commands 8 System Network Time Protocol (NTP) commands BR7131N>admin(system)> ntp Displays the NTP menu. The correct network time is required for numerous functions to be configured accurately on the Brocade Mobility 7131N-FGR Access Point. Syntax show Shows NTP parameters settings. date-zone Show date, time and time zone. zone-list Displays list of time zones. set Sets NTP parameters. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash.
8 System commands BR7131N>admin(system.ntp)> show Displays the NTP server configuration. Syntax show Shows all NTP server settings. Example admin(system.ntp)>show current time (UTC) : 2006-07-31 14:35:20 Time Zone: ntp mode preferred Time server ip preferred Time server port first alternate server ip first alternate server port second alternate server ip second alternate server port synchronization interval : : : : : : : : enable 203.21.37.18 123 203.21.37.19 123 0.0.0.
System commands 8 BR7131N>admin(system.ntp)> date-zone Show date, time and time zone. Syntax date-zone Show date, time and time zone. Example admin(system.ntp)>date-zone Date/Time : Sat 1970-Jan-03 20:06:22 +0000 UTC Time Zone : UTC For information on configuring NTP using the applet (GUI), see “Configuring Network Time Protocol (NTP)” on page 88.
8 System commands BR7131N>admin(system.ntp)> zone-list Displays an extensive list of time zones for countries around the world. Syntax zone-list Displays list of time zone indexes for every known zone. Example admin(system.ntp)> zone-list For information on configuring NTP using the applet (GUI), see “Configuring Network Time Protocol (NTP)” on page 88.
System commands 8 BR7131N>admin(system.ntp)> set Sets NTP parameters for Brocade Mobility 7131N-FGR Access Point clock synchronization. Syntax set mode Enables or disables NTP. server Sets the NTP sever IP address. intrvl Defines the clock synchronization interval used between the Brocade Mobility 7131N-FGR Access Point and the NTP server in minutes (15 65535). time
8 System commands System Log commands BR7131N>admin(system)> logs Displays the Brocade Mobility 7131N-FGR Access Point log submenu. Logging options include: Syntax 482 show Shows logging options. set Sets log options and parameters. view Views system log. delete Deletes the system log. .. Goes to the parent menu. / Goes to the root menu. save Saves configuration to system flash. quit Quits the CLI.
System commands 8 BR7131N>admin(system.logs)> show Displays the current Brocade Mobility 7131N-FGR Access Point logging settings. Syntax show Displays the current access point logging configuration. Example admin(system.logs)>show log level syslog server logging syslog server ip address : L6 Info : enable : 192.168.0.102 For information on configuring logging settings using the applet (GUI), see “Logging configuration” on page 90.
8 System commands BR7131N>admin(system.logs)> set Sets log options and parameters. Syntax set level Sets the level of the events that will be logged. All events with a level at or above (L0-L7) will be saved to the system log. L0:Emergency L1:Alert L2:Critical L3:Errors L4:Warning L5:Notice L6:Info (default setting) L7:Debug mode Enables or disables syslog server logging. ipadr Sets the external syslog server IP address to (a.b.c.d). admin(system.
System commands 8 >admin(system.logs)> view Displays the Brocade Mobility 7131N-FGR Access Point system log file. Syntax view Displays the entire Brocade Mobility 7131N-FGR Access Point system log file. Example admin(system.logs)>view Warning: This will display secure information, Do you want to continue? (n/y?)y Jan 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception).
8 System commands BR7131N>admin(system.logs)> delete Deletes the log files. Syntax delete Deletes the Brocade Mobility 7131N-FGR Access Point system log file. Example admin(system.logs)>delete For information on configuring logging settings using the applet (GUI), see “Logging configuration” on page 90.
System commands 8 System configuration-update commands BR7131N>admin(system.config)> Displays the Brocade Mobility 7131N-FGR Access Point configuration update submenu. Syntax default Restores the default Brocade Mobility 7131N-FGR Access Point configuration. partial Restores a partial default Brocade Mobility 7131N-FGR Access Point configuration. show Shows import/export parameters. set Sets import/export Brocade Mobility 7131N-FGR Access Point configuration parameters.
8 System commands BR7131N>admin(system.config)> default Restores the full Brocade Mobility 7131N-FGR Access Point factory default configuration. Syntax default Restores the Brocade Mobility 7131N-FGR Access Point to the original (factory) configuration. Example admin(system.config)>default Are you sure you want to default the configuration? : For information on importing/exporting access point configurations using the applet (GUI), see “Importing/exporting configurations” on page 92.
System commands 8 BR7131N>admin(system.config)> partial Restores a partial factory default configuration. The Brocade Mobility 7131N-FGR Access Point’s LAN, WAN and SNMP settings are uneffected by the partial restore. Syntax default Restores a partial access point configuration. Example admin(system.
8 System commands BR7131N>admin(system.config)> show Displays import/export parameters for the Brocade Mobility 7131N-FGR Access Point configuration file. Syntax show Shows all import/export parameters. Example admin(system.config)>show Warning: This will display secure information, Do you want to continue? (n/y?)y cfg filename cfg filepath sftp server ip address sftp user name : cfg.txt : : 192.268.0.
System commands 8 BR7131N>admin(system.config)> set Sets the import/export parameters. Syntax set file Sets the configuration file name (1 to 39 characters in length). path Defines the path used for the configuration file upload. server Sets the SFTP server IP address. user Sets the SFTP user name (1 to 39 characters in length). Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.
8 System commands BR7131N>admin(system.config)> export Exports the configuration from the system. Syntax export sftp Exports the Brocade Mobility 7131N-FGR Access Point configuration to the SFTP server. Use the set command to set the server, user, password, and file name before using this command. Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set file config.txt admin(system.
System commands 8 BR7131N>admin(system.config)> import Imports the Brocade Mobility 7131N-FGR Access Point configuration to the access point. Errors could display as a result of invaid configuration parameters. Correct the sepcified lines and import the file again until the import operation is error free. Syntax import sftp Imports the Brocade Mobility 7131N-FGR Access Point configuration file from the SFTP server. Use the set command to set the server, user, password, and file. Example admin(system.
8 System commands BR7131N>admin(system.config)>transfer_keys Exports SSH keys in order to turn off interactive mode. Syntax transfer_keys Exports SSH keys in order to turn off interactive mode.xx Example admin(system.config>transfer_keys Transfer of ssh public key in progress ssh: cxonnexct to host 157.235.112.21 port 22: Done. admin(system.
System commands 8 Firmware update commands BR7131N>admin(system)>fw-update Displays the firmware update submenu. The items available under this command are shown below. NOTE The access point must complete the reboot process to successfully update the device firmware, regardless of whether the reboot is conducted uing the GUI or CLI interfaces. show Displays the current Brocade Mobility 7131N-FGR Access Point firmware update settings.
8 System commands BR7131N>admin(system.fw-update)>show Displays the current Brocade Mobility 7131N-FGR Access Point firmware update settings. Syntax show Shows the current system firmware update settings for the Brocade Mobility 7131N-FGR Access Point. Example admin(system.fw-update)>show Warning: This will display secure information, Do you want to continue? (n/y?)y firmware filename firmware path sftp server ip address sftp user name : : : : apn.bin /sftpboot/ 168.197.2.
System commands 8 BR7131N>admin(system.fw-update)>set Defines Brocade Mobility 7131N-FGR Access Point firmware update settings and user permissions. Syntax se t file Defines the firmware file name (1 to 39 characters). path Specifies a path for the file (1 to 39 characters).. server The IP address for the SFTP server used for the firmware and/or config file update. user Specifies a username for SFTP server login (1 to 39 characters).. admin(system.
8 System commands BR7131N>admin(system.fw-update)>update Executes the Brocade Mobility 7131N-FGR Access Point firmware update over the WAN or LAN port using SFTP. Syntax update Defines the sftp mode used to conduct the firmware update. Specifies whether the update is executed over the Brocade Mobility 7131N-FGR Access Point’s WAN, LAN1 or LAN2 interface .
System commands 8 FIPS test commands BR7131N>admin(system)>fips-test Displays the fips-test submenu. The items available under this command are shown below. testccmp Performs ccmp self test. zeroisekeys Zeroization of critical security parameters. showlog Displays the PoST Log File success or error status. .. Goes to the parent menu. / Goes to the root menu. save Saves the current configuration to the Brocade Mobility 7131N-FGR Access Point system flash.
8 System commands BR7131N>admin(system.fips-test)>testccmp Execute this command to perform a ccmp self test. Syntax testccmp Conducts a ccmp self test. admin(system.fips-test)>testccmp CCMP Test Passed admin(system.
System commands 8 BR7131N>admin(system.fips-test)>zeroisekeys Conducts a zeroization of critical security parameters by restrating the access point and restoring its default configuration. A new, more secure, passowrd will then be required. Syntax zeroisekeys Conducts a zeroization of critical security parameters. The country code must be supplied to continue with the CLI session. admin(system.
8 System commands BR7131N>admin(system.fips-test)>showlog Displays the PoST Logs File success or error state. Syntax showlog Displays the PoST Logs File success or error state. admin(system.fips-test)>showlog admin(system.
System commands 8 Statistics commands BR7131N>admin(stats) Displays the Brocade Mobility 7131N-FGR Access Point statistics submenu. The items available under this command are: show Displays Brocade Mobility 7131N-FGR Access Point WLAN, MU, LAN and WAN statistics. send-cfg-ap Sends a config file to another access point within the known AP table. send-cfg-all Sends a config file to all access points within the known AP table. clear Clears all statistic counters to zero.
8 System commands BR7131N>admin(stats)> show Displays Brocade Mobility 7131N-FGR Access Point system information. Syntax show wan Displays stats for the Brocade Mobility 7131N-FGR Access Point WAN port. lan Displays stats for the Brocade Mobility 7131N-FGR Access Point LAN port stp Displays LAN Spanning Tree Status wlan Displays WLAN status and statistics summary. s-wlan Displays status and statistics for an individual WLAN radio Displays a radio statistics transmit and receive summary.
System commands 8 BR7131N>admin(stats)> send-cfg-ap Copies the Brocade Mobility 7131N-FGR Access Point’s configuration to another Brocade Mobility 7131N-FGR Access Point within the known AP table. Syntax send-cfg-ap Copies the Brocade Mobility 7131N-FGR Access Point’s configuration to the Brocade Mobility 7131N-FGR Access Points within the known AP table. Mesh configuration attributes do not get copied using this command and must be configured manually.
8 System commands BR7131N>admin(stats)> send-cfg-all Copies the Brocade Mobility 7131N-FGR Access Point’s configuration to all of the Brocade Mobility 7131N-FGR Access Points within the known AP table. Syntax send-cfg-all Copies the Brocade Mobility 7131N-FGR Access Point’s configuration to all of the Brocade Mobility 7131N-FGR Access Points within the known AP table.
System commands 8 BR7131N>admin(stats)> clear Clears the specified statistics counters to zero to begin new data calculations. Syntax clear wan Clears WAN statistics counters. lan Clears LAN statistics counters for specified LAN index (either clear lan 1 or clear lan 2). all-rf Clears all RF data. all-wlan Clears all WLAN summary information. wlan Clears individual WLAN statistic counters. all-radio Clears Brocade Mobility 7131N-FGR Access Point radio summary information.
8 System commands BR7131N>admin(stats)> flash-all-leds Starts and stops the illumination of a specified access point’s LEDs. Syntax flash-all-leds Defines the Known AP index number of the target AP to flash. Begins or terminates the flash activity.
System commands 8 BR7131N>admin(stats)> echo Defines the echo test values used to conduct a ping test to an associated MU. Syntax show Shows the Mobile Unit Statistics Summary. list Defines echo test parameters and result. set Determines echo test packet data. start Begins echoing the defined station. .. Goes to parent menu. / Goes to root menu. quit Quits CLI session. For information on MU Echo and Ping tests using the applet (GUI), see “Pinging individual MUs” on page 237.
8 System commands BR7131N>admin.stats.echo)> show Shows Mobile Unit Statistics Summary. Syntax show Shows Mobile Unit Statistics Summary. Example admin(stats.echo)>show ---------------------------------------------------------------------------Idx IP Address MAC Address WLAN Radio T-put ABS Retries ---------------------------------------------------------------------------1 192.168.2.
System commands 8 BR7131N>admin.stats.echo)> list Lists echo test parameters and results. Syntax list Lists echo test parameters and results. Example admin(stats.echo)>list Station Address Number of Pings Packet Length Packet Data (in HEX) : : : : 00A0F8213434 10 10 55 admin(stats.echo)> For information on MU Echo and Ping tests using the applet (GUI), see “Pinging individual MUs” on page 237.
8 System commands BR7131N>admin.stats.echo)>set Defines the parameters of the echo test. Syntax set station Defines MU target MAC address. request Sets number of echo packets to transmit (1-539). length Determines echo packet length in bytes (1-539). data Defines the particular packet data. For information on MU Echo and Ping tests using the applet (GUI), see “Pinging individual MUs” on page 237.
System commands 8 BR7131N>admin.stats.echo)> start Initiates the echo test. Syntax start Initiates the echo test. Example admin(stats.echo)>start admin(stats.echo)>list Station Address Number of Pings Packet Length Packet Data (in HEX) : : : : 00A0F843AABB 10 100 1 Number of MU Responses : 2 For information on MU Echo and Ping tests using the applet (GUI), see “Pinging individual MUs” on page 237.
8 System commands BR7131N>admin(stats)> ping Defines the ping test values used to conduct a ping test to an AP with the same ESSID. Syntax ping show Shows Known AP Summary details. list Defines ping test packet length. set Determines ping test packet data. start Begins pinging the defined station. .. Goes to parent menu. / Goes to root menu. quit Quits CLI session. For information on Known AP tests using the applet (GUI), see “Pinging individual MUs” on page 237.
System commands 8 BR7131N>admin.stats.ping)> show Shows Known AP Summary Details. Syntax show Shows Known AP Summary Details. Example admin(stats.ping)>show ---------------------------------------------------------------------------Idx IP Address MAC Address MUs KBIOS Unit Name ---------------------------------------------------------------------------1 192.168.2.
8 System commands BR7131N>admin.stats.ping)> list Lists ping test parameters and results. Syntax list Lists ping test parameters and results. Example admin(stats.ping)>list Station Address Number of Pings Packet Length Packet Data (in HEX) : : : : 00A0F8213434 10 10 55 admin(stats.ping)> For information on Known AP tests using the applet (GUI), see “Pinging individual MUs” on page 237.
System commands 8 BR7131N>admin.stats.ping)> set Defines the parameters of the ping test. Syntax set station Defines the AP target MAC address. request Sets number of ping packets to transmit (1-539). length Determines ping packet length in bytes (1-539). data Defines the particular packet data. Example admin(stats.ping)>set admin(stats.ping)>set admin(stats.ping)>set admin(stats.ping)>set station 00A0F843AABB request 10 length 100 data 1 admin(stats.
8 System commands BR7131N>admin.stats.echo)> start Initiates the ping test. Syntax start Initiates the ping test. Example admin(stats.ping)>start admin(stats.ping)>list Station Address Number of Pings Packet Length Packet Data (in HEX) : : : : 00A0F843AABB 10 100 1 Number of AP Responses : 2 For information on Known AP tests using the applet (GUI), see “Pinging individual MUs” on page 237.
Chapter Configuring Mesh Networking 9 In this chapter • Configuring mesh networking support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523 • Mesh network deployment - quick setup . . . . . . . . . . . . . . . . . . . . . . . . . . . 532 • Mesh networking frequently asked questions. . . . . . . . . . . . . . . . . . . . . . . 541 The access point can be configured in two modes to support the new mesh networking functionality.
9 Configuring Mesh Networking The client bridge creates up to three connections if it can find base bridges for connection. If the connections are redundant (on the same network), then one connection will be forwarding and the others blocked. However, if each of the connections links to a different wired network, then none are redundant and all are forwarding. Thus, the bridge automatically detects and disables redundant connections, but leaves non-redundant connections forwarding.
Configuring Mesh Networking 9 CAUTION An access point is Base Bridge mode logs out whenever a Client Bridge associates to the Base Bridge over the LAN connection. This problem is not experienced over the access point’s WAN connection. If this situation is experienced, log-in to the access point again. The access point in client bridge mode attempts to establish up to 3 simultaneous wireless connections. The second and third connections are established in the background while the system is running.
9 Configuring Mesh Networking The access point can manipulate the path cost assigned to a bridge connection based on that connection’s RSSI. This results in the spanning tree selecting the optimal path for forwarding data when redundant paths exist. However, this can be overridden using the preferred list. When using the preferred list, the user enters a priority for each bridge, resulting in the selection of the forwarding link.
Configuring mesh networking support 9 Configuring mesh networking support Configuring the access point for Mesh Bridging support entails: • Setting the LAN configuration for mesh networking support • Configuring a WLAN for mesh networking support • Configuring the access point radio for mesh support.
9 Configuring mesh networking support Priority Set the Priority as low as possible for a to force other devices within the mesh network to defer to this client bridge as the bridge defining the mesh configuration (commonly referred to as the root). Brocade recommends assigning a Base Bridge AP with the lowest bridge priority so it becomes the root in the STP. If a root already exists, set the Bridge Priorities of new APs accordingly so the root of the STP doesn't get altered.
Configuring mesh networking support 9 2. Select the Create button to configure a new WLAN specifically to support mesh networking. An existing WLAN can be modified (or used as is) for mesh networking support by selecting it from the list of available WLANs and clicking the Edit button. 3. Assign an ESSID and Name to the WLAN that each access point will share when using this WLAN within their mesh network.
9 Configuring mesh networking support 5. Use the Maximum MUs field to define the number of MUs allowed to associate with this WLAN. This number should be defined based on the number of client bridge and repeaters within this mesh network. This value can be increased as the mesh network grows and devices are added.
Configuring mesh networking support 9 11. Select the Accept Broadcast ESSID checkbox to associate an MU that has a blank ESSID (regardless of which ESSID the access point is currently using). Traffic within a mesh network probably consists of known devices, so you may want to leave the checkbox unselected and configure each MU with an ESSID. The default is selected.
9 Configuring mesh networking support 1. Select Network Configuration -> Wireless -> Radio Configuration from the access point menu tree. 2. Refer to the Radio Function parameter to ensure the radio has been designated for WLAN Radio support. NOTE With this 4.0 release of the access point firmware, a new scheme for radio configuration and WIPS server management has been implemented within the Quick Setup GUI applet.
Configuring mesh networking support 9 4. If the Base Bridge checkbox has been selected, use the Max# Client Bridges parameter to define the client bridge load on a particular base bridge. The maximum number of client bridge connections per access point radio is 12, with 24 representing the maximum for dual-radio models. CAUTION An access point in Base Bridge mode logs out whenever a Client Bridge associates to the Base Bridge over the LAN connection.
9 Configuring mesh networking support 7. Select the Automatic Link Selection checkbox to allow the access point to select the links used by the client bridge to populate the mesh network. Selecting this checkbox prohibits the user from selecting the order base bridges are added to the mesh network when one of the three associated base bridges becomes unavailable. NOTE Auto link selection is based on the RSSI and load.
Configuring mesh networking support 9 11. Refer to the Preferred Base Bridge List for a prioritized list of base bridges the mesh network’s client bridge uses to extend the mesh network’s coverage area and potentially provide redundant links. If a device does not appear on the Available Base Bridge List, there is no way it can be moved to Preferred Base Bridge List as the device has not yet been seen.
9 Mesh network deployment - quick setup NOTE The Mesh Time Out variable overrides the Ethernet Port Time Out (EPTO) setting on the LAN page when the access point is in bridge mode. As long as the mesh is down, the access point acts in accordance to the Mesh Time Out setting regardless of the state of the Ethernet. However, if the Ethernet goes down and the mesh link is still up, the EPTO takes effect. 17. Click Apply to save any changes to the Radio Configuration screen.
Mesh network deployment - quick setup 9 Configuring AP#1: 1. Provide a known IP address for the LAN1 interface. NOTE Enable the LAN1 Interface of AP#1 as a DHCP Server if you intend to associate MUs and require them to obtain an IP address via DHCP. 2. Assign a Mesh STP Priority of 40000 to LAN1 Interface.
9 Mesh network deployment - quick setup 3. Define a mesh supported WLAN. 4. Enable base bridge functionality on the 802.11a/n radio (Radio 2).
Mesh network deployment - quick setup 9 5. Define a channel of operation for the 802.11a/n radio. 6. If needed, create another WLAN mapped to the 802.11b/g/n radio if 802.11b/g/n support is required for MUs on that 802.11 band.
9 Mesh network deployment - quick setup Configuring AP#2 AP#2 can be configured the same as AP#1 with the following exceptions: • Assign an IP Address to the LAN1 Interface different than that of AP#1 • Assign a higher Mesh STP Priority 50000 to the AP#2 LAN1 Interface. NOTE In a typical deployment, each base bridge can be configured for a Mesh STP Priority of 50000.
Mesh network deployment - quick setup 9 3. Create a mesh supported WLAN with the Enable Client Bridge Backhaul option selected. NOTE This WLAN should not be mapped to any radio. Therefore, leave both of the “Available On” radio options unselected. 4. Select the Client Bridge checkbox to enable client bridge functionality on the 802.11a/n radio. Use the Mesh Network Name drop-down menu to select the name of the WLAN created in step 3.
9 Mesh network deployment - quick setup Verifying mesh network functionality for scenario #1 You now have a three AP mesh network ready to demonstrate. Associate a single MU on each AP WLAN configured for 802.11b/g/n radio support. Once completed, pass traffic among the three APs comprising the mesh network.
Mesh network deployment - quick setup 9 1. Enable client bridge backhaul on the mesh supported WLAN. 2. Enable client and base bridge functionality on the 802.
9 Mesh network deployment - quick setup Configuring AP#3 To define AP #3’s configuration: 1. The only change needed on AP#3 (with respect to the configuration used in scenario #1), is to disable the Auto Link Selection option. Click the Advanced button within the Mesh Client Bridge Settings field. 2. Add the 802.11a/n Radio MAC Address. In scenario #2, the mesh WLAN is mapped to BSS1 on the 802.11a/n radio if each AP.
Mesh networking frequently asked questions 9 3. Determine the Radio MAC Address and BSSID MAC Addresses. Verifying mesh network functionality for scenario #2 You now have a three AP demo multi-hop mesh network ready to demonstrate. Associate an MU on the WLANs configured on the 802.11b/g/n radio for each AP and pass traffic among the members of the mesh network.
9 Mesh networking frequently asked questions Mesh Deployment Issue 1 - Client Bridge can only connect to one of two Base Bridges You have two access points configured as base bridges (AP1, AP2) and one access point defined as a as a client bridge (AP3). However, the client bridge is able to connect to only one of the base bridges. Resolution Check the mesh backhaul radio channel configuration on both base bridges (AP1, AP2).
Mesh networking frequently asked questions 9 Resolution Each mesh AP has a Known AP Table (available in the applet, CLI and SNMP). All APs (whether they are supporting mesh or not) periodically exchange ID messages notifying their presence to one another. Review the Known AP Table on any mesh supported AP to determine if you have all required APs connected to the mesh topology.
9 Mesh networking frequently asked questions Mesh Deployment Issue 12 - Can a mesh supported AP react to changing RF conditions? If RF conditions change, will a mesh supported AP automatically detect and re-route traffic on its backup link or look for new links if all current links are exhausted? Resolution Yes, all mesh nodes have built in dynamic link switching and auto-recovery mechanisms that ensure they adapt to changing RF conditions.
Chapter 10 Adaptive AP In this chapter • Adaptive AP overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Supported adaptive AP topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • How the AP receives its adaptive configuration . . . . . . . . . . . . . . . . . . . . . • Establishing basic adaptive AP connectivity . . . . . . . . . . . . . . . . . . . . . . . .
10 Adaptive AP overview Where to go from here Refer to the following for a further understanding of AAP operation: • • • • • • • • • • Adaptive AP management Licensing Switch discovery Securing a configuration channel between switch and AP Adaptive AP WLAN topology Configuration updates Securing data tunnels between the switch and AAP Adaptive AP switch failure Remote site survivability (RSS) Adaptive mesh support For an understanding of how AAP support should be configured for the access point and its
Adaptive AP overview 10 • Manual adoption configurationv Auto discovery using DHCP Extended Global Options 189, 190, 191, 192 can be used or Embedded Option 43 - Vendor Specific options can be embedded in Option 43.
10 Adaptive AP overview • Static IP addresses - Up to 12 switch IP addresses can be manually specified in an ordered list the AP can choose from. When providing a list, the AAP tries to adopt based on the order in which they are listed (from 1-12). NOTE An AAP can use it's LAN or WAN Ethernet interface to adopt. The LAN is PoE and DHCP enabled by default. The WAN has no PoE support and has a default static AP address of 10.1.1.1/8.
Adaptive AP overview 10 To review a sample AAP configuration, see “Sample switch configuration file for IPSec and independent WLAN” on page 557. Adaptive AP switch failure In the event of a switch failure, an AAP's independent WLAN continues to operate without disruption. The AAP attempts to connect to other switches (if available) in background. Extended WLANs are disabled once switch adoption is lost. When a new switch is discovered and a connection is secured, an extended WLAN can be enabled.
10 Supported adaptive AP topologies Supported adaptive AP topologies For this version of the access point firmware, the following AAP topologies are supported: • • • • Extended WLANs only Independent WLANs only Extended WLANs with independent WLANs Extended WLAN with mesh networking Topology deployment considerations When reviewing the AAP topologies describes in the section, be cognizant of the following considerations to optimize the effectiveness of the deployment: • An AAP firmware upgrade will no
How the AP receives its adaptive configuration 10 Independent WLANs only An independent WLAN configuration forces all MU traffic be bridged locally by the AAP. No wireless traffic is tunneled back to the switch. Each extended WLAN is mapped to the access point's LAN1 interface. The only traffic between the switch and the AAP are control messages (for example, heartbeats, statistics and configuration updates).
10 Establishing basic adaptive AP connectivity Configuring the Adaptive AP for adoption by the switch 1. An AAP needs to find and connect to the switch. To ensure this connection: • Configure the switch’s IP address on the AAP • Provide the switch IP address using DHCP option 189 on a DHCP server. The IP address is a comma delimited string of IP addresses. For example "157.235.94.91, 10.10.10.19". There can be a maximum of 12 IP addresses. • Configure the switch’s FQDN on the AAP.
Establishing basic adaptive AP connectivity 10 • Switch configuration NOTE Refer to “Adaptive AP deployment considerations” on page 557 for usage and deployment caveats that should be considered before defining the AAP configuration. Refer to “Sample switch configuration file for IPSec and independent WLAN” on page 557 if planning to deploy an AAP configuration using IPSec VPN and an extended WLAN.
10 Establishing basic adaptive AP connectivity The AAP will begin establishing a connection with the first addresses in the list. If unsuccessful, the AP will continue down the list (in order) until a connection is established. 4. If a numerical IP address is unknown, but you know a switch’s fully qualified domain name (FQDN), enter the name as the Switch FQDN value. 5. Select the Enable AP-Switch Tunnel option to allow AAP configuration data to reach a switch using a secure VPN tunnel. 6.
Establishing basic adaptive AP connectivity 10 Switch configuration A Brocade Mobility RFS7000-GR Controller requires an explicit adaptive configuration to adopt an access point (if IPSec is not being used for adoption). The same licenses currently used for access port adoption can be used for an AAP. Disable the switch’s Adopt unconfigured radios automatically option and manually add AAPs requiring adoption, or leave as default.
10 Establishing basic adaptive AP connectivity NOTE Additionally, a WLAN can be defined as independent using the "wlan independent" command from the config-wireless context. Once an AAP is adopted by the switch, it displays within the switch Access Port Radios screen (under the Network parent menu item) as an access point within the AP Type column.
Establishing basic adaptive AP connectivity 10 Adaptive AP deployment considerations Before deploying your switch/AAP configuration, refer to the following usage caveats to optimize its effectiveness: • Extended WLANs are mapped to the AP’s LAN2 interface and all independent WLANs are mapped to the AP’s LAN1 Interface.
10 Establishing basic adaptive AP connectivity The sample output is as follows: ! ! configuration of RFS7000 RFS7000-1 version 1.1.0.0-016D ! version 1.
Establishing basic adaptive AP connectivity 10 wlan 1 ssid qs5-ccmp wlan 1 vlan 200 wlan 1 encryption-type ccmp wlan 1 dot11i phrase 0 Brocade123 wlan 2 enable wlan 2 ssid qs5-tkip wlan 2 vlan 210 wlan 2 encryption-type tkip wlan 2 dot11i phrase 0 Brocade123 wlan 3 enable wlan 3 ssid qs5-wpa2/ccmp wlan 3 vlan 220 wlan 4 enable wlan 4 ssid qs5-open wlan 4 vlan 230 wlan 5 enable wlan 5 ssid Mesh wlan 5 vlan 111 wlan 5 encryption-type ccmp wlan 5 dot11i phrase 0 Brocade123 ! To configure a WLAN as an indepen
10 Establishing basic adaptive AP connectivity radio default-11a rss enable radio default-11bg rss enable radio default-11b rss enable no ap-ip default-ap switch-ip ! radius-server local ! To create an IPSEC Transform Set ! crypto ipsec transform-set AAP-TFSET esp-aes-256 esp-sha-hmac mode tunnel ! To create a Crypto Map, add a remote peer, set the mode, add a ACL rule to match and transform and set to the Crypto Map ! crypto map AAP-CRYPTOMAP 10 ipsec-isakmp set peer 255.255.255.
Establishing basic adaptive AP connectivity 10 crypto map AAP-CRYPTOMAP ! sole ! ip route 157.235.0.0/16 157.235.92.2 ip route 172.0.0.0/8 157.235.92.2 ! ntp server 10.10.10.
10 562 Establishing basic adaptive AP connectivity Brocade Mobility 7131N-FGR Product Reference Guide 53-1001947-01
Appendix A Technical Specifications In this chapter • Physical characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Electrical characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Radio characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Country codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A Radio characteristics Radio characteristics A Brocade Mobility 7131N-FGR Access Point has the following radio characteristics: Operating Channels All channels from 4920 MHz to 5825 MHz except channel 52 -64 Channels 1-13 (EU), Channels 1-11 (US/Canada) Channel 14 (2484 MHz) Japan only Actual operating frequencies depend on regulatory Data Rates Supported 802.11g: 1,2,5.5,11,6,9,12,18,24,36,48, and 54Mbps 802.11a: 6,9,12,18,24,36,48, and 54Mbps 802.
Country codes Country Code Country Code Brazil BR Pakistan PK Bulgaria BG Panama PA Canada CA Paraguay PY Cayman Islands KY Peru PE Chile CL Philippines PH China CN Poland PL Christmas Islands CX Portugal PT Colombia CO Puerto Rico PR Costa Rica CR Qatar QA Croatia HR Romania RO Cypress CY Russia RU Czech Rep.
A 566 Country codes Country Code Jamaica JM Japan JP Jordan JO Kazakhstan KZ Kuwait KW Latvia LV Lebanon LB Liechtenstein LI Lithuania LT Luxembourg LU Macedonia MK Malaysia MY Malta MT Martinique MQ Country Code Brocade Mobility 7131N-FGR Product Reference Guide 53-1001947-01
Appendix Usage Scenarios B In this chapter • Configuring automatic updates using a DHCP or Linux BootP server . . . . 567 • Configuring an IPSEC tunnel and VPN FAQs . . . . . . . . . . . . . . . . . . . . . . . . 573 This appendix provides practical usage scenarios for many of the access point’s key features. This information should be referenced as a supplement to the information contained within this Product Reference Guide.
B Configuring automatic updates using a DHCP or Linux BootP server The setup example described in this section includes: • 1 Brocade Mobility 7131N-FGR Access Point access point • 1 Microsoft Windows DHCP Server • 1 SFTP Server Note the following caveats regarding this procedure before beginning: • Ensure the LAN Interface is configured as a DHCP Client • If the existing and update firmware files are the same, the firmware will not get updated. To configure the DHCP Server for automatic updates: 1.
Configuring automatic updates using a DHCP or Linux BootP server B Global options - using extended/standard options The following are instructions for automatic firmware and configuration file updates via DHCP using extended options or standard options configured globally. The setup example described in this section includes: • 1 Brocade Mobility 7131N-FGR Access Point access point • 1 Microsoft Windows DHCP Server • 1 SFTP Server. To configure Global options using extended/standard options: 1.
B Configuring automatic updates using a DHCP or Linux BootP server NOTE If the firmware files are the same, the firmware will not get updated. If the configuration file name matches the last used configuration file on the access point or if the configuration file versions are the same, the access point configuration will not get updated. NOTE The update process is conducted over the LAN or WAN port depending on which Server responds first to the access point’s request for an automatic update.
Configuring automatic updates using a DHCP or Linux BootP server B • BootP priorities BootP options This section contains instructions for the automatic update of the access point firmware and configuration file using a BootP Server. The setup example described in this section includes: • 1 Brocade Mobility 7131N-FGR Access Point access point • 1 Linux/Unix BOOTP Server • 1 SFTP Server. To configure BootP options using a Linux/Unix BootP Server: 1.
B Configuring automatic updates using a DHCP or Linux BootP server NOTE The bf option prefixes a forward slash (/) to the configuration file name. The forward slash may not be supported on Windows based SFTP Servers. 3. Copy the firmware and configuration files to the appropriate directory on the SFTP Server. By default, auto update is enabled on the access point (since the LAN Port is a DHCP Client, out-of-the-box auto update support is on the LAN Port). 4. Restart the access point. 5.
Configuring an IPSEC tunnel and VPN FAQs B If the BootP Server is configured for options 186 and 66 (to assign SFTP server IP addresses) the access point uses the IP address configured for option 186. Similarly, if the BootP Server is configured for options 188 and 129 (for the configuration file) the AP uses the file name configured for option 188. Configuring an IPSEC tunnel and VPN FAQs The access point has the capability to create a tunnel between an access point and a VPN endpoint.
B Configuring an IPSEC tunnel and VPN FAQs 5. Enter the WAN port IP address of AP #1 for the Local WAN IP. 6. Within the Remote Subnet and Remote Subnet Mask fields, enter the LAN IP subnet and mask of AP #2 /Device #2. 7. Enter the WAN port IP address of AP #2/ Device #2 for a Remote Gateway. 8. Click Apply to save the changes. NOTE For this example, Auto IKE Key Exchange is used.
Configuring an IPSEC tunnel and VPN FAQs B 11. For the ESP Type, select ESP with Authentication and use AES 128-bit as the ESP encryption algorithm and SH1 as the ESP authentication algorithm. Click OK. 12. Select the IKE Settings button. 13. Select Pre Shared Key (PSK) from the IKE Authentication Mode drop-down menu. 14. Enter a Passphrase. Passphrases must match on both VPN devices. NOTE Ensure the IKE authentication Passphrase is the same as the Pre-shared key on the Cisco PIX device. 15.
B Configuring an IPSEC tunnel and VPN FAQs 17. Click Apply to make the changes 18. Check the VPN Status screen. Notice the status displays "NOT_ACTIVE". This screen automatically refreshes to get the current status of the VPN tunnel. Once the tunnel is active, the IKE_STATE changes from NOT_CONNECTED to SA_MATURE. 19. On access point #2/ Device #2, repeat the same procedure. However, replace access point #2 information with access point #1 information. 20.
Configuring an IPSEC tunnel and VPN FAQs B • Creating multiple VPN Tunnels. The AP supports a maximum of 25 tunnels. • When using the Remote Subnet IP Address with an appropriate subnet mask, the AP can access multiple subnets on the remote end. For example: If creating a tunnel using 192.168.0.0/16 for the Remote Subnet IP address, the following subnets could be accessed: • 192.168.1.x • 192.168.2.x • 192.168.3.x, etc • Question 2: Even if a wildcard entry of "0.0.0.
B Configuring an IPSEC tunnel and VPN FAQs • UFQDN - tries to match the user entered local ID data string to the email address field of the certificate. Remote ID type refers to the way you identify an incoming certificate as being associated with the remote side. • IP - tries the match the remote gateway IP to the IP addresses specified in the received certificate. • FQDN - tries to match the user entered remote ID data string to the domain name field of the received certificate.
Configuring an IPSEC tunnel and VPN FAQs B Try the following troubleshooting tips: • Verify you can ping each of the remote Gateway IP addresses from clients on either side. Failed pings can indicate general network connection problems. • Pinging the internal gateway address of the remote subnet should run the ping through the tunnel as well. Allowing you to test, even if there are no clients on the remote end. • Try re-setting the shared secret password on the access point.
B Configuring an IPSEC tunnel and VPN FAQs These three rules should be configured above all other rules (default or user defined). When Advanced LAN Access is used, certain inbound/outbound rules need to be configured to control incoming/outgoing packet flow for IPSec to work properly (with Advanced LAN Access). These rules should be configured first before other rules are configured. • Question 13: Do I need to add any special routes on the access point to get my VPN tunnel to work? No.
