Reference Guide (Supporting software release 4.1.0.0-040GR and later) User guide

ManualsBrandsBrocade ManualsComputer AccessoriesMobility RFS7000-GR Controller CLI

Table Of Contents

Table of Contents
About This Document
- In this chapter
- Who Should Use this Guide
- How to Use this Guide
- Conventions Used in this Guide
  - Annotated Symbols
  - Notational Conventions
- Web support sites
Introduction
- In this chapter
- Common Criteria Operational Requirements
  - Configuration of MAC ACL For Common Criteria Operation
  - Configuration of IP ACL For Common Criteria Operation
- CLI Overview
- Getting Context Sensitive Help
- Using the no and default forms of Commands
- Setting the Administrator Inactivity Timeout
- Basic Conventions
- Using CLI Editing Features and Shortcuts
Common Commands
- In this chapter
- Common commands
- show
User Exec Commands
- In this chapter
- User Exec Commands
Privileged Exec Commands
- In this chapter
- Priv Exec Command
Global Configuration Commands
- In this chapter
- Global Configuration Commands
Crypto-isakmp Instance
- In this chapter
- Crypto ISAKMP Config Commands
Crypto-group Instance
- In this chapter
- Crypto Group Config Commands
Crypto-peer Instance
- In this chapter
- Crypto Peer Config Commands
Crypto-ipsec Instance
- In this chapter
- Crypto IPSec Config Commands
Crypto-map Instance
- In this chapter
- Crypto Map Config Commands
Crypto-trustpoint Instance
- In this chapter
- Trustpoint Config commands
Interface Instance
- In this chapter
- Interface Config commands
Spanning tree-mst Instance
- In this chapter
- mst Config commands
- Configuring Interface using MSTP
Extended ACL Instance
- In this chapter
- Extended ACL Config Commands
Standard ACL Instance
- In this chapter
- Standard ACL Config Commands
Extended MAC ACL Instance
- In this chapter
- MAC Extended ACL Config Commands
DHCP Server Instance
- In this chapter
- DHCP Config Commands
- DHCP configuration is conducted by creating pools and mapping them to L3 interfaces (SVI).
DHCP Class Instance
- In this chapter
- DHCP Server Class Config Commands
RADIUS Server Instance
- In this chapter
- RADIUS Configuration Commands
  - Example-Creating a Group
Wireless Instance
- In this chapter
- Wireless Configuration Commands
RTLS Instance
- In this chapter
- RTLS Config Commands
SOLE Instance
- In this chapter
- SOLE Config Commands

53-1001945-01

September 2010

Brocade Mobility

RFS7000-GR Controller

CLI Reference Guide

Supporting software release 4.1.0.0-040GR and later

Summary of content (607 pages)

PAGE 1
53-1001945-01 September 2010 Brocade Mobility RFS7000-GR Controller CLI Reference Guide Supporting software release 4.1.0.
PAGE 2
Copyright © 2010 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron, SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
PAGE 3
Table of Contents 1 Introduction 1 2 Common Commands 19 clrscr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 4
upgrade-status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 wlan-acl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 3 User Exec Commands 107 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 5
audit-log-filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 audit-wireless-filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 6
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 wins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 8 Crypto-peer Instance 261 clrscr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 8
16 Extended MAC ACL Instance 385 clrscr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386 deny . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387 end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 9
19 RADIUS Server Instance 449 authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450 ca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451 clrscr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 10
mac-auth-local . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511 manual-wlan-mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513 mobile-unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 11
About This Document In this chapter • In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi • Who Should Use this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi • How to Use this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi • Conventions Used in this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii • Web support sites . .
PAGE 12
Conventions Used in this Guide Chapter Jump to this section if you want to... Chapter 7, “Crypto-group Instance” Summarizes the crypto-group commands within the Brocade Mobility RFS7000-GR Controller CLI. Chapter 8, “Crypto-peer Instance” Summarizes the crypto-peer commands within the Brocade Mobility RFS7000-GR Controller CLI. Chapter 9, “Crypto-ipsec Instance” Summarizes the crypto-ipsec commands within the Brocade Mobility RFS7000-GR Controller CLI.
PAGE 13
Conventions Used in this Guide NOTE Indicates tips or special requirements. CAUTION Indicates conditions that can cause equipment damage or data loss. DANGER Indicates a condition or procedure that could result in personal injury or equipment damage. Notational Conventions The following notational conventions are used in this document: • Italics are used to highlight specific items in the general text, and to identify chapters and sections in this and related documents.
PAGE 14
Web support sites Web support sites Customer Support Web Site Brocade Support Central Web site, located at www.brocade.com/support provides information and online assistance including developer tools, software downloads, product manuals and online repair requests. Downloads http://www.brocade.com/support/ Manuals http://www.brocade.com/support/ Because quality is our first concern at Brocade, we have made every effort to ensure the accuracy and completeness of this document.
PAGE 15
Chapter 1 Introduction In this chapter • In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 • Common Criteria Operational Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 1 • CLI Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 • Getting Context Sensitive Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 16
1 Common Criteria Operational Requirements 9. Common Criteria Filter shall be enabled. Refer to “common-criteria” on page 181 for details on the common-criteria command. To run the product in the Common Criteria evaluated configuration, the following assumptions shall be satisfied: Name Assumption A.NO_EVIL Administrators shall be non-hostile, appropriately trained and follow all administrator guidance. A.
PAGE 17
Common Criteria Operational Requirements 1 Assigning management VLAN1 and VLAN20 (Data VLAN for WLAN 1) on GE4 TRUNK port. RFS7000(config)#interface ge 4 RFS7000(config-if)#switchport mode trunk RFS7000(config-if)#switchport trunk allowed vlan none RFS7000(config-if)#switchport trunk allowed vlan add 1,20 RFS7000(config-if)#exit Creating Data VLAN20 to use for WLAN1 RFS7000(config)#iinterface vlan 20 RFS7000(config-if)#ip address 172.2.1.
PAGE 18
1 Common Criteria Operational Requirements Switchport settings: access, access-vlan: 2 input packets 0, bytes 0, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 0, bytes 0, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 RFS7000(config-ext-macl)#show interfaces ge1 Interface ge1 is UP Hardware-type: Ethernet, Mode: Layer 2, Address: 00-15-70-38-08-43 Index: 2001, Metric: 1, MTU: 1500, Status-flags:
PAGE 19
Common Criteria Operational Requirements 1 snmp-server sysname RFS7000 snmp-server manager v3 snmp-server user snmptrap v3 encrypted auth md5 0xe281442f91cddde027e46567af95be 8b snmp-server user snmpmanager v3 encrypted auth md5 0xa2fb262555c3f45399d1493da0b 0690c snmp-server user snmpoperator v3 encrypted auth md5 0x0aead3578620c6105cda660f1a 356d03 snmp-server enable traps snmp-server enable traps snmp coldstart snmp-server enable traps snmp linkdown snmp-server enable traps snmp authenticationFail snmp
PAGE 20
1 Common Criteria Operational Requirements ! ! radius-server local sole ! interface ge1 switchport access vlan 2 ip dhcp trust mac access-group drop_nonwisp in ! interface ge2 switchport access vlan 3 ip dhcp trust ! interface ge3 switchport access vlan 4 ip dhcp trust ! interface ge4 switchport mode trunk switchport trunk native vlan 1 switchport trunk allowed vlan none switchport trunk allowed vlan add 1,20, ip dhcp trust ! interface me1 ip address 10.1.1.100/24 ! interface vlan1 ip address 172.17.1.
PAGE 21
Common Criteria Operational Requirements 1 username admin privilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f ! ! mac access-list extended drop_nonwisp permit any 00:15:70:38:08:4c/00:15:70:38:08:4c type wisp rule-precedence 10 ! spanning-tree mst cisco-interoperability enable spanning-tree mst configuration name My Name ! no country-code logging buffered 4 logging console 4 ip http server ip http secure-trustpoint default-trustpoint ip http secure-server ip ssh no se
PAGE 22
1 Common Criteria Operational Requirements ! ip dhcp pool vlan20pool default-router 172.2.1.100 network 172.2.1.0/24 address range 172.2.1.150 172.2.1.160 ! service dhcp ! line con 0 line vty 0 24 ! end RFS7000(config)# Configuration of IP ACL For Common Criteria Operation If access points are connected over L3 network then user shall use MAC and IP ACLs in combination as explained below. RFS7000# RFS7000#configure terminal Enter configuration commands, one per line. RFS7000(config)# End with CNTL/Z.
PAGE 23
Common Criteria Operational Requirements 1 RFS7000(config-dhcp)#exit RFS7000(config)#service dhcp Create ACL to block Non Capwap Packets(Allow only CAPWAP packets coming on UDP port 24576 and DHCP Port 67) RFS7000(config)#ip access-list extended drop_noncapwap RFS7000(config-ext-nacl)#permit udp host 172.16.1.99 host 172.2.1.100 eq 24576 RFS7000(config-ext-nacl)#permit udp host 0.0.0.0 host 255.255.255.
PAGE 24
1 CLI Overview Number of access-ports adopted : 1 Available licenses : 47 Redundancy enabled : N Redundancy mode : active # Mac Radios [indices] Model-Number Adoption-Mode Static IP 1 00-A0-F8-D8-7E-94 2 [ 1 2 ] WSAP-5110-100-WW L2 (vlan: 20) 172.16.1.99/24 172.16.1.101 RFS7000(config)# Disconnect AP and Connect it in 172.16.1.0/24 subnet which is reachable to 172.2.1.0/24 via 172.16.1.
PAGE 25
CLI Overview 1 Enter a variety of protocol-specific or feature-specific configuration modes from global configuration mode. The CLI hierarchy requires you enter these specific configuration modes only through global configuration mode. Enter configuration submodes from global configuration modes. Configuration submodes are used to configure specific features within the scope of a given configuration mode. The table below summarizes the commands available to configure and monitor the switch.
PAGE 26
1 Getting Context Sensitive Help User Exec Mode Priv Exec Mode Global Configuration Mode rmdir service run show service spanning-tree show timezone terminal username traceroute vpn upgrade wireless upgrade-abort wlan-acl write zeroize Getting Context Sensitive Help Enter a question mark (?) at the system prompt to display a list of commands available for each command mode. Optionally obtain a list of the arguments and keywords available for any command using context-sensitive help.
PAGE 27
Using the no and default forms of Commands 1 RFS7000>service ? clear Reset functions diag Diagnostics diag-shell Provide diag shell access encrypt Encrypt password or key with secret ip Internet Protocol (IP) locator flash all LEDS to locate switch visually pm Process Monitor save-cli Save CLI tree for all modes in html format securitymgr Securitymgr parameters show Show running system information smart-rf Smart-RF Management Commands watchdog enable the watchdog wireless Wireless parameters diag Diagnost
PAGE 28
1 Setting the Administrator Inactivity Timeout Setting the Administrator Inactivity Timeout To help prevent unauthorized access to the swtich, the adminstrator account will timeout and log off after 3 minutes of inactivity.
PAGE 29
Using CLI Editing Features and Shortcuts 1 In the following table, bolded characters inside the Function Summary column indicate the relationship between the letter used and the function. Keystrokes Function Summary Function Details Left Arrow or Ctrl-B Back character Moves the cursor one character to the left.
PAGE 30
1 Using CLI Editing Features and Shortcuts When you use the command completion feature, the CLI displays the full command name. The command is not executed until you use the Return or Enter key. This way, the command can be modified if the full command was not what you intended by abbreviation. Enter a set of characters that could indicate more than one command to list commands that begin with that set of characters.
PAGE 31
Using CLI Editing Features and Shortcuts 1 Transposing Mistyped Characters If you have mistyped a command, it is possible to transpose the mistyped characters. To transpose characters, use the following keystroke: Keystrokes Purpose Ctrl-T Transposes the character to the left of the cursor with the character located at the cursor. Controlling Capitalization CLI commands are generally case-insensitive, and are typically in lowercase.
PAGE 32
1 18 Using CLI Editing Features and Shortcuts Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01
PAGE 33
Chapter 2 Common Commands In this chapter • Common commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 • show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 This chapter explains the common CLI commands used amongst the USER EXEC and PRIV EXEC modes. The PRIV EXEC command set contains the commands available in USER EXEC mode. Some commands can be entered in either mode.
PAGE 34
2 Common commands clrscr Common commands Use this command to clear the screen and refresh the prompt (#). Syntax clrscr Parameters None.
PAGE 35
Common commands 2 exit Common commands Use this command to end the current mode and move to the previous mode. Syntax exit Parameters None.
PAGE 36
2 Common commands help Common commands Use this command to access the advanced help feature. Use “?” at the command prompt to access the help topic. Two styles of help are provided: 1. Full help is available when ready to enter a command argument and describe each possible argument. There is a space between the command and ?, (for example 'show ?') . 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input.
PAGE 37
Common commands wlan-acl 2 wlan based acl RFS7000>show RFS7000>show autoinstall ? | Output modifiers > Output redirection >> Output redirection appending RFS7000>show autoinstall status Autoinstall not initiated RFS7000> Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01 23
PAGE 38
2 Common commands no Common commands Use this command to negate a command or set its defaults. Syntax no Parameters None.
PAGE 39
Common commands ntp prompt radius-server ratelimit redundancy role service spanning-tree snmp-server timezone traffic-shape username virtual-ip vpn wlan-acl 2 Configure NTP Reset system's prompt RADIUS server configuration commands ratelimit Configure redundancy group parameters Configure role parameters Service Commands Spanning tree Modify SNMP engine parameters Revert the timezone to default (UTC) Traffic shaping Establish User Name Authentication Virtual IP vpn Remove an ACL from WLAN RFS7000(config
PAGE 40
2 Common commands service Common commands Use this command to service/debug the switch.
PAGE 41
Common commands 2 et-watermark <0-100> |idle-radio-send-multicast (enable)|legacy-load-balance|map-radios <1-127> |radio-misc-cfg (LINE) |rate-scale|request-ap-log <1-1024> |save-ap-log|sync-radio-entries|vlan-cache (enable)] Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01 27
PAGE 42
2 Common commands Parameters (User Exec Only) service (clear) all Remove all aplogs files aplogs Remove all local ap log files (does not clear them off the AP) clitree Remove clitree.html (created by the save-cli command) fw Firewall securitymgr Securitymgr parameters snooptable Clear Static and Dynamic Snoop Entries wireless wireless related parameters service (diag) enable Enables service diagnostics. identify Identifies this switch by flashing the LEDs.
PAGE 43
Common commands 2 limit (filesys) [etc2|flash|var] Use this parameter to set the file system freespace limit. Select the freespace limit for the following sub context: • • • etc2 flash ram limit (inodes) [etc2|flash|var] File system inode limit. Select the freespace limit for the following sub context: • etc2 • flash • ram limit (load) [1|15|5] Configures the aggregate processor load. Select from the following submodes: • 1 – Aggregate processor load during the previous minute.
PAGE 44
2 Common commands service (save-cli) service (show) show [cli| command-history| diag|info|memory| process| reboot-history| startup-log| upgrade-history| watchdog] Displays the running system information. • cli – Shows CLI tree of current mode. • command-history – Displays a command (except show commands) history. • diag – Diagnostics. • info – Shows a snapshot of available support information. • memory – Shows memory statistics. • natstats – Shows ACL rule stats.
PAGE 45
Common commands 2 Parameters (Priv Exec mode only) clear [all|aplogs| securitymgr (flows) [<0-349>|WORD| all|ge|me1|sa|vlan]] Resets different functions. • all – Removes all core, dump and panic files. • aplogs – Removes all ap log files. • securitymgr (flows) [<0-349>|WORD| all|ge|me1|sa|vlan] – Securitymgr parameters. diag [enable|identify|limit| period] Use this parameter as a diagnostics tool. • enable – Enables service diagnostics. • identify – Identifies this switch by flashing the LEDs.
PAGE 46
2 Common commands watchdog Enable the watchdog. wireless [ap-history| buffer-counters| clear-ap-log <1-256>| dump-core | idle-radio-send-multicast| legacy-load-balance| map-radios <1-127>| rate-scale| request-ap-log <1-256>| save-ap-log| snmp-trap-throttle] Wireless parameters. • ap-history – Access port history. • buffer-counters – Allocation counts for various buffers. • clear-ap-log – Clears ap logs. • dump-core – Creates a core file of the ccsrvr process.
PAGE 47
Common commands 2 Parameters(Global Config) advanced-vty Enables advanced mode vty interface. dhcp Enables the DHCP server service. diag [enable|limit|period] Use this parameter as a diagnostics tool. • enable – Enables service diagnostics. • limit – Diagnostic limit command. • buffer (128|128k|16k|1k|256|2k|32|32k|4k|512|64|64k|8k) <0-65535> – Buffer usage warning limit. • fan <1-3> – Fan speed limit of the fan number. • filesys (etc2|flash|var) – File system freespace limit.
PAGE 48
2 Common commands led limit period LED control diagnostic limit command Set diagnostics period RFS7000#service diag limit ? buffer buffer usage warning limit fan Fan speed limit filesys file system freespace limit load agregate processor load maxFDs maximum number of file descriptors pkbuffers packet buffer head cache procRAM percent RAM used by a process ram percent free RAM routecache IP route cache usage temperature temperature limit RFS7000#service diag limit load ? 1 during the previous minute 15 d
PAGE 49
show 2 show Common commands This command displays the settings for the specified system component. There are a number of ways to invoke the show command: • • Invoked without any arguments, show displays information about the current context. If the current context contains instances, then show command (usually) displays a list of these instances. Invoked with the display_parameter, it displays information about that component.
PAGE 50
2 show Parameters Display Parameters Description aap-wlan-acl Displays wlan based ACL. Mode Example aap-wlan-acl-stats access-banner Displays access banner Common page 39 audit-log-filters Displays audit log filter rules. Common page 40 audit-wireless-filters Displays the audit wirless filter rules. Common page 41 commands Displays a command lists. Common page 42 crypto Displays encryption details. Common page 44 crypto-error-log Display crypto error logs.
PAGE 51
show Display Parameters Description Mode Example redundancy-group Displays redundancy group parameters. Common page 70 redundancy-history Displays the switch state transition history. Common page 73 redundancy-members Displays redundancy group members in detail. Common page 74 spanning-tree Displays spanning-tree information. Common page 75 static-channel-group Displays the contents of static channel group membership.
PAGE 52
2 38 show Display Parameters Description Mode Example upgrade-status Displays last image upgrade status.
PAGE 53
show 2 access-banner Common to all modes Syntax show access-banner Parameters None. Example RFS7000(config)#show access-banner Attention: This is a protected and private wireless system. No un-authorized access allowed. You must have proper rights to access and manage this system from the authorized personnel.
PAGE 54
2 show audit-log-filters Common to all modes Syntax show audit-log-filters Parameters None.
PAGE 55
show 2 audit-wireless-filters Common to all modes Syntax show audit-wireless-filters Parameters None.
PAGE 56
2 show commands Common to all modes Syntax RFS7000>show commands Parameters None.
PAGE 57
show 2 no debug certmgr ( error|info|all ) no debug certmgr ( error|info|all ) no debug certmgr ( error|info|all ) no debug ip https no debug ip ssh no debug mstp all no debug mstp cli no debug mstp packet rx no debug mstp packet tx no debug mstp protocol no debug mstp protocol detail no debug mstp timer no debug mstp timer detail no page no service diag enable no service diag period no service diag watchdog no service locator p page (exit|logout|quit) show autoinstall show autoinstall status show banner
PAGE 58
2 show crypto Common to all modes Syntax show crypto [ipsec|isakmp|key|map|pki] show show show show show crypto crypto crypto crypto crypto ipsec(sa|security-association(lifetime)|transformset) isakmp(policy(<1-10000>)|sa) key(mypubkey)(rsa) map(interface|tag) pki(request|trustpoints) Parameters ipsec [sa|security-association (lifetime)|transformset (name)] Displays IPSEC policy. • • • sa – IPSec Security Association. security-association – Security Association. • lifetime – Lifetime.
PAGE 59
show 2 Issuer Name: Common Name: Motorola Organizational Unit: EWLAN Organization: Enterprise Mobility Location: San Jose State: CA Country: US Valid From: Sep 12 09:28:56 2007 GMT Valid Until: Sep 11 09:28:56 2008 GMT RFS7000(config)# RFS7000(config)#show crypto key mypubkey rsa Key name: default_ssh_rsa_key Key length in bits: 1024 Key Data D056BB4 B423B30 21CA504 8101955 E4B2B12 7A332EC A3C004A B1B3A95 0300C30 8DFA936 A4D5062 BF29749 FB02808 F10578E E0034B6 013963B 23 3328D22 B67DDB2 C87E66B D25BB78
PAGE 60
2 show crypto-error-log Common to all modes Syntax show crypto-error-log Parameters None. Example RFS7000(config)#show crypto-error-log ......................................... .........................................
PAGE 61
show 2 crypto-log Common to all modes Syntax show crypto-log Parameters None. Example RFS7000(config)#show cryptocrypto-error-log crypto-log RFS7000(config)#show crypto-log Sat Jan 12 05:14:34 2008 FIPS self test started this can take some time Sat Jan 12 05:15:20 2008 FIPS integrity check of the WIOS image successful Sat Jan 12 05:15:20 2008 FIPS data integrity check is successful Sat Jan 12 05:15:20 2008 FIPS Power-up tests for openSSL library Sat Jan 12 05:15:21 2008 1.
PAGE 62
2 show environment Common to all modes Syntax show environment Parameters None. Example RFS7000(config)#show environment upwind of CPU CPU die left side by FPGA front right front left fan 1 fan 2 fan 3 RFS7000(config)# RFS7000>show environment upwind of CPU CPU die left side by FPGA front right front left fan 1 fan 2 fan 3 RFS7000> 48 temperature temperature temperature temperature temperature temperature fan fan fan : : : : : : : : : 30.0 49.0 31.0 28.0 26.0 27.
PAGE 63
show 2 history Common to all modes Syntax show history Parameters None. Example RFS7000>show history Warning: This will display secure information.
PAGE 64
2 show interfaces Common to all modes Syntax show interfaces [|fe|ge <1-4>|sa <1-4>| switchport(|fe|ge|sa|tunnel|vlan)|tunnel <1-32>|vlan <1-4094>] Parameters IFNAME Interface name. ge <1-4> GigabitEthernet interface. Select an index value between 1- 4. me1 <> FastEthernet interface. sa <1- 4> StaticAggregate interface. Select an index value between 1- 4. switchport () Status of Layer2 interfaces. Select from the following L2 interfaces: • ge – GigabitEthernet interface.
PAGE 65
show 2 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 RFS7000(config)# RFS7000(config)#show interfaces sa 2 Interface sa2 Hardware Type AGGREGATE, Interface Mode Layer 2, address is 00-15-70-37-fc-91 index=2005, metric=1, mtu=0, (HAL-IF) <> Speed: Admin Auto, Operational Unknown, Maximum 1G Duplex: Admin Auto, Operational Unknown Active Medium: Unknown Switchport Settings: Mode: Access, Access Vlan: 1 input packets 0, bytes 0, dropped 0, multicast packets 0 input errors 0, length 0,
PAGE 66
2 show ip Common to all modes Syntax show ip [access-group (IFNAME | eth <1-2> | vlan <1-4094>) | access-list |arp | ddns(binding)| dhcp (binding|class|pool|sharednetwork)| dhcp-vendor-options | domain-name |http(secure-server|server)| dos| http | igmp |interface(IFNAME|brief|tunnel|vlan) | name-server | nat (interfaces|translations[inside|outside][destination|source])| route(A.B.C.D|A.B.C.
PAGE 67
show 2 Parameters access-group Displays the ACLs attached to an interface. • WORD - Interface name • all - Display ACLs attached on all interfaces • ge - GigabitEthernet interface • me1 - FastEthernet interface • role - Role name • sa - StaticAggregate interface • vlan - VLAN • IFNAME – The interface name to which the ACL is associated. It lists the details of ACLs configured on the particular Layer 3 or Layer 2 interface. • eth – The name of the Ethernet interface to which the ACL is associated.
PAGE 68
2 show routing IP routing status. ssh Secured Shell (SSH) server. Usage Guidelines 1. It has been noted the interface and VLAN status is displayed as UP despite of a disconnection. In such a case, shutdown the VLAN. Follow these steps: a. Check the status of the interface and VLAN: RFS7000(config)#show ip interface brief b. Interface c. me1 10.1.1.100/24 d. vlan1 unassigned e. vlan10 f. RFS7000(config)# g. RFS7000(config)#show ip interface brief Interface IP-Address Status vlan1 157.
PAGE 69
show 2 Standard IP access list 20 mark 8021p 5 any rule-precedence 10 RFS7000(config)# RFS7000(config)# show ip access-list Standard IP access list 1 permit 172.16.10.10/24 rule-precedence 10 RFS7000(config)# RFS7000#show ip dhcp binding IP MAC/Client-Id Type Expiry Time -------------- ---- ----------RFS7000(config)#show ip dhcp binding IP MAC/Client-Id Type Expiry Time ----------------- ----------RFS7000(config)# RFS7000#show ip dhcp pool ! ip dhcp pool pl ! ip dhcp pool pool1 domain-name test.
PAGE 70
2 show S S S S 1.1.0.0/16 [1/0] 1.1.1.0/24 [1/0] 10.0.0.0/8 [1/0] 157.235.208.0/24 via 1.1.1.1 inactive via 1.1.1.2 inactive via 10.10.10.10 inactive [1/0] via 157.235.208.
PAGE 71
show 2 ldap Common to all modes Syntax show ldap(configuration(primary|secondary)) Parameters ldap LDAP server. configuration LDAP server configuration parameters. primary Primary LDAP server. secondary Secondary LDAP server. Example RFS7000(config-radsrv)#show ldap configuration LDAP Server Config Details __________________________ Primary LDAP Server configuration IP Address : 10.10.10.
PAGE 72
2 show licenses Common to all modes Syntax show licenses Parameters None.
PAGE 73
show 2 logging Common to all modes Syntax show logging Parameters None. Example RFS7000(config)#show logging Logging module: enabled Aggregation time: disabled Console logging: level debugging Monitor logging: disabled Buffered logging: level informational Syslog logging: disabled Log Buffer (3840 bytes): Feb 19 22:25:28 2007: %NSM-6-DHCPIP: Interface fe acquired IP address 157.235.208.122/24 via DHCP Feb 19 21:33:09 2007: %KERN-6-INFO: fe: Setting full-duplex based on negotiated link capability..
PAGE 74
2 show Feb 19 18:48:58 2007: %DAEMON-5-NOTICE: WIOS_SECURITYMGR[1109]: DNSALG: Application gateway started. Feb 19 18:48:58 2007: %DAEMON-5-NOTICE: WIOS_SECURITYMGR[1109]: FTPALG: Application gateway started. Feb 19 18:48:58 2007: %DAEMON-5-NOTICE: WIOS_SECURITYMGR[1109]: FTPALG: Shutting down. ................................................................................. ......................................................................
PAGE 75
show 2 mac Common to all modes Syntax show mac(access-group|access-list) Parameters access-group Displays Mac ACLs attached to an interface. • WORD - Interface name • all - Display Mac ACLs attached on all interfaces • ge - GigabitEthernet interface • me1- FastEthernet interface • role - Role name • sa - StaticAggregate interface • vlan - VLAN • WORD – Display interface name. • all – Display MAC ACLs attached on all interfaces. • eth – Display ethernet interface. • vlan – Display VLAN.
PAGE 76
2 show mac-address-table Common to all modes Syntax show mac-address-table Parameters None. Example RFS7000#show Bridge -----------1 RFS7000# RFS7000#show bridge 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 RFS7000# 62 mac-address-table VLAN Port Mac Fwd ---- ------------ -------------- --10 ge1 0012.3f8c.b13d 1 mac-address-table VLAN port mac fwd timeout 2 ifindex 0 0090.2762.c786 1 0 2 ifindex 0 0014.85a0.ebc4 1 0 2 ifindex 0 0008.7493.8134 1 0 2 ifindex 0 0008.c7eb.070b 1 0 2 ifindex 0 000d.56d1.
PAGE 77
show 2 management Common to all modes Syntax show management Parameters None.
PAGE 78
2 show mobility Common to all modes Syntax show mobility [event-log|forwarding|global|mobile-unit|peer|statistics] show show show show show mobility mobility mobility mobility mobility event-log [mobile-unit|peer] forwarding (AA-BB-CC-DD-EE-FF) mobile-unit [|detail] peer [|detail] statistics Parameters event-log Displays mobility event logs . • mobile-unit – MU event logs. • peer – Peer event logs. forwarding Mobile units in the forwarding plane.
PAGE 79
2 show HS-IP 09/14 19:17:52 157.235.208.134 09/14 19:17:51 157.235.208.16 09/14 19:17:51 157.235.208.16 09/14 19:17:50 157.235.208.16 CS-IP IP-UPD-MU n/a 00-0f-3d-e9-a6-54 157.235.208.16 157.235.208.16 ADD-MU n/a 00-0f-3d-e9-a6-54 157.235.208.16 DEL-MU n/a 00-0f-3d-e9-a6-54 157.235.208.16 ADD-MU n/a 00-0f-3d-e9-a6-54 157.235.208.
PAGE 80
2 show ntp Common to all modes Syntax show ntp (association (detail)|status) Parameters ntp Network time protocol. association NTP associations. detail Displays NTP association details. status Displays NTP status. Example RFS7000>show ntp associations address ref clock st when poll reach delay offset disp * master (synced), # master (unsynced), + selected, - candidate, ~ configured RFS7000>(config)# RFS7000(config)#show ntp status Clock is synchronized, stratum 0, actual frequency is 0.
PAGE 81
show 2 port-channel Common to all modes Syntax show port-channel (load-balance) Parameters load-balance Load balancing.
PAGE 82
2 show privilege Common to all modes Syntax show privilege Parameters None.
PAGE 83
show 2 radius Common to all modes Syntax show radius [configuration|eap(configuration)|group|nas( A.B.C.D/M)|proxy| rad-user|trust-point] Parameters radius RADIUS configuration commands. configuration RADIUS server configuration parameters. eap (configuration) EAP parameters and configuration. group RADIUS group configuration. nas (A.B.C.D/M) Enter a client IP address and mask. proxy Proxy information. rad-user RADIUS user information. trust-point RADIUS trust-point configuration.
PAGE 84
2 show redundancy-group Common to all modes This command displays the switch’s IP address, number of active neighbors, group license, installed license, cluster AP adoption count, switch adoption count, hold time, discovery time, heartbeat interval, cluster id, switch mode etc. In a cluster, this command displays the redundancy runtime and configured information of the self-switch. Use config parameter to view only configuration information and/or runtime parameter to view runtime information.
PAGE 85
show 2 Per AP MU Threshold : 32 RFS7000(config)# RFS7000(config)#show redundancy-group Redundancy Group Configuration Detail Redundancy Feature : Disabled Redundancy group ID : 1 Redundancy Mode : Standby Redundancy Interface IP : 0.0.0.0 Number of configured peer(s) : 0 Heartbeat-period : 5 Seconds Hold-period : 15 Seconds Discovery-period : 30 Seconds Handle STP : Disabled Switch Installed License : 256 Switch running image version : 1.1.0.
PAGE 86
2 show RFS7000(config)# RFS7000(config)#show redundancy-group runtime Redundancy Group Runtime Information Redundancy Protocol Version Redundancy Group License Cluster AP Adoption Count Switch AP Adoption Count Redundancy State Radio Portals adopted by Group Radio Portals adopted by this Switch Rogue APs detected in this Group Rogue APs detected by this Switch MUs associated in this Group MUs associated in this Switch Selfhealing RPs in this Group Selfhealing APs in this Switch Group maximum AP adoption c
PAGE 87
show 2 redundancy-history Common to all modes This command displays the history of the state transition by the Brocade Mobility RFS7000-GR Controller. In a cluster, this command displays the history of the switch state transitions of the self-switch. Syntax show redundancy-history Parameters None.
PAGE 88
2 show redundancy-members Common to all modes This command displays the switches in the cluster which are all seen by the Brocade Mobility RFS7000-GR Controller. The user can provide the IP address of the switch in cluster whose information alone is needed. Syntax show redundancy-members (A.B.C.D|brief) Parameters A.B.C.D IP address of the member switch. brief Displays members in brief. Example RFS7000(config)#show redundancy-members brief 74 Member ID (Self) Member State : 10.10.10.
PAGE 89
show 2 spanning-tree Common to all modes Syntax show spanning-tree mst [config|detail (interface){|fe|ge <1-4>|sa <1-4>|tunnel <1-32> |vlan <1-4094>}|instance <1-15>(interface){|fe|ge <1-4>|sa <1-4>|tunnel <1-32> |vlan <1-4094>}] Parameters config Displays MSTP configuration information. detail (interface) {WORD|gefe|geme1 <1-4>| sa <1-4>|tunnel <1-32> | vlan <1-4094>} Displays detailed interface information.
PAGE 90
2 show % % % % % % % % % % % % % % % % % % % % % % % % 1: CIST Root Id 8000001570380843 1: CIST Reg Root Id 8000001570380843 1: CST Bridge Id 8000001570380843 portfast bpdu-filter disabled portfast bpdu-guard disabled portfast errdisable timeout disabled portfast errdisable timeout interval 300 sec cisco interoperability configured - Current cisco interoperability off ge3: Port 2003 - Id 87d3 - Role Disabled - State Discarding ge3: Designated External Path Cost 0 -Internal Path Cost 0 ge3: Configured Pat
PAGE 91
show 2 static-channel-group Common to all modes Syntax show static-channel-group Parameters None.
PAGE 92
2 show terminal Common to all modes Syntax show terminal Parameters None.
PAGE 93
show 2 timezone Common to all modes Syntax show timezone Parameters None.
PAGE 94
2 show users Common to all modes Syntax show users Parameters None.
PAGE 95
show 2 version Common to all modes Syntax show version (verbose) Parameters verbose Displays software and hardware details. Example RFS7000(config)#show version RFS7000 version 4.1.0.0-040GR Copyright (c) 2006-2009 Motorola, Inc. Booted from secondary. Switch uptime is 7 days, 0 hours 33 minutes CPU is RMI XLR V0.4 255484 kB of on-board RAM RFS7000(config)# RFS7000(config)#show version RFS7000 version 4.1.0.0-040GR MIB=01a Copyright (c) 2010 Motorola Inc. Booted from primary.
PAGE 96
2 show Copyright (c) 2010 Brocade, Inc. Booted from primary. Switch uptime is 0 days, 11 CPU is RMI Phoenix V0.
PAGE 97
show 2 wireless Common to all modes Syntax show wireless [ap (<1-48>|AA-BB-CC-DD-EE-FF)| ap-detection-config | ap-images | ap-unadopted | approved-aps | channel-power(11a {indoor|outdoor}|11b {indoor|outdoor}|11bg {indoor|outdoor})| config | country-code-list|default-ap|hotspot-config <1-32>| mac-auth-local<1-1000> |mobile-unit (<1-4096>|AA-BB-CC-DD-EE-FF| association-history |multicast-packet-limit| qos-mapping (wired-to-wireless | wireless-to-wired)| radio (<1-1000>|beacon-table|config(<1-1
PAGE 98
2 show show wireless wlan (config( <1-32> | all | enabled)| statistics <1-32>) 84 Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01
PAGE 99
show 2 Parameters ap Status of adopted access port. • <1-48> – The index of the access port. • AA-BB-CC-DD-EE-FF – The MAC address of a access port. ap-detection-config Detected AP configuration parameters. ap-images Lists the access port images on the switch. ap-unadopted Lists unadopted access ports. approved-aps Approved APs seen by access port scans. channel-power List of available channel and power levels for a radio. • 11a – Radio is 802.11a. • indoor – Radio is placed indoors.
PAGE 100
2 show radio Radio related commands. • <1-1000> – A single radio index. • beacon-table – The radio-to-radio beacon table. • config <1-1000> – Radio configuration. • default-11a – Default 11a configuration template. • default-11b – Default 11b configuration template. • default-11bg – Default 11bg configuration template. • monitor-table – The radio-to-radio monitoring table. • statistics – Radio statistics. regulatory Regulatory (allowed channel/power) information for a particular country.
PAGE 101
show 2 RFS7000>show wireless channel-power 11a indoor % Error: No valid channels or power levels RFS7000> RFS7000(config)#show wireless config country-code : us adoption-pref-id : 1 proxy-arp : enabled adopt-unconf-radio : enabled dot11-shared-key-auth : disabled ap-detection : disabled manual-wlan-mapping : disabled dhcp sniff state : disabled dhcp fix broadcast-rsp : disabled broadcast-tx-speed : optimize-for-range wlan bw allocation : disabled Adaptive ap parameters: local-bridging : disabled config-ap
PAGE 102
2 show wlan-acl Common to all modes Syntax show wlan-acl [<1-256>|all] Parameters <1-256> Displays ACLs attached to the specified WLAN ID. all Displays ACLs attached to the WLAN port.
PAGE 103
show 2 access-list Priviledge / Global Config This command lists all the access lists (numbered and named) configured on the switch. The numbered access list displays all numbered ACLs. The named access-list displays the details of the name ACL. Syntax show access-list show access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD) Show access-list Parameters <1-99> IP standard access list. <100-199> IP extended access list. <1300-1999> IP standard access list (expanded range).
PAGE 104
2 show aclstats Priviledge / Global Config This command displays the statisitcs of all the access lists configured on the switch. Syntax show aclstats [access-list| vlan |]|fe|ge <1-4>|sa <1-4>|tunnel <1-32>|vlan <1-4094>] Parameters access-list Configure access-lists vlan Vlan Interface IFNAME Interface name. fe FastEthernet interface. ge <1-4> GigabitEthernet interface. Select an index value between 1-4. sa <1- 4> StaticAggregate interface. Select an index value between 1-4.
PAGE 105
show 2 boot Priviledge / Global Config Syntax show boot Parameters None. Example RFS7000#show boot Image ----Primary Secondary Build Date -------------------Nov 27 17:08:28 2009 Nov 27 17:08:28 2009 Current Boot Next Boot Software Fallback RFS7000# RFS7000#show boot Image ----Primary Secondary Version -------------4.1.0.0-010GNDR 4.1.0.0-010GNDR Install Date -------------------Feb 13 19:29:28 2007 Jan 23 20:14:19 2007 Version -------------1.0.0.0-228D 1.0.0.
PAGE 106
2 show clock Priviledge / Global Config Syntax show clock Parameters None.
PAGE 107
show 2 debugging Priviledge / Global Config Syntax show debugging (mstp) Parameters mstp Displays MSTP debugging information.
PAGE 108
2 show dhcp Priviledge / Global Config Use this command to display DHCP Server configurations. Syntax show dhcp [config|status] Parameters config Displays DHCP server configuration. status Displays whether the DHCP server is running or not. Example RFS7000#show dhcp config service dhcp ! ip dhcp pool vlan63 default-router 192.168.157.2 network 192.168.63.0/24 address range 192.168.63.20 192.168.63.
PAGE 109
show 2 environment Privilege / Global Config Syntax show environment Parameters None. Example RFS7000#show environment upwind of CPU CPU die left side by FPGA front right front left fan 1 fan 2 fan 3 RFS7000# RFS7000#show environment upwind of CPU CPU die left side by FPGA front right front left fan 1 fan 2 fan 3 RFS7000# Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01 temperature temperature temperature temperature temperature temperature fan fan fan : : : : : : : : : 33.
PAGE 110
2 show file Privilege / Global Config Syntax show file (information (FILE)| systems) Parameters information (FILE NAME) Displays information on FILE. systems Lists filesystems.
PAGE 111
show 2 fips-default-rules Privilege / Global Config Syntax show fips-default-rules Parameters None.
PAGE 112
2 show password-encryption Priviledge / Global Config Syntax show password-encryption (status) Parameters status Displays password-encryption status.
PAGE 113
show 2 running-config Privilege / Global Config Displays the contents of the configuration file for the switch, including all configured MAC and IP access lists and access groups applied to an interface. Syntax show running-config(full|include-factory) Parameters full Full configuration. include-factory Includes factory defaults. Example RFS7000(config)#show running-config Warning: This will display secure information.Do you want to proceed? (y/n): y ! ! configuration of RFS7000 version 4.1.0.
PAGE 114
2 show ! interface ge2 .......................................................................... ..........................................................................
PAGE 115
show 2 securitymgr Privilege / Global Config Syntax show securitymgr(event-logs) Parameters event-logs Displays securitymgr event logs. Example RFS7000#show securitymgr event-logs ======================== Event Logs ======================== 1> Tue Mar 13 2007 19:15:55: CORRUPT_PACKET: source vlan200: udp: Src 157.235.188.241: Dst 157.235.188.
PAGE 116
2 show sessions Privilege / Global Config Syntax show sessions Parameters None. Example RFS7000(config)#show sessions SESSION USER LOCATION 1 cli Console ** 2 cli xxx.xxx.xxx.
PAGE 117
show 2 spanning-tree Privilege / Global Config Use this command to display spanning tree information. Syntax show spanning-tree (mst)[config|detail|instance] Parameters mst Displays MST information. • config – Displays configuration information. • detail – Displays detailed information. • instance – Displays instance information.
PAGE 118
2 show startup-config Privilege / Global Config Syntax show startup-config Parameters None. Example RFS7000#show startup-config ! ! configuration of RFS7000 version 4.1.0.0-040GR! version 1.
PAGE 119
show 2 upgrade-status Privilege / Global Config Syntax show upgrade-status(detail) Parameters detail Last image upgrade log.
PAGE 120
2 show wlan-acl Privilege / Global Config Syntax show wlan-acl [<1-256>|all] Displays ACLs attached to the specified WLAN ID. <1-256> all Displays ACLs attached to WLAN port.
PAGE 121
Chapter 3 User Exec Commands In this chapter • User Exec Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Logging in to the switch places you within the USER EXEC command mode. Typically, a log-in requires a user name and a password. You have three attempts to enter a password correctly before a connection attempt is refused.The USER EXEC commands available at the user level are a subset of those available at the privileged level.
PAGE 122
3 User Exec Commands clear User Exec Commands Use this command to reset the command to previous configuration.
PAGE 123
User Exec Commands 3 RFS7000>clear mobility mobile-unit all RFS7000> RFS7000>clear mobility mobile-unit home-database RFS7000> RFS7000>clear spanning-tree detected protocols bridge RFS7000> RFS7000>clear spanning-tree detected protocols interface Nexus RFS7000> Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01 109
PAGE 124
3 User Exec Commands cluster-cli User Exec Commands Use this command to cluster all the CLI pertaining to the context it appears. This feature is useful to configure each switch in the cluster by logging in to one switch. This eliminates administrator time and effort N-1 times (if there are N switches in the cluster). A new context called redundancy is created to support cluster-cli. Any commands executed under this context are executed to all members of the cluster.
PAGE 125
User Exec Commands 3 disable User Exec Commands Enable the PRIV mode to use this command. Then, use the disable command to exit the PRIV mode. Syntax disable Parameters None.
PAGE 126
3 User Exec Commands enable User Exec Commands Use this command to enter the PRIV mode. Syntax enable Parameters None.
PAGE 127
User Exec Commands 3 logout User Exec Commands Use this command instead of the exit command to exit the EXEC mode. Syntax logout Parameters None. Example The Brocade Mobility RFS7000-GR Controller logs off on execution of this command.
PAGE 128
3 User Exec Commands page User Exec Commands Use this command to toggle paging. Enabling this command displays the CLI output page by page, instead of running the entire output at once. Syntax page Parameters None.
PAGE 129
User Exec Commands 3 ping User Exec Commands Use this command to send Internet Control Message Protocol’s (ICMP) echo packets to netwok hosts. Syntax ping [IP address|hostname] Parameters [IP address|hostname] Ping destination address or hostname. Example RFS7000>ping 192.168.235.200 PING 192.168.235.200 (192.168.235.200): 100 data bytes 128 bytes from 192.168.235.200: icmp_seq=0 ttl=128 time=3.8 ms 128 bytes from 192.168.235.200: icmp_seq=1 ttl=128 time=4.3 ms 128 bytes from 192.168.235.
PAGE 130
3 User Exec Commands quit User Exec Commands Use this command to exit the current mode, and move back to the previous mode. Syntax quit Parameters None. Example The switch logs off upon execution of this command.
PAGE 131
User Exec Commands 3 show User Exec Commands Use this command to exit the current mode and go down to previous mode. Syntax show Parameters aap-wlan-acl wlan based acl aap-wlan-acl-stats IP filtering wlan based statistics access-banner Displays access banner. audit-log-filters Displays audit log filter rules. autoinstall Configuration of autoinstall commands Displays command lists. crypto Displays encryption details. crypto-error-log Displays crypto error log.
PAGE 132
3 User Exec Commands radius Displays RADIUS configuration commands. redundancy-group Displays redundancy group parameters. redundancy-history Displays the state transition history of the switch. redundancy-members Displays redundancy group members in detail. role Configure role parameters rtls Real Time Locating System commands service-list List of services snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters spanning-tree Displays spanning-tree information.
PAGE 133
User Exec Commands ntp port port-channel privilege protocol-list radius redundancy-group redundancy-history redundancy-members role rtls service-list snmp snmp-server spanning-tree static-channel-group terminal timezone traffic-shape users version virtual-ip wireless wlan-acl 3 Network time protocol Physical/Aggregate port interface Portchannel commands Show current privilege level List of protocols RADIUS configuration commands Display redundancy group parameters Display state transition history of the
PAGE 134
3 User Exec Commands terminal User Exec Commands Use this command to set the length /number of lines displayed on the terminal window. Syntax terminal[length <0-512>|no(length <0-512>|width)|width <0-512> ] Parameters length Sets the number of lines on a screen. no Negates a command or sets its defaults. width Sets the width/number of characters on a screen line.
PAGE 135
User Exec Commands 3 traceroute User Exec Commands Use this command to trace the route to a destination. Syntax traceroute (WORD|IP) Parameters WORD Traces the route to a destination address or hostname . IP IP trace. Example RFS7000>traceroute 192.168.235.200 traceroute to 192.168.235.200 (192.168.235.200), 30 hops max, 38 byte packets 1 * * * 2 * * * 3 * * * 4 * * * .................................... ....................................
PAGE 136
3 122 User Exec Commands Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01
PAGE 137
Chapter 4 Privileged Exec Commands In this chapter • Priv Exec Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Most PRIV EXEC mode commands set operatingparameters. Privileged-level access must be password protected to prevent unauthorized use. The PRIV EXEC command set includes those commands contained in the USER EXEC mode.
PAGE 138
4 Priv Exec Command TABLE 2 124 Priv Exec Command Summary Command Description Ref. disable Turns off a privileged mode command. page 139 edit Edits a text file. page 140 enable Turns on the privileged mode command. page 141 erase Erases a filesystem. page 142 exit Ends the current mode and moves to the previous mode. page 21 halt Halts the switch. page 143 help Description of the interactive help system. page 22 kill Terminates the specified session.
PAGE 139
Priv Exec Command 4 archive Priv Exec Command Use this command to manage archive files. Syntax archive tar /table [FILE|URL] archive tar /create [FILE|URL] FILE archive tar /xtract [FILE|URL] DIR Parameters tar Manipulates (creates, lists or extracts) a tar file. • /table – Lists files in a tar file. • /create – Creates a tar file. • /xtract – Extracts files from a tar file. FILE Tar filename. The file can exist in: • flash://path/file • nvram:startup-config • system:running-config URL Tar file URL.
PAGE 140
4 Priv Exec Command drwx drwx drwx -rw- 120 1024 1024 173056 Fri Thu Wed Fri Sep 8 12:27:20 Sep 7 16:23:34 Aug 23 15:30:19 Sep 8 14:39:48 2006 2006 2006 2006 log crashinfo backup out.tar Which files are tared? RFS7000#archive tar /table flash:/out.tar drwxrwxrwt 0/600 0 2006-09-08 12:27:20 flash/log -rw-r--r-- 0/0 381 2006-09-08 12:27:28 flash/log/snmpd.log -rw-r--r-- 0/0 151327 2006-09-08 14:37:26 flash/log/messages.log -rw-r--r-- 0/0 17318 2006-09-08 12:27:29 flash/log/startup.
PAGE 141
Priv Exec Command 4 cd Priv Exec Command Use this command to change the current directory. Syntax cd [DIR|] Parameters DIR Changes the current directory to DIR.
PAGE 142
4 Priv Exec Command change-passwd Priv Exec Command Use this command to change the password of the logged in user. Syntax change-passwd Parameters None. Usage Guidelines A password must be between 8 to 32 characters in length. For safety, the console does not display the user entered key words (refer example) for the old password and new password fields. Ensure the console displays the password successfully changed message.
PAGE 143
Priv Exec Command 4 clear Priv Exec Command Use this command to reset the current context. Syntax clear [aclstats|arp-cache|counters|crypto|crypto-error-log|crypto-log| ip|logging|mac-address-table|mobility|remote-login-lock|spanning-tree] clear alarm-log (<1-65535>|acknowledge|all|new) clear counters [all|bridge|interface (|all|ge|me1|sa|vlan>)| router|thread] clear crypto [ipsec|isakmp](sa) clear ip(dhcp)(binding)[*|A.B.C.
PAGE 144
4 Priv Exec Command Parameters 130 aclstats Clears ACL statistics. arp-cache Clears the Arp cache. alarm-log Clears alarm-log. • <1-65535> - clears specific alarm id. • acknowlwedged - clears acknowleged alarms. • all - clears all alarms. • new - clears new alarms. counters [all|bridge|interface|firewal l|igmp-snooping| router|thread] Clears counters. • all – Clears all counters. • bridge – Clears bridge counters. • interface – Clears interface counters.
PAGE 145
Priv Exec Command 4 mac (address-table) [dynamic|multicast|static] [address|bridge <1-32>| interface|vlan] Clears layer 2 MAC entries. • address-table – Clears all Entries in the forwarding database. • dynamic – Clears all dynamic entries. • multicast – Clears all multicast entries. • static – Clears all entries configured through management. • address – Clears the specified MAC Address/ Interface Name/ VLAN ID (1-4094). • bridge <1-32> – Bridge group for bridging.
PAGE 146
4 Priv Exec Command clock Priv Exec Command Use this command to configure the software system clock. Syntax clock set HH:MM:SS [1-31] MONTH [1993-2035] Parameters set Sets the system date and time.
PAGE 147
Priv Exec Command 4 cluster-cli Priv Exec Command Use this command to cluster all the CLI pertaining to the context it appears. This feature is useful to configure each switch in the cluster by logging in to one participating switch. This eliminates administrator time and effort, as one switch configuration can represent the entire cluster. A new context called redundancy is available to support the cluster-cli. Any commands executed under this context are also executed in each cluster member.
PAGE 148
4 Priv Exec Command configure Priv Exec Command Use this command to move into the configuration mode. Syntax configure terminal Parameters terminal Configures from the terminal. Example RFS7000#configure terminal Enter configuration commands, one per line. End with CNTL/Z.
PAGE 149
Priv Exec Command 4 copy Priv Exec Command Use this command to copy any file (config, log, txt ...etc) to and from the switch. NOTE Copying a new config file onto an existing running-config file merges it with the existing running-config. Both, the existing running-config and the new config file are applied as the current running-config of the switch. Copying a new config file onto a start-up config file replaces the existing start-up config file with the parameters of the new config file.
PAGE 150
4 Priv Exec Command delete Priv Exec Command Use this command to delete the specified file from the system. Syntax delete [/force|/recursive|.FILE|fips-default-rule] Parameters /force Forces deletion without a prompt. /recursive Performs a recursive delete.
PAGE 151
Priv Exec Command 4 diff Priv Exec Command Use this command to view the difference between two files. Syntax diff (FILE|URL) (FILE|URL) Parameters FILE Displays the differences between FILE’s. URL Displays the differences between URL’s. Example RFS7000#diff startup-config running-config --- startup-config +++ running-config @@ -89,7 +89,7 @@ mobility peer 157.235.208.
PAGE 152
4 Priv Exec Command dir Priv Exec Command Use this command to view the list of files on a filesystem. Syntax dir ({/all|/recursive}|) (DIR|all-filesystems|) Parameters /all Lists all files. /recursive Lists files recursively. DIR Lists files in named file path. all-filesystems Lists files on all filesystems.
PAGE 153
Priv Exec Command 4 disable Priv Exec Command Use this command to exit the Exec mode. Syntax disable Parameters None.
PAGE 154
4 Priv Exec Command edit Priv Exec Command Use this command to edit a text file. Syntax edit FILE Parameters FILE Name of the file to be edited. Example RFS7000#edit startup-config GNU nano 1.2.4 File: startup-config ! ! configuration of RFS7000 version 4.1.0.0-040GR ! version 1.
PAGE 155
Priv Exec Command 4 enable Priv Exec Command Use this command to turn on the privileged mode command. Syntax enable Parameters None.
PAGE 156
4 Priv Exec Command erase Priv Exec Command Use this command to erase a target filesystem. Syntax erase [flash:|nvram:|startup-config:] Parameters flash: Erases contents of flash. nvram: Erases contents of nvram. startup-config Resets the switch configuration to factory default settings.
PAGE 157
Priv Exec Command 4 halt Priv Exec Command Use this command to halt the switch. This command is similar to reload command. The only difference is that halt command stops the switch and reload stops and restarts the switch. Syntax kill Parameters None.
PAGE 158
4 Priv Exec Command kill Priv Exec Command Use this command to kill (terminate) a specified session. Syntax kill session <1-16> Parameters session Active session. There are 16 active sessions which can be terminated. Example RFS7000#show sessions SESSION USER LOCATION * 1 cli Console 2 root xxx.xxx.xxx.x9 RFS7000# IDLE 00:00m 00:01m START TIME Feb 16 20:58:58 2008 Feb 16 21:00:06 2008 RFS7000#kill session 1 Please press Enter to activate this console.
PAGE 159
Priv Exec Command 4 logout Priv Exec Command Use this command to exit the EXEC mode. Syntax logout Parameters None. Example RFS7000#logout Please press Enter to activate this console.
PAGE 160
4 Priv Exec Command mkdir Priv Exec Command Use this command to create a new directory in the filesystem. Syntax mkdir DIR Parameters DIR Directory name.
PAGE 161
Priv Exec Command 4 more Priv Exec Command Use this command to view the contents of a file. Syntax more FILE Parameters FILE Displays the content of the file. Example RFS7000#more flash:/log/messages.log Jan 12 05:16:05 2008: %CC-4-NOCOUNTRYCODE: Country-code not set. Ignoring adoption requests from radios Jan 12 05:16:20 2008: %CC-4-NOCOUNTRYCODE: Country-code not set. Ignoring adoption requests from radios Jan 12 05:16:35 2008: %CC-4-NOCOUNTRYCODE: Country-code not set.
PAGE 162
4 Priv Exec Command page Priv Exec Command Use this command to toggle switch paging. Enabling this command displays the command output page by page, instead of running the entire output at once. Syntax page Parameters None. Example RFS7000#page RFS7000#show running-config Warning: This will display secure information.Do you want to proceed? (y/n): y ! ! configuration of RFS7000 version 4.1.0.0-040GR ! version 1.
PAGE 163
Priv Exec Command 4 ping Priv Exec Command Use this command to send Internet Control Message Protocol’s (ICMP) echo packets to netwok hosts Syntax ping [WORD] Parameters WORD Ping destination address or hostname. Example RFS7000#ping 111.222.222.39 PING 1111.222.222.39 (111.222.222.39): 100 data bytes 128 bytes from 111.222.222.39: icmp_seq=0 ttl=64 time=2.3 128 bytes from 111.222.222.39: icmp_seq=1 ttl=64 time=0.2 128 bytes from 111.222.222.39: icmp_seq=2 ttl=64 time=0.3 128 bytes from 111.222.222.
PAGE 164
4 Priv Exec Command pwd Priv Exec Command Use this command to view the contents of the present working directory. Syntax pwd Parameters None.
PAGE 165
Priv Exec Command 4 quit Priv Exec Command Use this command to exit the current mode and move to the previous mode. Syntax quit Parameters None. Example RFS7000#quit RFS7000 version 4.1.0.0-040GR Login as 'cli' to access CLI.
PAGE 166
4 Priv Exec Command reload Priv Exec Command Use this command to halt the switch and perform a warm reboot. Syntax reload Parameters None.
PAGE 167
Priv Exec Command 4 rename Priv Exec Command Use this command to rename a file in the existing filesystem. Syntax rename FILE FILE Parameters FILE FIle to rename.
PAGE 168
4 Priv Exec Command rmdir Priv Exec Command Use this command to delete an existing file. Syntax rmdir DIR Parameters DIR Name of the directory to delete.
PAGE 169
Priv Exec Command 4 run Priv Exec Command Use this command to execute a self test. Syntax run (self-test) Parameters self-test Performs an on-demand self-test. Example RFS7000# run self-test Self test started FIPS integrity check of the WIOS image successful FIPS data integrity check is successful FIPS Power-up tests for openSSL library 1. Automatic power-up self test includes RNG, HMAC, AES, 3DES, RSA, DSA selftests...Successful 2. AES encryption/decryption...Successful 3.
PAGE 170
4 Priv Exec Command show Priv Exec Command Use this command to show currently running system information. Syntax show Parameters aap-wlan-acl [<1-256>|all] Displays wlan based acl. • <1-256> – The WLAN Id. This displays the ACL attached to the WLAN ID specified by the <1-266> value. • all – Displays the ACLs attached to all WLANs. aap-wlan-acl-stats Displays IP filtering wlan based statistics access-banner Displays access banner.
PAGE 171
Priv Exec Command crypto [ipsec|isakmp|key|map| pki] Displays encryption related commands. • ipsec [sa|security-associaton|transformset] – Displays IPSEC policy. • sa – Displays IPsec Security Association. • Security-association (lifetime) – Displays security association. • lifetime – Displays Security-association lifetime. • transformset (WORD)–Displays transformset. • WORD – Transformset name for all transformsets. • isakmp [policy|sa] – Displays ISAKMP.
PAGE 172
4 Priv Exec Command ip [access-group| access-list|arp|ddns| dhcp| dhcp-vendor-options| domain-name|dos| http|igmp|interface| name-server|nat|route| routing|ssh] 158 Displays Internet Protocol (IP) information. • access-group [|all|ge|me1|role|sa|vlan] – Displays ACLs. attached to an interface. • – The interface to display access-group information for. • all – Displays access-group information for all interfaces.
PAGE 173
Priv Exec Command • • • • 4 nat [interfaces|translations] – Displays the configuration of Network Address Translations. • interfaces – Displays the NAT configuration on the interfaces. • translations [inside|outside|verbose] – Displays NAT translations. • Inside – Inside • Outside – outside • destination – • source – route [A.B.C.D|A.B,C.D/M|detail] – Displays IP routing table. • A.B.C.D – Network in the IP routing table to display. • A.B.C.
PAGE 174
4 Priv Exec Command port (fw) Displays Physical/Aggregate port interface. fw (config) – Displays Firewalls. config – Displays configurable firewall parameters. port-channel (load-balance) Displays Port channel commands. load-balance – Load balancing privilege Displays the current privilege level. protocol-list Displays list of protocols. radius [configuration|eap|group|na s|proxy|rad-user| trust-point] Displays RADIUS configuration commands.
PAGE 175
Priv Exec Command snmp (user) Displays SNMP engine parameters. • user [snmpmanager|snmpoperator|snmptrap] – snmp user to display information for. • snmpmanager – Displays manager information. • snmpoperator – Displays operator information. • snmptrap – Displays trap information. snmp-server (traps) Displays SNMP engine parameters. traps – Displays Trap enable flags. spanning-tree (mst) Displays spanning tree information. • mst [configuration|detail|instance] – Displays MST information.
PAGE 176
4 Priv Exec Command wireless [aap-version|ap| ap-containment| ap-detection-config| ap-images| ap-radio-config| ap-adopted| authorized-aps| channel-power| config|country-code-list| default-ap|fw|hotspot| hotspot-config| ignored-aps|known| mac-auth-local|mesh| mobile-unit| 162 Displays wireless configuration commands. aap-version – Displays the minimum Adaptive firmware version string. ap [LIST|config] – Displays the status of adopted access-port.
PAGE 177
Priv Exec Command • • • • • • wlan-acl [<1-256> |all] 4 • • association-history – Displays mobile-unit history. associations-stats – Displays statistics of associations and reassociations. probe-history [<1-200> |config-list] – Displays mu probe-history. • <1-200> – index of mobile-unit to display probe logging. • config-list – Lists probe history MAC addresses. radio <1-4096> – Displays mobile-units associated to this radio. • <1-4096> – The radio index to display mobile-units for.
PAGE 178
4 Priv Exec Command mobility ntp password-encryption port-channel privilege radius redundancy-group redundancy-history redundancy-members running-config securitymgr sessions spanning-tree startup-config static-channel-group terminal timezone upgrade-status users version wireless wlan-acl Display Mobility parameters Network time protocol password encryption Portchannel commands Show current privilege level RADIUS configuration commands Display redundancy group parameters Display state transition history o
PAGE 179
Priv Exec Command 4 traceroute Priv Exec Command Use this command to trace the route to a destination. Syntax traceroute (WORD | ip WORD) Parameters WORD Traces the route to a destination address or hostname. ip IP trace. Example RFS7000#traceroute 157.222.333.33 traceroute to 157.235.208.39 (157.235.208.39), 30 hops max, 38 byte packets 1 157.235.208.39 (157.235.208.39) 0.466 ms 0.363 ms 0.
PAGE 180
4 Priv Exec Command upgrade Priv Exec Command Use this command to upgrade the switch software image. Syntax upgrade URL (background|) Parameters URL Defines location of firmware image.
PAGE 181
Priv Exec Command 4 upgrade-abort Priv Exec Command Use this command to abort an ongoing upgrade process. Syntax upgrade-abort Parameters None. Example RFS7000#upgrade-abort % Error: No upgrade in progress RFS7000#upgrade tftp://xxx.xxx.xxx.xxx:/img background RFS7000#Sep 08 16:01:38 2006: %KERN-4-WARNING: EXT3-fs warning: maximal mount count reached, running e2fsck is recommended. Sep 08 16:01:38 2006: %KERN-6-INFO: EXT3 FS on hda1, internal journal. %KERN-6-INFO: kjournald starting.
PAGE 182
4 Priv Exec Command write Priv Exec Command Use this command to write the running configuration to memory or terminal Syntax write [memory | terminal] Parameters memory Writes to NV memory. terminal Writes to terminal. Example RFS7000#write terminal ! ! configuration of RFS7000 version 4.1.0.0-040GR ! version 1.
PAGE 183
Chapter Global Configuration Commands 5 In this chapter • Global Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 The term global is used to indicate characteristics or features effecting the system as a whole. Use the global configuration mode to configure the system globally, or enter specific configuration modes to configure specific elements (such as interfaces or protocols).
PAGE 184
5 Global Configuration Commands Table 5.2 Global Configuration command summary 170 Command Description Ref. do Runs commands from EXEC mode. page 186 end Ends the current mode and change to the EXEC mode. page 187 errdisable Enables the timeour mechanism for the port. page 188 exit Ends the current mode and moves down to the previous mode. page 21 help Description of the interactive help system. page 22 hostname Sets the system's network name.
PAGE 185
Global Configuration Commands 5 aaa Global Configuration Commands Use this command to configure current Authentication,Authorization and Accounting (aaa) login settings. Syntax aaa [authentication|nas|vpn-authentication] aaa authentication login default [local (radius)|radius (local)] aaa nas aaa vpn-authentication [primary|secondary] (key)[0|2|WORD] Parameters authentication Authentication configuration parameters. • login – Sets an authentication list for logins.
PAGE 186
5 Global Configuration Commands access-banner Global Configuration Commands Use this command to define a custom access banner for the switch. Syntax access-banner (LINE) Parameters LINE Custom Message of the Day (MOTD) stringEnter a string with minimum 10 characters and maximum 250 characters.
PAGE 187
Global Configuration Commands 5 access-list Global Configuration Commands Use this command to add an access list entry. Use the access list command under global configuration to configure the access list mechanism for filtering frames by protocol type or vendor code. Syntax access-list For Standard IP ACL’s: access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0-7> | tos <0-255>))(A.B.C.D/M | host A.B.C.
PAGE 188
5 Global Configuration Commands access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p dscp <0-637> | tos <0-255>}} {ip} {source/source-mask | host source | any } {destination/destination-mask | host destination | any } [log] [rule-precedence access-list-entry precedence] 174 Adds an Extended IP access list entry using IP keyword. • <100-199>|<2000-2699> – For IP type of extended ACL, the ACL number must be between 100-199.
PAGE 189
Global Configuration Commands 5 access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos <0-255>}} {icmp} {source/source-mask | host source | any} {destination/ destination-mask | host destination | any} [icmp-type | [icmp-type icmp-code]] [log] [rule-precedence access-list-entry precedence] Adds an Extended IP access list entry using icmp keyword. • (<100-199>|<2000-2699>) – For ICMP extended ACLs, the ACL number must be between 2000-2699.
PAGE 190
5 Global Configuration Commands NOTE To create a named ACL, use ip access-list (Standard/Extended). For more details check ip on page 191. Using access-list [<100-199>|<2000-2699>] moves to the (config-ext-nacl) instance. For additional information, see Extended ACL Instance on page 351. Using access-list [<1-99>|<1300-1999>] moves to the (config-std-nacl) instance. For additional information, see Standard ACL Instance on page 373.
PAGE 191
Global Configuration Commands 5 audit-log-filter Global Configuration Commands Use this command to setup audit event log filter. NOTE When no filters are set the default action is to permit any. Syntax audit-log-filter [add|delete] audit-log-filter add <1-10> [deny|permit] (username|any) [any|console|network] (MAC|any) audit-log-filter delete <1-10> Parameters add Add this rule to the filtering logic. • <1-10> – Rule Precedence. • deny – Disable the logging based on following paramters.
PAGE 192
5 Global Configuration Commands audit-wireless-filter Global Configuration Commands Use this command to setup audit wireless log filter. NOTE When no filters are set the default action is to permit any. Syntax audit-wireless-filter [add|delete] audit-wireless-filter add <1-10> [deny|permit] audit-wireless-filter delete <1-10> Parameters add Add this rule to the filtering logic. • <1-10> – Rule Precedence. • deny – Disable the logging based on following paramters.
PAGE 193
Global Configuration Commands 5 boot Global Configuration Commands This command reboots the switch with an image present in the mentioned partition (either the primary or secondary partition). Syntax boot(system [primary|secondary]) Parameters system Specifies the boot image used after reboot. • primary – Specifies the primary image. • secondary – Specifies the secondary image.
PAGE 194
5 Global Configuration Commands bridge Global Configuration Commands Configures bridge specific details.
PAGE 195
Global Configuration Commands 5 common-criteria Global Configuration Commands Use this command to enable or disable logging of commands that do not meet common criteria. Syntax common-criteria audit no common-criteria audit Parameters None. Usage Guidelines This command enables or disables blocking of log events that do not meet common criteria.
PAGE 196
5 Global Configuration Commands country-code Global Configuration Commands Use this command to configure the country of operation. Syntax country-code Parameters None. Usage Guidelines This command erases all existing radio configurations.
PAGE 197
Global Configuration Commands 5 crypto Global Configuration Commands Use this command to configure encryption related commands. NOTE crypto isakmp(policy)Priority leads you to config-crypto- isakmp instance. For more details see Crypto-isakmp Instance on page 237. crypto isakmp(client)configuration group default leads you to config-crypto-group instance. For more details see Crypto-group Instance on page 251. crypto isakmp(peer)IP Address leads you to config-crypto-peer instance.
PAGE 198
5 Global Configuration Commands Parameters 184 ipsec (security-association| transform-set) Configures IPSEC policies. • security-association – Security association parameter used to define its lifetime. • lifetime (kilobyte | seconds) – The lifetime of IPSEC security association. It can be defined in either: kilobytes – Volume-based key duration. Minimum is 500 KB and maximum is 2147483646 KB. seconds – Time-based key duration.
PAGE 199
Global Configuration Commands 5 map [ipsec-isakmp | ipsec-manual] (dynamic) Enter a crypto map. For more details see Crypto-map Instance on page 281. • name – Name of the crypto map entry not exceeding 32 character. • <1-1000> – Sequence to insert into crypto map entry. • ipsec-isakmp – IPSEC w/ISAKMP. • ipsec-manual – IPSEC w/manual keying. • dynamic – Dynamic map entry (remote VPN configuration) for XAUTH with mode-config or ipsec-l2tp configuration.
PAGE 200
5 Global Configuration Commands do Global Configuration Commands Use this command to run commands from either the User Exec or Priv Exec mode. Syntax do (command of other mode) Parameters None. Example RFS7000(config)#do ping 157.235.208.69 PING 157.235.208.69 (157.235.208.69): 100 128 bytes from 157.235.208.69: icmp_seq=0 128 bytes from 157.235.208.69: icmp_seq=1 128 bytes from 157.235.208.69: icmp_seq=2 128 bytes from 157.235.208.69: icmp_seq=3 128 bytes from 157.235.208.
PAGE 201
Global Configuration Commands 5 end Global Configuration Commands Use this command to end the current mode and change to the Exec mode. Syntax end Parameters None. Example RFS7000(config)#end RFS7000#? Priv Exec commands: acknowledge Acknowledge alarms archive Manage archive files autoinstall autoinstall configuration command cd Change current directory ............................................ ............................................
PAGE 202
5 Global Configuration Commands errdisable Global Configuration Commands Use this command to enable the timeout mechanism for the port. Syntax errdisable (recovery)[cause (bpduguard)|interval <10-1000000>] Parameters recovery Enables the timeout mechanism for the port to be enabled back. cause (bpduguard) Reason for errdisable. • bpduguard – Recover from errdisable due to bpduguard. interval <10-1000000> Interval after which port shall be enabled.
PAGE 203
Global Configuration Commands 5 hostname Global Configuration Commands Use this command to define the system’s network name. Syntax hostname(WORD) Parameters WORD Use this command to provide a name for the network.
PAGE 204
5 Global Configuration Commands interface Global Configuration Commands Use this command to configure a selected interface. This command is used to enter the interface configuration mode for the specified physical/ Switch Virtual Interface (SVI) interface. If the VLANx (SVI) interface does not exist, it is automatically created. NOTE The interface mode leads to the config-if instance. For additional information, see Interface Instance on page 311.
PAGE 205
Global Configuration Commands 5 ip Global Configuration Commands Use this CLI command to configure a selected Internet Protocol. NOTE Use an ip access-list extended command to move to the (config-ext-nacl) instance. For additional information, see Extended ACL Instance on page 351. Use an ip access-list standard command to move to the (config-std-nacl) instance. For additional information, see Standard ACL Instance on page 373.
PAGE 206
5 Global Configuration Commands Parameters 192 access-list Use the access list parameter to enter the ext-nacl context and std-nacl context. The prompt changes to the context entered. For additional information, see Extended ACL Instance on page 351 (for extended ACLs) and Standard ACL Instance on page 373 (for standard ACLs). default-gateway Configures the default gateway. • A.B.C.D – IP gateway address. dhcp [boot|class| excluded-address |option|ping|pool] DHCP Server configuration.
PAGE 207
Global Configuration Commands nat 5 Network Address Translation (NAT). Syntax ip nat destination (static)|source list overload interface • – Defines the interface as private (inside) or public (external). NAT translations refer to this keyword to identify translations applied to incoming packets on an interface. Refer to ip on page 318 for details on marking an interface as private (inside) or public (external).
PAGE 208
5 Global Configuration Commands • std-nacl — Standard ACL. For more details see Standard ACL Instance on page 373. • dhcp – DHCP Server instance. For more details see DHCP Server Instance on page 401. • dhcpclass – DHCP User Class instance. For more details see DHCP Class Instance on page 437 • Use clear command to clear the ip dhcp binding. NOTE To delete Standard/Extended and MAC ACL use no access-list under the Global Config mode.
PAGE 209
Global Configuration Commands 5 Example The example below creates a named extended IP access list. RFS7000(config)#ip access-list extended TestACL RFS7000(config-ext-nacl)# The example below creates a named standard IP access list. RFS7000(config)#ip access-list standard TestStdACL RFS7000(config-std-nacl)# The example below creates a static NAT translation. RFS7000(config)#ip nat inside destination static 1.1.1.1 2.2.2.2 RFS7000(config)# The example below creates a DHCP pool.
PAGE 210
5 Global Configuration Commands license Global Configuration Commands Use this command to display the details of the license. Syntax license (featureWORD) (licensekeyLINE) Parameters featureWORD Enter the name of the feature for which you wish to add a license. license keyLINE Enter the license key.
PAGE 211
Global Configuration Commands 5 line Global Configuration Commands Use this command to configure the terminal line. NOTE The line vty command moves to the (config-line) instance. Syntax line(console|vty) Parameters console Primary terminal line. vty Virtual terminal. Configure a value between 0-871.
PAGE 212
5 Global Configuration Commands local Global Configuration Commands Use this command to set the username and password for local user authentication. Syntax local(username) (password) Parameters username Enter local user name. The username can be a string of up to 64 characters. password Enter local user password. The password can be a string of up to 21 characters.
PAGE 213
Global Configuration Commands 5 logging Global Configuration Commands Use this command to modify message logging facilities.
PAGE 214
5 Global Configuration Commands Parameters 200 aggregation-time Sets number of seconds (between 1 - 60) for aggregating repeated messages. buffered Sets the buffered logging level. • <0-7> – Logging severity level. • alerts – Immediate action needed, (severity=1). • critical – Critical conditions, (severity=2). • debugging – Debugging messages, (severity=7). • emergencies – System is unusable, (severity=0). • errors – Error conditions, (severity=3).
PAGE 215
Global Configuration Commands on Enables the logging of system messages. syslog Sets the syslog servers logging level. • <0-7> – Logging severity level. • alerts – Immediate action needed, (severity=1). • critical – Critical conditions, (severity=2). • debugging – Debugging messages, (severity=7). • emergencies – System is unusable, (severity=0). • errors – Error conditions, (severity=3). • informational – Informational messages, (severity=6).
PAGE 216
5 Global Configuration Commands mac Global Configuration Commands Use this command to configure MAC access-lists. Syntax mac(access-list(extended(WORD))) Parameters access-list (extended ) Enter a name for MAC extended ACL. Usage Guidelines To delete a Standard/Extended or MAC ACL, use no access-list under the Global Config mode.
PAGE 217
Global Configuration Commands 5 mac-address-table Global Configuration Commands Use this command to configure MAC adress table. Syntax mac-address-table (aging-time)[0|<10-1000000>] Parameters aging-time [0|<10-1000000>] Duration for which a learned MAC address will persist after last update. • 0 – Disables aging. • <10-1000000> –Specifies the aging time in seconds.
PAGE 218
5 Global Configuration Commands management Global Configuration Commands Use this command to set management interface properties. Syntax management(secure) Parameters secure Limits local access (Web/Telnet etc.) to the management interface.
PAGE 219
Global Configuration Commands 5 ntp Global Configuration Commands Use this command to configure NTP.
PAGE 220
5 Global Configuration Commands Parameters access-group [peer|query-only|serve| serve-only] Controls NTP access. • peer – Provides full access. • <1-99> – Standard IP access list. • <100-199> Extended IP access list • <1300-1999> – Standard IP access list (expanded range). • <2000-2699> Extended IP access list (expanded range) • query-only – Allows only control queries. • <1-99> – Standard IP access list. • <100-199> Extended IP access list • <1300-1999> – Standard IP access list (expanded range).
PAGE 221
Global Configuration Commands 5 RFS7000(config)#ntp peer TestPeer ? autokey Configure autokey peer authentication scheme key Configure peer authentication key prefer Prefer this peer when possible version Configure NTP version RFS7000(config)#ntp peer TestPeer autokey ? prefer Prefer this peer when possible version Configure NTP version RFS7000(config)#ntp peer TestPeer autokey prefer ? version Configure NTP version RFS7000(config)#ntp peer TestPeer autokey prefer version ? <1-4> NTP versio
PAGE 222
5 Global Configuration Commands prompt Global Configuration Commands Use this command to configure and set the system prompt. Syntax prompt(LINE) Parameters LINE Enter the new prompt displayed by the switch with the optional modifies mentioned below; • %% – Percent sign. • %h – Hostname. • %m – Current configuration mode. • %n – CLI line. • %p – Privilege mode sign. • %s – Space. • %t – Tab. • %A – Date and time in ASCII format. • %D – Date in MM/DD/YY format. • %N – Newline.
PAGE 223
Global Configuration Commands 5 radius-server Global Configuration Commands Use this command to enter the RADIUS Server mode. The system prompt changes from the default config mode to RADIUS server mode. NOTE radius-server local mode moves to the radius-server context. For more details see RADIUS Server Instance on page 449 Syntax radius-server(host|key|local|retransmit|timeout) radius-server host (A.B.C.
PAGE 224
5 Global Configuration Commands redundancy Global Configuration Commands Use this command to configure redundancy group parameters.
PAGE 225
Global Configuration Commands 5 Parameters auto-revert (enable) Enables auto-revert auto-revert-period <1-1800> Sets the redundancy auto-revert delay interval. • <1-1800> – Auto-revert delay interval in mins (default is 5). critical-resource-ip Sets the critical resource IP address. • A.B.C.D – IP address of the critical resource. dhcp-server (enable) Enables DHCP Redundancy protocol. discovery-period Sets the redundancy discovery interval.
PAGE 226
5 Global Configuration Commands RFS7000(config)#redundancy hold-period 25 RFS7000(config)# RFS7000(config)#redundancy mode primary RFS7000(config)# 212 Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01
PAGE 227
Global Configuration Commands 5 remote-login Global Configuration Commands Use this command to configure remote login parameters. Syntax remote-login (max-allowed-failure)<1-1024> Parameters max-allowed-failure <1-1024> Maximum allowed login attempts failure before remote login is disabled. • <1-1024> – Number of failed login attempts.
PAGE 228
5 Global Configuration Commands service Global Configuration Commands Use this command to retrieve system data (tables, log files, configuration, status and operation) for use in debugging and problem resolution.
PAGE 229
Global Configuration Commands 5 Parameters advanced-vty Enables the advanced mode vty interface. dhcp Enables the DHCP Server. diag [enable|limit| period<100-30000>] Enables diagnostic service. • enable – Enables service diagnostics. • limit – Diagnostic limit command. • buffer [128|128k|16k|1k|256|2k|32|32k|4k|512|64|64k|8k] – Buffer usage warning limit set in bytes. • fan <1-3> – Sets the fans speed limit for the selected fan number. • filesys [etc2|flash|var] – File system freespace limit.
PAGE 230
5 Global Configuration Commands RFS7000(config)#service show cli Global Config mode: +-aaa +-authentication +-login +-default +-local [aaa authentication login default {none|{local|radius}}] +-none [aaa authentication login default {none|{local|radius}}] +-radius [aaa authentication login default {none|{local|radius}}] +-access-list +-<1-99> +-deny +-A.B.C.D/M [access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0-7> | tos <0-255>))(A.B.C.D/M | host A.B.C.
PAGE 231
Global Configuration Commands 5 show Global Configuration Commands Use this command to view running system information.
PAGE 232
5 Global Configuration Commands Parameters aap-wlan-acl [<1-256>|all] Displays wlan based acl. • <1-256> – The WLAN Id. This displays the ACL attached to the WLAN ID specified by the <1-266> value. • all – Displays the ACLs attached to all WLANs. aap-wlan-acl-stats Displays IP filtering wlan based statistics access-banner Displays access banner. Displays Internet Protocol (IP) details of the specified access list.
PAGE 233
Global Configuration Commands crypto [ipsec|isakmp|key|map| pki] Displays encryption related commands. • ipsec [sa|security-associaton|transformset] – Displays IPSEC policy. • sa – Displays IPsec Security Association. • Security-association (lifetime) – Displays security association. • lifetime – Displays Security-association lifetime. • transformset (WORD)–Displays transformset. • WORD – Transformset name for all transformsets. • isakmp [policy|sa] – Displays ISAKMP.
PAGE 234
5 Global Configuration Commands ip [access-group| access-list|arp|ddns| dhcp| dhcp-vendor-options| domain-name|dos| http|igmp|interface| name-server|nat|route| routing|ssh] 220 Displays the Internet Protocol (IP) address. • access-group [|all|ge|me1|role|sa|vlan] – Displays ACLs. attached to an interface. • – The interface to display access-group information for. • all – Displays access-group information for all interfaces.
PAGE 235
Global Configuration Commands • • • • • 5 name-server – Displays the ip configuration of the specified DNS nameserver. nat [interfaces|translations] – Displays the configuration of Network Address Translations. • interfaces – Displays the NAT configuration on the interfaces. • translations [inside|outside|verbose] – Displays NAT translations. • Inside – Inside • Outside – outside • destination – • source – route [A.B.C.D|A.B,C.D/M|detail] – Displays IP routing table. • A.B.C.
PAGE 236
5 Global Configuration Commands ntp [associations|status] Displays network time protocol. • associations (detail) – Displays NTP associations. • detail – Displays NTP association details. • status – Displays password-encryption Displays password encryption. port (fw) Displays Physical/Aggregate port interface. fw (config) – Displays Firewalls. config – Displays configurable firewall parameters. port-channel [load-balance] Displays port channel commands.
PAGE 237
Global Configuration Commands running-config [full(include-factory)] 5 Displays the current running configuration. • full – Displays full configuration. • include-factory – Include factory defaults. NOTE: If the AP / MU locationing configuration has non default parameters, it shows up here. securitymgr Displays securitymgr parameters. service-list Displays list of services. sessions Displays current active open connections. snmp (user) Displays SNMP engine parameters.
PAGE 238
5 Global Configuration Commands wireless [aap-version|ap| ap-containment| ap-detection-config| ap-images| ap-radio-config| ap-adopted| authorized-aps| channel-power| config|country-code-list| default-ap|fw|hotspot| hotspot-config| ignored-aps|known| mac-auth-local|mesh| mobile-unit| 224 Displays Wireless configuration commands. aap-version – Displays the minimum Adaptive firmware version string. ap [LIST|config] – Displays the status of adopted access-port.
PAGE 239
Global Configuration Commands • • • • • • wlan-acl [<1-256> |all 5 • • association-history – Displays mobile-unit history. associations-stats – Displays statistics of associations and reassociations. probe-history [<1-200> |config-list] – Displays mu probe-history. • <1-200> – index of mobile-unit to display probe logging. • config-list – Lists probe history MAC addresses. radio <1-4096> – Displays mobile-units associated to this radio. • <1-4096> – The radio index to display mobile-units for.
PAGE 240
5 Global Configuration Commands management mobility ntp password-encryption port-channel privilege radius redundancy-group redundancy-history redundancy-members running-config securitymgr sessions spanning-tree startup-config static-channel-group terminal timezone upgrade-status users version wireless wlan-acl Display L3 Managment Interface name Display Mobility parameters Network time protocol password encryption Portchannel commands Show current privilege level RADIUS configuration commands Display red
PAGE 241
Global Configuration Commands 5 radio default-11a rss enable radio default-11bg rss enable radio default-11b rss enable radio 1 neighbor-smart-scan 1 ids anomaly-detection bad-essid-frame enable service wireless map-radios 1 service wireless legacy-load-balance enhanced-beacon-table enable enhanced-beacon-table max-ap 5 enhanced-beacon-table scan-interval 30 enhanced-beacon-table scan-time 500 enhanced-beacon-table channel-set bg 1 enhanced-probe-table enable enhanced-probe-table window-time 20 enhanced-p
PAGE 242
5 Global Configuration Commands spanning-tree Global Configuration Commands Use this command to configure the spanning-tree commands.
PAGE 243
Global Configuration Commands • • • • portfast [bpdufilter|bpduguard](defa ult) 5 forward-time <4-30> – Sets the time (in seconds) after which (if this bridge is the root bridge) each port changes states to learning and forwarding. This value is used by all instances. The default value is 15 seconds. hello-time <1-10> – Sets the hello-time. The hello-time is the time in seconds after which (if this bridge is the root bridge) all the bridges in a bridged LAN exchange Bridge Protocol Data Units (BPDUs).
PAGE 244
5 Global Configuration Commands timezone Global Configuration Commands Use this command to configure switch timezone settings. Syntax timezone Parameters TIMEZONE Press to navigate the list of files. This action displays a list of files containing timezone information.
PAGE 245
Global Configuration Commands 5 username Global Configuration Commands Use this CLI command to establish the user name authentication. Syntax username username username username (access|password|privilege) access (console|ssh) password(0|1|Line) privilege(crypto-officer|monitor|superuser|sysadmin|webadmin) Parameters nameWORD Enter a name to authenticate the switch. The username must be between 1 - 28 characters. access Sets the user access mode.
PAGE 246
5 Global Configuration Commands vpn Global Configuration Commands Use this command to configure VPN . Syntax vpn authentication-method(local|radius) Parameters authentication-method Selects the authenication scheme. local Used for user based authentication. radius Used for RADIUS server authentication. Usage Guidelines Virtual Private Network enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one network to another.
PAGE 247
Global Configuration Commands 5 wireless Global Configuration Commands Use this command to configure switch wireless parameters. This command leads moves to the config-wireless instance. For additional information, see Wireless Instance on page 483. Syntax wireless Parameters None. Usage Guidelines The wireless command is used to enter the config-wireless instance. The prompt changes from the regular RFS7000(config)# to RFS7000(config-wireless)#.
PAGE 248
5 Global Configuration Commands wlan-acl Global Configuration Commands Use this command to apply an ACL on a WLAN index. Syntax wlan-acl [<1-256>{<1-99>|<100-199>|<1300|1999>|<2000|2699>|word}][in|out] Parameters <1-256>[] WLAN number. • <1-99> — IP standard access list. • <100-199> — IP extended access list. • <1300-1999> — IP standard access list (expanded range). • <2000-2699> — IP extended access list (expanded range). • WORD — Access list name.
PAGE 249
Global Configuration Commands 5 NOTE A MAC access list entry to allow arp is mandatory to apply an IP based ACL to an interface. MAC ACL always takes precedence over IP based ACL’s. The example below applies an ACL to WLAN index 200 in an outbound direction from the global config mode.
PAGE 250
5 Global Configuration Commands zeroize Global Configuration Commands Use this command for zeroization of critical security parameters. Syntax zeroize (keys) Parameters keys All security related keys.
PAGE 251
Chapter 6 Crypto-isakmp Instance In this chapter • Crypto ISAKMP Config Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Use crypto isakmp policy(priority) to instantiate config-crypto-isakmp instance. Crypto ISAKMP Config Commands The following table summarizes the crypto-isakmp commands within the Brocade Mobility RFS7000-GR Controller command line interface. TABLE 3 Crypto ISAKMP config commands Command Description Ref.
PAGE 252
6 Crypto ISAKMP Config Commands authentication Crypto ISAKMP Config Commands Use this command to authenticate pre-share key.
PAGE 253
Crypto ISAKMP Config Commands 6 clrscr Crypto ISAKMP Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None.
PAGE 254
6 Crypto ISAKMP Config Commands encryption Crypto ISAKMP Config Commands Use this command to configure the encryption level of the data transmitted using the Brocade Mobility RFS7000-GR Controller. Syntax encryption(3des|aes|aes-192|aes-256) Parameters 3des 3des - Triple data encryption standard. aes aes - advanced data encryption standard. aes-192 aes-192 - advanced data encryption standard. aes-256 aes-256 - advanced data encryption standard.
PAGE 255
Crypto ISAKMP Config Commands 6 end Crypto ISAKMP Config Commands Use this command to end and exit the current mode and moves to PRIV EXEC mode.The prompt now changes to RFS7000#. Syntax end Parameters None.
PAGE 256
6 Crypto ISAKMP Config Commands exit Crypto ISAKMP Config Commands Use this command to end current mode and move to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 257
Crypto ISAKMP Config Commands 6 group Crypto ISAKMP Config Commands Use this command to specify the Diffie-Hellman group (2) to be used by this IKE policy to generate the keys (which are then used to create the IPSec SA. Syntax group(2|5) Parameters 2 Diffie-Hellman group 2. 5 Diffie-Hellman group 5. Usage Guidelines The local IKE policy and the peer IKE policy must have matching group settings in order for negotiation to be successful.
PAGE 258
6 Crypto ISAKMP Config Commands hash Crypto ISAKMP Config Commands Use this command to specify the hash algorithm to be used to authenticate the data transmitted over the IKE SA. Syntax hash(sha) Parameters sha Choose the sha hash algorithm.
PAGE 259
Crypto ISAKMP Config Commands 6 help Crypto ISAKMP Config Commands Use this command to access the systems interactive help system Syntax help Parameters None. Example RFS7000(config-crypto-isakmp)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
PAGE 260
6 Crypto ISAKMP Config Commands lifetime Crypto ISAKMP Config Commands Use this command to specify how long an IKE SA is valid before expiring. Syntax lifetime Parameters Specify how many seconds an IKE SA will last before expiring.Time stamp in secondscan be configured between180 and 2147483646.
PAGE 261
Crypto ISAKMP Config Commands 6 no Crypto ISAKMP Config Commands Use this command to negate a command or set its defaults. Syntax no Parameters Use the commands that you have configured under this instance.
PAGE 262
6 Crypto ISAKMP Config Commands service Crypto ISAKMP Config Commands Use this command to invoke the service commands to troubleshoot or debug the (config-crypto-isakmp) instance configurations. Syntax service(show) (cli) Parameters show (cli) Show CLI tree of current mode.
PAGE 263
Crypto ISAKMP Config Commands 6 show Crypto ISAKMP Config Commands Use this CLI command to view the current system information that is running on the Brocade Mobility RFS7000-GR Controller. Syntax show Parameters ? Displays parameters for which the information can be viewed using show command.
PAGE 264
6 Crypto ISAKMP Config Commands upgrade-status users version wireless wlan-acl Display last image upgrade status Display information about currently logged in users Display software & hardware version Wireless configuration commands wlan based acl RFS7000(config-crypto-isakmp)# 250 Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01
PAGE 265
Chapter 7 Crypto-group Instance In this chapter • Crypto Group Config Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 Use crypto isakmp client configuration group default command to initiates the config-crypto-group instance. Crypto Group Config Commands The following table summarizes the config-crypto-group commands within the Brocade Mobility RFS7000-GR Controller command line interface. TABLE 4 Crypto Group config commands Command Description Ref.
PAGE 266
7 Crypto Group Config Commands clrscr Crypto Group Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None.
PAGE 267
Crypto Group Config Commands 7 dns Crypto Group Config Commands Use this command to specify the DNS server address(es) to assign to a client. Syntax dns Parameters The first DNS server address to assign. Example RFS7000(config-crypto-group)#dns-server 172.1.17.1 172.1.17.
PAGE 268
7 Crypto Group Config Commands end Crypto Group Config Commands Use this command to end and exit from the current mode and change to PRIV EXEC mode.The prompt now changes to RFS7000#. Syntax end Parameters None.
PAGE 269
Crypto Group Config Commands 7 exit Crypto Group Config Commands Use this command to end current mode and down to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 270
7 Crypto Group Config Commands help Crypto Group Config Commands Use this command to access the systems interactive help system Syntax help Parameters None. Example RFS7000(config-crypto-group)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
PAGE 271
Crypto Group Config Commands 7 service Crypto Group Config Commands Use this command to invoke the service commands to troubleshoot or debug the (config-crypto-isakmp) instance configurations. Syntax service(show) (cli) Parameters show (cli) Shows CLI tree of current mode. Example RFS7000(config-crypto-group)#service show cli Crypto Client Config mode: +-clrscr [clrscr] +-dns +-A.B.C.D [dns A.B.C.
PAGE 272
7 Crypto Group Config Commands show Crypto Group Config Commands Use this command to view the current system information that is running on the Brocade Mobility RFS7000-GR Controller. Syntax show Parameters ? Displays parameters for which the information can be viewed using show cmd.
PAGE 273
Crypto Group Config Commands upgrade-status users version wireless wlan-acl 7 Display last image upgrade status Display information about currently logged in users Display software & hardware version Wireless configuration commands wlan based acl RFS7000(config-crypto-group)# Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01 259
PAGE 274
7 Crypto Group Config Commands wins Crypto Group Config Commands Use this command to specify the Windows Internet Naming Service (WINS) name servers to assign to a client. Syntax wins Parameters The first WINs server address to assign. Example RFS7000(config-crypto-group)#wins 128.2.11.1 128.2.19.
PAGE 275
Chapter 8 Crypto-peer Instance In this chapter • Crypto Peer Config Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Use crypto isakmp(peer)[IP Address|dn|hostname] to initiate config-crypto-peer instance. Crypto Peer Config Commands The following table summarizes the config-crypto-peer commands within the Brocade Mobility RFS7000-GR Controller command line interface. TABLE 5 Crypto Peer config commands Command Description Ref. clrscr Clears the display screen.
PAGE 276
8 Crypto Peer Config Commands clrscr Crypto Peer Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None.
PAGE 277
Crypto Peer Config Commands 8 end Crypto Peer Config Commands Use this command to end and exit from the current mode and change to PRIV EXEC mode.The prompt now changes to RFS7000#. Syntax end Parameters None.
PAGE 278
8 Crypto Peer Config Commands exit Crypto Peer Config Commands Use this command to end current mode and down to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 279
Crypto Peer Config Commands 8 help Crypto Peer Config Commands Use this command to access the systems interactive help system. Syntax help Parameters None. Example RFS7000(config-crypto-peer)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
PAGE 280
8 Crypto Peer Config Commands no Crypto Peer Config Commands Use this command to negate a command or set its defaults. Syntax no Parameters Use the commands that you have configured under this instance.
PAGE 281
Crypto Peer Config Commands 8 service Crypto Peer Config Commands Use this command to invoke the service commands to troubleshoot or debug the (config-crypto-isakmp) instance configurations. Syntax service(show)(cli) Parameters show (cli) Shows CLI tree of current mode.
PAGE 282
8 Crypto Peer Config Commands set Crypto Peer Config Commands Use this command to configure the aggressive-mode of crypto-peer.
PAGE 283
Crypto Peer Config Commands 8 show Crypto Peer Config Commands Use this command to view the current system information that is running on the Brocade Mobility RFS7000-GR Controller. Syntax show Parameters ? Displays parameters for which information can be viewed using show cmd.
PAGE 284
8 Crypto Peer Config Commands users version wireless wlan-acl Display information about currently logged in users Display software & hardware version Wireless configuration commands wlan based acl RFS7000(config-crypto-peer)# 270 Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01
PAGE 285
Chapter 9 Crypto-ipsec Instance In this chapter • Crypto IPSec Config Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Use the crypto ipsec transform-set command to define a transform configuration for securing data using esp-3des or esp-sha-hmac or other cipher modes. The transform-set is then assigned to a crypto map using the map’s set transform-set command. For more details on the crypto-map transform-set command, see “crypto” on page 183.
PAGE 286
9 Crypto IPSec Config Commands clrscr Crypto IPSec Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None.
PAGE 287
Crypto IPSec Config Commands 9 end Crypto IPSec Config Commands Use this command to end and exit from the current mode and change to PRIV EXEC mode.The prompt now changes to RFS7000#. Syntax end Parameters None.
PAGE 288
9 Crypto IPSec Config Commands exit Crypto IPSec Config Commands Use this command to end current mode and down to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 289
Crypto IPSec Config Commands 9 help Crypto IPSec Config Commands Use this command to access the systems interactive help system. Syntax help Parameters None. Example RFS7000(config-crypto-ipsec)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
PAGE 290
9 Crypto IPSec Config Commands mode Crypto IPSec Config Commands Use this command to configure the IP Sec transportation mode. Syntax mode(transport|tunnel) Parameters transport Transport mode. tunnel Tunnel mode.
PAGE 291
Crypto IPSec Config Commands 9 no Crypto IPSec Config Commands Use this command to negate a command or set its defaults. Syntax no Parameters Use the commands that you have configured under this instance.
PAGE 292
9 Crypto IPSec Config Commands service Crypto IPSec Config Commands Use this command to invoke the service commands to troubleshoot or debug the (config-crypto-isakmp) instance configurations. Syntax service(show)(cli) Parameters show (cli) Shows CLI tree of current mode.
PAGE 293
Crypto IPSec Config Commands 9 show Crypto IPSec Config Commands Use this command to view the current system information that is running on the Brocade Mobility RFS7000-GR Controller. Syntax show Parameters ? Displays parameters for which information can be viewed using show cmd.
PAGE 294
9 Crypto IPSec Config Commands users Display information about currently logged in users version Display software & hardware version wireless Wireless configuration commands wlan-acl wlan based acl RFS7000(config-crypto-ipsec)# 280 Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01
PAGE 295
Chapter 10 Crypto-map Instance In this chapter • Crypto Map Config Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 config-crypto-map CLI commands are used to define a Certificate Authority (CA) trustpoint. This is a seperate instance by itself but belongs to the crypto pki trustpoint mode under config instance.
PAGE 296
10 Crypto Map Config Commands clrscr Crypto Map Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None.
PAGE 297
Crypto Map Config Commands 10 end Crypto Map Config Commands Use this command to end and exit from the current mode and change to PRIV EXEC mode.The prompt now changes to RFS7000#. Syntax end Parameters None.
PAGE 298
10 Crypto Map Config Commands exit Crypto Map Config Commands Use this command to end current mode and down to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 299
Crypto Map Config Commands 10 help Crypto Map Config Commands Use this command to access the systems interactive help system Syntaxz help Parameters None. Example RFS7000(config-crypto-map)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
PAGE 300
10 Crypto Map Config Commands match Crypto Map Config Commands Use this command to assign an IP access-list to a crypto map definition. The access-list designates the IP packets to be encrypted by this crypto map. A crypto map entry is a single policy that describes how certain traffic is to be secured. There are two types of crypto map entries: ipsec-manual and ipsec-ike. Each entry is given an index, which is used to sort the ordered list.
PAGE 301
Crypto Map Config Commands 10 no Crypto Map Config Commands Use this command to negate a command or set its defaults. Syntax no [match|set] Parameters match Negates match values. set Negates values set for encryption/decryption.
PAGE 302
10 Crypto Map Config Commands service Crypto Map Config Commands Use this command to invoke the service commands to troubleshoot or debug the (config-crypto-isakmp) instance configurations. Syntax service(show)(cli) Parameters show (cli) Shows CLI tree of current mode.
PAGE 303
Crypto Map Config Commands 10 set Crypto Map Config Commands Use this command to set the various set parameters of the peer device. Syntax set (localid|mode|peer|pfs|remote-type[ipsec-l2tp|xauth]| security-association|session-key|transformset) set localid(dn|hostname) set mode[aggressive|main] set peer
PAGE 304
10 Crypto Map Config Commands Parameters localid Sets local identity. • dn – Distinguished name. • hostname – Hostname. mode Sets the mode of the tunnels of this Crypto Map. • aggressive – Initiates aggressive mode. • main – Initiates main mode. peer Use the set peer command to set the IP address of the peer device. This can be set for multiple remote peers. Remote peer can be either in IP Address or hostname. NOTE: For manual mode, only one remote peer can be added for crypto map.
PAGE 305
Crypto Map Config Commands 10 If left at the default setting, no perfect forward secrecy (PFS) will be used during IPSec SA key generation. If PFS is specified, then the specified Diffie-Hellman Group exchange will be used for the initial and all subsequent key generation, thus providing no data linkage between prior keys and future keys. RFS7000(config-crypto-map)#set security-association lifetime (kilobytes|seconds) Values can be entered for this command in both kilobytes and seconds.
PAGE 306
10 Crypto Map Config Commands show Crypto Map Config Commands Use this command to view the current system information that is running on the switch. Syntax show Parameters ? Displays all the parameters for which the information can be viewed using the show command.
PAGE 307
Crypto Map Config Commands 10 users Display information about currently logged in users version Display software & hardware version wireless Wireless configuration commands wlan-acl wlan based acl RFS7000(config-crypto-map)# Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01 293
PAGE 308
10 294 Crypto Map Config Commands Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01
PAGE 309
Chapter 11 Crypto-trustpoint Instance In this chapter • Trustpoint Config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 Use the config-trustpoint commands to define a Certificate Authority (CA) trustpoint. Use crypto-pki-trustpoint to instantiate crypto-trustpoint instance. Trustpoint Config commands The following table summarizes the config-crypto-trustpoint commands. TABLE 8 Trustpoint config commands Command Description Ref.
PAGE 310
11 Trustpoint Config commands clrscr Trustpoint Config commands Use this command to clear the display screen. Syntax clrscr Parameters None.
PAGE 311
Trustpoint Config commands 11 company-name Trustpoint Config commands Use this command to set the company name (applicable only by request) to a trustpoint. Syntax company-name Parameters WORD Company name (2 - 64 characters in length). Usage Guidelines The company name defined must be between 2 to 64 characters only.
PAGE 312
11 Trustpoint Config commands email Trustpoint Config commands Use this command to configure an e-mail ID for a trustpoint. Syntax email Parameters WORD email address (2 to 64 characters). Usage Guidelines The email defined must be between of 2 to 64 characters only. Example RFS7000(config-trustpoint)#email abcTestemailID@Brocade.
PAGE 313
Trustpoint Config commands 11 end Trustpoint Config commands Use this command to end and exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
PAGE 314
11 Trustpoint Config commands exit Trustpoint Config commands Use this command to end the current mode and move to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 315
Trustpoint Config commands 11 fqdn Trustpoint Config commands Use this command to configure the fully qualified domain name (fqdn) for the trustpoint. Syntax fqdn Parameters None Usage Guidelines The string length of the domain name must be between 9 to 64 characters. Example RFS7000(config-trustpoint)#fqdn RetailKing.
PAGE 316
11 Trustpoint Config commands help Trustpoint Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-trustpoint)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
PAGE 317
Trustpoint Config commands 11 ip-address Trustpoint Config commands Use this command to configure an IP address for the trustpoint. Syntax ip-address Parameters A.B.C.D Enter the IP address configured for the trustpoint. Example RFS7000(config-trustpoint)#ip-address 157.200.200.
PAGE 318
11 Trustpoint Config commands no Trustpoint Config commands Use this command to negate a command or set defaults. Syntax no [company-name|email|fqdn|ip-address|subject-name] Parameters company-name Negates the configured company name. email Negates email address fqdn Negates Domain Name Configuration (DNS). ip-address Negates Internet Protocol (IP) subject-name Negates subject name, which is a collection of required parameters to configure a trustpoint.
PAGE 319
Trustpoint Config commands 11 password Trustpoint Config commands Use this command to set the challenge password, applicable only for trustpoint access requests. Syntax password(0|2|WORD) Parameters 0 Password is specified as UNENCRYPTED. The password must be between 4 - 20 characters. 2 Password is encrypted with a password-encryption secret. The string length of an encrypted password must be between 44 - 64 characters. WORD Password (4 - 20 characters).
PAGE 320
11 Trustpoint Config commands rsakeypair Trustpoint Config commands Use this command to configure a RSA Keypair to associate with the trustpoint. Syntax rsakeypair Parameters WORD RSA keypair identifier. Usage Guidelines Use RSA Key Pair support to configure the switch to have Rivest, Shamir, and Adelman (RSA) key pairs. The switch software can maintain a different key pair for each identity certificate.
PAGE 321
Trustpoint Config commands 11 service Trustpoint Config commands Use this command to invoke service commands to troubleshoot or debug crypto pki trustpoint instance configurations. Syntax service(show)(cli) Parameters show (cli) Shows the CLI tree of current mode.
PAGE 322
11 Trustpoint Config commands show Trustpoint Config commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-trustpoint)#show ? access-banner Display Access Banner access-list Internet Protocol (IP) aclstats Show ACL Statistics information audit-log-filters Display audit log filter rules boot Display boot configuration.
PAGE 323
Trustpoint Config commands 11 users Display information about currently logged in users version Display software & hardware version wireless Wireless configuration commands wlan-acl wlan based acl RFS7000(config-trustpoint)# RFS7000(config)#show crypto pki trustpoints Trustpoint :default-trustpoint ----------------------------------------------Server certificate configured Subject Name: Common Name: Brocade Technologies Issuer Name: Common Name: Brocade Technologies Valid From: Mar 11 03:38:26 2007 GMT Va
PAGE 324
11 Trustpoint Config commands subject-name Trustpoint Config commands Use this command to create a subject name to configure a trustpoint. A subject name is a collection of required parameters. Syntax subject-name (Country) (State)(City)(Organisation)(Org Unit) Parameters WORD The subject name is a collection of required parameters to configure a trustpoint. It consists of the common_name, country, state, org name etc. • Name – Name of the trustpoint being certified.
PAGE 325
Chapter 12 Interface Instance In this chapter • Interface Config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 Use the (config-if) instance to configure Fast Ethernet (fe), Giga Ehternet (ge), StaticAggregate interface (sa), VLAN and tunnel . Use the (config)# interface [fe|ge|sa|tunnel|vlan] to reach this instance. Interface Config commands The following table summarizes the config-if commands. TABLE 9 Interface config commands Command Description Ref.
PAGE 326
12 Interface Config commands clrscr Interface Config commands Use this command to clear the screen. Syntax clrscr Parameters None.
PAGE 327
Interface Config commands 12 description Interface Config commands Use this command to create an interface specific desciption. Syntax description Parameters LINE Characters to describe this interface.
PAGE 328
12 Interface Config commands duplex Interface Config commands Use this command to specify the duplex mode of operation. NOTE - Duplexity can only be set for an Ethernet type interface. Enter the (config-if) instance using an ge/me parameter in an interface mode. - Duplex cannot be set until the speed is set to a non-auto value. Syntax duplex(auto|full|half) Parameters auto Sets the auto-negotiate parameter. Port is in full-duplex mode.
PAGE 329
Interface Config commands 12 end Interface Config commands Use this command to exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
PAGE 330
12 Interface Config commands exit Interface Config commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 331
Interface Config commands 12 help Interface Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-if)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
PAGE 332
12 Interface Config commands ip Interface Config commands Use this command to configure an IP address for the assigned Ethernet, VLAN or tunnel. Syntax ip(access-group|address|helper-address|nat) ip access-group(<1-99>|<100-199>|<1300-1999>|<2000-2699>)in ip ip ip ip address(A.B.C.D/M|dhcp) address(A.B.C.D/M) (secondary) helper-address A.B.C.D nat(inside|outside) Parameters access-group Access group. • (<1-99> |<100-199>) – IP extended access list.
PAGE 333
Interface Config commands 12 RFS7000(config-if)# RFS7000(config-if)#ip address 192.168.234.1/24 RFS7000(config-if)# Follow the steps in the example below to create a helper address on VLAN 2000 for using the DHCP server available on VLAN 1000: RFS7000(config)#interface vlan 1000 RFS7000(config-if)#ip address 172.168.100.1/24 RFS7000(config-if)#interface vlan 2000 RFS7000(config-if)#ip address 172.168.200.1/24 RFS7000(config-if)#ip helper-address 172.168.100.
PAGE 334
12 Interface Config commands mac Interface Config commands Use this command to apply a MAC access list to a gigabit ethernet interface. NOTE Access list cannot be appllied on a management interface (me1). Syntax mac (access-group ) (in) Parameters access-group Sets MAC access groups ACL. in Applies the ACL to ingress packets.
PAGE 335
Interface Config commands 12 management Interface Config commands Use this command to configure the selected interface as the management interface. It can only be used on a VLANx interface. The tftp/ftp server, which provides the switch its config file at startup, must be accessible via this interface. VLAN 1 is by default the management interface for the Brocade Mobility RFS7000-GR Controller. Syntax management Parameters None. Usage Guidelines Management privilage can be set only on a L3 interface.
PAGE 336
12 Interface Config commands mtu Interface Config commands Use this command to set the mtu value for a VLAN interface. NOTE This command is valid only with a VLAN interface. Syntax mtu <512-1500> Parameters <512-1500> Maximum packet size in bytes. The minimum value is 512 and maximum value is 1500. Usage Guidelines All interfaces have a default maximum packet size of 1500 bytes. Use the mtu command to set the MTU size of the packets thats travels through the interface.
PAGE 337
Interface Config commands 12 no Interface Config commands Use this command to negate a command or set defaults. Syntax no [crypto|description|duplex|ip|mac|mtu|port-channel|shutdown| spanning-tree|speed|static-channel-group|storm-control|switchport|tunnel] Parameters The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
PAGE 338
12 Interface Config commands port-channel Interface Config commands Use this command to select the load-balance criteria of an aggregated port. Syntax port-channel (load-balance [src-dst-ip|src-dst-mac]) Parameters load-balance [src-dst-ip|src-dst-mac] Sets load-balancing for port channel. • src-dst-ip – Source and Destination IP address based load balancing.
PAGE 339
Interface Config commands 12 service Interface Config commands Use this command to invoke service commands to troubleshoot or debug the (config-if) instance configurations. Syntax service(show) (cli) Parameters show Shows running system information. cli Shows the CLI tree of current mode.
PAGE 340
12 Interface Config commands show Interface Config commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command.
PAGE 341
Interface Config commands users version wireless wlan-acl RFS7000(config-if)#show 12 Display information about currently logged in users Display software & hardware version Wireless configuration commands wlan based acl RFS7000(config-if)#show boot Image ----Primary Secondary Build Date -------------------Aug 28 14:05:16 2006 Aug 14 06:18:03 2006 Install Date -------------------Aug 29 18:32:17 2006 Aug 17 15:08:28 2006 Version -------------3.0.0.0-200B 3.0.0.
PAGE 342
12 Interface Config commands shutdown Interface Config commands Use this command to shutdown/disable the selected interface. The interface is administratively enabled unless explicitly disbaled using this command. Syntax shutdown Parameters None.
PAGE 343
Interface Config commands 12 spanning-tree Interface Config commands Use this command to configure spanning tree parameters.
PAGE 344
12 Interface Config commands mst [<0-15> (cost <1-200000000>| port-priority <0-240>)| port-cisco-interoperability (disable|enable)] Configures mst on a spanning tree. • <0-15> – Instance ID. • cost <1-200000000> – Path cost for a port. • port-priority <0-240> – Port priority for a bridge. • port-cisco-interoperability (disable|enable) – Enables or disables interoperability with Cisco's version of MSTP (which is incompatible with standard MSTP). • enable – Enables CISCO Interoperability.
PAGE 345
Interface Config commands 12 speed Interface Config commands Use this command to specify the speed of a fast-ethernet (10/100) or a gigabit-ethernet port (10/100/1000). Syntax speed(10|100|1000|auto) Parameters 10 Forces 10 Mbps operation. The port runs at 10 Mbps. 100 Forces 100 Mbps operation.The port runs at 100 Mbps. 1000 Forces 1000 Mbps operation.The port runs at 1000 Mbps. auto Enables AUTO speed configuration.
PAGE 346
12 Interface Config commands static-channel-group Interface Config commands Use this command to add an interface to a static channel group. Syntax static-channel-group <1-4> Parameters <1-4> Static channel group to associate the link with. Usage Guidelines This command aggregates individual giga port’s into a single aggregate link to provide a larger bandwidth. The static channel group is used to provide additional bandwidth in multiples of 1Gbps on the switch.
PAGE 347
Interface Config commands 12 switchport Interface Config commands Use this command to set switching mode characteristics for the selected interface. The mode can be either access or trunk. NOTE A ge interface configured as a trunk with all VLAN's allowed looses its configuration and has only VLAN 1 set to allowed.
PAGE 348
12 Interface Config commands Use [no] switchport (access|mode|trunk)to undo the above switchport configurations.
PAGE 349
Interface Config commands 12 tunnel Interface Config commands Use this command to configure protocol-over-protocol tunneling. Syntax tunnel(destination|source|ttl) tunnel destination A.B.C.D tunnel source A.B.C.D tunnel ttl<1-255> Parameters destination Destination of tunnel packets. • A.B.C.D – Internet Protocol (IP). source Source of tunnel packets. • A.B.C.D – Internet Protocol (IP). ttl Sets the time to live interval. • <1-255> – The time to live (ttl) in seconds.
PAGE 350
12 336 Interface Config commands Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01
PAGE 351
Chapter 13 Spanning tree-mst Instance In this chapter • mst Config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337 • Configuring Interface using MSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349 Use the (config-mst) instance to configure the Multi Spanning Tree Protocol (MSTP). Use the command spanning-tree mst configuration to instantiate this instance. mst Config commands The following table summarizes the config-mst commands.
PAGE 352
13 mst Config commands clrscr mst Config commands Use this command to clear the display. Syntax clrscr Parameters None.
PAGE 353
mst Config commands 13 end mst Config commands Use this command to end and exit from the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
PAGE 354
13 mst Config commands exit mst Config commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 355
mst Config commands 13 help mst Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-mst)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g.
PAGE 356
13 mst Config commands instance mst Config commands Use this command to associate VLAN(s) with an instance. Syntax instance <1-15> vlan Parameters <1-15> Defines the instance ID to which the VLAN is associated. vlan Defines the VLAN ID for its association with an instance. Usage Guidelines MSTP is based on instances. An instance is a group of VLAN’s with a common spanning tree. A single VLAN cannot be associated with multiple instances.
PAGE 357
mst Config commands 13 name mst Config commands Use this command to set a name for the MST region. Syntax name (LINE) Parameters LINE MST region name.
PAGE 358
13 mst Config commands no mst Config commands Use this command to negate a command or set defaults. Syntax no [instance|name|revision] Parameters instance Instance. name MST region. revision Revision number for configuration information. Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
PAGE 359
mst Config commands 13 revision mst Config commands Use this command to configure the revision number of the MST bridge. Syntax revision (REVISION_NUM)<0-255> Parameters (REVISION_NUM) <0-255> Revision number for configuration information.
PAGE 360
13 mst Config commands service mst Config commands Use this command to invoke the service commands needed to troubleshoot or debug (config-if) instance configurations. Syntax service(show) (cli) Parameters show (cli) Shows running system information. • cli – Show CLI tree of current mode.
PAGE 361
mst Config commands 13 +-<2000-2699> [show access-list (<1-99>|<100-199>|<1300-1999>|<2000-............................................. ................................................................................. ................................................................................. ...........................................................
PAGE 362
13 mst Config commands show mst Config commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command.
PAGE 363
Configuring Interface using MSTP 13 smtp-notification Display SNMP engine parameters snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters spanning-tree Display spanning tree information startup-config Contents of startup configuration static-channel-group static channel group membership terminal Display terminal configuration parameters timezone Display timezone traffic-shape Display traffic shaping upgrade-status Display last image upgrade status users Display information about
PAGE 364
13 350 Configuring Interface using MSTP Brocade Mobility RFS7000-GR CLI Reference Guide 53-1001945-01
PAGE 365
Chapter 14 Extended ACL Instance In this chapter • Extended ACL Config Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 Use the(config-ext-nacl) instance to configure ip access-list extended ACLs. Extended ACL Config Commands The following table summarizes the config-ext-nacl commands. TABLE 10 Extended ACL config commands Command Description Ref. clrscr Clears the display screen. page 352 deny Specifies packets to reject.
PAGE 366
14 Extended ACL Config Commands clrscr Extended ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None.
PAGE 367
Extended ACL Config Commands 14 deny Extended ACL Config Commands Use this command to specify packets to reject. Syntax deny(icmp|ip|proto|tcp|udp) deny {ip} {source/source-mask A.B.C.D/M| host sourcehost | any} {destination/destination-mask | host destinationhost | any} [log] [rule-precedence access-list-entry precedence] deny {icmp} {source/source-mask A.B.C.D/M| host sourcehost | any} {destination/ destination-maskA.B.C.
PAGE 368
14 Extended ACL Config Commands Parameters Use with a deny command to reject IP packets. deny {ip} {source/source-mask • deny – The keyword specifies deny action on an ACL. A.B.C.D/M| host sourcehost • {ip} – Specifies IP (to match any protocol). | any} • {A.B.C.D/M | host | any} – A.B.C.D is the source IP address of the network or {destination/destination-ma host in dotted decimal format. M is the network mask. For example, skA.B.C.D/M | host 10.1.1.
PAGE 369
Extended ACL Config Commands deny {proto} {<1-254>|WORD|eigrp|gre | igmp|igp|ospf|vrrp} 14 Use with deny command to reject any pav]ckets other than icmp, tcp and udp. • {proto} – Specifies any protocol other than icmp, tcp and udp. • {A.B.C.D/M | host | any} – A.B.C.D is the source IP address of the network or host in dotted decimal format. M is the network mask. For example, 10.1.1.10/24 indicates the first 24 bits of the source IP are used for matching. • any is an abbreviation for source IP of 0.0.0.
PAGE 370
14 Extended ACL Config Commands Whenever the interface receives the packet, its content is checked against the ACE’s in the ACL. It is allowed/denied based on the ACL configuration. • Filtering on protocol types tcp/udp allows the user to specify port numbers as filtering criteria. • Select icmp to allow/deny icmp packets. Selecting icmp provides the option of filtering icmp packets based on icmp type and code. NOTE The log option is functional only for router ACL’s.
PAGE 371
Extended ACL Config Commands 14 end Extended ACL Config Commands Use this command to end and exit the current mode and change to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
PAGE 372
14 Extended ACL Config Commands exit Extended ACL Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 373
Extended ACL Config Commands 14 help Extended ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-ext-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
PAGE 374
14 Extended ACL Config Commands mark Extended ACL Config Commands Use this command to mark specific packets. Syntax mark {dot1p8021p <0-7> | dscp <0-63 >|tos <0-255>}} {ip} {source/source-mask A.B.C.D/M| host sourcehost | any} {destination/destination-mask | host destinationhost | any} [log] [rule-precedence access-list-entry precedence] mark {dot1p <0-7> |8021p <0-7> | dscp <0-63 >| tos <0-255>}} {icmp} {source/source-mask A.B.C.D/M| host sourcehost | any} {destination/ destination-maskA.B.C.
PAGE 375
Extended ACL Config Commands 14 Parameters Use with the mark command to specify IP packets as marked. mark {dot18021p <0-7> | dscp <0-63>| tos <0-255>}} • mark {8021dot1p <0-7> | dscp <0-63> | tos <0-255>} – The keyword specifies mark action on an ACL. The action type mark is functional only over a {ip} {source/source-mask Port ACL. A.B.C.D/M| host sourcehost • dot18021p <0-7> – Used only with action type mark to specify 8021p | any} priority values.
PAGE 376
14 Extended ACL Config Commands Use with the mark command to specify icmp packets as marked. mark {dot1p <0-7> | tos <0-255>}} {icmp} • mark {dot1p <0-7> | tos <0-255>} – The keyword specifies mark action on an ACL. The action type mark is functional only over a Port ACL. {source/source-mask A.B.C.D/M| host sourcehost • {icmp} – Specify icmp as protocol. | any} {destination/ • {source/source-mask A.B.C.D/M| host sourcehost | any} – sourceA.B.C.D is destination-maskA.B.C.
PAGE 377
Extended ACL Config Commands 14 • icmp • tcp • udp Whenever the interface receives the packet, its content is checked against all the ACE’s in the ACL. It is marked based on the ACL configuration. • Filtering on Protocol types tcp/udp allows the user to specify port numbers as filtering criteria. • Select the protocol type icmp to allow/deny icmp packets. Selecting icmp protocol allow you the option of filtering icmp packets based on icmp type and icmp code.
PAGE 378
14 Extended ACL Config Commands no Extended ACL Config Commands Use this command to negate a command or set its defaults. Syntax no(deny|mark|permit) NOTE This command negates all the syntax combinations used in deny, mark and permit commands to configure the Extended ACL. Parameters deny Specifies packets to reject. mark Specifies packets to mark. permit Specifies packets to forward. Usage Guidelines Use the no command to remove an access list control entry.
PAGE 379
Extended ACL Config Commands 14 permit Extended ACL Config Commands Use this command to permit specific packets. NOTE ACLs do not allow DHCP messages to flow by default. Configure an Access Control Entry (ACE) to allow DHCP messages to flow through. RFS7000(config-ext-nacl)#permit ip 192.168.1.0/24 192.168.2.0/24 RFS7000(config-ext-nacl)#permit ip any host 255.255.255.255 RFS7000(config-ext-nacl)# Syntax permit {ip} {source/source-mask A.B.C.D/MA.B.C.
PAGE 380
14 Extended ACL Config Commands Parameters Use the permit command to allow IP packets. permit {ip} {source/source-mask • permit – The keyword specifies permit action on an ACL. A.B.C.D/M| host sourcehost • {ip} – Specify IP (to match any protocol). | any} • {source/source-mask A.B.C.D/M| host sourcehost | any} – source is the source {destination/destination-ma IP address of the network or host in dotted decimal. Source-mask is the sk | host destinationhost | network mask. For example, 10.1.1.
PAGE 381
Extended ACL Config Commands 14 Use with the permit command to allow icmp packets. permit {icmp} {source/source-mask • permit – The keyword specifies permit action on an ACL. A.B.C.D/M| host sourcehost • {icmp} – Specifies icmp as the protocol. | any} {destination/ • {source/source-mask A.B.C.D/M| host sourcehost | any} – The keyword source destination-maskA.B.C.D/M is the source IP address of the network or host in dotted decimal. Source-mask | host destinationhosthost | is the network mask.
PAGE 382
14 Extended ACL Config Commands Whenever the interface receives the packet, its content is checked against all the ACE’s in the ACL. It is allowed based on the ACL configuration. • Filtering on Protocol types tcp/udp allows the user to specify port numbers as filtering criteria. • Select the protocol type icmp to allow/deny icmp packets. Selecting icmp allows filtering of icmp packets based on icmp type and code. NOTE The log option is functional only for router ACL’s.
PAGE 383
Extended ACL Config Commands 14 service Extended ACL Config Commands Use this command to invoke service commands to troubleshoot or debug (config-if) instance configurations. Syntax service(show)(cli) Parameters show (cli) Shows CLI tree of current mode. Example RFS7000(config-ext-nacl)#service show cli Extended ACL Config mode: +-clrscr [clrscr] +-deny +-icmp +-A.B.C.D/M +-A.B.C.D/M [(deny|permit|mark (8021p <0-7> | tos <0-255>)) (icmp) (A.B.C.D/M | host A.B.C.D | any)(A.B.C.D/M | host A.B.C.
PAGE 384
14 Extended ACL Config Commands show Extended ACL Config Commands Use this command to view the current system information. Syntax show Parameters ? Displays all the parameters for which the information can be viewed using the show command. Usage Guidelines The show access-list command displays all the access lists configured in the switch console. Provide the access list name or number to view the details of a particular ACL.
PAGE 385
Extended ACL Config Commands protocol-list radius redundancy-group redundancy-history redundancy-members 14 List of protocols RADIUS configuration commands Display redundancy group parameters Display state transition history of the switch.
PAGE 386
14 372 Extended ACL Config Commands Brocade Mobility RFS7000-GR CLI Reference Guide 53-1001945-01
PAGE 387
Chapter 15 Standard ACL Instance In this chapter • Standard ACL Config Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373 Use the (config-std-nacl) instance to configure ip access-list standard ACLs. Standard ACLs allow filtering based on the source address only. Standard ACL Config Commands The following table summarizes config-std-nacl commands. TABLE 11 Standard ACL config commands Command Description Ref. clrscr Clears the display screen.
PAGE 388
15 Standard ACL Config Commands clrscr Standard ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None.
PAGE 389
Standard ACL Config Commands 15 deny Standard ACL Config Commands Use this command to specify packets to reject. Syntax deny(A.B.C.D/M|any|host) deny any(log|rule-precedence) deny any log(rule-precedence)<1-5000> deny any rule-precedence<1-5000> deny host A.B.C.D (log|rule-precedence) deny host A.B.C.D log(rule-precedence)<1-5000> deny host rule-precedence<1-5000> Parameters A.B.C.D/M Source IP address range to match. any Any source IP address. • log – Log matches against this entry.
PAGE 390
15 Standard ACL Config Commands end Standard ACL Config Commands Use this command to exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
PAGE 391
Standard ACL Config Commands 15 exit Standard ACL Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 392
15 Standard ACL Config Commands help Standard ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-std-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
PAGE 393
Standard ACL Config Commands 15 mark Standard ACL Config Commands Use this command to mark specific packets. Syntax mark(802.1p<0-7>|dscp <0-63>|tos<0-255>)(A.B.C.D/M|any|host) mark(802.1p<0-7>|tos<0-255>)any|host(log|rule-precedence<1-5000>| |A.B>C.D) Parameters 802.1p<0-7>|dscp <0-63>|tos<0-255>) • • • (A.B.C.D/M|any|host) source is the source IP address of the network or host in dotted decimal format. Source-mask is the network mask. For example, 10.1.1.
PAGE 394
15 Standard ACL Config Commands no Standard ACL Config Commands Use this command to negate a command or set its defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinations used in deny, mark and permit commands to configure the Extended ACL. Parameters deny Specifies packets to reject. mark Specifies packets to mark. permit Specifies packets to forward.
PAGE 395
Standard ACL Config Commands 15 permit Standard ACL Config Commands Use this command to permit specific packets. Syntax permit(A.B.C.D/M|any|host) permit any(log|rule-precedence) permit any log(rule-precedence)<1-5000> permit any rule-precedence<1-5000> permit host A.B.C.D Parameters A.B.C.D/M Source IP address range to match. any Any source IP address. • log – Generates log matches against this entry. • rule-precedence<1-500> – Access-list entry precedence. host Single host address. • A.B.C.
PAGE 396
15 Standard ACL Config Commands service Standard ACL Config Commands Use this command to invoke service commands to troubleshoot or debug (config-if) instance configurations. Syntax service(show)(cli) Parameters show (cli) Shows CLI tree of current mode. Example RFS7000(config-std-nacl)#service show cli Standard ACL Config mode: +-clrscr [clrscr] +-deny +-A.B.C.D/M [(deny|permit|mark (8021p <0-7> | tos <0-255>))(A.B.C.D/M | host A.B.C.
PAGE 397
Standard ACL Config Commands 15 show Standard ACL Config Commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command. Usage Guidelines The show access-list command displays all the access lists configured in the switch console. Provide the access list name or number to view the details of a particular ACL.
PAGE 398
15 Standard ACL Config Commands privilege Show current privilege level protocol-list List of protocols radius RADIUS configuration commands role Configure role parameters rtls Real Time Locating System command running-config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections smtp-notification Display SNMP engine parameters snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters spanning-tree Display spanning tree infor
PAGE 399
Chapter 16 Extended MAC ACL Instance In this chapter • MAC Extended ACL Config Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385 Use the (config-ext-macl) instance to configure mac access-list extended ACLs associated with the switch. Use a decimal value representation of ethertypes to implement permit/deny/mark packet. The command set for Extended MAC ACLs provides hexadecimal values for each of its listed ethertypes. The switch supports all ethertypes.
PAGE 400
16 MAC Extended ACL Config Commands clrscr MAC Extended ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None.
PAGE 401
MAC Extended ACL Config Commands 16 deny MAC Extended ACL Config Commands Use this command to specify packets to reject. NOTE Use a decimal value representation of ethertypes to implement a permit/deny/mark designation for a packet. The command set for Extended MAC ACLs provides hexadecimal values for each listed ethertype. The switch supports all ethertypes. Use the decimal equvilant of the ethertype listed or for any other type of ethertype.
PAGE 402
16 MAC Extended ACL Config Commands • • • • • rarp arp wisp ip 802.1q By default, the switch does not allow layer 2 traffic to pass through the interface. To adopt access port through an interface, configure an access control list to allow an ethernet wisp. NOTE A MAC access list entry to allow arp is mandatory to apply an IP based ACL to an interface. MAC ACL always takes precedence over IP based ACL’s. The last ACE in the access list is an implict deny statement.
PAGE 403
MAC Extended ACL Config Commands 16 end MAC Extended ACL Config Commands Use this command to exit from the current mode and change to PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
PAGE 404
16 MAC Extended ACL Config Commands exit MAC Extended ACL Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 405
MAC Extended ACL Config Commands 16 help MAC Extended ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-ext-macl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
PAGE 406
16 MAC Extended ACL Config Commands mark MAC Extended ACL Config Commands Use this command to specify a packet to mark. NOTE Use a decimal value representation of ethertypes to implement permit/deny/mark designations for a packet. The command set for an Extended MAC ACL provides hexadecimal values for each of its listed ethertypes. The switch supports all ethertypes. Use the decimal equvilant of the ethertype listed in the CLI or for any other type of ethertype.
PAGE 407
MAC Extended ACL Config Commands 16 Example The example below marks the dot1p priority value to 6 for all 802.1q tagged traffic from VLAN interface 5. RFS7000(config-ext-macl)#mark 8021p 6 any any vlan 5 type 8021q RFS7000(config-ext-macl)# The example below marks the tos field to 254 for all IP traffic coming from the source MAC address.
PAGE 408
16 MAC Extended ACL Config Commands no MAC Extended ACL Config Commands Use this command to negate a command or set defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinations used in deny, mark and permit to configure the Extended ACL. Parameters deny Specifies packets to reject. mark Specifies packets to mark. permit Specifies packets to forward.
PAGE 409
MAC Extended ACL Config Commands 16 permit MAC Extended ACL Config Commands Use this command to specify packets to forward. NOTE Use a decimal value representation of ethertypes to implement permit/deny/mark designations for a packet. Extended MAC ACL’s provide hexadecimal values for each listed ethertype. The switch supports all ethertypes. Use the decimal equvilant of the ethertype listed in the CLI or for any other type of ethertype.
PAGE 410
16 MAC Extended ACL Config Commands The permit command in the MAC ACL disallows traffic based on layer 2 (data-link layer) information. The MAC access list permits traffic from a source MAC address or any MAC address. It also has an option to allow traffic from a list of MAC addresses (based on the source mask). • The MAC access list can be configured to allow traffic based on VLAN information, ethernet type. Common ethernet types include: • • • • arp wisp ip 802.
PAGE 411
MAC Extended ACL Config Commands 16 service MAC Extended ACL Config Commands Use this command to invoke service commands to troubleshoot or debug (config-if) instance configurations. Syntax service(show)(cli) Parameters show (cli) Shows CLI tree of current mode.
PAGE 412
16 MAC Extended ACL Config Commands show MAC Extended ACL Config Commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command. Usage Guidelines The show access-list command displays the access lists configured for the switch. Provide the access list name or number to view specific ACL details.
PAGE 413
MAC Extended ACL Config Commands startup-config static-channel-group terminal timezone upgrade-status users version wireless wlan-acl 16 Contents of startup configuration static channel group membership Display terminal configuration parameters Display timezone Display last image upgrade status Display information about currently logged in users Display software & hardware version Wireless configuration commands wlan based acl RFS7000(config-ext-macl)#show Brocade Mobility RFS7000-GR CLI Reference Guid
PAGE 414
16 400 MAC Extended ACL Config Commands Brocade Mobility RFS7000-GR CLI Reference Guide 53-1001945-01
PAGE 415
Chapter 17 DHCP Server Instance In this chapter • DHCP Config Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401 • DHCP configuration is conducted by creating pools and mapping them to L3 interfaces (SVI). 434 Use the (config-dhcp)instance to configure the DHCP server address pool associated with the switch. Use ip dhcp pool (pool name) command to reach (config-dhcp) instance. DHCP Config Commands The following table summarizes config-std-nacl commands.
PAGE 416
17 DHCP Config Commands TABLE 13 402 DHCP config commands Command Description Ref. next-server Configures the next server in boot process. page 427 no Negates a command or sets defaults. page 428 option Assigns a name for the DHCP option. page 429 service Displays the service commands for DHCP. page 430 show Displays current running system information. page 431 update Controls the usage of dynamic DNS.
PAGE 417
DHCP Config Commands 17 address DHCP Config Commands Use this command to specify a range of addresses for DHCP network pool. Syntax address (range) (low IP addressA.B.C.D) (high IP addressA.B.C.D) Parameters range (low IP addressA.B.C.D) (high IP addressA.B.C.D) Use this command to add an address range for the DHCP server. • low IP addressA.B.C.D – Low IP address. The first ip address in the address range. • high IP addressA.B.C.D – High IP address. The last ip address in the address range.
PAGE 418
17 DHCP Config Commands bootfile DHCP Config Commands Use this command to assign a bootfile name for the DHCP configuration on the network pool. Syntax bootfile Parameters bootfile Indicates the boot image for bootp clients. The file name can contain letters, numbers, dots and hyphens. Consecutive dots and hyphens are not permitted. Usage Guidelines Use the bootfile command to specify the boot image.
PAGE 419
DHCP Config Commands 17 class DHCP Config Commands Use this command to associate a DHCP class with a pool. This command is used in Step 4 in the usage guidelines provided below. The CLI prompt moves to a sub-instance(config-dhcp-class). The configuration mode changes from (config-dhcp)# class to (config-dhcp-class). Refer to config-dhcp-class on page 406 for (config-dhcp-class) command summary.
PAGE 420
17 DHCP Config Commands config-dhcp-class Use (config-dhcp)# class to enter the (config-dhcp-class)instance. Use this instance to set an address range for a DHCP user class in a DHCP server address pool. The following table summarizes config-dhcp-class commands. TABLE 14 406 config-dhcp-class commands Command Description address Sets an address range for a DHCP class in a DHCP server address pool. clrscr Clears the display screen. end Ends current mode and change to EXEC mode.
PAGE 421
DHCP Config Commands 17 address config-dhcp-class Use this command to set an address range for a DHCP class in a DHCP server address pool. Syntax address (range) (low IP Address) (high IP Address) Parameters range (low IP Address) (High IP Address) Address range for the DHCP class. • A.B.C.D – Low IP Address. • A.B.C.D – High IP Address. Example RFS7000(config-dhcp-class)#address range 11.22.13.14 11.22.33.
PAGE 422
17 DHCP Config Commands multi-user-class config-dhcp-class Use this command to enable multiple user class option. Syntax multi-user-class Parameters None.
PAGE 423
DHCP Config Commands 17 no config-dhcp-class Use this command to negate a value or set its default value. Syntax no [multiple-user-class|option (user-class) ] Parameters The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
PAGE 424
17 DHCP Config Commands option config-dhcp-class Use this command to configure DHCP Server options. Syntax option (user-class) Parameters user-class Configures DHCP Server user-class options. • – Specifies the ASCII value of user-class option.
PAGE 425
DHCP Config Commands 17 client-identifier DHCP Config Commands Use this command to assign a name to the client-identifier. A client identifier is used to reserve an IP address for DHCP clients. Syntax client-identifier Parameters client-identifier Specifies the Ascii string.To prepend a null character , use \\0 at beginning. A single \ in the input is ignored.
PAGE 426
17 DHCP Config Commands client-name DHCP Config Commands Use this command to add a client name for the DHCP clients. Syntax client-name Parameters client-name Use client-name to add a client name. The domain name must not be included.
PAGE 427
DHCP Config Commands 17 clrscr DHCP Config Commands Use this command to clear the screen. Syntax clrscr Parameters None.
PAGE 428
17 DHCP Config Commands ddns DHCP Config Commands Use this command to configure dynamic DNS parameters like domain name, enabling multi-user class and IP address of the server. Syntax ddns [domainname (name)|multiple-user-class|server (IP address) (IP address)| ttl <1-864000>|update-all] Parameters domainname (name) Sets domain name used for DDNS updates. multiple-user-class Enables multiple user class option.
PAGE 429
DHCP Config Commands 17 default-router DHCP Config Commands Use this command to configure the default router or gateway IP address for the network pool. To remove the default router list, use the no default-router command. default-router Parameters default-router Specifies the default router IP address for the network pool. • – Router's IP address. Usage Guidelines The IP address of the router should be on the same subnet as the client subnet.
PAGE 430
17 DHCP Config Commands dns-server DHCP Config Commands Use this command to configure the DNS server’s IP address available to the DHCP clients connected to the pool. Use the no dns-server command to remove DNS server list. Syntax dns-server ..... Parameters dns-server Configures the DNS Server’s IP address. • A.B.C.D> – Server's IP address.
PAGE 431
DHCP Config Commands 17 domain-name DHCP Config Commands Use this command to configure the domain name for the network pool. Use the no domain-name command to remove the domain name. Syntax domain-name (nameWORD) Parameters domain-name (nameWORD) Configures the domain name for the network pool. Usage Guidelines The domain name cannot be more than 256 characters.
PAGE 432
17 DHCP Config Commands end DHCP Config Commands Use this command to exit the current mode and moves to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
PAGE 433
DHCP Config Commands 17 exit DHCP Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 434
17 DHCP Config Commands hardware-address DHCP Config Commands Use this command to reserve an IP address (manually) based on a DHCP client’s hardware address. Use the no hardware-address command to remove this from the DHCP pool. Syntax hardware-address [XX-XX-XX-XX-XX-XX | XX:XX:XX:XX:XX:XX] Parameters hardware-address [XX-XX-XX-XX-XX-XX | XX:XX:XX:XX:XX:XX] Configures the client’s hardware address. • XX-XX-XX-XX-XX-XX – Dashed-hexadecimal string. • XX:XX:XX:XX:XX:XX – Dotted-hexadecimal string.
PAGE 435
DHCP Config Commands 17 help DHCP Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-dhcp)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g.
PAGE 436
17 DHCP Config Commands host DHCP Config Commands Use this command to configure a fixed IP address for the host in dotted decimal format. Use the no host command to remove the host from the DHCP pool. Syntax host Parameters host Fixed address for host. • IP address – IP address in dotted decimal format.
PAGE 437
DHCP Config Commands 17 lease DHCP Config Commands Use this command to configure a valid lease time for the IP address used by all DHCP clients in the network pool. Syntax lease [{<0-365> <0-23> <0-59>}|infinite] Parameters lease [ {<0-365> <0-23> <0-59>} |infinite] Sets the lease time for IP address. • <0-365> – Lease period in days. Days can be made as 0 only when hours and/or mins are greater than 0. • <0-23> – Used with the above to set the hours for the lease period.
PAGE 438
17 DHCP Config Commands netbios-name-server DHCP Config Commands Use this command to configure the netbios-name server’s IP address. Syntax netbios-name-server Parameters netbios-name-server NetBIOS (WINS) name servers. • – NetBIOS name server's IP address. Example RFS7000(config-dhcp)#netbios-name-server 2.2.2.
PAGE 439
DHCP Config Commands 17 netbios-node-type DHCP Config Commands Use this command to configure the netbios-node type. Syntax netbios-node-type [b-node|h-node|m-node|p-node] Parameters netbios-node-type [b-node | h-node | m-node | p-node] NetBIOS (WINS) name servers. • b-node – Broadcast node. • h-node – Hybrid node. • m-node – Mixed node. • p-node – Peer-to-peer node.
PAGE 440
17 DHCP Config Commands network DHCP Config Commands Use this command to configure the network pool’s IP address. This maps the current DHCP pool with the specific network. Syntax network [A.B.C.D|A.B.C.D/M] Parameters network [A.B.C.D|A.B.C.D/M] Network number and mask. • A.B.C.D – Network number in dotted decimal format. • A.B.C.D/M – Network number and mask.
PAGE 441
DHCP Config Commands 17 next-server DHCP Config Commands Use this command to configure the IP address of the next server in the boot process. Syntax next-server Parameters next-server Defines the next server in the boot process. – Server's IP address. • Example RFS7000(config-dhcp)#next-server 2.2.2.
PAGE 442
17 DHCP Config Commands no DHCP Config Commands Use this command to negate a command or set defaults. Syntax no [address|bootfile|class|client-identifier|client-name|ddns|default-router|dns-ser ver|domain-name|hardware-address|host|lease|netbios-name-server|netbios-node-type |network|next-server|option|update] Parameters The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
PAGE 443
DHCP Config Commands 17 option DHCP Config Commands Use this command to define the raw DHCP option used in DHCP pools. Syntax option (nameWORD)[IP ValueA.B.C.D|ASCII ValueWORD] Parameters option (name) Raw DHCP options. • (name) – Name of the DHCP option. • IP ValueA.B.C.D – IP Value of the DHCP option. • ASCII ValueWORD – Ascii Value of DHCP option. Usage Guidelines Used to define non standard DHCP options option-code (0-254).
PAGE 444
17 DHCP Config Commands service DHCP Config Commands Use this command to invoke service commands to troubleshoot or debug the (config-dhcp) instance configurations. Syntax service(show) (cli) Parameters show Shows running system information. cli Shows CLI tree of current mode. Example RFS7000(config-dhcp)#service show cli DHCP Server Config mode: +-address +-range +-A.B.C.D [address range A.B.C.D ( A.B.C.D |)] +-A.B.C.D [address range A.B.C.D ( A.B.C.
PAGE 445
DHCP Config Commands 17 show DHCP Config Commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command.
PAGE 446
17 DHCP Config Commands redundancy-history Display state transition history of the switch.
PAGE 447
DHCP Config Commands 17 update DHCP Config Commands Use this command to control the usage of the DDNS service. Syntax update (dns)(override) Parameters update (dns) (override) Controls the usage of the DDNS service. • (dns) – Dynamic DNS Configuration. • (override) – Enables Dynamic Updates by an onboard DHCP Server. Usage Guidelines A DHCP client cannot perform updates for RR’s A, TXT and PTR.
PAGE 448
17 DHCP configuration is conducted by creating pools and mapping them to L3 interfaces (SVI). DHCP configuration is conducted by creating pools and mapping them to L3 interfaces (SVI). A pool can be configured either as a network pool or host pool. A network pool includes ranges. When the network pool is mapped to a L3 interface, DHCP clients requesting IP from the interface get an IP from the included range. A host pool is used to assign static/fixed IP address to DHCP clients.
PAGE 449
DHCP configuration is conducted by creating pools and mapping them to L3 interfaces (SVI). 17 Later (when you add a L3 interface and assign an IP address to it), the DHCP Server gets enabled/started on the interface. If you have a pool for 192.168.0.0/24, but the L3 interface is 192.168.0.0/16, DHCP wont be enabled on 192.168.0.0/16, as it is different from 192.168.0.0/24. 4. A network pool without any include range is as good as not having a pool at all.
PAGE 450
17 436 DHCP configuration is conducted by creating pools and mapping them to L3 interfaces (SVI).
PAGE 451
Chapter 18 DHCP Class Instance In this chapter • DHCP Server Class Config Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437 Use (config)#ip dhcp class to enter (config-dhcpclass)instance. Use this instance to configure the DHCP user class. The switch supports a maximum of 8 user classes per DHCP class. Also refer ip on page 191 and DHCP Server Instance on page 401 for other DHCP related configurations. DHCP Server Class Config Commands Table 18.
PAGE 452
18 DHCP Server Class Config Commands clrscr DHCP Server Class Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None.
PAGE 453
DHCP Server Class Config Commands 18 end DHCP Server Class Config Commands Use this command to end and exit from the current mode and change to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
PAGE 454
18 DHCP Server Class Config Commands exit DHCP Server Class Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 455
DHCP Server Class Config Commands 18 help DHCP Server Class Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-dhcpclass)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
PAGE 456
18 DHCP Server Class Config Commands multiple-user-class DHCP Server Class Config Commands Use this command to enable the multiple user class option. This specifies the client (MU) sends multiple user classes.
PAGE 457
DHCP Server Class Config Commands 18 no DHCP Server Class Config Commands Use this command to negate a command or set its defaults. Syntax no [multiple-user-class|option] Parameters multiple-user-class Disables the multiple user class option. option Undo DHCP Server options.
PAGE 458
18 DHCP Server Class Config Commands option DHCP Server Class Config Commands Use this command to specify a value for DHCP user class options. This command is used in Step 2 in the usage guidelines provided below. Syntax option (user-class)(user class name) Parameters user-class (user classname) Use this to create a DHCP Server user-class options. Usage Guidelines Follow the steps below to create a DHCP User Class: 1. Create a DHCP class named RFS7000DHCPclass.
PAGE 459
DHCP Server Class Config Commands 18 service DHCP Server Class Config Commands Use this command to invoke service commands to troubleshoot or debug (config-if) instance configurations. Syntax service (show) (cli) Parameters show (cli) Displays the CLI tree of current mode.
PAGE 460
18 DHCP Server Class Config Commands show DHCP Server Class Config Commands Use this command to view the current system information. Syntax show show dhcp [config|status] show ip dhcp [binding|class|pool|sharednetwork] Parameters ? Displays all the parameters for which the information can be viewed using the show command.
PAGE 461
DHCP Server Class Config Commands 18 terminal Display terminal configuration parameters timezone Display timezone upgrade-status Display last image upgrade status users Display information about currently logged in users version Display software & hardware version wireless Wireless configuration commands wlan-acl wlan based acl RFS7000(config-dhcpclass)#show RFS7000(config-dhcpclass)#show ip dhcp binding IP MAC/Client-Id -------------10.10.10.109 00:a0:f8:bf:8a:4b 10.10.10.
PAGE 462
18 448 DHCP Server Class Config Commands Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01
PAGE 463
Chapter 19 RADIUS Server Instance In this chapter • RADIUS Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449 • Example–Creating a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470 The radius-server local command moves to the RADIUS server mode. The local (Onboard) RADIUS server configuration commands are listed under this mode. Use the (config-radsrv)instance to configure local RADIUS server parameters.
PAGE 464
19 RADIUS Configuration Commands authentication RADIUS Configuration Commands Use this command to configure an authentication scheme used with RADIUS server. Syntax authentication(data-source|eap-auth-type) authentication data-source(ldap|local) authentication eap-auth-type(all|peap-gtc|peap-mschapv2|tls|ttls-md5| ttls-mschapv2|ttls-pap) Parameters data-source eap-auth-type RADIUS data source for user authentication. • ldap – Remote LDAP server. • local – Local user database.
PAGE 465
RADIUS Configuration Commands 19 ca RADIUS Configuration Commands Use this command to configure CA (Certificate Authority) parameters. Syntax ca trust-point(WORD) Parameters trust-point (WORD) Trustpoint configuration. • WORD – Existing trustpoint name. Usage Guidelines Configure the trustpoint used by the local RADIUS server. Create the trustpoint before it is used by the crypto pki trustpoint command. The default trustpoint in use is – default-trustpoint.
PAGE 466
19 RADIUS Configuration Commands clrscr RADIUS Configuration Commands Use this command to clear the screen. Syntax clrscr Parameters None.
PAGE 467
RADIUS Configuration Commands 19 crl-check RADIUS Configuration Commands Use this command to enable a Certificate Revocation List (CRL) check. To enable the certificate revocation list, ensure crl list is loaded using the crypto pki import crl command. Syntax crl-check Parameters enable Enables a CRL check. Usage Guidelines A CRL that is updated with a trustpoint contains index numbers of all the revoked certificates.
PAGE 468
19 RADIUS Configuration Commands end RADIUS Configuration Commands Use this command to exit from the current mode and move to the PRIV EXEC mode. The prompt now changes to RFS7000#. Syntax end Parameters None.
PAGE 469
RADIUS Configuration Commands 19 exit RADIUS Configuration Commands Use this command to exit the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 470
19 RADIUS Configuration Commands group RADIUS Configuration Commands Use this command to configure RADIUS user groups. The CLI moves to a sub-instance config-radsrv-group, to create a new group. The prompt changes from RFS7000(config-radsrv)# to RFS7000(config-radsrv-group)#. The following table summarizes the RADIUS User Group commands within the (config-radsrv-group) sub-instance. TABLE 16 456 RADIUS User Group configuration command summary Command Description Ref.
PAGE 471
RADIUS Configuration Commands 19 clrscr group Use this command to clear the display screen. Syntax clrscr Parameters None.
PAGE 472
19 RADIUS Configuration Commands end group Use this command to exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
PAGE 473
RADIUS Configuration Commands 19 exit group Use this command to exit the current mode and move to the previous mode (config-radsrv)). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 474
19 RADIUS Configuration Commands group group Use this command to configure RADIUS user group parameters. This command creates a group within an existing RADIUS group. Syntax group Parameters WORD RADIUS group name.
PAGE 475
RADIUS Configuration Commands 19 guest-group group Use this command to manage a guest-user linked with a hotspot. Additionally, create a guest-user and associate it with a guest-group. The guest-user and the policies of the guest-group are used for hotspot authentication. Syntax guest-group Parameters enable Enables this group as guest group. Usage Guidelines Use this command to create a guest group. The guest user created using rad-user must only be part of the guest group.
PAGE 476
19 RADIUS Configuration Commands help group Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-radsrv-group)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.
PAGE 477
RADIUS Configuration Commands 19 no group Use this command to negate a command or set defaults. Syntax no(policy|rad-user|rate-limit) no policy(day|time|vlan|wlan) no policy wlan(<1-32256>|all)<1-32256> Parameters policy RADIUS group access policy configuration. day Resets the access policy day for this group. time Configures access policy time for this group. vlan VLAN ID for this group. wlan Configures WLAN access policy for this group. <1-32256> WLAN Range. all Removes allowed WLANs.
PAGE 478
19 RADIUS Configuration Commands policy group Use this command to configure authorization policies for a particular group, like day/time of access, WLAN’s allowed and to set a user based VLAN. NOTE User based VLAN is effective only if dynamic VLAN authorization is enabled on the WLAN. Syntax policy(day|time|vlan|wlan) policy day(all|fr|mo|sa|su|th|tu|we|weekdays) ploicy time(start|end)<0-23><0-59> policy vlan<1-4094> policy wlan<1-256> Parameters day Day of access policy configuration.
PAGE 479
RADIUS Configuration Commands 19 rad-user group Use this command to add an existing RADIUS user to this group. If the RADIUS user is not available in the Onboard RADIUS server’s database, create a new RADIUS user using rad-user command from (config-radsrv) mode. For more details check rad-user on page 478. Syntax rad-user Parameters WORD Existing RADIUS user name.
PAGE 480
19 RADIUS Configuration Commands rate-limit group Use this command to set rate limit for this group. Syntax rate-limit [wired-to-wireless <100-1000000> |wireless-to-wired<100-1000000>] Parameters wired-to-wireless Down link direction - from network to wireless client. wireless-to-wired Up link direction - from wireless client to network.
PAGE 481
RADIUS Configuration Commands 19 service group Use this command to invoke RADIUS service commands. This command is used to enable the RADIUS Server. A service RADIUS restart is executed only from the config mode. Syntax service (show) (cli) Parameters show (cli) Shows running system information.
PAGE 482
19 RADIUS Configuration Commands show group Use this command to view the current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command.
PAGE 483
RADIUS Configuration Commands redundancy role rtls 19 Configure redundancy group parameters Configure role parameters Real Time Locating System commands securitymgr Securitymgr parameters service-list List of services sessions Display current active open connections smtp-notification Display SNMP engine parameters snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters spanning-tree Display spanning tree information startup-config Contents of startup configuration static-channel-g
PAGE 484
19 RADIUS Configuration Commands Example–Creating a Group The use of the (config-radsrv-group) sub-instance is explained below: 1. Create a group called Sales in the local RADIUS Server database. RFS7000(config-radsrv)#group sales 2. Check RADIUS user group configuration commands. 3. RFS7000(config-radsrv-group)#? 4. Radius user group configuration commands: 5. clrscr Clears the display screen 6. end End current mode and change to EXEC mode 7. exit End current mode and down to previous mode 8.
PAGE 485
RADIUS Configuration Commands key 19 Radius client shared secret RFS7000(config-radsrv)#nas 10.10.10.0/24 key ? 0 Password is specified UNENCRYPTED 2 Password is encrypted with password-encryption secret LINE The secret(client shared secret), upto 32 characters RFS7000(config-radsrv)#nas 10.10.10.0/24 key 0 very-secret!! 22. Use (config-radsrv)#proxy to add a realm name. RFS7000(config-radsrv)#proxy realm mydomain.com server 10.10.1.10 port 1812 secret 0 testing 23.
PAGE 486
19 RADIUS Configuration Commands help RADIUS Configuration Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-radsrv)#help? help Description of the interactive help system RFS7000(config-radsrv)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
PAGE 487
RADIUS Configuration Commands 19 ldap-server RADIUS Configuration Commands Use this command to configure LDAP server parameters. It uses the existing external database in form of an active directory with the onboard RADIUS server instead of a local database on the switch. Syntax ldap-server[primary|secondary] (host
PAGE 488
19 RADIUS Configuration Commands Example RFS7000(config)#ldap-server primary host 192.192.1.
PAGE 489
RADIUS Configuration Commands 19 nas RADIUS Configuration Commands Use this command to configure the RADIUS client. Syntax nas(A.B.C.D/M)key(0|2|LINE) Parameters A.B.C.D/M RADIUS Client IP address. key RADIUS Client shared key. • 0 – Password is specified UNENCRYPTED. • 2 – Password is encrypted with password-encryption secret. • LINE – The secret (client shared secret), up to 32 characters.
PAGE 490
19 RADIUS Configuration Commands no RADIUS Configuration Commands Use this command to negate a command or set its defaults. Syntax no(authentication|ca|crl-check|group|ldap-server|nas|proxy|rad-user|server|servic e) Parameters authentication RADIUS authentication. ca Configures ca certificate parameters. crl-check Certificate Revocation List (CRL) check. group Local RADIUS Server group configuration. ldap-server LDAP server parameters. nas RADIUS client. proxy RADIUS proxy server.
PAGE 491
RADIUS Configuration Commands 19 proxy RADIUS Configuration Commands Use this command to configure a proxy RADIUS server based on the realm/suffix. Syntax proxy(realm|retry-count|retry-delay) proxy realm(nameWORD)server(IP Address)secret(0|2|WORD) Parameters realm WORD Realm name is a string of up to 50 characters. • server (A.B.C.D) – Proxy server IP address. • secret (0|2|WORD) – Proxy server secret string. • 0 – Password is specified UNENCRYPTED.
PAGE 492
19 RADIUS Configuration Commands rad-user RADIUS Configuration Commands Use this command to configure RADIUS user parameters. Syntax rad-user(WORD)[access(console|ssh)|password(0|2|WORD) (group)(guest) (expiry-time)(expiry-date) (start-time))start-date)|privilege (cryptp-officer|monitor|superuser|sysadmin|webadmin)] Parameters WORD access (console|ssh) password(0|2|WORD) Enter a user name up to 64 characters in length. Sets management user access mode. console – Only allowed from console.
PAGE 493
RADIUS Configuration Commands 19 server RADIUS Configuration Commands Use this command to configure the server certificate parameters used by the RADIUS server. The server certificate is a part of a trustpoint created crypto on page 183. Syntax server trust-point Parameters trust-point (WORD) Trustpoint configuration. • WORD – Existing trustpoint name. Usage Guidelines Create a trustpoint using (crypto-pki-trustpoint). Server certificate is created under the trustpoint using crypto-pki commands.
PAGE 494
19 RADIUS Configuration Commands service RADIUS Configuration Commands Use this command to invoke service commands to troubleshoot or debug (config-radsrv) instance configurations. This command is also used to enable the RADIUS Server. Syntax service (show) (cli) Parameters show (cli) Shows running system information.
PAGE 495
RADIUS Configuration Commands 19 show RADIUS Configuration Commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command.
PAGE 496
19 RADIUS Configuration Commands role rtls Configure role parameters Real Time Locating System commands running-config securitymgr service-list sessions smtp-notification snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone traffic-shape upgrade-status users version virtual-ip wireless wlan-acl Current Operating configuration Securitymgr parameters List of services Display current active open connections Display SNMP engine parameters Display SNMP engine parameters Displ
PAGE 497
Chapter 20 Wireless Instance In this chapter • Wireless Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 Use the (config-wireless) instance to configure wireless parameters. Wireless Configuration Commands The following table summarizes the Global Config commands. TABLE 17 Wireless configuration commands Command Description Ref. aap Invokes AAP related commands. page 485 admission-control Use this command to disable admission control across all radios.
PAGE 498
20 Wireless Configuration Commands TABLE 17 Wireless configuration commands Command Description Ref. dhcp-sniff-state Records mobile unit DHCP state information. page 504 end Ends the current mode and moves to the EXEC mode. page 505 exit Ends the current mode and moves to the previous mode. page 506 fix-broadcast-dhcp-r sp Converts broadcast DHCP server responses to unicast response. page 507 hotspot Reverts hotspot related configuration.
PAGE 499
Wireless Configuration Commands 20 aap Wireless Configuration Commands Use this command to invoke AAP related commands. Syntax aap [config-apply|include-config] aap [config-apply (def-delay <30-10000> |mesh-delay <3-10000>)] aap [include-config (snmp|syslog)] Parameters config-apply [def-delay|mesh-delay] Configuration apply settings. • def-delay <30-10000> – Default time to delay before applying configuration. • <30-10000> – Time to delay in seconds.
PAGE 500
20 Wireless Configuration Commands admission-control Wireless Configuration Commands Use this command to disable admission control across all radios. Syntax admission-control (voice) Parameters voice (enable) 486 Admission control for voice traffic. • enable – Enables admission control.
PAGE 501
Wireless Configuration Commands 20 adopt-unconf-radio Wireless Configuration Commands Use this command to adopt a radio (even if not yet configured). The default template is used for configuration. Syntax adopt-unconf-radio Parameters enable Enables the adoption of unconfigured radios.
PAGE 502
20 Wireless Configuration Commands adoption-pref-id Wireless Configuration Commands Use this command as a switch preference identifier. Radios configured with this identifier are more likely to be adopted by this switch. Syntax adoption-pref-id Parameters <1-65535> Select a pref-ID within 1-65535 for this wireless switch.
PAGE 503
Wireless Configuration Commands 20 ap Wireless Configuration Commands Use this command to define the name and location of the access port. Syntax ap [| |][ABG-scan|aap-admin-passwd| aap-mgmt-vlan|aap-native-vlan-id|aap-native-vlan-tag|adoption-policy| country-code|lan-acl|location|name|radio-config] Parameters AP Index<1-1024> A single AP index. Use show wireless ap command to view the AP’s index value. • ABG-scan (enable) – Configures the ABG scan mode on the ap.
PAGE 504
20 Wireless Configuration Commands ap-containment Use this command to invoke Rogue AP Containment commands. Syntax ap-containment [add |enable|interval <20-5000>] Parameters add ) Adds a Rogue BSS MAC to Rogue AP Containment list.The Maximum entries allowed is 256. • MAC – Specify the MAC address in AA-BB-CC-DD-EE-FF format. enable Enables protection against Rogue Access Points. interval <20-5000> Specifies the time (in milliseconds) between two AP Containment procedures.
PAGE 505
Wireless Configuration Commands 20 ap-detection Wireless Configuration Commands Use this command to configure access port detection. Syntax ap-detection [approvedadd|detected-wired-rogue|enable|mu-assisted-scan|timeout (approved|unapproved)] ap-detection approved add <1-200> (authorized|ignored)(MAC Address|any)(SSIDLINE|any) ap-detection detect-wired-rogue (enable) ap-detection mu-assisted-scan(enable|refresh<30-86400>) Parameters approvedadd The approved access port list.
PAGE 506
20 Wireless Configuration Commands ap-ip Wireless Configuration Commands Use this command to modify the static IP address for access port. Syntax ap-ip [|default-ap] ap-ip [static-ip|switch-ip] ap-ip (static-ip) ap-ip (switch-ip) [add |delete(|
PAGE 507
Wireless Configuration Commands 20 ap-standby-attempts-threshold Wireless Configuration Commands Use this command to revert the number of attempts after which the standby switch will adopt to its default value 11 Wireless Configuration Commands Syntax ap-standby-attempts-threshold <5-200> Parameters None Example RFS7000(config-wireless)#ap-standby-attempts-threshold 5 RFS7000(config-wireless)# Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01 493
PAGE 508
20 Wireless Configuration Commands ap-timeout Wireless Configuration Commands Use this command to change the default inactivity timeout period for access-port(s). Syntax ap-timeout <40-180> Parameters LIST <40-180> An access-ports identified by a single MAC address or by a list of indices. Use show wireless ap to view the AP’s adopted by the MU and their IP addresses. Note If multiple access-ports are specified, each gets a unique IP address.
PAGE 509
Wireless Configuration Commands 20 auto-select-channels Wireless Configuration Commands Use this command to specify a list from which channels can be picked. Syntax auto-select-channel [11a|11bg (WORD|add|remove)] Parameters 11a Channel list for the 11a (5GHz) band. 11bg Channel list for the 11bg (2.4 GHz) band WORD Lists the channels. add Adds one or more channels to the existing channel list. remove Removes one or more channels to the existing channel list.
PAGE 510
20 Wireless Configuration Commands ap-udp-port Wireless Configuration Commands Use this command to configure the UDP port for layer 3 AP adoption. Configure the DHCP server supporting the AP’s with the same parameter. Syntax ap-udp-port <1-65535> Parameters <1-65535> The port number used for layer 3 AP adoption.
PAGE 511
Wireless Configuration Commands 20 broadcast-tx-speed Wireless Configuration Commands Use this command to configure the rate broadcast and multicast traffic transmitted between the switch and mobile units. Syntax broadcast-tx-speed(range|throughput) Parameters range Uses the lowest basic rate. Provides the maximum range. throughput Uses the highest basic rate. Provides the maximum throughput (default).
PAGE 512
20 Wireless Configuration Commands clrscr Wireless Configuration Commands Use this command to clear the screen. Syntax clrscr Parameters None.
PAGE 513
Wireless Configuration Commands 20 cluster-master-support Wireless Configuration Commands Use this command to change settings for cluster master support required for cluster-level functioning. Syntax cluster-master-support (enable) Parameters enable Enables cluster master support, a partial set of configuration will be synchronized with master.
PAGE 514
20 Wireless Configuration Commands country-code Wireless Configuration Commands Use this command to configure the country of operation. This command erases the radio’s existing configuration. Syntax country-code Parameters country-code Uses the two letter ISO-3166 country code ("show wireless country-code-list") to view the list of supported countries. Usage Guidelines Use the show wireless country-code command to view the list of supported countries.
PAGE 515
Wireless Configuration Commands 20 debug Wireless Configuration Commands Use this command to initiate debugging functions. Syntax debug cc [access-port|all|alt|ap-containment| ap-detect|capwap|cluster|config|dot11|eap|ids|kerberos|13-mob|loc-ap| loc-mu|media|mobile-unit|radio|radius| self-heal|smart|snmp|system|wips|wisp|wlan] {debug|err|info|warn} Parameters cc Displays cellcontroller debugging messages. access-port Access-port logs. all All modules alt Address lookup logs.
PAGE 516
20 Wireless Configuration Commands wips WIPS sensor logs wisp WISP logs wlan WLAN logs debug all messages (default) err Error and higher severity messages. info Information and higher severity messages. warn Warning and higher severity messages.
PAGE 517
Wireless Configuration Commands 20 dhcp-one-portal-fprward Wireless Configuration Commands Use this command to forward broadcast DHCP responses to one portal when the destination mobile-unit is known from the response contient. Syntax dhcp-one-portal (enable) Parameters enable Enables forwarding DHCP responses to one portal.
PAGE 518
20 Wireless Configuration Commands dhcp-sniff-state Wireless Configuration Commands Use this command to record mobile unit DHCP state information. Syntax dhcp-sniff-state Parameters enable Enables the recording of DHCP state information for mobile units.
PAGE 519
Wireless Configuration Commands 20 end Wireless Configuration Commands Use this command to end and exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
PAGE 520
20 Wireless Configuration Commands exit Wireless Configuration Commands Use this command to exit the current mode and move to the previous mode. The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
PAGE 521
Wireless Configuration Commands 20 fix-broadcast-dhcp-rsp Wireless Configuration Commands Use this command to convert broadcast DHCP server responses to be unicast. Syntax fix-broadcast-dhcp-rsp (enable) Parameters enable Enables support for converting broadcast DHCP server responses to unicast.
PAGE 522
20 Wireless Configuration Commands hotspot Wireless Configuration Commands Use this command to revert hotspot related configuration. Syntax hotspot query <1-10> WORD {mu-ip|ssid|switch-ip|switch-name|user-string (WORD)} Parameters query Configures query string to be appended to the redirection login URL <1-10> Specifies the index of the query. WORD Specifies the field name of the query. mu-ip Specifies the value to be filled with the ip address of mu.
PAGE 523
Wireless Configuration Commands 20 help Wireless Configuration Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-wireless)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
PAGE 524
20 Wireless Configuration Commands load-balance Wireless Configuration Commands Use this command to disable user load balance. Syntax load-balance [by-count|by-throughput] Parameters by-count Load balance by user account by-throughput Load balance by radio throughput (threshold 1Mbps).
PAGE 525
Wireless Configuration Commands 20 mac-auth-local Wireless Configuration Commands Use this command to configure the local MAC authentication list.
PAGE 526
20 Wireless Configuration Commands Example RFS7000(config-wireless)#mac-auth-local 452 allow 12.11.11.120 12.11.11.
PAGE 527
Wireless Configuration Commands 20 manual-wlan-mapping Wireless Configuration Commands Use this command to manually map/un-map WLANs configured on a radio. Syntax manual-wlan-mapping Parameters enable Enables support for manual WLAN mapping.
PAGE 528
20 Wireless Configuration Commands mobile-unit Wireless Configuration Commands Use this command to configure mobile unit related parameters. Syntax mobile-unit (association-history(clear|enable)|probe-history) mobile-unit probe-history (add<1-200> |enable) Parameters association-history Enables the mobile unit’s association history. • clear – Clears the association history for all mobile-units. • enable – Enables the mobile unit’s association history.
PAGE 529
Wireless Configuration Commands 20 mobility Wireless Configuration Commands Use this command to configure mobility parameters Syntax mobility(enable|local-address|max-roam-period|peer) mobility local-address ( mobility max-roam-period<1-300> mobililty peer <(IP AddressA.B.C.D>) Parameters enable Enables mobility globally. local-address Sets the local address for mobility. • A.B.C.D – IP Address of A.B.C.D format.
PAGE 530
20 Wireless Configuration Commands multicast-packet-limit Wireless Configuration Commands Use this command to a configure multicast packet limit per second for a VLAN. Syntax multicast-packet-limit <0-128> (<1-4094>|) Parameters <0-128> [<1-4094 | ] Multicast packet limit per second. • <1-4094> – Single VLAN ID (1-4094) that the new limit applies to. • – A list (1,3,7) or range (3-7 ) of VLAN IDs.
PAGE 531
Wireless Configuration Commands 20 multicast-throttle-watermarks Wireless Configuration Commands Use this command to configure watermarks for handling bursts of broadcast/multicast frames. Syntax multicast-throttle-watermarks (low)<0-100> (high) <0-100> Parameters low <0-100> Configures the low water-mark. If the percentage of free packets in the system is lower than this threshold, the incoming frame will be dropped. high <0-100> Configure the high water-mark.
PAGE 532
20 Wireless Configuration Commands nas-id Wireless Configuration Commands Use this command to reset nas-id. Syntax nas-id Parameters WORD A string up to 256 characters.
PAGE 533
Wireless Configuration Commands 20 nas-port-id Wireless Configuration Commands Use this command to reset nas-port-id. Syntax nas-port-id Parameters WORD A string up to 256 characters.
PAGE 534
20 Wireless Configuration Commands non-preferred-ap-attempts-threshold Wireless Configuration Commands Use this command to revert the number of attempts after which the switch adopts non preferred AP to its default value 0. Syntax non-preferred-ap-attempts-threshold <0-20> Parameters <0-20> The number of attempts with numeric value in the range of <0-20> for this wireless switch.
PAGE 535
Wireless Configuration Commands 20 no Wireless Configuration Commands Use this command to negate a command or set its defaults.
PAGE 536
20 Wireless Configuration Commands proxy-arp Wireless Configuration Commands Use this command to respond to ARP requests on behalf of mobile units. Syntax proxy-arp Parameters enable Enables support for proxy arp.
PAGE 537
Wireless Configuration Commands 20 qos-mapping Wireless Configuration Commands Use this command to configure QoS mappings between wired and wireless domains. Syntax qos-mapping(wired-to-wireless|wireless-to-wired) qos-mapping wired-to-wireless(dot1p<0-7>|dscp<0-63>) (background|best-effort|video|voice) qos-mapping wireless-to-wired(background|best-effort|video|voice) dot1p<0-7> Parameters wired-to-wireless Mappings used while switching wired traffic over the air.
PAGE 538
20 Wireless Configuration Commands radio Wireless Configuration Commands Use this command to configure radio related settings.
PAGE 539
Wireless Configuration Commands 20 Parameters <1-4096> A single radio index. admission-control (voice) Admission control parameters. • voice – voice parameters. • max-mus <0-256> – Maximum mobile units to be admitted.The maximum value range is <0-256>. • max-perc <0-100>– Maximum percentage of air time allocated to voice traffic.The maximum percentage is 100. • max-roamed-mus <0-256> – The maximum roamed mobile units to be admitted.
PAGE 540
20 526 Wireless Configuration Commands bridge-hello <1-10> STP Bridge Hello time in seconds. bridge-max-ageout <4-3600> STP Bridge Maximum Ageout time in seconds. bridge-msg-age <6-40> STP Bridge Message Age in seconds. bridge-priority <0-655355> STP Bridge Priority value. bss (<1-4>|add-wlans|auto) WLAN Maps wireless LANs to radio BSSID’s. • <1-4> –The BSS where a wireless LAN is mapped. • add-wlans – Adds new wlans to existing radios. • auto – Automatic assignment of BSS.
PAGE 541
Wireless Configuration Commands 20 dtim-period<1-50> bss <1-4> DTIM period (number of beacons between successive DTIMs) • <1-50> – DTIM period. • bss – BSS. • <1-4> – BSS index. enforce-spec-mgmt (enable) Enforces spectrum management checks on specified radios. Only mobile units that advertise spectrum management are allowed to associate to this radio. enhanced-beacon-table Enables Enhanced beacon table for AP locationing. enhanced-probe-table Enables Enhanced probe table for MU locationing.
PAGE 542
20 Wireless Configuration Commands self-heal-offset <0-30> Configures the self healing offset, measured in dBm, for regulatory. NOTE: This offset is based off the regulatory maximum power for the specified channel (the command "show wireless regulatory" shows the max power allowed). short-gi (enable) Short GI value for both the 20 MHz and the 40 MHz channels for the 11n Radio. • enable – enables the capability. short-preamble Enables short preamble support. NOTE: Disables support for long preamble.
PAGE 543
Wireless Configuration Commands tag_type [aeroscout|cricket|newbury] (listen-addr) 20 Configures wi-fi tag type. • aeroscout – Aeroscout Active tag. • cricket – Cricket (Brocade) Active tag. • newbury – Newbury active tag. • listen-addr – Configure multicast listening address for wi-fi active tags. • AA-BB-CC-DD-EE-FF – Multicast MAC address. NOTE: For Aeroscout tag, the address is configurable.
PAGE 544
20 Wireless Configuration Commands RFS7000(config-wireless)#radio 1 antenna-mode diversity RFS7000(config-wireless)# 530 Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01
PAGE 545
Wireless Configuration Commands 20 rate-limit Wireless Configuration Commands Use this command to set default rate limit per user.
PAGE 546
20 Wireless Configuration Commands self-heal Wireless Configuration Commands Use this command to configure self healing. Syntax self-heal(interference-avoidance|neighbor-recovery) self-heal interference-avoidance(enable|hold-time<0-65535>| retries<0.0-15.
PAGE 547
Wireless Configuration Commands 20 sensor Wireless Configuration Commands Use this command to configure Wireless Intrusion Protection System parameters. Syntax sensor (default-config) (wips-server-ip {primary|secondary}) Parameters default-config The default configuration sent to sensors when they are configured. wips-server-ip {primary|secondary} Specifies IP addresses of the WIPS server. • primary – Specifies the primary IP address of the WIPS server. • secondary
PAGE 548
20 Wireless Configuration Commands service Wireless Configuration Commands Use this command to invoke service commands to troubleshoot or debug the (config-wireless) instance configuration.
PAGE 549
Wireless Configuration Commands 20 Parameters clear (wireless)(mobileunit)(associationstatistics) Clear command. • wireless – Wireless parameters. • mobile-unit – Mobile-unit parameters. • association-history – association and reassociation statistics. show (cli|radio-neighbor| smart-rf|wireless) Shows running system information. • cli – Shows the CLI tree of the current mode. • radio-neighbor (mu) –Shows neighboring radios for a station. • mu – Specify the MAC address of the MU.
PAGE 550
20 Wireless Configuration Commands radio {<1-4096>|description| mapping} Radio serviceability parameters. • <1-4096> – A single radio index. • description – Description and location co-ordinates of radios. • mapping – Radio-to-CPU Mapping. radio-cache-entry Displays radio cache information. • WORD – Specifies the MAC address of the radio cache entry to show. radio-hash-buckets Wireless radio hash buckets. vlan-cache-buckets Wireless vlan cache buckets.
PAGE 551
Wireless Configuration Commands 20 Customizes the output of some summary cli commands in wireless. custom-cli [{sh-wi-mobile-unit • show-wi-mobile-unit – Customizes the output of the show wireless mobile-unit command. {ap-loan|ap-name|channel| dot11-type|ip|last-heard|m • ap-locn – Specifies the location of the AP where the mobile-unit is associated.
PAGE 552
20 Wireless Configuration Commands enhanced-beacon-table [channel-set|enable| erase-report|max-ap| scan-interval|scan-time] Enhanced beacon table for AP locationing. • channel-set – Channel set for Enhanced Beacon Table. • a <1-200> – Add channels to channel-set for Enhanced Beacon Table for 802.11a radios. • an <1-200> – Add channels to channel-set for Enhanced Beacon Table for 802.11an radios. • bg <1-200> – Add channels to channel-set for Enhanced Beacon Table for 802.11bg radios.
PAGE 553
Wireless Configuration Commands sync-radio-entries Synchronizes radio configuration entries at cluster level. vlan-cache (enable) vlan-cache mode. • enable – Enables default setting.
PAGE 554
20 Wireless Configuration Commands show Wireless Configuration Commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-wireless)#show ? access-banner Display Access Banner access-list Internet Protocol (IP) aclstats Show ACL Statistics information audit-log-filters Display audit log filter rules boot Display boot configuration.
PAGE 555
Wireless Configuration Commands users version wireless wlan-acl 20 Display information about currently logged in users Display software & hardware version Wireless configuration commands wlan based acl RFS7000(config-wireless)#show Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01 541
PAGE 556
20 Wireless Configuration Commands smart-scan-channels Wireless Configuration Commands Use this command to revert smart scan channels to default. Syntax smart-scan-channel [WORD|add|remove] WORD Parameters 542 WORD A comma-seperated list of channels. add Adds one or more channels to existing channel list remove Removes one or more channels from existing channel list.
PAGE 557
Wireless Configuration Commands 20 wips Wireless Configuration Commands Use this command to configure parameters related to WIPS.
PAGE 558
20 Wireless Configuration Commands WIPS event. event [80211-replay-chec • 80211-replay-check-failure [enable {authorized|ignored|unauthorized}|filter-out <1-86400>|threshold k-failure|ad-hoc-a {mu|radio}] – 802.11 Replay Check Failure. dvertising-authori • ad-hoc-advertising-authorized-ssid [enable|filter-ageout <1-806400> ]– zed-ssid | Ad-Hoc Advertising.
PAGE 559
Wireless Configuration Commands • fuzzing-invalid-managementframe| fuzzing-invalid-sequence-nu mber|identical-source-and-d estination-addresses| impersonation-attack-detect ed|invalid-8021x-frames| non-changing-wep-iv|replayinjection-attack| tkip-mic-counter-measures-c aused-by-station|transmittin g-device-using-invalid-mac| unauthorized-ap-using-autho rized-ssid |unencrypted-station-transm ission-detected] • • • • • • • • • • • • • 20 failures-reported-by-authentication-servers [enable {authorized|igno
PAGE 560
20 Wireless Configuration Commands • • • • reset-to-default 546 tkip-mic-counter-measures-caused-by-station [enable {authorized|ignored|unauthorized}|filter-out <1-86400>] – TKIP MIC Counter measures Caused by Station. transmitting-device-using-invalid-mac [enable {authorized|ignored|unauthorized}|filter-out <1-86400>] – Transmitting Device Using Invalid MAC. unauthorized-ap-using-authorized-ssid [enable {authorized|ignored|unauthorized}|filter-out <1-86400>] – Unauthorized AP Using Authorized SSID.
PAGE 561
Wireless Configuration Commands 20 wlan Wireless Configuration Commands Use this command to configure Wireless LAN related commands. Syntax wlan(<1-256>|WLAN) (80211-extensions| 802.
PAGE 562
20 Wireless Configuration Commands wlan<1-256> nac-mode [bypass-nac-except-include-list|do-nac-except-excludelist|none] wlan<1-256> nac-server wlan<1-256> nac-server radius-key (0|2|Shared wlan<1-256> nac-server [primary|secondary|timeout] [primary|secondary][A.B.C.
PAGE 563
Wireless Configuration Commands 20 Parameters [ <1-256> | WLAN] Select a single WLAN index. You also have the option of selecting a list (1,3,7) or range (3-7) of WLAN indices. 80211-extensions (move-command) (enable) Enables support for extensions to 802.11. • move-command – Enables support for the move-command (fast roaming). • enable – Enables the 802.11 extension. 80211w-pmf [optional|required|sa-query] 802.11w Protected Management Frames setting. • optional – MFP optional.
PAGE 564
20 550 Wireless Configuration Commands dot11i [handshake | key | key-rotation | key-rotation-interval | opp-pmk-caching | pmk-caching| preauthentication | second-key] Modifies tkip/ccmp (802.11i) related parameters. • handshake (timeout <100-5000>) (retransmit<1-10>) – Use a handshake to configure timeout and retransmission. • timeout<100-5000> – The timeout (in milliseconds) between retries. • retransmit<1-10> – The number of retransmission attempts. • key(0|2|WORD) – Configure the key (PMK).
PAGE 565
Wireless Configuration Commands hotspot((allow-list|allow-list | cache-ageout|connection-m ode| ntf-logout-port|query|redire ct-to-hostname| simultaneous-users|webpag e|webpage-location)) Modifies hotspot related parameters. • allow-eap – Allows EAP authentication in addition to web basedlogin. • allow-list (rule index) <1-32>(IP address) – Modifies hotspot allow-list parameters. Users who have not yet authenticated must be allowed access to these IP addresses.
PAGE 566
20 552 Wireless Configuration Commands max-flows-per-mu <1-10000> Maximum firewall flows per mobile-unit. • <1-10000> – Firewall flows. mobility (enable) Enables L3 Mobility on WLAN(s). mu-mu-disallow (switch-to-wired) Disallows frames from one MU to another MU on this WLAN. • switch-to-wired – Disallows switching the frame out on the wired side (to allow an external switch to decide whether this frame is allowed or dropped). nas-id The nas-id of this WLAN to send to radius server.
PAGE 567
Wireless Configuration Commands • • • • radius [accounting | authentication-protocol | dscp|dynamic-authorization | dynamic-vlan-assignment | mac-auth-format| mobile-unit | reauth | server] 20 aifsn – (Arbitration Inter Frame Spacing Number) The wait time (in milliSeconds) between data frames derived using AIFSN and the slot-time. cw – (Contention Window parameters) MU’s pick a number between 0 and the minimum contention window to wait before retrying transmissions.
PAGE 568
20 Wireless Configuration Commands • • • • • • • dynamic-authorization (enable) – Configures support for RADIUS dynamic authorization extensions (such as Disconnect Message) and Change-Of-Authorization, as described in RFC 3576. • enable – Enables support for RADIUS dynamic authorization. dynamic-vlan-assignment – Allows users to be assigned to RADIUS Server specified VLANs, instead of the VLAN mapped to the WLAN. • enable – Enables dynamic/RADIUS-assigned VLAN assignment.
PAGE 569
Wireless Configuration Commands 20 smart-scan-channel [WORD|add|remove] Specifies a list channels to Brocade clients to do smart scan. • WORD – A comma-separated list of channels. • add – Adds one or more channels to existing channel list. • remove – Removes one or more channels to existing channel list. ssid The SSID of this WLAN. storm-control [bcast|macast|ucast] Storm control • bcast (rate-limit <1-1000000>) – broadcast. • mcast (rate-limit <1-1000000>) – multicast.
PAGE 570
20 Wireless Configuration Commands RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 kdc server primary 1.2.3.4 auth-port 50000 RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 mobility enable RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 1 nac-mode bypass-nac-except-include-list RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 1 nac-server primary RFS7000(config-wireless)# 11.22.33.
PAGE 571
Wireless Configuration Commands 20 wlan-bw-allocation Wireless Configuration Commands Use this command to enable WLAN bandwidth allocation on all radios. Syntax wlan-bw-allocation (enable) Parameters enable Enables WLAN bandwidth allocation on all radios.
PAGE 572
20 558 Wireless Configuration Commands Brocade Mobility RFS7000-GR Controller CLI Reference Guide 53-1001945-01
PAGE 573
Chapter 21 RTLS Instance In this chapter • RTLS Config Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559 Use the (config-rtls) instance to configure Real Time Location System (RTLS) parameters. To navigate to this instance, use the command RFSwitch(config)#rtls RFSwitch(config-rtls)# RTLS Config Commands The following table summarizes config-rtls commands: TABLE 18 RTLS Configuration commands summary Command Description Ref.
PAGE 574
21 RTLS Config Commands aeroscout RTLS Config Commands Use this command to configure support for Aeroscout RTLS engine. Syntax aeroscout [enable|multicast-listen-addr] Parameters enable Enables and configures external Aeroscout RTLS engine multicast-listen-addr Configures multicast MAC address to which Aeroscout tags packets are destined • – Multicast MAC address.
PAGE 575
RTLS Config Commands 21 ap RTLS Config Commands Use this command to configures ap coordinates.
PAGE 576
21 RTLS Config Commands clear RTLS Config Commands Clears tags/assets information associated with aeroscout, mu and/or zone.
PAGE 577
RTLS Config Commands 21 clrscr RTLS Config Commands Use this command to clear the display screen.
PAGE 578
21 RTLS Config Commands end RTLS Config Commands Use this command to exit the current mode and change to the PRIV EXEC mode. The prompt changes to RFSwitch#.
PAGE 579
RTLS Config Commands 21 exit RTLS Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG).
PAGE 580
21 RTLS Config Commands help RTLS Config Commands Use this command to display the interactive help system for RTLS instance. Syntax help Parameters None Example RFSwitch(config-rtls)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
PAGE 581
RTLS Config Commands 21 ekahau RTLS Config Commands Syntax ekahau [enable|engine ip port|multicast-listen-addr] Parameters enable Enables and configures external ekahau RTLS engine engine ip C.D> port Configures the IP address and port number of the external ekahau RTLS engine • ip C.
PAGE 582
21 RTLS Config Commands no RTLS Config Commands Use this command to negate a RTLS command or set its defaults.
PAGE 583
RTLS Config Commands 21 RFSwitch(config-rtls)# RFSwitch(config-rtls)#no ekahau engine RFSwitch(config-rtls)# RFSwitch(config-rtls)#no service inventory 1 zone 1 RFSwitch(config-rtls)# Brocade Mobility RFS7000-GR CLI Reference Guide 53-1001945-01 569
PAGE 584
21 RTLS Config Commands reference-tag RTLS Config Commands Configures fixed RFID tag as reference tag and sets its coordinates within a specified location Syntax reference-tag rfid coordinates x <0-65535> y <0-65535> {[z<0-65535>]}{orientation [0|90|180|270]} {range <1-50>} Parameters rfid coordinates x <0-65535> y <0-65535> {[z <0-65535>]} {orientation [0|90|180|270]} {range <1-50>} Configures rfid tag as a reference tag • coordinates – Configures tag location • x <0-65535> – Configur
PAGE 585
RTLS Config Commands 21 service RTLS Config Commands Use this command to invoke service commands to troubleshoot or debug (config-rtls) instance configurations.
PAGE 586
21 RTLS Config Commands Parameters ap Access port coordinate configuration. • – Acces port MAC address. service filter <1-100> [action|length <1-128>|mask| memory-bank|name|offset<0-32>] Configures RFID tag filter • action [allow|deny] – Configures action for tag filter.
PAGE 587
RTLS Config Commands 21 show RTLS Config Commands Use this command to display current system information. Syntax show show rtls [aeroscout|espi|filter|ekahau|reference-tags| rfid|site|sole|tags|zone] Parameters ? Suffix ? to the parameter to view its options and their related configuration details. Usage Guidelines Use ? at the end of each option until the final configuration is displayed.
PAGE 588
21 RTLS Config Commands rtls Real Time Locating System commands running-config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections smtp-notifications Display SNMP engine parameters snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters spanning-tree Display spanning tree information startup-config Contents of startup configuration static-channel-group static channel group membership service-list List of services termin
PAGE 589
RTLS Config Commands 21 site RTLS Config Commands Use this command to configure RTLS site dimensions.
PAGE 590
21 RTLS Config Commands sole RTLS Config Commands Use this command to set Smart Opportunistic Location Engine (SOLE) related configuration commands. This command leads you to the (config-rtls-sole)# sub-instance. NOTE sole command instantiates (config-rtls-sole) sub-instance. For more details see SOLE Instance on page 579.
PAGE 591
RTLS Config Commands 21 switch RTLS Config Commands Use this command to configure the switch’s geographical location parameters. Syntax switch [coordinates|geo-coordinates] switch coordinates x <0-65535> y <0-65535> z <0-65535> switch geo-coordinates longitude <-180.00-80.00> latitude <-90.00 - 90.
PAGE 592
21 RTLS Config Commands zone RTLS Config Commands Configures the zone. Maximum of 16 zones can be configured for a site.
PAGE 593
Chapter 22 SOLE Instance In this chapter • SOLE Config Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579 Use the (config-sole) instance to configure SOLE related configuration commands. SOLE Config Commands The following table summarizes config-sole commands: TABLE 19 SOLE config commands Command Description Ref. aap-rssi-update-interv al Configures AAP probe packet interval.
PAGE 594
22 SOLE Config Commands aap-rssi-update-interval SOLE Config Commands Use this command to configure AAP probe packet interval. Syntax aap-rssi-update-interval <5-3600> Parameters <5-3600> Specifies the interval in seconds.
PAGE 595
SOLE Config Commands 22 clrscr SOLE Config Commands Use this command to clear the Display screen.
PAGE 596
22 SOLE Config Commands end SOLE Config Commands Use this command to end the current mode and change to EXEC mode.
PAGE 597
SOLE Config Commands 22 exit SOLE Config Commands Use this command to end current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000 (config)#. Syntax exit Parameters None.
PAGE 598
22 SOLE Config Commands help SOLE Config Commands Use this command to display the interactive help system for SOLE instance. Syntax help Parameters None Example RFS7000(config-rtls-sole)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
PAGE 599
SOLE Config Commands 22 locate SOLE Config Commands Use this command to invoke location commands. Syntax locate [aeroscout|ekahau |mobile-unit] locate aeroscout [enable|interval <5-3600>] locate ekahau [enable|interval <5-3600>] locate mobile-unit [] Parameters aeroscout [enable|interval <5-3600>] Locates aeroscout tags. ekahau [enable|interval <5-3600>] Locates ekahau tags.
PAGE 600
22 SOLE Config Commands mobile-unit SOLE Config Commands Use this command for mobile-unit configurations. Syntax mobile-unit (power-level <1-100> ) Parameters power-level <1-100> Specifies the mobile-unit power-level in dBm.
PAGE 601
SOLE Config Commands 22 no SOLE Config Commands Use this command to negate a SOLE command or set its defaults. Syntax no[aap-rssi-update-interval|locate|mobile-unit|redundancy|rssi-filter] Parameters aap-rssi-update-interval Negates AAP probe packet interval configurations. locate [aeroscout|ekahau |mobile-units] Negates locationing. aeroscout –Locates aeroscout tags. ekahau – Locates ekahau tags. mobile-units – Locates specified mobile-unit.
PAGE 602
22 SOLE Config Commands redundancy SOLE Config Commands Use this command to invoke SOLE redundancy commands. Syntax redundancy (enable) Parameters enable Enables redundancy.
PAGE 603
SOLE Config Commands 22 rssi-filter SOLE Config Commands Use this command to filter rssi values below this threshold.
PAGE 604
22 SOLE Config Commands service SOLE Config Commands Use this command to invoke service commands to troubleshoot or debug (config-sole) instance configurations.
PAGE 605
SOLE Config Commands 22 show SOLE Config Commands Use this command to display current system information. Syntax show Parameters ? Suffix ? to the parameter to view its options and their related configuration details.
PAGE 606
22 SOLE Config Commands service-list List of services sessions Display current active open connections smtp-notification Display SNMP engine parameters snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters spanning-tree Display spanning tree information startup-config Contents of startup configuration static-channel-group static channel group membership terminal Display terminal configuration parameters timezone Display timezone traffic-shape Display traffic shaping upgrade-status
PAGE 607