RFS7000 Series RF Switch CLI Reference Guide
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners. © Motorola, Inc. 2007. All rights reserved.
About This Guide This preface introduces the RFS7000 Series CLI Reference Guide and contains the following sections: • • • • Who Should Use this Guide How to Use this Guide Conventions Used in this Guide Motorola Service Information Who Should Use this Guide The RFS7000 Series CLI Reference Guide is intended for system administrators responsible for the implementing, configuring, and maintaining the RFS7000 using the switch command line interface (CLI).
iv RFS7000 Series CLI Reference Guide Table 1 Quick Reference on How This Guide Is Organized (Continued) Chapter Jump to this section if you want to... Chapter 9, “Extended ACL Instance” Summarizes the (config-ext-nacl) commands within the RFS7000 Switch CLI. Chapter 10, “Standard ACL Instance” Summarizes the (config-std-nacl) commands within the RFS7000 Switch CLI. Chapter 11, “Extended MAC ACL Instance” Summarizes the (config-ext-macl) commands within the RFS7000 Switch CLI.
v Notational Conventions The following notational conventions are used in this document: • Italics are used to highlight specific items in the general text, and to identify chapters and sections in this and related documents. Bullets (•) indicate: • action items • lists of alternatives • lists of required steps that are not necessarily sequential • • Sequential lists (those describing step-by-step procedures) appear as numbered lists. Table 1-1.
vi RFS7000 Series CLI Reference Guide Motorola Service Information Use the Motorola Support Center as the primary contact for any technical problem, question, or support issue involving Motorola products. Motorola Support Center responds to calls by email, telephone or fax within the time limits set forth in individual contractual agreements: Telephone (North America): 1-800-653-5350 Telephone (International): +1-631-738-6213 Fax: (631) 738-5410 Email: http://www.symbol.
vii Motorola, Inc. End-User License Agreement BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE DESCRIBED IN THIS DOCUMENT, YOU OR THE ENTITY OR COMPANY THAT YOU REPRESENT ("LICENSEE") ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS LICENSE AGREEMENT ("AGREEMENT"). LICENSEE'S USE OR CONTINUED USE OF THE DOWNLOADED OR INSTALLED MATERIALS SHALL ALSO CONSTITUTE ASSENT TO THE TERMS OF THIS AGREEMENT.
viii RFS7000 Series CLI Reference Guide 5. 6. 7. 8. conditions of this EULA. With respect to technical information you provide to Licensor as part of any Support Services, Licensor may use such information for its business purposes, including for product support and development. Licensor will not utilize such technical information in a form that personally identifies Licensee. TERMINATION. Either party may terminate this Agreement at any time, with or without cause, upon written notice.
ix 9. INDEMNITY. Licensee agrees that Licensor shall have no liability whatsoever for any use Licensee makes of the Software. Licensee shall indemnify and hold harmless Licensor from any claims, damages, liabilities, costs and fees (including reasonable attorney fees) arising from Licensee's use of the Software as well as from Licensee's failure to comply with any term of this Agreement. 10. FAULT TOLERANCE.
x RFS7000 Series CLI Reference Guide
Contents About This Guide Chapter 1. Introduction CLI Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting Context Sensitive Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the no and default forms of Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . Basic Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xii RFS7000 Series CLI Reference Guide logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . mac-address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . mobility . . . . .
xiii logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8 page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11 Chapter 4.
xiv RFS7000 Series CLI Reference Guide boot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . country-code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . crypto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xv Chapter 7. interface Instance Interface Config commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 clrscr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xvi RFS7000 Series CLI Reference Guide service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-19 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-20 terminal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-22 Chapter 10. Standard ACL Instance Standard ACL Config Commands . . . . . . . . . . . . . . . . . . . . .
xvii host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . lease . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . netbios-name-server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . netbios-node-type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . network. . . . . . . . . . . . . . . . . . . . . . . . . . .
xviii RFS7000 Series CLI Reference Guide Chapter 14. Wireless Instance Wireless Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 adopt-unconf-radio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 adoption-pref-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4 ap-detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Introduction This chapter describes the commands defined by the RFS7000 Series Command Line Interface (CLI). Access the CLI by running a terminal emulation program on a computer connected to the serial port at the front of the switch, or by using telnet or secure shell (ssh) to access the switch over the network. The default cli user is cli. The default username and password is admin and superuser, respectively. 1.1 CLI Overview The CLI is used for configuring, monitoring, and maintaining Motorola devices.
1-2 Overview To access commands, enter the PRIV EXEC mode, which is the second level of access for the EXEC mode. In the PRIV EXEC mode, enter any EXEC command. The PRIV EXEC mode is a superset of the USER EXEC mode. Most of the USER EXEC mode commands are one-time commands and are not saved across reboots of the switch. For example, show command displays the current configuration and clear command clears the counter or interface. Enter GLOBAL CONFIG mode from PRIV EXEC mode.
1-3 Table 1.1 CLI Context Hierarchy for RFS7000 User Exec Mode Priv Exec Mode Global Configuration Mode exit interface help ip kill license logout line mkdir logging more mac no management page no ping ntp pwd prompt quit radius-server reload redundancy rename service rmdir show service snmp-server show spanning-tree telnet timezone terminal username traceroute vlan upgrade wireless upgrade-abort wlan-acl write 1.
1-4 Overview Use any of the following commands to get help specific to a command mode, command name, keyword or argument: Command Description (prompt)# help Displays a brief description of the help system. (prompt)# abbreviated-command-entry ? Lists commands in the current mode that begin with a particular character string. (prompt)# abbreviated-command-entry Completes a partial command name. (prompt)# ? Lists all commands available in the command mode.
1-5 1. Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. 'show ve?'.) RFS7000> 1.3 Using the no and default forms of Commands Almost every configuration command has a no form. In general, use the no form to disable a feature or function.
1-6 Overview 1.5 Using CLI Editing Features and Shortcuts A variety of shortcuts and editing features are enabled for the CLI. The following sections describe these features: • Moving the Cursor on the Command Line • Completing a Partial Command Name • Deleting Entries • Re-displaying the Current Command Line • Transposing Mistyped Characters • Controlling Capitalization 1.5.1 Moving the Cursor on the Command Line Table 1.
1-7 Keystrokes Function Summary Function Details Ctrl-N Gets the next command from history. Esc-C Converts the rest of word to uppercase. Esc-L Converts the rest of word to lowercase. Esc-D Deletes the remainder of word. Ctrl-W Deletes a word up to the cursor. Ctrl-Z Enters the command and retursn to the root prompt. Ctrl-L Refreshes the input line. 1.5.
1-8 Overview 1.5.3 Deleting Entries Use any of the following keystrokes to delete command entries: Keystrokes Purpose Backspace Deletes the character to the left of the cursor. Ctrl-D Deletes the character at the cursor. Ctrl-K Deletes all characters from the cursor to the end of the command line. Ctrl-W Deletes the word up to the cursor. Esc, D Deletes from the cursor to the end of the word. 1.5.
1-9 1.5.7 Controlling Capitalization CLI commands are generally case-insensitive, and are typically in lowercase. To change the capitalization of the commands, use any of the following key sequences: Keystrokes Purpose Esc, C Capitalizes the letters at the right of cursor. Esc, L Changes the letters at the right of cursor to lowercase.
1-10 Overview
Common Commands This chapter explains the common CLI commands used amongst the USER EXEC and PRIV EXEC modes. The PRIV EXEC command set contains the commands available in USER EXEC mode, some commands can be entered in either mode. Commands entered in either USER EXEC mode or PRIV EXEC mode are referred to as EXEC mode commands. If the user or privilege is not specified, the referenced command can be entered in either mode.
2-2 Overview 2.1 Common Commands Table 2.1 summarizes commands common amongst many switch contexts and instance. Table 2.1 Common commands amongst most contexts Command Description Ref. clrscr Clears the display screen. page 2-3 debug Debugging functions. page 2-4 exit Ends the current mode and moves down to the previous mode. page 2-10 help Describes the interactive help system. page 2-11 no Negates a command or set defaults. page 2-12 service Service commands.
2-3 2.1.1 clrscr Common Commands Use this command to clear the screen displaying and refresh the prompt (#). Syntax clrscr Parameters None.
2-4 Overview 2.1.2 debug Common Commands Use this command to debug certificate management, ip, mobility and MSTP functionalities.
2-5 Parameters (Priv Mode) all Enables debugging. Cell controller (wireless) debugging messages. cc [access-port|all|al tap-detect| • access-port – Access port logs. capwap| • all – All modules. cluster|config|dot11|eap| • alt – Address lookup logs. ids|kerberos| l3-mob|media|mobile• ap-detect – Rogue AP detection logs. unit|radio|radius| • capwap – Capwap logs. self-heal|snmp| system|wips|wisp] • cluster – Cluster related logs. (debug|err|info|warn) • config – Configuration change logs.
2-6 Overview dhcpsvr [all|error|info] imi [all|cli-client| cli-server|errors|init|ntp] ip [https|ssh] logging [all|errors|init|monitor| subagent] mgmt [all|debug|err|info|sys| warning] DHCP Conf Serv er Debugging Messages. • all – Traces error and info messages from the DHCP Conf Server. • error – Traces error messages from the DHCP Conf Server. • info – Traces informational messages from the DHCP Conf Server. Integrated Management Interface. • all – All debugging.
2-7 mobility [all|cc|error|forwarding | mu|packet|peersystem] L3 Mobility. • all – All debugging (except "forwarding"). • cc – ccserver events. • error – Error. • forwarding – Dataplane forwarding. • mstp [all|cli|packet|protocol| timer] – MAC address of the mobbile unit. • mu – MU events and state changes. • packet – Control Packets. • peer – Peer establishment. • system – System events. Multiple Spanning Tree Protocol (MSTP).
2-8 Overview radius [all|err|info|warn] redundancy [all|ccmsg|config|errors| general|heartbeats|init| packets|proc|shutdown| states|subagent|timer| warnings] securitymgr [all|debug|error|ikeerror| ipsec|pmdebug|pmerror] RADIUS server debugging messages. • all – Traces all messages from the RADIUS server. • err – Traces error messages from the local RADIUS server. • info – Traces error, warning and informational messages from the RADIUS server.
2-9 Example RFS7000#debug cc all RFS7000#configure t Enter configuration commands, one per line. End with CNTL/Z. RFS7000(config)#logging console 7 RFS7000(config)#Mar 15 15:41:47 2008: CC: cluster: portal unadopted. portal count now: 7 Mar 15 15:41:47 2008: CC: cluster: tx-to-wccp ap: 4, radio: 7, mu: 0, rogue: 0, sheal: 0, max-ap: 256 Mar 15 15:41:47 2008: CC: cluster: portal unadopted.
2-10 Overview 2.1.3 exit Common Commands Use this command to end the current mode and move to the previous mode. Syntax exit Parameters None.
2-11 2.1.4 help Common Commands Use this command to get access to the advanced help feature. Use “?” anytime at the command prompt to get access to the help topic. Two styles of help are provided: 1. Full help is available when ready to enter a command argument and describe each possible argument. There is a space between the command and ?, (e.g. 'show ?') . 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input.
2-12 Overview 2.1.5 no Common Commands Use this command to either negate a command or set its defaults. Syntax no Parameters None. Example RFS7000(config)#no ? access-list Internet Protocol (IP) autoinstall autoinstall configuration command banner Reset login banner to nothing bridge Bridge group commands country-code Clear the currently configured country code.
2-13 2.1.6 service Common Commands Use this command to service/debug the RFS7000 Switch. Syntax (User Exec) service [diag|encrypt|locator|save-cli|show] service diag [enable|identify|limit|period <100-30000>|watchdog] service diag limit [buffer(128|128k|16k|1k|256|2k|32|32k|4k|512|64|64k|8k)<065535> | fan <1-3>|filesys (etc2|flash|var)| inodes (etc2|flash|var)|load (1|15|5)|maxFDs <0-32767>| pkbuffers <0-65535>|procRAM < 0.0-100.0>|ram <0.0-25.
2-14 Overview filesys (etc2|flash|var) inodes (etc2|flash|var) load (1|15|5) Use this parameter to set the file system freespace limit. Select the freespace limit for the following sub context: • etc2 • flash • ram File system inode limit. Select the freespace limit for the following sub context: • etc2 • flash • ram Configures the aggregate processor load. Select from the following submodes: • 1 – Aggregate processor load during the previous minute.
2-15 show {cli| command-history| crash-info| diag|info|memory| process| reboot-history| startup-log| upgrade-history} Displays the running system information. • cli – Shows CLI tree of current mode. • command-history – Displays a command (except show commands) history. • crash-info – Displays information about core, panic and access port dump files. • diag – Diagnostics. • info – Shows snapshot of available support information. • memory – Shows memory statistics.
2-16 Overview Parameters (Priv Exec mode only) clear [all|aplogs|clitree|cores| dumps|panics| pm (statistics|sys-restartcount)| securitymgr (flows) [<0-349>|WORD| all|fe|ge|sa|tunnel|vlan]] copy (tech-support) [FILE|URL] Resets different functions. • all – Removes all core, dump and panic files. • aplogs – Removes all ap log files. • clitree – Removes clitree.html (created by the save-cli command). • cores – Removes all core files. • dumps – Removes all dump files.
2-17 encrypt (secret) <2> LINE Encrypt passwords with secret phrase, using a SHA256-AES256 type of encryption. securitymgr [dumpcore|enable-http-stats] Securitymgr parameters. show [cli|commandhistory|crash-info| diag|info|last-passwd| memory|pm|process| reboot-history| securitymgr|startup-log| upgrade-history|wireless] wireless [clear-ap-log <1-256>| dump-core |dump-state| map-radios <1-127>| rate-scale|request-ap-log <1-256>|save-ap-log] • dump-core – Create a core file of the securitymgr process.
2-18 Overview Parameters(Global Config) advanced-vty Enables advanced mode vty interface. dhcp Enables the DHCP server service. password-encryption (secret)2 LINE Encrypts passwords. pm (max-sys-restarts <1-5> | sys-restart) • secret (2) – Encrypts passwords with secret phrase, using SHA256AES256 encryption. • LINE – Enter a passphrase for encryption. Process Monitor. • max-sys-restarts <1-5> – Maximum number a process monitor must restart the system due to a failed processes.
2-19 RFS7000#service diag limit buffer ? 128 128 byte buffer limit 128k 128k byte buffer limit 16k 16k byte buffer limit 1k 1k byte buffer limit 256 256 byte buffer limit 2k 2k byte buffer limit 32 32 byte buffer limit 32k 32k byte buffer limit 4k 4k byte buffer limit 512 512 byte buffer limit 64 64 byte buffer limit 64k 64k byte buffer limit 8k 8k byte buffer limit RFS7000#service diag limit buffer 32k ? <0-65535> buffer usage warning limit 0-65535 RFS7000#service diag limit buffer 32k 4096 RFS7000#servic
2-20 Overview RFS7000#service diag limit ram 20 RFS7000#service diag limit routecache ? <0-65535> limit from 0-65535 RFS7000#service diag limit routecache 10240 RFS7000#service diag limit temperature ? <1-8> temperature sensor number RFS7000#service diag period ? <100-30000> Diagnostics period <100-30000> default 1000 milliseconds RFS7000#service diag period 20000 RFS7000#service save-cli /usr/scripts/genclitree.sh: /usr/scripts/genclitree.sh: 15: eth: not found CLI command tree is saved as clitree.html.
2-21 RFS7000>service show crash-info Coredump files: Name Size Date & Time ============================================= imish_8990_200B.core.gz 299.5k Aug 31 23:50 RFS7000> RFS7000>service show info 4.0M out of 4.0M available for logs. 9.7M out of 11.4M available for history. 16.1M out of 18.6M available for crashinfo. List of Files: imish_8990_200B.core.gz messages.log snmpd.log startup.log command.history reboot.history upgrade.history 299.5k 200 316 16.5k 9.6k 2.
2-22 291 375 279 430 1370 346 340 Overview S S S S S S S 1676 1672 1636 1636 1512 1448 1308 1 1 1 1 1 1 279 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.6 0.6 0.6 0.6 0.5 0.5 0.5 logd wccpd pmd stunnel sshd mobd fileXferd.................
2-23 RFS7000> service show upgrade-history Configured size of upgrade history is 50 Date & Time Old Version New Version Status ===================================================================== Aug 29 18:30:43 2006 3.0.0.0-180B 3.0.0.0-200B Successful Aug 17 15:07:03 2006 3.0.0.0-17872X 3.0.0.0-180B Successful Aug 11 19:29:41 2006 3.0.0.0-170B 3.0.0.0-17872X Successful Aug 11 19:28:52 2006 3.0.0.0-170B 3.0.0.0-170B Unable to get update file. tftp: server says: File not found Aug 09 17:30:25 2006 3.0.0.
2-24 Overview 2.1.7 terminal Common Commands Use this command to set the length /number of lines displayed on the terminal window. Syntax terminal[length <0-512>|no(length <0-512>|width)|width <0-512> ] Parameters length Sets the number of lines on a screen. no Negates a command or sets its defaults. width Sets the width/number of characters on a screen line.
2-25 2.2 show Common Commands This command displays the settings for the specified system component. There are a number of ways to invoke the show command: • Invoked without any arguments, show displays information about the current context. If the current context contains instances, then show command (usually) displays a list of these instances. • Invoked with the display_parameter, it displays information about that component.
2-26 Overview Display Parameters Description Mode Example redundancy-history Displays the switch state transition history. Common page 2-54 redundancymembers Displays redundancy group members in detail. Common page 2-55 snmp Displays SNMP engine parameters. Common page 2-56 snmp-server Displays SNMP engine parameters. Common page 2-57 spanning-tree Displays spanning-tree information. Common page 2-59 static-channel-group Displays the contents of static channel group membership.
2-27 Display Parameters Description Mode Example ftp Displays the FTP Server configuration. Privilege/Global Config page 2-82 passwordencryption Displays the password’s encryption settings. Privilege/Global Config page 2-83 running-config Displays the current operating configuration. Privilege/Global Config page 2-84 securitymgr Displays debug info for ACL, VPN and NAT. Privilege/Global Config page 2-87 sessions Displays active open (current) connections.
2-28 Overview 2.2.1 autoinstall Common to all modes Syntax show autoinstall Parameters None.
2-29 2.2.2 banner Common to all modes Syntax show banner Parameters motd Enters the Message of the Day banner.
2-30 Overview 2.2.3 commands Common to all modes Syntax RFS7000>show commands Parameters None.
2-31 no page no service diag enable no service diag period no service diag watchdog no service locator p page (exit|logout|quit) show autoinstall show autoinstall status show banner motd show commands show debugging show debugging mstp show environment show history .....................................................
2-32 Overview 2.2.4 debugging Common to all modes Syntax show debugging (mstp) Parameters mstp Displays information related to the Multiple Spanning Tree Protocol (MSTP).
2-33 2.2.5 environment Common to all modes Syntax show environment Parameters None. Example RFS7000>show environment upwind of CPU CPU die left side by FPGA front right front left fan 1 fan 2 fan 3 RFS7000> temperature temperature temperature temperature temperature temperature fan fan fan : : : : : : : : : 30.0 53.0 30.0 29.0 27.0 27.
2-34 Overview 2.2.6 history Common to all modes Syntax show history Parameters None.
2-35 2.2.7 interfaces Common to all modes Syntax show interfaces [|fe|ge <1-4>|sa <1-4>| switchport(|fe|ge|sa|tunnel|vlan)|tunnel <1-32>|vlan <1-4094>] Parameters IFNAME Interface name. fe FastEthernet interface. ge <1-4> GigabitEthernet interface. Select an index value between 1- 4. sa <1- 4> StaticAggregate interface. Select an index value between 1- 4. switchport () Status of Layer2 interfaces. Select from the following L2 interfaces: • fe – FastEthernet interface.
2-36 Overview Speed: Admin Auto, Operational Unknown, Maximum 1G Duplex: Admin Auto, Operational Unknown Active Medium: Unknown Switchport Settings: Mode: Access, Access Vlan: 1 input packets 0, bytes 0, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 0, bytes 0, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 RFS7000(config)# RFS7000(config)#show interfaces switchport fe Interface fe Switchport Settings: Mo
2-37 2.2.8 ip Common to all modes Syntax show ip [access-group (IFNAME | eth <1-2> | vlan <1-4094>) | access-list |arp | ddns(binding)| dhcp (binding|pool)| dhcp-vendor-options | domain-name | http(secure-server|server)| interface(IFNAME|brief|tunnel|vlan) | name-server | nat (interfaces|translations[inside|outside][destination|source])| route(A.B.C.D|A.B.C.
2-38 Overview IFNAME Interface name. brief Brief summary of IP status and configuration. tunnel Tunnel interface. vlan VLAN interface. name-server DNS nameservers. nat ( ) Network Address Translation (NAT). • interfaces – NAT Configuration on Interfaces. • translations – NAT translations. • inside|outside (destination|source). route IP routing table. A.B.C.D Displays the network in the IP routing table. A.B.C.D/M IP prefix /, e.g., 35.0.0.0/8.
2-39 vlan1 vlan3 RFS7000(config)# 157.235.208.69(DHCP) unassigned up up administratively down down 2. The above instance may occur when a DHCP interface is disconnected. DHCP is not effected because it runs on a virtual interface and not on the physical interface. In this case, it is the physical interface that is disconnected not the virtual interface.
2-40 Overview RFS7000#show ip domain-name IP domain-lookup : Enable Domain Name : symbol.com RFS7000#show ip http server HTTP server: Running Config status: Enabled RFS7000#show ip http secure-server HTTP secure server: Running Config status: Enabled Trustpoint: default-trustpoint RFS7000#show ip interface brief Interface IP-Address Status vlan1 157.235.208.
2-41 2.2.9 ldap Common to all modes Syntax show ldap(configuration(primary|secondary)) Parameters ldap LDAP server. configuration LDAP server configuration parameters. primary Primary LDAP server. secondary Secondary LDAP server. Example RFS7000(config-radsrv)#show ldap configuration LDAP Server Config Details __________________________ Primary LDAP Server configuration IP Address : 10.10.10.
2-42 Overview 2.2.10 licenses Common to all modes Syntax show licenses Parameters None.
2-43 2.2.11 logging Common to all modes Syntax show logging Parameters None. Example RFS7000(config)#show logging Logging module: enabled Aggregation time: disabled Console logging: level debugging Monitor logging: disabled Buffered logging: level informational Syslog logging: disabled Log Buffer (3840 bytes): Feb 19 22:25:28 2007: %NSM-6-DHCPIP: Interface fe acquired IP address 157.235.208.122/24 via DHCP Feb 19 21:33:09 2007: %KERN-6-INFO: fe: Setting full-duplex based on negotiated link capability..
2-44 Overview 2.2.12 mac Common to all modes Syntax show mac(access-list) Parameters access-list Lists MAC access lists.
2-45 2.2.13 mac-address-table Common to all modes Syntax show mac-address-table Parameters None. Example RFS7000#show bridge 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 RFS7000# mac-address-table VLAN port mac fwd timeout 2 ifindex 0 0090.2762.c786 1 0 2 ifindex 0 0014.85a0.ebc4 1 0 2 ifindex 0 0008.7493.8134 1 0 2 ifindex 0 0008.c7eb.070b 1 0 2 ifindex 0 000d.56d1.742c 1 0 2 ifindex 0 000e.0c6e.ade7 1 0 5 ifindex 0 00a0.f8ea.4c99 1 0 2 ifindex 0 0080.a366.d7b6 1 0 2 ifindex 0 0011.2599.
2-46 Overview 2.2.14 management Common to all modes Syntax show management Parameters None.
2-47 2.2.15 mobility Common to all modes Syntax show mobility [event-log|forwarding|global|mobile-unit|peer|statistics] show show show show show mobility mobility mobility mobility mobility event-log [mobile-unit|peer] forwarding (AA-BB-CC-DD-EE-FF) mobile-unit [|detail] peer [|detail] statistics Parameters event-log forwarding Displays mobility event logs . • mobile-unit – MU event logs. • peer – Peer event logs.
2-48 Overview 09/14 19:17:52 157.235.208.134 09/14 19:17:51 157.235.208.16 09/14 19:17:51 157.235.208.16 09/14 19:17:50 157.235.208.16 IP-UPD-MU n/a 00-0f-3d-e9-a6-54 157.235.208.16 157.235.208.16 ADD-MU n/a 00-0f-3d-e9-a6-54 157.235.208.16 DEL-MU n/a 00-0f-3d-e9-a6-54 157.235.208.16 ADD-MU n/a 00-0f-3d-e9-a6-54 157.235.208.
2-49 2.2.16 ntp Common to all modes Syntax show ntp (association (detail)|status) Parameters ntp Network time protocol. association NTP associations. detail Displays NTP association details. status Displays NTP status. Example RFS7000>show ntp associations address ref clock st when poll reach delay offset disp * master (synced), # master (unsynced), + selected, - candidate, ~ configured RFS7000>(config)# RFS7000(config)#show ntp status Clock is synchronized, stratum 0, actual frequency is 0.
2-50 Overview 2.2.17 privilege Common to all modes Syntax show privilege Parameters None.
2-51 2.2.18 radius Common to all modes Syntax show radius [configuration|eap(configuration)|group|nas( A.B.C.D/M)|proxy| raduser|trust-point] Parameters radius RADIUS configuration commands. configuration RADIUS server configuration parameters. eap (configuration) EAP parameters and configuration. group RADIUS group configuration. nas (A.B.C.D/M) Enter a client IP address and mask. proxy Proxy information. rad-user RADIUS user information. trust-point RADIUS trust-point configuration.
2-52 Overview 2.2.19 redundancy-group Common to all modes Syntax show redundancy-group [config|runtime] Parameters config Displays redundancy group information. runtime Displays runtime redundancy group information. Example RFS7000(config)#show redundancy-group config Redundancy Group Configuration Detail Redundancy Feature : Disabled Redundancy group ID : 1 Redundancy Mode : Primary Redundancy Interface IP : 0.0.0.
2-53 Redundancy Group Runtime Information Redundancy Protocol Version Redundancy Group License Cluster AP Adoption Count Switch AP Adoption Count Redundancy State Radio Portals adopted by Group Radio Portals adopted by this Switch Rogue APs detected in this Group Rogue APs detected by this Switch MUs associated in this Group MUs associated in this Switch Selfhealing RPs in this Group Selfhealing APs in this Switch Group maximum AP adoption capacity Switch Adoption capacity Established Peer(s) Count Redunda
2-54 Overview 2.2.20 redundancy-history Common to all modes Syntax show redundancy-history Parameters None.
2-55 2.2.21 redundancy-members Common to all modes Syntax show redundancy-members (A.B.C.D) Parameters A.B.C.D IP address of the member switch. Example RFS7000(config)#show redundancy-members brief Member ID (Self) Member State : 10.10.10.10 : Not Applicable Member ID Member State : 10.10.10.
2-56 Overview 2.2.22 snmp Common to all modes Syntax show snmp [user(snmpmanager|snmpoperator|snmptrap)] Parameters user Displays the SNMP user. snmpmanager Shows manager information. snmpoperator Shows operator information. snmptrap Shows trap information.
2-57 2.2.23 snmp-server Common to all modes Syntax show snmp-server[traps(wireless-statistics( mobile-unit | radio | wireless-switch | wlan))] Parameters traps Displays trap enabled flags. wireless-statistics Displays wireless-stats rate traps. mobile-unit Displays mobile unit rate traps. radio Displays radio rate traps. wireless-switch Displays switch rate traps. wlan Displays WLAN rate traps.
2-58 Overview tput-greater-than avg-bit-speed-less-than avg-signal-less-than nu-percent-greater-than gave-up-percent-greater-than avg-retry-greater-than undecrypt-percent-greater-than RFS7000> disabled disabled disabled disabled disabled disabled disabled RFS7000>show snmp-server traps wireless-statistics radio pktsps-greater-than disabled tput-greater-than disabled avg-bit-speed-less-than disabled avg-signal-less-than disabled nu-percent-greater-than disabled gave-up-percent-greater-than disabled avg-r
2-59 2.2.24 spanning-tree Common to all modes Syntax show spanning-tree mst [config|detail (interface){|fe|ge <1-4>|sa <1-4>|tunnel <1-32> |vlan <14094>}|instance <1-15>(interface){|fe|ge <1-4>|sa <1-4>|tunnel <1-32> |vlan <1-4094>}] Parameters config Displays MSTP configuration information. detail (interface) {|fe|ge <1-4>| sa <1-4>|tunnel <1-32> | vlan <1-4094>} Displays detailed interface information.
2-60 Overview % ge1: % ge1: % ge1: % ge1: % ge1: % ge1: % ge1: % ge1: % ge1: % ge1: % ge1: % ge1: % ge1: % ge1: % RFS7000> Configured Path Cost 200000 - Add type Explicit ref count 1 Designated Port Id 87d1 - CST Priority 128 CIST Root 800000157037fbef Regional Root 800000157037fbef Designated Bridge 800000157037fbef Message Age 0 - Max Age 20 CIST Hello Time 2 - Forward Delay 15 CIST Forward Timer 0 - Msg Age Timer 0 - Hello Timer 0 Version Multiple Spanning Tree Protocol - Received None - Send MSTP Por
2-61 2.2.25 static-channel-group Common to all modes Syntax show static-channel-group Parameters None.
2-62 Overview 2.2.26 terminal Common to all modes Syntax show terminal Parameters None.
2-63 2.2.27 timezone Common to all modes Syntax show timezone Parameters None.
2-64 Overview 2.2.28 users Common to all modes Syntax show users Parameters None.
2-65 2.2.29 version Common to all modes Syntax show version (verbose) Parameters verbose Displays software and hardware details. Example RFS7000(config)#show version RFS7000 version 1.0.0.0-228D MIB=01a Copyright (c) 2006 Symbol Technologies, Inc. Booted from primary. Switch uptime is 0 days, 5 hours 50 minutes CPU is RMI Phoenix V0.4 255188 kB of on-board RAM RFS7000(config)# RFS7000(config)#show version verbose RFS7000 version 1.0.0.0-228D MIB=01a Copyright (c) 2006 Symbol Technologies, Inc.
2-66 Overview 2.2.
2-67 Parameters ap Status of adopted access port. <1-48> The index of the access port. AA-BB-CC-DD-EE-FF The MAC address of a access port. ap-detection-config Detected AP configuration parameters. ap-images Lists the access port images on the switch. ap-unadopted Lists unadopted access ports. approved-aps Approved APs seen by access port scans. channel-power List of available channel and power levels for a radio. 11a Radio is 802.11a. 11b Radio is 802.11b. 11bg Radio is 802.11bg.
2-68 Overview statistics Mobile unit rf statistics. wlan Show mobile units associated to this WLAN. • – A WLAN index between 1 to 256. phrase-to-key Displays the WEP keys generated by a passphrase. wep128 Displays WEP128 keys. wep64 Displays WEP64 keys. qos-mapping Quality of Service mappings used for mapping WMM access categories and 802.1p / DSCP tags. wired-to-wireless Mappings used when traffic is switched from wired to the wireless side.
2-69 wlan Wireless LAN related parameters. config WLAN configuration. <1-256> A WLAN index <1-256>. all All WLANs in configuration. enabled Only WLANs currently enabled. statistics WLAN statistics. <1-256> A WLAN index <1-256>.
2-70 Overview RFS7000>show wireless hotspot-config WLAN: 1 status: disabled description: WLAN1 ssid: 101 Page-Location: simple Internal Pages Page-type : login Title : Login Page Header : Network Login Description : Please enter your username and password Footer : Contact the network administrator if you do not have an account Image URL main: Image URL small: Page-type : welcome Title : Authentication success. Header : Authentication Success. Description : You now have network access.
2-71 eap-starts null-destination same-source-destination multicast-source weak-wep-iv tkip-countermeasures invalid-frame-length RFS7000> : : : : : : : disabled disabled disabled disabled disabled disabled disabled 60 60 60 60 60 60 60 Sec Sec Sec Sec Sec Sec Sec RFS7000>show wireless mac-auth-local 50 RFS7000> RFS7000>show wireless mobile-unit statistics % Error: None of the mobile-units are associated!!
2-72 Overview 2.2.31 wlan-acl Common to all modes Syntax show wlan-acl [<1-256>|all] Parameters <1-256> Displays ACLs attached to the specified WLAN ID. all Displays ACLs attached to the WLAN port.
2-73 2.2.32 access-list Priviledge / Global Config This command lists all the access lists (numbered and named) configured on the switch. The numbered access list displays all numbered ACLs. The named access-list displays the details of the name ACL. Syntax show access-list show access-list (<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD) Show access-list Parameters <1-99> IP standard access list. <100-199> IP extended access list. <1300-1999> IP standard access list (expanded range).
2-74 Overview 2.2.33 aclstats Priviledge / Global Config This command displays the statisitcs of all the access lists configured on the switch. Syntax aclstats [|fe|ge <1-4>|sa <1-4>|tunnel <1-32>|vlan <1-4094>] Parameters IFNAME Interface name. fe FastEthernet interface. ge <1-4> GigabitEthernet interface. Select an index value between 1-4. sa <1- 4> StaticAggregate interface.Select an index value between 1-4. tunnel <1-32> Tunnel interface. Select from an index value between 1-32.
2-75 2.2.34 alarm-log Priviledge / Global Config Syntax show alarm-log ( <1-65535>| acknowledged | all | count | new | severity-to-limit( critical |informational | major | normal | warning)) Parameters <1-65535> Displays details for specific alarm Id. acknowledged Displays acknowledged alarms currently in the system. all Displays all alarms currently in the system. count Displays count of alarms currently in the system. new Displays new alarms currently in the system.
2-76 Overview 2.2.35 boot Priviledge / Global Config Syntax show boot Parameters None. Example RFS7000#show boot Image ----Primary Secondary Build Date -------------------Feb 05 20:27:25 2007 Jan 19 06:41:09 2007 Current Boot Next Boot Software Fallback RFS7000# : Primary : Primary : Enabled Install Date -------------------Feb 13 19:29:28 2007 Jan 23 20:14:19 2007 Version -------------1.0.0.0-228D 1.0.0.
2-77 2.2.36 clock Priviledge / Global Config Syntax show clock Parameters None.
2-78 Overview 2.2.37 debugging Priviledge / Global Config Syntax show debugging (mstp) Parameters mstp Displays MSTP debugging information.
2-79 2.2.38 dhcp Priviledge / Global Config Use this command to display DHCP Server configurations. Syntax show dhcp [config|status] Parameters config Displays DHCP server configuration. status Displays whether the DHCP server is running or not. Example RFS7000#show dhcp config service dhcp ! ip dhcp pool vlan63 default-router 192.168.157.2 network 192.168.63.0/24 address range 192.168.63.20 192.168.63.
2-80 Overview 2.2.39 environment Privilege / Global Config Syntax show environment Parameters None. Example RFS7000#show environment upwind of CPU CPU die left side by FPGA front right front left fan 1 fan 2 fan 3 RFS7000# temperature temperature temperature temperature temperature temperature fan fan fan : : : : : : : : : 33.0 62.0 31.0 30.0 28.0 29.
2-81 2.2.40 file Privilege / Global Config Syntax show file (information (FILE)| systems) Parameters information (FILE) Displays information on FILE. systems Lists filesystems.
2-82 Overview 2.2.41 ftp Privilege / Global Config Syntax show ftp Parameters None.
2-83 2.2.42 password-encryption Priviledge / Global Config Syntax show password-encryption (status) Parameters status Displays password-encryption status.
2-84 Overview 2.2.43 running-config Privilege / Global Config Displays the contents of the configuration file for the switch, including all configured MAC and IP access lists and access groups applied to an interface. Syntax show running-config(full|include-factory) Parameters full Full configuration. include-factory Includes factory defaults. Example RFS7000(config)#show running-config full ! ! configuration of RFS7000 version 1.0.0.0-228D! version 1.
2-85 switchport access vlan 1 ! interface sa2 mtu 0 switchport access vlan 1 shutdown no multicast ! interface tunnel27 no ip address ! interface vlan1 ip address dhcp ! interface vlan400 no ip address ! ip route 157.235.0.0/16 157.235.208.246 ! ! aaa authentication login default local none line con 0 line vty 0 24 ! end RFS7000(config)# RFS7000(config)#show running-config include-factory ! ! configuration of RFS7000 version 1.0.0.0-228D! version 1.
2-86 Overview logging host 0.0.0.0 logging host 0.0.0.0 logging host 0.0.0.
2-87 2.2.44 securitymgr Privilege / Global Config Syntax show securitymgr(event-logs) Parameters event-logs Displays securitymgr event logs. Example RFS7000#show securitymgr event-logs ======================== Event Logs ======================== 1> Tue Mar 13 2007 19:15:55: CORRUPT_PACKET: source vlan200: udp: Src 157.235.188.241: Dst 157.235.188.
2-88 Overview 2.2.45 sessions Privilege / Global Config Syntax show sessions Parameters None. Example RFS7000(config)#show sessions SESSION USER LOCATION 1 cli Console ** 2 cli xxx.xxx.xxx.
2-89 2.2.46 spanning-tree Privilege / Global Config Use this command to display spanning tree information. Syntax show spanning-tree (mst)[config|detail|instance] Parameters mst Displays MST information. • config – Displays configuration information. • detail – Displays detailed information. • instance – Displays instance information.
2-90 Overview % ge4: Designated Port Id 0 - CST Priority 128 % ge4: CIST Root 0000000000000000 % ge4: Regional Root 0000000000000000 % ge4: Designated Bridge 0000000000000000 % ge4: Message Age 0 - Max Age 0 % ge4: CIST Hello Time 0 - Forward Delay 0 % ge4: CIST Forward Timer 0 - Msg Age Timer 0 - Hello Timer 0 % ge4: Version Multiple Spanning Tree Protocol - Received None - Send STP % ge4: No portfast configured - Current portfast off % ge4: portfast bpdu-guard default - Current portfast bpdu-guard off %
2-91 % sa2: Version Multiple Spanning Tree Protocol - Received None - Send STP % sa2: No portfast configured - Current portfast off % sa2: portfast bpdu-guard default - Current portfast bpdu-guard off % sa2: portfast bpdu-filter default - Current portfast bpdu-filter on % sa2: no root guard configured - Current root guard off % sa2: Configured Link Type point-to-point - Current shared % % tunnel27: Port 6 - Id 8006 - Role Designated - State Forwarding % tunnel27: Designated External Path Cost 0 -Internal P
2-92 Overview % ge1: no root guard configured - Current root guard off % ge1: Configured Link Type point-to-point - Current shared % RFS7000(config)#
2-93 2.2.47 startup-config Privilege / Global Config Syntax show startup-config Parameters None. Example RFS7000#show startup-config ! ! configuration of RFS7000 version 1.0.0.0-228D! version 1.
2-94 Overview 2.2.48 static-channel-group Privilege / Global Config Use the show static-channel-group privileged EXEC command to display configured static channel groups. Syntax show static-channel-group Parameters None.
2-95 2.2.49 upgrade-status Privilege / Global Config Syntax show upgrade-status(detail) Parameters detail Last image upgrade log.
2-96 Overview 2.2.50 wlan-acl Privilege / Global Config Syntax show wlan-acl [<1-256>|all] <1-256> Displays ACLs attached to the specified WLAN ID. all Displays ACLs attached to WLAN port. Example RFS7000(config)#show wlan-acl 102 WLAN port: 102 Inbound IP Access List : 110 Inbound MAC Access List : Outbound IP Access List: Outbound MAC Access List : RFS7000(config)# NOTE The above example applies ACL 110 to a WLAN index 102 in inbound direction.
User Exec Commands Logging in to the switch places you within the USER EXEC command mode. Typically, a log-in requires a user name and a password. You have three attempts to enter a password correctly before a connection attempt is refused.The USER EXEC commands available at the user level are a subset of those available at the privileged level. In general, the user EXEC commands allow you to connect to remote devices, perform basic tests and list system information.
3-2 Overview 3.1 User Exec Commands Table 3.1 summarizes User Exec commands. Table 3.1 User Exec commands Summary Command Description Ref. clear Resets the command to previous configuration. page 3-3 clrscr Clears the display screen. page 2-3 cluster-cli Cluster context. page 3-4 debug Debugging functions. page 3-5 disable Turns off the privileged mode command. page 3-6 enable Turns on the privileged mode command.
3-3 3.1.1 clear User Exec Commands Use this command to reset the command to previous configuration. Syntax clear (mobility|spanning-tree) clear mobility(event-log|mobile-unit|peer-statistics) clear mobility event-log(mobile-unit|peer) clear spanning-tree (detected)(protocols)(bridge|interface) Parameters mobility Clears mobility attributes. event-log Clears mobility attirbutes from event log of: • mobile-unit – Mobile unit event-logs. • peer – Peer event-logs.
3-4 Overview 3.1.2 cluster-cli User Exec Commands Use this command to cluster all the CLI pertaining to the context it appears in. This feature is useful to configure each switch in the cluster by logging in to one switch which participates in the cluster. This eliminates the administrator time and effort N-1 times if there are N switches in the cluster. A new context called redundancy is created to support cluster-cli.
3-5 3.1.3 debug User Exec Commands Use this command to debug the switch. Syntax debug (certmgr(all|err|info)| ip(https|ssh)| mobility(cc|error|forwarding|mu|packet|peer|system)| mstp(all|cli|packet(rx|tx)|protocol (detail)|timer (detail)) Parameters certmgr Certificate manager debugging messages. ip ( ) Internet Protocol (IP). mobility ( ) mstp ( ) • https – Secure HTTP (HTTPS) server. • ssh – Secured SHell (SSH) server. L3 Mobility • cc – ccserver events. • error – Error.
3-6 Overview 3.1.4 disable User Exec Commands Enable the PRIV mode to use this command. Then, use the disable command to exit the PRIV mode. Syntax disable Parameters None.
3-7 3.1.5 enable User Exec Commands Use this command to enter the PRIV mode. Syntax enable Parameters None.
3-8 Overview 3.1.6 logout User Exec Commands Use this command instead of exit command to exit the EXEC mode. Syntax logout Parameters None. Example The RFS7000 Series Switch logs off on execution of this command.
3-9 3.1.7 page User Exec Commands Use this command to toggle paging. Enabling this command displays the CLI command output page by page, instead of running the entire output at once. Syntax page Parameters None. Example RFS7000>page ? RFS7000>page RFS7000>enable RFS7000#show running-config ! ! configuration of RFS7000 version 1.0.0.0-280D! version 1.
3-10 Overview 3.1.8 quit User Exec Commands Use this command to exit the current mode, and move back down to the previous mode. Syntax quit Parameters None. Example The switch logs off upon execution of this command.
3-11 3.1.9 show User Exec Commands Use this command to exit the current mode and go down to previous mode. Syntax show Parameters autoinstall Displays the autoinstall configuration. banner Displays the “Message of the Day Login” banner. commands Displays command lists. debugging Displays debugging information outputs. history Displays the session command history. interfaces Displays interface status. ip Displays the Internet Protocol (IP). ldap Displays LDAP server details.
3-12 Overview version Displays the software and hardware version. wireless Displays wireless configuration commands. wlan-acl Displays WLAN based ACL information.
3-13 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 Interface vlan1 Hardware Type VLAN, Interface Mode Layer 3, address is 00-15-70-37-fc-8f index=5, metric=1, mtu=1500, (PAL-IF) input packets 0, bytes 0, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 1375, bytes 475750, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 Interface
3-14 Overview Log Buffer (3552 bytes): Feb 16 18:38:03 2007: %IMI-5-USERAUTHSUCCESS: User 'admin' logged in with role of ' superuser' from auth source 'local' Feb 16 18:37:58 2007: %AUTH-6-INFO: login[20553]: root login `157.235.206.225' Feb 16 18:14:32 2007: %USER-0-EMERG: WIOS_CCSERVER[1018]: core on users request on `pts/0' from ccsrvr is creating Feb 16 18:14:25 2007: %DIAG-6-FREERAMDISK: Free /var file system space, 0.0% is less than limit 10.
Privileged Exec Commands Most PRIV EXEC mode commands set operating parameters. Privileged-level access must be password protected to prevent unauthorized use. The PRIV EXEC command set includes those commands contained in USER EXEC mode. The PRIV EXEC mode also provides access to configuration modes using the configure command, and includes advanced testing commands. The PRIV EXEC mode prompt consists of the host name of the device, followed by a pound sign (#).
4-2 Overview 4.1 Priv Exec Command Table 4.1 summarizes the Priv Exec commands. Table 4.1 Priv Exec Command Summary Command Description Ref. acknowledge Acknowledges alarms. page 4-4 archive Manages archive files. page 4-5 cd Changes the current directory. page 4-6 change-passwd Changes the password of the logged in user. page 4-7 clear Reset function. page 4-8 clock Configures the software system clock. page 4-10 clrscr Clears the displayed screen.
4-3 Command Description Ref. ping Sends an ICMP echo message. page 4-28 pwd Displays the current directory. page 4-29 quit Exits the current mode and moves down to the previous mode. page 4-30 reload Halts the switch and performs a warm reboot. page 4-31 rename Renames a file. page 4-32 rmdir Deletes a directory. page 4-33 service Service commands. page 2-13 show Shows system information. page 4-34 telnet Opens a telnet connection.
4-4 Overview 4.1.1 acknowledge Priv Exec Command Use this command to acknowledge alarms. Syntax acknowledge alarm-log [<1-65535> | all] Parameters alarm-log Acknowledge an alarm. • <1-65535> – Acknowledges specific alarm id. • all – Acknowledges all alarms. Example RFS7000#acknowledge alarm-log all No corresponding record found in the Alarm Log. RFS7000#acknowledge alarm-log 200 No corresponding record found in the Alarm Log.
4-5 4.1.2 archive Priv Exec Command Use this command to manage archive files. Syntax archive tar /table [FILE|URL] archive tar /create [FILE|URL] FILE archive tar /xtract [FILE|URL] DIR Parameters tar Manipulates (creates, lists or extracts) a tar file. /table Lists files in a tar file. /create Creates a tar file. /xtract Extracts files from a tar file. FILE Tar filename. URL Tar file URL. Example How to zip the folder flash:/log/? RFS7000#archive tar /create flash:/out.
4-6 Overview 4.1.3 cd Priv Exec Command Use this command to change the current directory. Syntax cd [DIR|] Parameters DIR Changes the current directory to DIR.
4-7 4.1.4 change-passwd Priv Exec Command Use this command to change the password of the logged in user. Syntax change-passwd Parameters None. Usage Guidelines A password must be between 8 to 32 characters in length. For safety reasons, the console does not display the user entered key words (refer example) for the old password and new password fields. Ensure the console displays the password successfully changed message.
4-8 Overview 4.1.5 clear Priv Exec Command Use this command to reset the current context. Syntax clear [alarm-log|arp-cache|ip|logging|mac|mobility|spanning-tree] clear alarm-log (<1-65535>|acknowledge|all|new) clear ip(dhcp(binding)[*|A.B.C.
4-9 mobility [event-log (mobile-unit|peer)| mobile-unit (|all|foreigndatabase|homedatabase)| peer-statistics ] Clear mobility attributes. • • • event-log – Clears all event logs. • mobile-unit – Mobile unit event logs. • peer – Peer event logs. mobile-unit – Clears a mobile unit. • AA-BB-CC-DD-EE-FF – MAC address of the mobile unit. • all – All mobile units (Home and Foreign). • foreign-database – Mobile units present in the foreign mobile unit database.
4-10 Overview 4.1.6 clock Priv Exec Command Use this command to configure the software system clock. Syntax clock set HH:MM:SS [1-31] MONTH [1993-2035] Parameters set Sets the system date and time.
4-11 4.1.7 cluster-cli Priv Exec Command Use this command to cluster all the CLI pertaining to the context it appears in. This feature is useful to configure each switch in the cluster by logging in to one participating switch. This eliminates administrator time and effort, as one switch configuration can represent the entire cluster. A new context called redundancy is available to support the cluster-cli. Any commands executed under this context are also executed each cluster member.
4-12 Overview 4.1.8 configure Priv Exec Command Use this command to move into the configuration mode. Syntax configure terminal Parameters terminal Configures from the terminal. Example RFS7000#configure terminal Enter configuration commands, one per line. End with CNTL/Z.
4-13 4.1.9 copy Priv Exec Command Use this command to copy any file (config,log,txt ...etc) from any location to the switch and vice-versa. NOTE Copying a new config file onto an exisitng running-config file merges it with the existing running-config on the switch. Both, the exisitng running-config and the new config file parameters are applied as the current running-config of the switch.
4-14 Overview 4.1.10 debug Priv Exec Command Use this command for debugging purposes. This command is also used to debug various features.
4-15 Example RFS7000#debug ? all Enable all debugging cc Cellcontroller (wireless) debugging messages ccstats Cellcontroller (wireless) debugging messages certmgr Certificate Manager Debugging Messages dhcpsvr DHCP Conf Server Debugging Messages imi Integrated Management Interface ip Internet Protocol (IP) logging Modify message logging facilities mgmt Mgmt daemon mobility L3 Mobility mstp Multiple Spanning Tree Protocol (MSTP) nsm Network Service Module (NSM) pktdrvr Pktdrvr (kernel wireless) debugging me
4-16 Overview 4.1.11 delete Priv Exec Command Use this command to delete the specified file from the system. Syntax delete ({/force|/recursive}|) .FILE Parameters /force Forces deletion without a prompt. /recursive Performs a recursive delete. FILE Specifies the filename(s) to be deleted. Example RFS7000#delete flash:/out.tar flash:/out.tar.gz Delete flash:/out.tar [y/n]? y Delete flash:/out.tar.gz [y/n]? y RFS7000#delete /force flash:/tmp.
4-17 4.1.12 diff Priv Exec Command Use this command to view the difference between two files. Syntax diff (FILE|URL) (FILE|URL) Parameters FILE Displays the differences between FILE. URL Displays the differences between URL. Example RFS7000#diff startup-config running-config --- startup-config +++ running-config @@ -89,7 +89,7 @@ mobility peer 157.235.208.
4-18 Overview 4.1.13 dir Priv Exec Command Use this command to view the list of files on a filesystem. Syntax dir ({/all|/recursive}|) (DIR|all-filesystems|) Parameters /all Lists all files. /recursive Lists files recursively. DIR Lists files in named file path. all-filesystems Lists files on all filesystems.
4-19 4.1.14 disable Priv Exec Command Use this command to exit the Exec mode. Syntax disable Parameters None.
4-20 Overview 4.1.15 edit Priv Exec Command Use this command to edit a text file. Syntax edit FILE Parameters FILE Name of the file to be edited. Example RFS7000#edit startup-config GNU nano 1.2.4 File: startup-config ! ! configuration of RFS7000 version 1.0.0.0-264B! version 1.
4-21 4.1.16 enable Priv Exec Command Use this command to turn on the privileged mode command. Syntax enable Parameters None.
4-22 Overview 4.1.17 erase Priv Exec Command Use this command to erase a target filesystem. Syntax erase [cf:|flash:|nvram:|startup-config:] Parameters cf Erases contents of compact flash. flash Erases contents of flash. nvram Erases contents of nvram. startup-config Resets the switch configuration to factory default settings.
4-23 4.1.18 kill Priv Exec Command Use this command to kill (terminate) a specified session. Syntax kill session <1-16> Parameters session Active session. There are 16 active sessions which can be terminated. Example RFS7000#show sessions SESSION USER LOCATION * 1 cli Console 2 root xxx.xxx.xxx.x9 RFS7000# IDLE 00:00m 00:01m RFS7000#kill session 1 Please press Enter to activate this console.
4-24 Overview 4.1.19 logout Priv Exec Command Use this command to exit from the EXEC mode. Syntax logout Parameters None. Example RFS7000#logout Please press Enter to activate this console.
4-25 4.1.20 mkdir Priv Exec Command Use this command to create a new directory in the filesystem. Syntax mkdir DIR Parameters DIR Directory name.
4-26 Overview 4.1.21 more Priv Exec Command Use this command to view the contents of a file. Syntax more FILE Parameters FILE Displays the content of the file. Example RFS7000#more flash:/log/messages.
4-27 4.1.22 page Priv Exec Command Use this command to toggle switch paging. Enabling this command displays the command output page by page, instead of running the entire output at once. Syntax page Parameters None. Example RFS7000>page ? RFS7000>page RFS7000>enable RFS7000#show running-config ! ! configuration of RFS7000 version 1.0.0.0-280D! version 1.
4-28 Overview 4.1.23 ping Priv Exec Command Use this command to send ICMP echo messages. Syntax ping [IP address|hostname] Parameters [IP address|hostname] Ping destination address or hostname. Example RFS7000#ping 111.222.222.39 PING 1111.222.222.39 (111.222.222.39): 100 data bytes 128 bytes from 111.222.222.39: icmp_seq=0 ttl=64 time=2.3 128 bytes from 111.222.222.39: icmp_seq=1 ttl=64 time=0.2 128 bytes from 111.222.222.39: icmp_seq=2 ttl=64 time=0.3 128 bytes from 111.222.222.
4-29 4.1.24 pwd Priv Exec Command Use this command to view the contents of the current directory. Syntax pwd Parameters None.
4-30 Overview 4.1.25 quit Priv Exec Command Use this command to exit the current mode and move down to the previous mode. Syntax quit Parameters None. Example RFS7000#quit RFS7000 release 1.0.0.0-264B Login as 'cli' to access CLI.
4-31 4.1.26 reload Priv Exec Command Use this command to halt the switch and perform a warm reboot. Syntax reload Parameters None. Example RFS7000#reload Wireless switch will be rebooted, do you want to continue? (y/n): y The system is going down NOW !! % Connection is closed by administrator! WIOS_SECURITYMGR[1037]: FTPALG: Shutting down. Please stand by while rebooting the system. BootOS (c) 2004-2007 Symbol Technologies. All rights reserved. version 1.0.0.
4-32 Overview 4.1.27 rename Priv Exec Command Use this command to rename a file in the existing filesystem. Syntax rename FILE FILE Parameters FILE FIle to rename.
4-33 4.1.28 rmdir Priv Exec Command Use this command to delete an existing file. Syntax rmdir DIR Parameters DIR Name of the directory to delete.
4-34 Overview 4.1.29 show Priv Exec Command Use this command to show currently running system information. Syntax show Parameters access-list Displays Internet Protocol (IP) details of the access list. aclstats Displays ACL statistics information. alarm-log Displays alarms currently in the system. autoinstall Displays autoinstall configuration details. banner Displays the “Message of the Day” login banner. boot Displays the boot configuration.
4-35 privilege Displays the current privilege level. radius Displays RADIUS configuration commands. redundancy-group Displays redundancy group parameters. redundancy-history Displays the state transition history of the switch. redundancy-members Displays redundancy group members in detail. running-config Displays the current operating configuration. securitymgr Displays securitymgr parameters. sessions Displays current active open connections. snmp Displays SNMP engine parameters.
4-36 Overview interfaces ip ldap licenses logging mac mac-address-table management mobility ntp password-encryption privilege radius redundancy-group redundancy-history redundancy-members running-config securitymgr sessions snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone upgrade-status users version wireless wlan-acl RFS7000#show Interface status Internet Protocol (IP) LDAP server Show any installed licenses Show logging configuration and buffer MAC access-list assign
4-37 4.1.30 telnet Priv Exec Command Use this command to open a telnet session. Syntax telnet [IP address|hostname] Parameters [IP address| host name] IP address or hostname of a remote system. Example RFS7000#telnet 157.111.222.33 Entering character mode Escape character is '^]'. Red Hat Linux release 9 (Shrike) Kernel 2.4.
4-38 Overview 4.1.31 traceroute Priv Exec Command Use this command to trace the route to a destination. Syntax traceroute (WORD | ip WORD) Parameters WORD Traces the route to a destination address or hostname . ip IP trace. Example RFS7000#traceroute 157.222.333.33 traceroute to 157.235.208.39 (157.235.208.39), 30 hops max, 38 byte packets 1 157.235.208.39 (157.235.208.39) 0.466 ms 0.363 ms 0.
4-39 4.1.32 upgrade Priv Exec Command Use this command to upgrade the switch software image. Syntax upgrade URL (background|) Parameters URL Defines location of firmware image. Example RFS7000#upgrade tftp://xxx.xxx.xxx.
4-40 Overview Successful Sep 08 15:58:46 2006: %FWU-6-FWUDONE: Firmware update successful, new version is 1.0.0.
4-41 4.1.33 upgrade-abort Priv Exec Command Use this command to abort an ongoing upgrade process. Syntax upgrade-abort Parameters None. Example RFS7000#upgrade-abort % Error: No upgrade in progress RFS7000#upgrade tftp://xxx.xxx.xxx.xxx:/img background RFS7000#Sep 08 16:01:38 2006: %KERN-4-WARNING: EXT3-fs warning: maximal mount count reached, running e2fsck is recommended. Sep 08 16:01:38 2006: %KERN-6-INFO: EXT3 FS on hda1, internal journal. %KERN-6-INFO: kjournald starting.
4-42 Overview 4.1.34 write Priv Exec Command Use this command to write the running configuration to memory or terminal Syntax write [memory | terminal] Parameters memory Writes to NV memory. terminal Writes to terminal. Example RFS7000#write terminal ! ! configuration of RFS7000 version 1.0.0.0-264B! version 1.
Global Configuration Commands The term global is used to indicate characteristics or features effecting the system as a whole. Use the Global configuration mode to configure the system globally, or enter specific configuration modes to configure specific elements (such as interfaces or protocols). Use the configure terminal command, under PRIV EXEC, to enter global configuration mode.
5-2 Overview 5.1 Global Configuration Commands Table 5.1 summarizes the Global Config commands. Table 5.1 Global Configuration Command Summary Command Description Ref. aaa Authentication, Authorization and Accounting. page 5-4 access-list Adds an access list entry. page 5-5 autoinstall Autoinstalls a configuration command. page 5-11 banner Defines a login banner. page 5-12 boot Reboots the switch. page 5-13 bridge Bridgse group commands. page 5-14 clrscr Clears the display screen.
5-3 Command Description Ref. prompt Sets the system prompt. page 5-39 radius-server Enters radius-server mode. page 5-40 redundancy Configures redundancy group parameters. page 5-41 service Service commands. page 5-43 show Shows running system information. Refer to Global Config show commands. page 2-25 snmp-server Modifies SNMP engine parameters. page 5-48 spanning-tree Spanning tree commands. page 5-57 timezone Configures the timezone.
5-4 Overview 5.1.1 aaa Global Configuration Commands Use this command to configure the current Authentication,Authorization and Accounting (aaa) login settings. Syntax aaa authentication login default [local{none|radius(none)}|none| radius{local(none)|none}] Parameters authentication Authentication configuration parameters. login Sets an authentication list for logins. default The default authentication list. local Uses local user database. none No authentication.
5-5 5.1.2 access-list Global Configuration Commands Use this command to add an access list entry. Use the access list command under global configuration to configure the access list mechanism for filtering frames by protocol type or vendor code. Syntax access-list For Standard IP ACL’s: access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0-7> | tos <0255>))(A.B.C.D/M | host A.B.C.
5-6 Overview Parameters access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0-7> | tos <0-255>)) (A.B.C.D/M | host A.B.C.D | any)(log) (rule-precedence <1-5000>) Add a standard access list entry. • (<1-99>|<1300-1999>) – Access numbers from 1 to 99 or 1300 to 1999. • (deny|permit|mark) – Action types on an ACL. The action type mark is functional only over a Port ACL. • • 8021p <0-7> – Used only with the action type mark to specify 8021p priority values.
5-7 access-list Add an Extended IP access list entry using IP keyword. (<100-199>|<2000-2699>) • <100-199>|<2000-2699> – For IP type of extended ACL, the ACL number {deny | permit | mark {dot1p must be between 100-199. <0-7> | tos <0-255>}} • {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on an {ip} {source/source-mask | ACL. The action type mark is functional only over a Port ACL.
5-8 Overview access-list Add an Extended IP access list entry using icmp keyword. (<100-199>|<2000-2699>) • (<100-199>|<2000-2699>) – For ICMP extended ACLs, the ACL number {deny | permit | mark {dot1p must be between 2000-2699. <0-7> | tos <0-255>}} • {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on {icmp} an ACL. The action type mark is functional only over a Port ACL. {source/source-mask | host source | any} • {icmp} – Specify icmp as protocol.
5-9 access-list Add an Extended IP access list entry using tcp or udp keyword. (<100-199>|<2000-2699>) • (<100-199>|<2000-2699>) – For tcp or udp type of extended ACL, the {deny | permit | mark {dot1p ACL number must be between 2000-2699. <0-7> | tos <0-255>}} • {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – Action types on {tcp|udp} an ACL. The action type mark is functional only over a Port ACL. {source/source-mask | host source | any} • {tcp|udp} – Specifies tcp or udp as the protocol.
5-10 Overview Example The example below creates a standard access list (ACL) to permit any traffic coming to the interface. RFS7000(config)#access-list 1 permit any RFS7000(config)# The example below creates a extended IP access list to permit IP traffic between two networks. RFS7000(config)#access-list 101 permit ip 192.168.1.0/24 192.168.2.0/24 RFS7000(config)# The example below creates a extended access list to permit tcp traffic, between two networks, with destination port range between 20 and 23.
5-11 5.1.3 autoinstall Global Configuration Commands Use this command to autoinstall the switch image. Syntax autoinstall [clear-config-history|cluster-config|config|image|start] autoinstall (cluster-config|config|image) (URL[tftp|ftp|http|cf]) autoinstall image version Parameters clear-config-history Autoinstalls a clear configuration history, resulting in a reversion. cluster-config Autoinstalls a cluster-config setup. config Autoinstalls a config setup.
5-12 Overview 5.1.4 banner Global Configuration Commands Use this command to define a login banner for the switch. Syntax banner(motd(LINE|default)) Parameters motd Sets the “message of the day” banner. LINE Custom MOTD string. default Default MOTD string. Example RFS7000(config)#banner motd Welcome to my RFS7000 CLI RFS7000(config) RFS7000 release 3.0.0.0-200B Login as 'cli' to access CLI.
5-13 5.1.5 boot Global Configuration Commands This command reboots the switch with an image present in the mentioned partition ( either the primary or secondary partition). Syntax boot(system [primary|secondary]) Parameters system Specifies the boot image used after reboot. primary Specifies the primary image. secondary Specifies the secondary image.
5-14 Overview 5.1.6 bridge Global Configuration Commands Configures bridge specific details.
5-15 5.1.7 country-code Global Configuration Commands Use this command to configure the country of operation. Syntax country-code Parameters None. Usage Guidelines This command erases all existing radio configuration.
5-16 Overview kw Kuwait kz Kazakhstan li Liechtenstein lk Sri Lanka lt Lithuania lu Luxembourg lv Latvia ma Morocco mt Malta mx Mexico my Malaysia nl Netherlands no Norway nz New Zealand om Oman pe Peru ph Philippines pk Pakistan pl Poland pt Portugal qa Qatar ro Romania ru Russia sa Saudi Arabia se Sweden sg Singapore si Slovenia sk Slovak Republic th Thailand tr Turkey tw Taiwan ua Ukraine us United States uy Uruguay ve Venezuela vn Vietnam za South Africa RFS7000(config)#country-code
5-17 5.1.8 crypto Global Configuration Commands Use this command to configure encryption related commands. NOTE crypto pki trustpoint mode leads to (config-trustpoint) instance. For more information, see crypto-trustpoint Instance on page 6-1.
5-18 Overview self-signed Selfsigned mode of enrollment. trustpoint Trustpoint configuration. terminal Copies and pastes enrollment mode. Usage Guidelines Use crypto pki with diffrent parameters to configure trustpoint and its parameters. Use crypto key to configure RSA key pairs.
5-19 5.1.9 debug Global Configuration Commands Use this command to turn on and off mstp debugging messages. Syntax debug (mstp) [all|cli|packet(rx |tx)|protocol (detail)|timer(detail)] Parameters all Echoes all MSTP debugging levels to the console. cli Echoes all MSTP debugging levels to the console. packet Echoes MSTP packets (received and transmitted) to the console. protocol (detail) Echoes protocol changes to the console. • timer (detail) detail – Detailed output.
5-20 Overview 5.1.10 do Global Configuration Commands Use this command to run commands from either the User Exec or Priv Exec mode. Syntax do (command of other mode) Parameters None. Example RFS7000(config)#do ping 157.235.208.69 PING 157.235.208.69 (157.235.208.69): 100 128 bytes from 157.235.208.69: icmp_seq=0 128 bytes from 157.235.208.69: icmp_seq=1 128 bytes from 157.235.208.69: icmp_seq=2 128 bytes from 157.235.208.69: icmp_seq=3 128 bytes from 157.235.208.
5-21 5.1.11 end Global Configuration Commands Use this command to end the current mode and change to the Exec mode. Syntax end Parameters None. Example RFS7000(config)#end RFS7000#? Priv Exec commands: acknowledge Acknowledge alarms archive Manage archive files autoinstall autoinstall configuration command cd Change current directory ............................................ ............................................
5-22 Overview 5.1.12 format Global Configuration Commands Use this command to format the Compact Flash (CF) card. Syntax format Parameters cf Format compact flash.
5-23 5.1.13 ftp Global Configuration Commands Use this command to configure the switch as an FTP server. Syntax ftp enable ftp password(0|1|LINE) ftp rootdir(DIR) Parameters enable Enables FTP server. password Configures a FTP password. Set the password using one of the folllowing: rootdir • 0 — Password is specified UNENCRYPTED. • 1 — Password is encrypted with SHA1 algorithm. • LINE — Password. Configures the FTP root dir.
5-24 Overview 5.1.14 hostname Global Configuration Commands Use this command to change the system’s network name. Syntax hostname(WORD) Parameters WORD Use this command to provide the name for the network.
5-25 5.1.15 interface Global Configuration Commands Use this command configure a selected interface. NOTE The interface mode leads to the config-if instance. For additional information, see interface Instance on page 7-1. The prompt changes from RFS7000(config) # to RFS7000(config-if) Syntax interface(IFNAME|fe|ge <1-4>|sa <1-4>|tunnel <1-32>|vlan <1-4094>) Parameters IFNAME Interface name. ge <1-4> GigabitEthernet interface. Select an index value between 1 - 4. me1 FastEthernet interface.
5-26 Overview 5.1.16 ip Global Configuration Commands Use this CLI command to configure a selected Internet Protocol. NOTE Use an ip access-list extended command to move to the (config-ext-nacl) instance. For additional information, see Extended ACL Instance on page 9-1. Use an ip access-list standard command to move to the (config-std-nacl) instance. For additional information, see Standard ACL Instance on page 10-1. Use an ip dhcp pool (pool name) command to move to the ( config-dhcp) instance.
5-27 Parameters access-list Use the access list parameter to enter the ext-nacl context and std-nacl context. The prompt changes to the context entered. For additional information, see Extended ACL Instance on page 9-1 (for extended ACLs) and Standard ACL Instance on page 10-1 (for standard ACLs). default-gateway Configures the default gateway. A.B.C.D IP gateway address. dhcp DHCP Server configuration. bootp BOOTP specific configuration.
5-28 Overview ip nat source list overload interface • – Defines the interface as private (inside) or public (external). NAT translations refer to this keyword to identify the translations applied to incoming packets on an interface. Refer to ip on page 7-9 for details on marking an interface as private (inside) or public (external). • source list – Use the keyword source to add source address translation.
5-29 Usage Guidelines By using the ip access-list parameter you enter the following contexts: • ext-nacl — Extended ACL. For more details see Extended ACL Instance on page 9-1. • std-nacl — Standard ACL. For more details see Standard ACL Instance on page 10-1. • Use clear command to clear the ip dhcp binding. NOTE To delete Standard/Extended and MAC ACL use no access-list under the Global Config mode.
5-30 Overview 5.1.17 license Global Configuration Commands Use this command to see the details of the license. Syntax license Parameters WORD Enter the name of the feature for which you wish to add a license.
5-31 5.1.18 line Global Configuration Commands Use this command to configure the terminal line. NOTE Using the line vty command moves you to the (config-line) instance. Syntax line(console|vty) Parameters console Primary terminal line. vty Virtual terminal. Configure a value between 0-871.
5-32 Overview 5.1.19 logging Global Configuration Commands Use this command to modify message logging facilities. Syntax logging(aggregation-time|buffered|console|facility|host|monitor|on|syslog) logging aggregation-time(<1-20>) logging buffered(<0-7>|alerts|critical|debugging|emergencies|errors| informational|notifications|warnings) Parameters aggregation-time Sets number of seconds (between 1 - 120) for aggregating repeated messages. buffered Sets the buffered logging level.
5-33 host Configures the remote host to receive log messages. A.B.C.D Remote host's IP address. on Enables the logging of system messages.
5-34 Overview 5.1.20 mac Global Configuration Commands Use this command to configure MAC access-lists. Syntax mac(access-list(extended(WORD))) Parameters access-list (extended ) Enter a name for MAC extended ACL. Usage Guidelines To delete a Standard/Extended or MAC ACL, use no access-list under the Global Config mode.
5-35 5.1.21 management Global Configuration Commands Use this command to set management interface properties. Syntax management(secure) Parameters secure Limits local access (Web/Telnet etc.) to the management interface.
5-36 Overview 5.1.22 ntp Global Configuration Commands Use this command to configure NTP.
5-37 authentication-key <1-65534> Define an authentication key for trusted time sources. Select a keynumber between 1 and 65534. autokey Enables NTP autokey authentication scheme. client-only Switch will be a client to other trusted-hosts in the autokey group. host Configures the switch as a trusted host. broadcast Configures NTP broadcast service. client Listens to NTP broadcasts. destination Configures broadcast destination address. WORD Destination broadcast IP address.
5-38 Overview Example RFS7000(config)#ntp peer ? WORD Name/IP address of peer RFS7000(config)#ntp peer TestPeer ? autokey Configure autokey peer authentication scheme key Configure peer authentication key prefer Prefer this peer when possible version Configure NTP version RFS7000(config)#ntp peer TestPeer autokey ? prefer Prefer this peer when possible version Configure NTP version RFS7000(config)#ntp peer TestPeer autokey prefer ? version Configure NTP version RFS7000(config)#ntp peer Test
5-39 5.1.23 prompt Global Configuration Commands Use this command to configure and set the systems prompt. Syntax prompt(LINE) Parameters LINE Enter the new prompt displayed by the switch.
5-40 Overview 5.1.24 radius-server Global Configuration Commands Use this CLI command to enter the RADIUS Server mode. The system prompt changes from the default config mode to RADIUS server mode. NOTE radius-server local mode leads you to the radius-server context. For more details see RADIUS Server Instance on page 13-1 Syntax radius-server(host|key|local|retransmit|timeout) radius-server host (A.B.C.
5-41 5.1.25 redundancy Global Configuration Commands Use this command to configure redundancy group parameters. Syntax redundancy(discovery-period|enable|group-id|handle-stp| heartbeat-period|hold-period|interface-ip|manual-revert|member-ip|mode) redundancy redundancy redundancy redundancy redundancy redundancy redundancy redundancy redundancy discovery-period <10-60> enable group-id <1-65535> handle-stp(enable) heartbeat-period hold-period <10-255> interface-ip(A.B.C.D) member-ip (A.B.C.
5-42 Overview Example RFS7000(config)#redundancy discovery-period 20 RFS7000(config)# RFS7000(config)#redundancy handle-stp enable RFS7000(config)# RFS7000(config)#redundancy heartbeat-period 20 RFS7000(config)# RFS7000(config)#redundancy hold-period 25 RFS7000(config)# RFS7000(config)#redundancy mode primary RFS7000(config)#
5-43 5.1.26 service Global Configuration Commands Use this command to retrieve system data (tables, log files, configuration, status and operation) for use in debugging and problem resolution.
5-44 Overview Example RFS7000(config)#service dhcp RFS7000(config)# RFS7000(config)#service radius restart RFS7000(config)# RFS7000(config)#service show cli Global Config mode: +-aaa +-authentication +-login +-default +-local [aaa authentication login default {none|{local|radius}}] +-none [aaa authentication login default {none|{local|radius}}] +-radius [aaa authentication login default {none|{local|radius}}] +-access-list +-<1-99> +-deny +-A.B.C.
5-45 5.1.27 show Global Configuration Commands Use this command to view running system information. Syntax show Parameters access-list Displays Internet Protocol (IP) details of the access list. aclstats Displays ACL statistics information. alarm-log Displays system alarms. autoinstall Displays autoinstall configuration details. banner Displays the “Message of the Day” login banner. boot Displays the boot configuration. clock Displays the system clock.
5-46 Overview privilege Displays current privilege level. radius Displays RADIUS configuration commands. redundancy-group Displays redundancy group parameters. redundancy-history Displays switch state transition history. redundancy-members Displays redundancy group members in detail. running-config Displays current operating configuration. securitymgr Displays securitymgr parameters. sessions Displays current active open connections. snmp Displays SNMP engine parameters.
5-47 mac mac-address-table management mobility ntp password-encryption privilege radius redundancy-group redundancy-history redundancy-members running-config securitymgr sessions snmp snmp-server spanning-tree startup-config static-channel-group terminal timezone upgrade-status users version wireless wlan-acl RFS7000(config)#show MAC access-list assignment Display MAC address table Display L3 Managment Interface name Display Mobility Parameters Network time protocol password encryption Show current privil
5-48 Overview 5.1.28 snmp-server Global Configuration Commands Use this command to modify SNMP engine parameters.
5-49 snmp-server enable traps wireless-statistics wlan (avg-bit-speed-less-than|avg-retry-greater-than|avg-signal-less-than| gave-up-percent-greater-than|nu-percent-greater-than| num-mobile-units-greater-than|pktsps-greater-than|tput-greater-than| undecrypt-percent-greater-than) snmp-server host (v2c<1-65535>|v3<1-65535>) snmp-server location (LINE) snmp-server manager(all|v2|v3) snmp-server sysname snmp-server user(snmpmanager|snmpoperator|snmptrap) snmp-server user (snmpmanager|snmpopera
5-50 Overview miscellaneous ( ) Enables miscellaneous traps. • caCertExpired – Ca certificate has expired. • lowFsSpace – Available file system space lower than the limit. • processMaxRestartsReached – Process has reached the max restart limit. • savedConfigModified – Saved configuration has been modified. • serverCertExpired – Server certificate has expired. mobility Enables mobility traps. nsm ( ) Enables nsm traps.
5-51 ids ( ) radio ( ) self-healing ( ) Enables wireless IDS traps. • muExcessiveEvents – Excessive MU events. • radioExcessiveEvents – Excessive radio events. • switchExcessiveEvents – Excessive switch events. Enables wireless radio traps. • adopted – Radio adopted. • detectedRadar – Radio detected radar. • unadopted – Radio unadopted. Enables self healing traps. • station ( ) activated – Self healing activated. Wireless station traps.
5-52 Overview wireless-statistics ( ) Modifies wireless-stats rate traps. • min-packets– Explained in the sections that follow. • mobile-unit– Explained in the sections that follow. • radio– Explained in the sections that follow. • wireless-switch– Explained in the sections that follow. • wlan– Explained in the sections that follow. min-packets <1-65535> Minimum packets for sending the trap. Set with a decimal number in the range of <1-65535>. mobile-unit Modifies mobile unit rate traps.
5-53 radio Modifies radio rate traps. • avg-bit-speed-less-than – Average bit speed in Mbps is less than . • avg-retry-greater-than – Average retry is greater than . • avg-signal-less-than – Average signal in dBm is less than < a decimal number less than -0.00 and greater than or equal to -120.00>.
5-54 Overview wireless-switch wireless-statistics wlan ( ) Modify wireless-switch rate traps. • num-mobile-units-greater-than <1-8192> – Number of associated MUs is greater than . • pktsps-greater-than – Packets per sec is greather than . • tput-greater-than – Throughput in Mbps is greather than < a decimal number greater than 0.00 and less than or equal to 100000.00>.
5-55 host SNMP server host IP-address. v2c <1-65535> Uses SNMP version 2c. Select a host port number within the range of <1-65535>. v3 <1-65535> Uses SNMP version 3. Select a host port number within the range of <1-65535>. location Text for mib object sysLocation. manager Enables SNMP manager. all Enables SNMP version v2 and v3. v2 Enables SNMP version v2. v3 Enables SNMP version v3. sysname SNMP system name. user Definse a user who can access the SNMP engine.
5-56 Overview RFS7000(config)# RFS7000(config)#snmp-server enable traps wireless RFS7000(config)# ids excessiveProbes RFS7000(config)#snmp-server enable traps wireless radio adopted RFS7000(config)# RFS7000(config)#snmp-server enable traps wireless self-healing activated RFS7000(config)# RFS7000(config)#snmp-server enable traps wireless station tkipCounterMeasures RFS7000(config)# RFS7000(config)#snmp-server enable traps wireless-statistics min-packets 120 RFS7000(config)# RFS7000(config)#snmp-server lo
5-57 5.1.29 spanning-tree Global Configuration Commands Use this command to configure the spanning-tree commands.
5-58 Overview • forward-time <4-30> – Sets the time (in seconds) after which (if this bridge is the root bridge) each port changes states to learning and forwarding. This value is used by all instances. The default value is 15 seconds. • hello-time <1-10> – Sets the hello-time. The hello-time is the time in seconds after which (if this bridge is the root bridge) all the bridges in a bridged LAN exchange Bridge Protocol Data Units (BPDUs).
5-59 Usage Guidelines The mst > configuration command moves you to the spanning tree-mst Instance instance. If a bridge does not hear bridge protocol data units (BPDUs) from the root bridge within the specified interval, defined in the max-age (seconds) parameter, then assume that the network has changed and recompute the spanning-tree topology. Generally spanning tree configuration settings in config mode does the configuration for bridge and bridge instances (for the switch).
5-60 Overview 5.1.30 timezone Global Configuration Commands Use this command to configure switch timezone settings. Syntax timezone Parameters TIMEZONE Press to navigate the list of files. This action displays a list of files containing timezone information.
5-61 5.1.31 username Global Configuration Commands Use this CLI command to establish the user name authentication. Syntax username username username username (access|password|privilege) access (console|ssh|telnet|web) password(0|1|Line) privilege(helpdesk|monitor|nwadmin|superuser|sysadmin|webadmin) Parameters name Enter a name to authenticate the switch. The username must be between 1 - 28 characters. access Sets the user access mode.
5-62 Overview 5.1.32 wireless Global Configuration Commands Use this command to configure switch wireless parameters. This command leads moves you to the config-wireless instance. For additional information, see Wireless Instance on page 14-1. Syntax wireless Parameters None. Usage Guidelines The wireless command is used to enter the config-wireless instance. The prompt changes from the regular RFS7000(config)# to RFS7000(config-wireless)#.
5-63 5.1.33 wlan-acl Global Configuration Commands Use this command to apply an ACL on a WLAN index. Syntax wlan-acl [<1-256>{<1-99>|<100-199>|<1300|1999>|<2000|2699>|word}][in|out] Parameters <1-256>[] WLAN number. • <1-99> — IP standard access list. • <100-199> — IP extended access list. • <1300-1999> — IP standard access list (expanded range). • <2000-2699> — IP extended access list (expanded range). • WORD — Access list name. Usage Guidelines Every WLAN created is mapped to an index.
5-64 Overview Example The example below applies an ACL to WLAN index 200 in inbound direction from the global config mode. RFS7000(config)#wlan-acl 200 150 in RFS7000(config)# NOTE A MAC access list entry to allow arp is mandatory to apply an IP based ACL to an interface. MAC ACL always takes precedence over IP based ACL’s. The example below applies an ACL to WLAN index 200 in outbound direction from the global config mode.
crypto-trustpoint Instance Use config-crypto-trustpoint commands to define a Certificate Authority (CA) trustpoint. config-crypto-trustpoint is a seperate instance, belonging to the crypto pki trustpoint mode under the config instance. 6.1 Trustpoint Config commands Table 6.1 summarizes the config-crypto-trustpoint commands. Table 6.1 Trustpoint Config Commands Summary Command Description Ref. clrscr Clears the display screen. page 6-3 company-name Company name (applicable only for request).
6-2 Overview Command Description Ref. password Challenge password (appplicable only by request). page 6-12 rsakeypair Rsa Keypair to associate with the trustpoint. page 6-13 service Service commands. page 6-14 show Shows the running system information. page 6-15 subject-name Subject name is a collection of required parameters to configure a trustpoint. It consists of the common_name, country, state, organization, org, name, etc.
6-3 6.1.1 clrscr Trustpoint Config commands Use this command to clear the display screen. Syntax clrscr Parameters None.
6-4 Overview 6.1.2 company-name Trustpoint Config commands Use this command to set the company name (applicable only by request) to a trustpoint. Syntax company-name Parameters WORD Company name (2 - 64 characters in length). Usage Guidelines The company name defined must be in the range of 2 to 64 characters only.
6-5 6.1.3 email Trustpoint Config commands Use this command to configure an e-mail ID for a trustpoint. Syntax email Parameters WORD email address (2 to 64 characters). Usage Guidelines The email defined must be in the range of 2 to 64 characters only. Example RFS7000(config-trustpoint)#email abcTestemailID@motorola.
6-6 Overview 6.1.4 end Trustpoint Config commands Use this command to end and exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
6-7 6.1.5 exit Trustpoint Config commands Use this command to end the current mode and down to previous mode (GLOBAL-CONFIG). The prompt now changes to RFS7000(config)#. Syntax exit Parameters None.
6-8 Overview 6.1.6 fqdn Trustpoint Config commands Use this command to configure the fully qualified domain name (fqdn) for the trustpoint. Syntax fqdn Parameters None Usage Guidelines The string length of the domain name must between 9 to 64 characters. Example RFS7000(config-trustpoint)#fqdn RetailKing.
6-9 6.1.7 help Trustpoint Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-trustpoint)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g.
6-10 Overview 6.1.8 ip-address Trustpoint Config commands Use this command to configure an IP address for the trustpoint. Syntax ip-address Parameters A.B.C.D Enter the IP address configured for the trustpoint. Example RFS7000(config-trustpoint)#ip-address 157.200.200.
6-11 6.1.9 no Trustpoint Config commands Use this command to negate a command or set defaults. Syntax no Parameters None.
6-12 Overview 6.1.10 password Trustpoint Config commands Use this command to set the challenge password, applicable only for trustpoint access requests . Syntax password(0|2|WORD) Parameters 0 Password is specified UNENCRYPTED. The password must be between 4 - 20 characters. 2 Password is encrypted with a password-encryption secret. The string length of an encrypted password must be between 44 - 64 characters. WORD Password (4 - 20 characters).
6-13 6.1.11 rsakeypair Trustpoint Config commands Use this command to configure a RSA Keypair to associate with the trustpoint. Syntax rsakeypair Parameters WORD RSA keypair identifier. Usage Guidelines Use RSA Key Pair support to configure the switch to have Rivest, Shamir, and Adelman (RSA) key pairs. The switch software can maintain a different key pair for each identity certificate.
6-14 Overview 6.1.12 service Trustpoint Config commands Use this command to invoke service commands to trobuleshoot or debug crypto pki trustpoint instance configurations. Syntax service(show)(cli) Parameters show (cli) Shows the CLI tree of current mode.
6-15 6.1.13 show Trustpoint Config commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-trustpoint)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration.
6-16 Overview RFS7000(config)#show crypto pki trustpoints Trustpoint :default-trustpoint ----------------------------------------------Server certificate configured Subject Name: Common Name: Symbol Technologies Issuer Name: Common Name: Symbol Technologies Valid From: Mar 11 03:38:26 2007 GMT Valid Until: Mar 10 03:38:26 2008 GMT RFS7000(config)# RFS7000(config-trustpoint)#show access-list Standard IP access list 1 deny any rule-precedence 1 RFS7000(config-trustpoint)# RFS7000(config-trustpoint)#show se
6-17 6.1.14 subject-name Trustpoint Config commands Use this command to create a subject name in order to configure a trustpoint. A subject name is a collection of required parameters. Syntax subject-name Parameters WORD The subject name is a collection of required parameters to configure a trustpoint. It consists of the common_name, country, state, org name etc.
6-18 Overview
interface Instance Use the (config-if) instance to configure Fast Ethernet (fe), Giga Ehternet (ge), StaticAggregate interface (sa), VLAN and tunnel . Use the (config)# interface [fe|ge|sa|tunnel|vlan] to reach this instance. 7.1 Interface Config commands Table 7.1 summarizes the config-if commands. Table 7.1 Interface Config Command Summary Command Description Ref. clrscr Clears the display screen. page 7-3 description Interface specific description. page 7-4 duplex Sets the duplex to interface.
7-2 Overview Command Description Ref. port-channel Port channel commands. page 7-15 service Service commands. page 7-16 show Shows the running system information. page 7-17 shutdown Shutsdown the selected interface. page 7-20 spanning-tree Configures spanning-tree. page 7-21 speed Configures speed. page 7-23 static-channelgroup Configures static channel commands. page 7-24 switchport Sets switching mode characteristics. page 7-25 tunnel Protocol-over-protocol tunneling.
7-3 7.1.1 clrscr Interface Config commands Use this command to clear the screen. Syntax clrscr Parameters None.
7-4 Overview 7.1.2 description Interface Config commands Use this command to create an interface specific desciption. Syntax description Parameters LINE Characters to describe this interface.
7-5 7.1.3 duplex Interface Config commands Use this command to configure a duplex type for the interface. NOTE • Duplexity can only be set for an Ethernet type interface. Enter the (config-if) instance using an ge/me parameter in an interface mode. • Duplex cannot be set until the speed is set to a non-auto value. Syntax duplex(auto|full|half) Parameters auto Sets the auto-negotiate parameter. full Sets full-duplex where data can be passed in both direction simultaneoulsy.
7-6 Overview 7.1.4 end Interface Config commands Use this command to exit from the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
7-7 7.1.5 exit Interface Config commands Use this command to end the current mode and move down to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
7-8 Overview 7.1.6 help Interface Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-if)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g.
7-9 7.1.7 ip Interface Config commands Use this command to configure an IP address for the assigned Ethernet, VLAN or tunnel. Syntax ip(access-group|address|helper-address|nat) ip access-group(<1-99>|<100-199>|<1300-1999>|<2000-2699>)in ip address(A.B.C.D/M|dhcp) ip helper-address A.B.C.D ip nat(inside|outside) Parameters access-group Access group. (<1-99> |<100-199>) IP extended access list. (<1300-1999>|<20002699>) IP extended access list (expanded range). WORD Access list name.
7-10 Overview RFS7000(config-if)#interface vlan 2000 RFS7000(config-if)#ip address 172.168.200.1/24 RFS7000(config-if)#ip helper-address 172.168.100.10 vlan 1000 RFS7000(config-if)# The example below displays static NAT source translation. RFS7000(config)#interface vlan 1000 RFS7000(config-if)#ip nat inside RFS7000(config-if)#interface vlan 2000 RFS7000(config-if)#ip nat outside RFS7000(config)#ip nat inside source static 172.168.200.10 157.235.205.
7-11 7.1.8 mac Interface Config commands Use this command to apply a MAC access list to a gigabit ethernet interface. NOTE Access list cannot be appllied on a management interface (me1). Syntax mac (access-group ) (in) Parameters access-group Sets MAC access groups ACL. in Apply the ACL to ingress packets.
7-12 Overview 7.1.9 management Interface Config commands Use this command to configure the selected interface as a management interface. Syntax management Parameters None. Usage Guidelines Management privilage can be set only on a L3 interface. Use this command along with the (config) management secure in config mode. This ensure management access of the switch is restricted to the management VLAN only. Refer management on page 5-35 for (config) management secure configuration.
7-13 7.1.10 mtu Interface Config commands Use this command to set the mtu value for a VLAN interface. NOTE This command is valid only with a VLAN interface. Syntax mtu <512-1500> Parameters <512-1500> Maximum packet size in bytes. The minimum value is 512 and maximum value is 1500. Usage Guidelines All interfaces have a default maximum packet size of 1500 bytes. Use the mtu command to set the MTU size of the packets thats travels through the interface.
7-14 Overview 7.1.11 no Interface Config commands Use this command to negate a command or set defaults. Syntax no [description|duplex|ip|mtu|shutdown| spanning-tree|speed|static-channel-group|switchport|tunnel] Parameters The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
7-15 7.1.12 port-channel Interface Config commands Use this command to select the load-balance criteria of a aggregated port. This command Syntax port-channel (load-balance [src-dst-ip|src-dst-mac]) Parameters load-balance [src-dst-ip|src-dst-mac] Sets load-balancing for port channel. • src-dst-ip – Source and Destination IP address based load balancing.
7-16 Overview 7.1.13 service Interface Config commands Use this command to invoke service commands to trobuleshoot or debug the (config-if) instance configurations. Syntax service(show) (cli) Parameters show Shows running system information. cli Shows the CLI tree of current mode.
7-17 7.1.14 show Interface Config commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command.
7-18 Overview RFS7000(config-if)#show boot Image ----Primary Secondary Build Date -------------------Aug 28 14:05:16 2006 Aug 14 06:18:03 2006 Install Date -------------------Aug 29 18:32:17 2006 Aug 17 15:08:28 2006 Version -------------3.0.0.0-200B 3.0.0.
7-19 % portfast bpdu-guard disabled % portfast errdisable timeout disabled % portfast errdisable timeout interval 300 sec % cisco interoperability not configured - Current cisco interoperability off % % Instance VLAN % 0: 1-4095 RFS7000(config-if)#
7-20 Overview 7.1.15 shutdown Interface Config commands Use this command to shutdown the selected interface. Syntax shutdown Parameters None.
7-21 7.1.16 spanning-tree Interface Config commands Use this command to configure spanning tree parameters.
7-22 Overview mst [<0-15> Configures mst on a spanning tree. (cost <1-200000000>| • <0-15> – Instance ID. port-priority <0-240>)| • cost <1-200000000> – Path cost for a port. port-cisco-interoperability (disable|enable)] • port-priority <0-240> – Port priority for a bridge. • port-cisco-interoperability (disable|enable) – Enables or disables interoperability with Cisco's version of MSTP (which is incompatible with standard MSTP). • enable – Enables CISCO Interoperability.
7-23 7.1.17 speed Interface Config commands Use this command to configure the speed of the selected interface in Mbps. Syntax speed(10|100|1000|auto) Parameters 10 Forces 10 Mbps operation. 100 Forces 100 Mbps operation. 1000 Forces 1000 Mbps operation. auto Enables AUTO speed configuration. Usage Guidelines Set the interface speed to auto to detect and use the fastest speed avaiable. The speed detection is based on the connected network hardware.
7-24 Overview 7.1.18 static-channel-group Interface Config commands Use this command to to add an interface to a static channel group. Syntax static-channel-group <1-4> Parameters <1-4> Static channel group to associate the link with. Usage Guidelines This command aggregates individual giga port’s into a single aggregate link to provide a larger bandwidth. Static channel group is used to provide additional bandwidth in multiples of 1Gbps on the switch.
7-25 7.1.19 switchport Interface Config commands Use this command to set switching mode characteristics for the selected interface. The mode can be either access or trunk. NOTE The ge interface earlier configured as a trunk with all VLAN's allowed on it looses its confiugration and has only VLAN 1 set to allowed.
7-26 Overview Example RFS7000(config-if)#switchport mode access RFS7000(config-if)#
7-27 7.1.20 tunnel Interface Config commands Use this command to configure protocol-over-protocol tunneling. Syntax tunnel(destination|source|ttl) tunnel destination A.B.C.D tunnel source A.B.C.D tunnel ttl<1-255> Parameters destination Destination of tunnel packets. source Source of tunnel packets. A.B.C.D Internet Protocol (IP). ttl Sets the time to live interval. <1-255> The time to live (ttl) in seconds. Example RFS7000(config)#interface tunnel 1 RFS7000(config-if)#tunnel destination 172.
7-28 Overview
spanning tree-mst Instance Use the (config-mst) instance to configure the Multi Spanning Tree Protocol (MSTP). Use (config)#spanning-tree mst configuration to reach this instance. 8.1 mst Config commands Table 8.1 summarizes the config-mst commands. Table 8.1 MSTP Config Command Summary Command Description Ref. clrscr Clears the display screen. page 8-2 end Ends the current mode and moves to the EXEC mode. page 8-3 exit Ends the current mode and moves to the previous mode.
8-2 Overview 8.1.1 clrscr mst Config commands Use this command to clear the display. Syntax clrscr Parameters None.
8-3 8.1.2 end mst Config commands Use this command to end and exit from the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
8-4 Overview 8.1.3 exit mst Config commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
8-5 8.1.4 help mst Config commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-mst)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g.
8-6 Overview 8.1.5 instance mst Config commands Use this command to associate VLAN(s) with an instance. Syntax instance <1-15> vlan Parameters <1-15> Enters the instance ID to which the VLAN is associated. vlan Enters the VLAN ID for its association with an instance. Usage Guidelines MSTP works based on instances. An instance is agroup of VLAN’s with a common spanning tree. A single VLAN caanot be associated with multiple instances.
8-7 8.1.6 name mst Config commands Use this command to set a name for the MST region. Syntax name (region name) Parameters region name MST region name.
8-8 Overview 8.1.7 no mst Config commands Use this command to negate a command or set defaults. Syntax no [instance|name|revision] Parameters instance Instance. name MST region. revision Revision number for configuration information. Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
8-9 8.1.8 revision mst Config commands Use this command to configure the revision number of the MST bridge. Syntax revision <0-255> Parameters 0-255 Revision number for configuration information.
8-10 Overview 8.1.9 service mst Config commands Use this command to invoke the service commands needed to trobuleshoot or debug (config-if) instance configurations. Syntax service(show) (cli) Parameters show (cli) Shows running system information. • cli – Show CLI tree of current mode.
8-11 ................................................................................. ................................................................................. ................................................................................. .......................
8-12 Overview 8.1.10 show mst Config commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-mst)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration.
8-13 RFS7000(config-mst)#show access-list Extended IP access list 110 permit ip 192.168.1.0/24 192.168.100.0/24 rule-precedence 5 permit ip 192.168.63.0/24 192.168.100.0/24 rule-precedence 63 permit ip 192.168.157.0/24 192.168.100.
8-14 Overview 8.2 Configuring Interface using MSTP MSTP runs by default. All VLANs are in default instance 0 by default. 1. Use the following command to create a non-default instance and region configuration using the mst config mode. RFS7000(config-mst)#instance 1 vlan 2. Use the following to enable/disable MSTP. RFS7000(config)#bridge multiple-spanning-tree 3. Use the following command to configure spanning-tree. RFS7000(config)#bridge multiple-spanning-tree RFS7000(config)#spanning-tree 4.
Extended ACL Instance Use the(config-ext-nacl) instance to configure ip access-list extended ACLs.. 9.1 Extended ACL Config Commands Table 9.1 summarizes the config-ext-nacl commands. Table 9.1 Extended ACL Config Command Summary Command Description Ref. clrscr Clears the display screen. page 9-2 deny Specifies packets to reject. page 9-3 end Ends the current mode and changes to the EXEC mode. page 9-7 exit Ends the current mode and moves back to the previous mode.
9-2 Overview 9.1.1 clrscr Extended ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None.
9-3 9.1.2 deny Extended ACL Config Commands Use this command to specify packets to reject.
9-4 Overview deny {icmp} {source/ Use with deny command to reject icmp packets. source-mask | host source • deny – Action types on an ACL. | any} {destination/ • {icmp} – Specifies icmp as the protocol. destination-mask | host destination | any} [icmp• {source/source-mask | host source | any} – source is the source IP type | [icmp-type icmpaddress of the network or host in dotted decimal format. Source-mask is code]] [log] [rulethe network mask. For example, 10.1.1.
9-5 deny {tcp|udp} {source/ Use with deny command to reject tcp or udp packets. source-mask | host source • deny – Action types on an ACL. | any} [operator source• {tcp|udp} – Specify tcp or udp as protocol. port] {destination/ destination-mask | host • {source/source-mask | host source | any} – The keyword source is the destination | any} source IP address of the network or host in dotted decimal format. [operator destination-port] Source-mask is the network mask. For example, 10.1.1.
9-6 • Overview Select the protocol type icmp to allow/deny icmp packets. Selecting icmp provies the option of filtering icmp packets based on icmp type and code. NOTE The log option is functional only for router ACL’s. The log option causes an informational logging message about the packet that matches the entry to be sent to the console. Example The following example denies traffic between two subnets. RFS7000(config-ext-nacl)#deny ip 192.168.2.0/24 192.168.1.
9-7 9.1.3 end Extended ACL Config Commands Use this command to end and exit from the current mode and change to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
9-8 Overview 9.1.4 exit Extended ACL Config Commands Use this command to end current mode and go to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
9-9 9.1.5 help Extended ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-ext-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g.
9-10 Overview 9.1.6 mark Extended ACL Config Commands Use this command to mark specific packets.
9-11 mark {dot1p <0-7> | tos Use with the mark command to specify icmp packets as marked. <0-255>}} {icmp} • mark {dot1p <0-7> | tos <0-255>} – Action types on an ACL. The action {source/source-mask | type mark is functional only over a Port ACL. host source | any} • {icmp} – Specify icmp as protocol. {destination/ destinationmask | host destination | • {source/source-mask | host source | any} – source is the source IP any} [icmp-type | [icmpaddress of the network or host in dotted decimal format.
9-12 Overview mark {dot1p <0-7> | tos <0-255>}} {tcp|udp} {source/source-mask | host source | any} [operator source-port] {destination/destinationmask | host destination | any} [operator destination-port] [log] [rule-precedence accesslist-entry precedence] Use with the mark command to specify tcp or udp packets as marked. • mark {dot1p <0-7> | tos <0-255>} – Action types on an ACL. The action type mark is functional only over a Port ACL. • {tcp|udp} – Specifies tcp or udp as the protocol used.
9-13 • Select the protocol type icmp to allow/deny icmp packets. Selecting icmp protocol allow you the option of filtering icmp packets based on icmp type and icmp code. NOTE The log option is functional only for router ACL’s. The log option provides an informational logging message about the packet matching the entry sent to the console. Example The example below marks the dot1p priority value in the ethernet header to 5 to all tcp traffic coming from the source subnet.
9-14 Overview 9.1.7 no Extended ACL Config Commands Use this command to negate a command or set its defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinations used in deny, mark and permit commands to configure the Extended ACL. Parameters deny Specifies packets to reject. mark Specifies packets to mark. permit Specifies packets to forward. Usage Guidelines Use the no command to remove an access list control entry.
9-15 9.1.8 permit Extended ACL Config Commands Use this command to permit specific packets. NOTE ACLs do not allow DHCP messages to flow through by default. Configure an Access Control Entry (ACE) to allow DHCP messages to flow through. RFS7000(config-ext-nacl)#permit ip 192.168.1.0/24 192.168.2.0/24 RFS7000(config-ext-nacl)#permit ip any host 255.255.255.
9-16 Overview permit {icmp} Use with the permit command to allow icmp packets. {source/source-mask | • permit – Action types on an ACL. host source | any} • {icmp} – Specifies icmp as the protocol. {destination/ destinationmask | host destination | • {source/source-mask | host source | any} – The keyword source is the any} source IP address of the network or host in dotted decimal. Source-mask [icmp-type | is the network mask. For example, 10.1.1.
9-17 permit{tcp|udp} Use with the permit command to allow tcp or udp packets. {source/source-mask | • permit – Action types on an ACL. host source | any} • {tcp|udp} – Specify tcp or udp as protocol. [operator source-port] {destination/destination• {source/source-mask | host source | any} – source is the source IP mask | host destination | address of the network or host in dotted decimal. Source-mask is the any} network mask. For example, 10.1.1.
9-18 • Overview Select the protocol type icmp to allow/deny icmp packets. Selecting icmp protocol allow you the option of filtering icmp packets based on icmp type and icmp code. NOTE The log option is functional only for router ACL’s. The log option causes an informational logging message about the packet matching the entry sent to the console. Example The example below allows IP traffic from the source subnet to destination subnet and denies all other traffic over an interface.
9-19 9.1.9 service Extended ACL Config Commands Use this command to invoke service commands to troubleshoot or debug (config-if) instance configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the RFS7000 Switch. save-cli Saves the CLI tree for all modes in html format. show Shows running system information. start-shell Provides shell access.
9-20 Overview 9.1.10 show Extended ACL Config Commands Use this command to view the current system information. Syntax show Parameters ? Displays all the parameters for which the information can be viewed using the show command. Usage Guidelines The show access-list command displays all the access lists configured in the switch in the console. Mention the access list name or number to view the details of a particular ACL.
9-21 RFS7000(config-ext-nacl)#show access-list Extended IP access list 101 deny ip 192.168.1.0/24 192.168.2.0/24 rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list 110 deny ip host 192.168.1.95 host 192.168.2.98 log rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list symbol deny tcp 192.168.2.0/24 192.168.1.
9-22 Overview 9.1.11 terminal Extended ACL Config Commands Use this command to set the length /number of lines displayed on the terminal window. Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. no Negates a command or set its defaults. • monitor – Copies debug output to the current terminal line. Usage Guidelines By default, the log messages are generally not displays over a telnet session.
Standard ACL Instance Use the (config-std-nacl) instance to configure ip access-list standard ACLs. Standard ACLs allow filtering based on the source address only. 10.1 Standard ACL Config Commands Table 10.1 summarizes config-std-nacl commands. Table 10.1 Extended ACL Config Command Summary Command Description Ref. clrscr Clears the display screen. page 10-2 deny Specifies packets to reject. page 10-3 end Ends the current mode and change to EXEC mode.
10-2 Overview 10.1.1 clrscr Standard ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None.
10-3 10.1.2 deny Standard ACL Config Commands Use this command to specify packets to reject. Syntax deny(A.B.C.D/M|any|host) deny any(log|rule-precedence) deny any log(rule-precedence)<1-5000> deny any rule-precedence<1-5000> deny host A.B.C.D Parameters A.B.C.D/M Source IP address range to match. any Any source IP address. host • log – Log matches against this entry. • rule-precedence <1-5000> – Access-list entry precedence. Single host address. • A.B.C.D – Exact source IP address to match.
10-4 Overview 10.1.3 end Standard ACL Config Commands Use this command to exit the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
10-5 10.1.4 exit Standard ACL Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
10-6 Overview 10.1.5 help Standard ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-std-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
10-7 10.1.6 mark Standard ACL Config Commands Use this command to mark specific packets. Syntax mark(8021.1p<0-7>|tos<0-255>)(A.B.C.D/M|any|host) mark(8021.1p<0-7>|tos<0-255>)any|host(log|rule-precedence<1-5000>| |A.B>C.D) Parameters 8021.1p<0-7>|tos<0-255>) • Specifies .1p priority value between 0 and 7 • Specifies a Type of Service (tos) value between 0 and 255. (A.B.C.D/M|any|host) source is the source IP address of the network or host in dotted decimal format. Source-mask is the network mask.
10-8 Overview 10.1.7 no Standard ACL Config Commands Use this command to negate a command or set its defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinations used in deny, mark and permit commands to configure the Extended ACL. Parameters deny Specifies packets to reject. mark Specifies packets to mark. permit Specifies packets to forward.
10-9 10.1.8 permit Standard ACL Config Commands Use this command to permit specific packets. Syntax permit(A.B.C.D/M|any|host) permit any(log|rule-precedence) permit any log(rule-precedence)<1-5000> permit any rule-precedence<1-5000> permit host A.B.C.D Parameters A.B.C.D/M Source IP address range to match. any Any source IP address. host • log – Log matches against this entry. • rule-precedence<1-500> – Access-list entry precedence. Single host address. • A.B.C.
10-10 Overview 10.1.9 service Standard ACL Config Commands Use this command to invoke service commands to troubleshoot or debug (config-if) instance configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the switch. save-cli Saves the CLI tree for all modes in html format. show Shows running system information. start-shell Provides shell access.
10-11 10.1.10 show Standard ACL Config Commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command. Usage Guidelines show access-list command displays all the access lists configured in the switch in the console. Provide the access list name or number to view the details of a particular ACL.
10-12 Overview RFS7000(config-std-nacl)#show access-list Standard IP access list 1 permit any rule-precedence 10 Extended IP access list 101 deny ip 192.168.1.0/24 192.168.2.0/24 rule-precedence 10 permit ip any any rule-precedence 20 Extended IP access list 110 deny ip host 192.168.1.95 host 192.168.2.98 log rule-precedence 10 permit ip any any rule-precedence 20 Standard IP access list moto deny 192.168.1.0/24 rule-precedence 10 permit any rule-precedence 20 Extended IP access list symbol deny tcp 192.
10-13 10.1.11 terminal Standard ACL Config Commands Use this command to set the length /number of lines displayed on the terminal. Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. no Negates a command or set its defaults. • monitor – Copies debug output to the current terminal line. Usage Guidelines By default, log messages are generally not displayed over a Telnet session.
10-14 Overview
Extended MAC ACL Instance Use the (config-ext-macl) instance to configure mac access-list extended ACLs associated with the switch. Use decimal value representation of ethertypes to implement permit/deny/mark packet. The command set for Extended MAC ACLs provides hexadecimal values for each of its listed ether types. The switch supports all ethertypes. Use the decimal equvilant of the ethertype listed in the CLI or for any other ethertype.
11-2 Overview 11.1 MAC Extended ACL Config Commands Table 11.1 summarizes the config-ext-macl commands. Table 11.1 Extended ACL Config Command Summary Command Description Ref. clrscr Clears the display screen. page 11-3 deny Specifies packets to reject. page 11-4 end Ends the current mode and moves to the EXEC mode. page 11-6 exit Ends the current mode and moves to the previous mode. page 11-7 help Describes the interactive help system. page 11-8 mark Specifies packets to mark.
11-3 11.1.1 clrscr MAC Extended ACL Config Commands Use this command to clear the display screen. Syntax clrscr Parameters None.
11-4 Overview 11.1.2 deny MAC Extended ACL Config Commands Use this command to specify packets that you want to reject. NOTE Use a decimal value representation of ethertypes to implement a permit/deny/mark designation for a packet. The command set for Extended MAC ACLs provide the hexadecimal values for each listed ether type. The switch supports all ethertypes. Use the decimal equvilant of the ethertype listed or for any other type of ethertype.
11-5 • ip • 802.1q By default, the switch does not allow layer 2 traffic to pass through the interface. To adopt access port through an interface, configure an access control list to allow an ethernet wisp. NOTE A MAC access list entry to allow arp is mandatory to apply an IP based ACL to an interface. MAC ACL always takes precedence over IP based ACL’s. The last ACE in the access list is an implict deny statement.
11-6 Overview 11.1.3 end MAC Extended ACL Config Commands Use this command to exit from the current mode and change to PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
11-7 11.1.4 exit MAC Extended ACL Config Commands Use this command to end current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
11-8 Overview 11.1.5 help MAC Extended ACL Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-ext-macl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
11-9 11.1.6 mark MAC Extended ACL Config Commands Use this command to specify a packet to mark. NOTE Use a decimal value representation of ethertypes to implement permit/deny/ mark designations for a packet. The command set for an Extended MAC ACL provides the hexadecimal values for each of its listed ether types. The switch supports all ethertypes. Use the decimal equvilant of the ethertype listed in the CLI or for any other type of ethertype.
11-10 Overview Usage Guidelines Use the mark option to specify the type of service (tos) and priority value. The tos value is marked in the IP header and the 802.1p priority value is marked in the dot1q frame. Whenever the interface receives the packet, its content is checked against all the ACE’s in the ACL. It is marked based on the ACL configuration. Example The example below marks the dot1p priority value to 6 for all 802.1q tagged traffic from VLAN interface 5.
11-11 11.1.7 no MAC Extended ACL Config Commands Use this command to negate a command or set defaults. Syntax no(deny|mark|permit) This command negates all the syntax combinatins that you have used in deny, mark and permit to configure the Extended ACL. Parameters deny Specifies packets to reject. mark Specifies packets to mark. permit Specifies packets to forward.
11-12 Overview 11.1.8 permit MAC Extended ACL Config Commands Use this command to specify packets to forward. NOTE Use a decimal value representation of ethertypes to implement permit/deny/mark designations for a packet. The command set an an Extended MAC ACL provides the hexadecimal values for each listed ethertype. The switch supports all ethertypes. Use the decimal equvilant of the ethertype listed in the CLI or for any other type of ethertype.
11-13 Usage Guidelines When creating a Port ACL, the switch by default does not permit an ethertype WISP. First create a rule to allow WISP to adopt access ports. Use the following CLI command to adopt access ports: permit any any type wisp NOTE Use the following command to attach a MAC access list to a port on a layer 2 interface: mac access-group in The permit command in the MAC ACL disallows traffic based on layer 2 (data-link layer) information.
11-14 Overview 11.1.9 service MAC Extended ACL Config Commands Use this command to invoke service commands to trobuleshoot or debug (config-if) instance configurations. Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information. diag-shell Provides diagnostic shell access to debug and test the switch. save-cli Saves the CLI tree for all modes in html format. show Shows running system information.
11-15 11.1.10 show MAC Extended ACL Config Commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command. Usage Guidelines The show access-list command displays the access lists configured for the switch. Provide the access list name or number to view specific ACL details.
11-16 Overview RFS7000(config-ext-macl)#show access-list Extended MAC access list 200 permit any any type arp rule-precedence 10 permit any any type wisp rule-precedence 20 Extended MAC access list 250 deny host 01:02:fe:45:76:89 host 01:02:89:78:78:45 rule-precedence 10 permit any any type arp rule-precedence 20 RFS7000(config-ext-macl)#
11-17 11.1.11 terminal MAC Extended ACL Config Commands Use this command to set the length or number of lines displayed Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line. no Negates a command or sets defaults. • monitor – Copies debug output to the current terminal line. Usage Guidelines By default, log messages are generally not displayed over a Telnet session. Use the terminal monitor command to view t log messages using Telnet.
11-18 Overview
DHCP Instance Use the (config-dhcp)instance to configure the DHCP server address pool associated the switch. 12.1 DHCP Config Commands Table 12.1 summarizes config-std-nacl commands. Table 12.1 Extended ACL Config Command Summary Command Description Ref. address Configures DHCP server include range. page 12-3 bootfile Assigns a boot file name. The bootfile name can contain letters, numbers, dots and hyphens. Consecutive dots and hyphens are not permitted.
12-2 Overview Command Description Ref. exit Ends the current mode and moves to the previous mode. page 12-13 hardwareaddress Configures the hardware address using either a dashed or dotted hexadecimal string. page 12-14 help Describes the interactive help system. page 12-15 host Configures the IP address for the host. page 12-16 lease Assigns the lease time for the dhcp IP address. page 12-17 netbios-nameserver Configures NetBIOS (WINS) name servers.
12-3 12.1.1 address DHCP Config Commands Use this command to specify a range of addresses for DHCP network pool. Syntax address (range) (low IP address) (high IP address) Parameters range (low IP address) (high IP address) Use this commnad to add an address range for the DHCP server. • low IP address – The first ip address in the address range. • high IP address – The last ip address in the address range.
12-4 Overview 12.1.2 bootfile DHCP Config Commands Use this command to assign a bootfile name for the DHCP configuration on the network pool. Syntax bootfile Parameters bootfile Indicates the boot image for bootp clients. The file name can contain letters, numbers, dots and hyphens. Consecutive dots and hyphens are not permitted. Usage Guidelines Use the bootfile command to specify the boot image.
12-5 12.1.3 client-identifier DHCP Config Commands Use this command to assign a name to the client-identifier. A client identifier is used to reserve an IP address for DHCP clients. Syntax client-identifier Parameters client-identifier To prepend a null character , use \\0 at beginning. A single \ in the input is ignored.
12-6 Overview 12.1.4 client-name DHCP Config Commands Use this command to a add client name for the DHCP clients. Syntax client-name Parameters client-name Use client-name to add a client name. Domain name must not be included.
12-7 12.1.5 clrscr DHCP Config Commands Use this command to clear the screen. Syntax clrscr Parameters None.
12-8 Overview 12.1.6 ddns DHCP Config Commands Use this command to configure dynamic DNS parameters like domain name, enabling multi-user class and IP address of the server. Syntax ddns [domainname (name)|multiple-user-class|server (IP address) (IP address)| ttl <1-864000>|update-all] Parameters domainname (name) Sets domain name used for DDNS updates. multiple-user-class Enables multiple user class option.
12-9 12.1.7 default-router DHCP Config Commands Use this command to configure the default router or gateway IP address for the network pool. To remove the default router list, use the no default-router command. default-router Parameters default-router Specifies the default router IP address for the network pool. • – Router's IP address. Usage Guidelines The IP address of the router should be on the same subnet as the client subnet.
12-10 Overview 12.1.8 dns-server DHCP Config Commands Use this command to configure the DNS server’s IP address available to all the DHCP clients connected to the pool. Use the no dns-server command to remove DNSserver list. Syntax dns-server ..... Parameters dns-server Configures the DNS Server’s IP address. • – Server's IP address.
12-11 12.1.9 domain-name DHCP Config Commands Use this command to configure the domain name for the network pool. Use the no domain-name command to remove the domain name. Syntax domain-name (name) Parameters domain-name (name) Configures the domain name for the network pool. Usage Guidelines The doamin name can not be more than 256 characters.
12-12 Overview 12.1.10 end DHCP Config Commands Use this command to exit from the current mode and change to PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
12-13 12.1.11 exit DHCP Config Commands Use this command to end the current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
12-14 Overview 12.1.12 hardware-address DHCP Config Commands Use this command to reserve IP address (manually) based on a DHCP client’s hardware address. Use the no hardware-address command to remove this form the DHCP pool. Syntax hardware-address [XX-XX-XX-XX-XX-XX | XX:XX:XX:XX:XX:XX] Parameters hardware-address [XX-XX-XX-XX-XX-XX | XX:XX:XX:XX:XX:XX] Configures the client’s hardware address. • XX-XX-XX-XX-XX-XX – Dashed-hexadecimal string. • XX:XX:XX:XX:XX:XX – Dotted-hexadecimal string.
12-15 12.1.13 help DHCP Config Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-dhcp)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g.
12-16 Overview 12.1.14 host DHCP Config Commands Use this command to configure a fixed IP address for the host in dotted decimal format. Use the no host command to remove the host from the DHCP pool. Syntax host Parameters host Fixed address for host. • IP address – IP address in dotted decimal format.
12-17 12.1.15 lease DHCP Config Commands Use this command to configure a valid lease time for the IP address used by all DHCP clients in the network pool. Syntax lease [{<0-365> <0-23> <0-59>}|infinite] Parameters lease [ Sets the lease time for IP address. {<0-365> <0-23> <0-59>} • <0-365> – Lease period in days. Days can be made as 0 only when hours |infinite] and/or mins are greater than 0. • • <0-23> – Used with the above to set the hours for the lease period.
12-18 Overview 12.1.16 netbios-name-server DHCP Config Commands Use this command to configure the netbios-name server’s IP address. Syntax netbios-name-server Parameters netbios-name-server NetBIOS (WINS) name servers. • – NetBIOS name server's IP address. Example RFS7000(config-dhcp)#netbios-name-server 2.2.2.
12-19 12.1.17 netbios-node-type DHCP Config Commands Use this command to configure the netbios-node type. Syntax netbios-node-type [b-node|h-node|m-node|p-node] Parameters netbios-node-type [b-node | h-node | m-node | p-node] NetBIOS (WINS) name servers. • b-node – Broadcast node. • h-node – Hybrid node. • m-node – Mixed node. • p-node – Peer-to-peer node.
12-20 Overview 12.1.18 network DHCP Config Commands Use this command to configure the network pool’s IP address. This will map the current DHCP pool with the specific network. Syntax network [A.B.C.D|A.B.C.D/M] Parameters network [A.B.C.D|A.B.C.D/M] Network number and mask. • A.B.C.D – Network number in dotted decimal format. • A.B.C.D/M – Network number and mask.
12-21 12.1.19 next-server DHCP Config Commands Use this command to configure the IP address of the next server in the boot process. Syntax next-server Parameters next-server Next server in boot process. • – Server's IP address. Example RFS7000(config-dhcp)#next-server 2.2.2.
12-22 Overview 12.1.20 no DHCP Config Commands Use this command to negate a command or set defaults. Syntax no [address|bootfile|client-identifier|client-name|ddns|default-router|dnsserver|domain-name|hardware-address|host|lease|netbios-name-server|netbios-nodetype|network|next-server|option|update] Parameters The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
12-23 12.1.21 option DHCP Config Commands Use this command to define the raw DHCP option used in DHCP pools. Syntax option (name) Parameters option (name) Raw DHCP options. • (name) – Name of the DHCP option. Usage Guidelines Used to define non standard DHCP options option-code (0-254).
12-24 Overview 12.1.22 service DHCP Config Commands Use this command to invoke service commands to trobuleshoot or debug the (config-dhcp) instance configurations. Syntax service(show) (cli) Parameters show Shows running system information. cli Shows CLI tree of current mode. Example RFS7000(config-dhcp)#service show cli DHCP Server Config mode: +-address +-range +-A.B.C.D [address range A.B.C.D ( A.B.C.D |)] +-A.B.C.D [address range A.B.C.D ( A.B.C.
12-25 12.1.23 show DHCP Config Commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command. Example RFS7000(config-dhcp)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration.
12-26 Overview RFS7000(config)#show dhcp config service dhcp ip dhcp option option189 189 ascii ! ip dhcp pool vlan4 default-router 2.2.2.1 network 4.4.4.0/24 address range 4.4.4.100 4.4.4.200 ! ip dhcp pool vlan2 ! ip dhcp pool TestPool lease 200 12 30 domain-name TestDomain bootfile DHCPbootfile netbios-node-type p-node ddns domainname TestDomain address range 1.2.3.2 2.3.2.
12-27 12.1.24 update DHCP Config Commands Use this command to control the usage of the DDNS service. Syntax update (dns)(override) Parameters update (dns) (override) Controls the usage of the DDNS service. • (dns) – Dynamic DNS Configuration. • (override) – Enable Dynamic Updates by onboard DHCP Server. Usage Guidelines A DHCP client may not perform updates for RR’s A, TXT and PTR.
12-28 Overview 12.2 Configuring DHCP Server using CLI DHCP configuration is accomplished by creating pools and mapping them to L3 interfaces (SVI). A pool can be configured either as a network pool or host pool. A network pool includes ranges. When the network pool is mapped to a L3 interface, DHCP clients requesting IP from the interface get an IP from the included range. A host pool is used to assign static/fixed IP address to DHCP clients. 12.2.
12-29 2. A DHCP reboot is required to implement the configuration made at both levels — the DHCP pool context level and DHCP global context level. The following example defines the need to reboot the DHCP Server to implement changes at the global level: RFS7000(config)#ip dhcp excluded-address 192.168.0.20 192.168.0.30 RFS7000(config)#ip dhcp restart NOTE To avoid multiple e DHCP Server requests, restart the DHCP Server only after making all the required updates. 3.
12-30 Overview 11. A pool can be configured as the host pool or network pool, but not both. 12. A host pool can have either client-identifier or hardware-address configured, but not both. 13. An excluded address range has higher precedence then an included address range. If a range is part of both an excluded and included address range, it will be excluded. 14. DHCP options are first defined at the global level, using ip dhcp option .
RADIUS Server Instance The radius-server local command takes you to the RADIUS server mode. Local (Onboard) RADIUS server configuration commands are listed under this mode. Use the (config-radsrv)instance to configure local RADIUS server parameters. 13.1 RADIUS Configuration Commands Table 13.1 summarizes the Gloabl Config commands. Table 13.1 Extended ACL Config Command Summary Command Description Ref. authentication RADIUS authentication. page 13-3 ca Configures ca certificate parameters.
13-2 Overview Command Description Ref. ldap-server LDAP server parameters. page 13-20 nas RADIUS client. page 13-22 no Negates a command or set its defaults. page 13-23 proxy RADIUS proxy server. page 13-24 rad-user RADIUS user configuration. page 13-25 server Configures server certificate parameters. page 13-26 service Service commands. page 13-27 show Shows running system information.
13-3 13.1.1 authentication RADIUS Configuration Commands Use this command to configure authentication used with RADIUS server. Syntax authentication(data-source|eap-auth-type) authentication data-source(ldap|local) authentication eap-auth-type(all|peap-gtc|peap-mschapv2|tls|ttls-md5| ttls-mschapv2|ttls-pap) Parameters data-source eap-auth-type RADIUS data source for user authentication. • ldap – Remote LDAP server. • local – Local user database.
13-4 Overview 13.1.2 ca RADIUS Configuration Commands Use this command to configure CA (Certificate Authority) parameters. Syntax ca trust-point(WORD) Parameters trust-point (WORD) Trust point configuration. • WORD – Existing trust point name. Usage Guidelines Configure the trustpoint used by the local RADIUS server. Create the trustpoint before it is used by the crypto pki trustpoint command. The default trust point in use is – default-trustpoint.
13-5 13.1.3 clrscr RADIUS Configuration Commands Use this command to clear the screen. Syntax clrscr Parameters None.
13-6 Overview 13.1.4 crl-check RADIUS Configuration Commands Use this command to enable a Certificate Revocation List (CRL) check. To enable the certificate revocation list, ensure crl list is loaded using the crypto pki import crl command. Syntax crl-check Parameters enable Enables a CRL check. Usage Guidelines Authentication type tls uses certificates for authentication. CRL, updated with a trustpoint, has index numbers of revoked certifcates.
13-7 13.1.5 end RADIUS Configuration Commands Use this command to exit from the current mode and change to the PRIV EXEC mode. The prompt now changes to RFS7000#. Syntax end Parameters None.
13-8 Overview 13.1.6 exit RADIUS Configuration Commands Use this command to exit current mode and move to the previous mode (GLOBAL-CONFIG). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
13-9 13.1.7 group RADIUS Configuration Commands Use this command to configure RADIUS user groups. The CLI moves to a sub-instance config-radsrv-group, to create a new group. The prompt changes from RFS7000(config-radsrv)# to RFS7000(config-radsrv-group)#. Table 13.2 summarizes the RADIUS User Group commands within (config-radsrv-group) sub-instance. Table 13.2 RADIUS User Group Configuration Command Summary Command Description Ref. clrscr Clears the display screen.
13-10 Overview 13.1.7.2 end RADIUS Configuration Commands Use this command to exit from the current mode and move to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None. Example RFS7000(config-radsrv-group)#end RFS7000# 13.1.7.3 exit RADIUS Configuration Commands Use this command to exit the current mode and move to the previous mode (config-radsrv)). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
13-11 13.1.7.5 guest-group RADIUS Configuration Commands Use this command to manage a guest-user linked with hotspot. Create a guest-user and associate it with the guest-group. The guest-user and the policies of the guest-group is used for hotspot authentication/ authorization. Syntax guest-group Parameters enable Enables this group as guest group. Usage Guidelines Use this command to create a guest group. The guest user created using rad-user must only be part of the guest group.
13-12 Overview Parameters policy RADIUS group access policy configuration. day Resets access policy day for this group. time Configures access policy time for this group. vlan VLAN ID for this group. wlan Configures WLAN access policy for this group. <1-32> WLAN Range. all Removes allowed WLANs. rad-user Removes users from this group. WORD Existing user name in this group. all Removes all users from this group. service Service commands. radius Disables the RADIUS Server.
13-13 Syntax policy(day|time|vlan|wlan) policy day(all|fr|mo|sa|su|th|tu|we|weekdays) ploicy time(start|end)<0-23><0-59> policy vlan<1-4094> Parameters day Day of access policy configuration. all All days (from Sunday to Saturday). fr Friday mo Monday sa Saturday su Sunday th Thursday tu Tuesday we Wednesday weekdays Allows access only in week days ( Mo-Fr ). time Configures time of access policy for this group. start Start time. end End time must be greater than the start time.
13-14 Overview 13.1.7.9 rad-user RADIUS Configuration Commands Use this command to add an exisitng RADIUS user to this group.If the RADIUS user is not available in the Onboard RADIUS server’s database, create a new RADIUS user using rad-user command from (configradsrv) mode. For more details check13.1.13 rad-user on page 25. Syntax rad-user Parameters WORD Existing RADIUS user name.
13-15 +-mo [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-sa [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-su [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-th [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-tu [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-we [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-weekdays [policy day (all|weekdays|{mo|tu|we|th|fr|sa|su})] +-time +-start +-<0-23> +-<0-59> +-end +-<0-23> +-<0-59> [policy time start <0-23> <0-59> end <0-23> <0-59>
13-16 Overview sessions snmp snmp-server startup-config terminal timezone upgrade-status users version wireless Display current active open connections Display SNMP engine parameters Display SNMP engine parameters Contents of startup configuration Display terminal configuration parameters Display timezone Display last image upgrade status Display information about terminal lines Display software & hardware version Wireless configuration commands RFS7000(config-radsrv-group)# RFS7000(config)#show radius
13-17 13.1.7.12 Example–Creating a Group The use of the (config-radsrv-group) sub-instance is explained below: 1. Create a group called Sales in the local RADIUS Server database. RFS7000(config-radsrv)#group sales 2. Check the RADIUS user group configuration commands.
13-18 Overview 8. Use (config-radsrv)#proxy to add a realm name. RFS7000(config-radsrv)#proxy realm mydomain.com server 10.10.1.10 port 1812 secret 0 testing 9. Save the changes and restart the RADIUS service. RFS7000(config-radsrv)#service radius restart Sep 08 17:48:04 2006: %PM-5-PROCSTOP: Process "radiusd" has been stopped Sep 08 17:48:05 2006: RADCONF: radius config files generated successfully RFS7000(config-radsrv)#Sep 08 17:48:05 2006: %DAEMON-6-INFO: radiusd[8830]: Ready to process requests.
13-19 13.1.8 help RADIUS Configuration Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-radsrv)#help? help Description of the interactive help system RFS7000(config-radsrv)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
13-20 Overview 13.1.9 ldap-server RADIUS Configuration Commands Use this command to configure LDAP server parameters. It uses the exisitng external database in form of active directory with the onboard RADIUS server instead of loacl database on the switch. Syntax ldap-server[primary|secondary] (host
13-21 Example RFS7000(config)#ldap-server primary host 192.192.1.
13-22 Overview 13.1.10 nas RADIUS Configuration Commands Use this command to configure the RADIUS client. Syntax nas(A.B.C.D/M)key(0|2|LINE) Parameters A.B.C.D/M RADIUS Client IP address. key RADIUS Client shared key. 0 Password is specified UNENCRYPTED. 2 Password is encrypted with password-encryption secret. LINE The secret (client shared secret), up to 32 characters.
13-23 13.1.11 no RADIUS Configuration Commands Use this command to negate a command or set its defaults. Syntax no(authentication|ca|crl-check|group|ldap-server|nas|proxy|raduser|server|service) Parameters authentication RADIUS authentication. ca Configures ca certificate parameters. crl-check Certificate Revocation List (CRL) check. group Local RADIUS Server group configuration. ldap-server LDAP server parameters. nas RADIUS client. proxy RADIUS proxy server.
13-24 Overview 13.1.12 proxy RADIUS Configuration Commands Use this command to configure a proxy RADIUS server based on the realm/suffix. Syntax proxy(realm|retry-count|retry-delay) proxy relam(WORD)server(A.B.C.D)port(<1024-65535>)secret(0|2|WORD) Parameters realm WORD Realm name is a string of up to 50 characters. • server (A.B.C.D) – Proxy server IP address. • port <1024-65535> – Proxy server port number. • secret (0|2|WORD) – Proxy server secret string.
13-25 13.1.13 rad-user RADIUS Configuration Commands Use this command to configure RADIUS user parameters. Syntax rad-user(WORD)password(0|2|WORD) (group)(guest)(expiry-time)(expiry-date) (start-time))start-date) Parameters WORD Enter a user name up to 64 characters in length. password(0|2|WORD) RADIUS user password. • 0 – Password is specified as UNENCRYPTED. • 2 – Password is encrypted with a password-encryption secret. • WORD – Enter password up to 21 characters in length.
13-26 Overview 13.1.14 server RADIUS Configuration Commands Use this command to configure server certificate parameters used by RADIUS server. The server certiificate is a part of trustpoint created crypto on page 5-17. Syntax server trust-point Parameters trust-point (WORD) Trust point configuration. • WORD – Existing trust point name. Usage Guidelines Create a trustpoint using (crypto-pki-trustpoint). Server certificate must be created under the trustpoint using the crypto-pki commands.
13-27 13.1.15 service RADIUS Configuration Commands Use this command to invoke service commands to trobuleshoot or debug (config-radsrv) instance configurations. This command is also used to enable the RADIUS Server. Syntax service (show) (cli) Parameters show (cli) Shows running system information.
13-28 Overview 13.1.16 show RADIUS Configuration Commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command. Usage Guidelines To view the show command parameters of RADIUS, refer to radius on page 2-51.
13-29 RFS7000(config)#show radius trust-point Trust-point Configured For Radius ________________________________ Server Trust-point : tp1 CA Trust-point : default-trustpoint RFS7000(config)#show radius configuration Radius Server Configuration --------------------------Server Status : enabled Data Source : local RFS7000(config)#
13-30 Overview
Wireless Instance Use the (config-wireless)instance to configure wireless parameters. 14.1 Wireless Configuration Commands Table 14.1 summarizes the Global Config commands. Table 14.1 Wireless Configuration Command Summary Command Description Ref. adopt-unconf-radio Adopts a radio even if not configured. The default templates is used for configuration. page 14-3 adoption-pref-id Defines spreference identifier for the switch.
14-2 Overview Command Description Ref. dhcp-sniff-state Record mobile unit DHCP state information. page 14-10 dot11-shared-key-auth Enables support for 802.11 shared key authentication. page 14-11 end Ends the current mode and moves to the EXEC mode. page 14-12 exit Ends the current mode and moves to the previous mode. page 14-13 fix-windows-dhcp Converts Windows DHCP Server responses to Unicast instead of Broadcast. page 14-14 help Describes the interactive help system.
14-3 14.1.1 adopt-unconf-radio Wireless Configuration Commands Use this command to adopt a radio (even if not yet configured). The default templates is used for configuration. Syntax adopt-unconf-radio Parameters enable Enables the adoption of unconfigured radios.
14-4 Overview 14.1.2 adoption-pref-id Wireless Configuration Commands Use this command as a preference identifier for the switch. Radios configured with this preference identifier are more likely to be adopted by this switch. Syntax adoption-pref-id Parameters <1-65535> Select a pref-ID within 1-65535.
14-5 14.1.3 ap-detection Wireless Configuration Commands Use this command to configure access port detection. Syntax ap-detection [approved|enable|mu-assisted-scan|timeout (approved|unapproved)] ap-detection approved add <1-200> (MAC Address)(SSID) ap-detection mu-assisted-scan(enable|refresh<10-86400>) Parameters approved The approved access port list. • add <1-200> – Adds an entry to the approved access port list. • MAC Address – Select either: • • MAC– MAC address in AA-BB-CC-DD-EE-FF format.
14-6 Overview 14.1.4 broadcast-tx-speed Wireless Configuration Commands Use this command to configure the rate broadcast and multicast traffic must be transmitted between the switch and mobile units. Syntax broadcast-tx-speed(range|throughput) Parameters range Uses the lowest basic rate. Provides maximum range. throughput Uses thhighest be asic rate. Provides maximum throughput (default).
14-7 14.1.5 clrscr Wireless Configuration Commands Use this command to clear the screen. Syntax clrscr Parameters None.
14-8 Overview 14.1.6 convert-ap Wireless Configuration Commands Use this command to change an access port’s mode of operation to either sensor or standalone. Syntax convert-ap <1-256>(default|sensor) Parameters <1-256> Indices of the access port’s to be converted (from the ['show wireless ap' command]). default Does not force conversion. Lets the access port negotiate its normal mode of operation with the switch. sensor Converts an AP300 to operate as an IDS sensor.
14-9 14.1.7 country-code Wireless Configuration Commands Use this command to configure the country of operation. This command erases the radio’s existing configuration. Syntax country-code Parameters country-code Uses the two letter ISO-3166 country code ("show wireless country-code-list") to view the list of supported countries. Usage Guidelines Use show wireless country code to view the list of supported countries.
14-10 Overview 14.1.8 dhcp-sniff-state Wireless Configuration Commands Use this command to record mobile unit DHCP state information. Syntax dhcp-sniff-state Parameters enable Enables the recording of DHCP state information for mobile units.
14-11 14.1.9 dot11-shared-key-auth Wireless Configuration Commands Use this command to enable support for 802.11 shared key authentication. NOTE Shared key authentication has known weaknesses that can compromise your WEP key. It must only be configured to accomodate wireless stations unable to conduct Open System authentication. Syntax dot11-shared-key-auth Parameters enable Enables support for shared key authentication.
14-12 Overview 14.1.10 end Wireless Configuration Commands Use this command to end and exit from the current mode and change to the PRIV EXEC mode. The prompt changes to RFS7000#. Syntax end Parameters None.
14-13 14.1.11 exit Wireless Configuration Commands Use this command to exit the current mode and move to the previous mode (config). The prompt changes to RFS7000(config)#. Syntax exit Parameters None.
14-14 Overview 14.1.12 fix-windows-dhcp Wireless Configuration Commands Use this command to convert Windows DHCP Server responses to unicast instead of broadcast. Syntax fix-windows-dhcp Parameters enable Enables support for converting Windows DHCP Server responses.
14-15 14.1.13 help Wireless Configuration Commands Use this command to access the system’s interactive help system. Syntax help Parameters None. Example RFS7000(config-wireless)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
14-16 Overview 14.1.14 ids Wireless Configuration Commands Use this command to configure Intrusion Detection System settings.
14-17 ex-ops Configures parameters related to the detection of excessive operations on the RF network. • 80211-replay-fails – 802.11 replay check failure. • all – Changes for all types of excessive operations. • association-requests – 802.11 Authentication and Association Requests. • authentication-fails – Failure to Authenticate with Servers (Radius/Kerberos). • crypto-replay-fails – TKIP/CCMP IV replay check failure. • decryption-fails – Decryption failures.
14-18 Overview 14.1.15 mac-auth-local Wireless Configuration Commands Use this command to configure local MAC authentication list. Syntax mac-auth-local<1-1000> (allow|deny)(Starting MAC Address)(Ending MAC Address)(range/list of WLAN indicies)WORD Parameters <1-1000> Entry for mac-auth-local. allow Allows mobile units that match this rule to associate. deny Denies association to mobile units that match this rule. Starting MAC Address Starting MAC address in AA-BB-CC-DD-EE-FF format.
14-19 14.1.16 manual-wlan-mapping Wireless Configuration Commands Use this command to manually map/un-map WLANs configured on a radio. Syntax manual-wlan-mapping Parameters enable Enables support for manual WLAN mapping.
14-20 Overview 14.1.17 mobile-unit Wireless Configuration Commands Use this command to configure mobile unit related parameters. Syntax mobile-unit (association-history(enable)|probe-history) mobile-unit probe-history (add<1-200> |enable) Parameters association-history Enables the mobile unit’s association history. • probe-history enable enable – Enables the mobile unit’s association history. Mobile unit probe logging configuration commands.
14-21 14.1.18 mobility Wireless Configuration Commands Use this command to configure mobility parameters Syntax mobility(enable|local-address|max-roam-period|peer) mobility local-address (IP Address) mobility max-roam-period<1-300> mobililty peer (IP Address) Parameters enable Enables mobility globally. local-address Sets the local address for mobility. • A.B.C.D – IP Address of A.B.C.D format. max-roam-period <1-300> Sets the maximum roam period for a mobile unit (in seconds).
14-22 Overview 14.1.19 multicast-packet-limit Wireless Configuration Commands Use this command to a configure multicast packet limit per second for VLAN. Syntax multicast-packet-limit <0-128> (<1-4094>|) Parameters <0-128> Multicast packet limit per second. <1-4094> Single VLAN ID (1-4094) that the new limit applies to. A list (1,3,7) or range (3-7 ) of VLAN IDs.
14-23 14.1.20 no Wireless Configuration Commands Use this command to negate a command or set its defaults. Syntax no(adopt-unconf-radio|adoption-pref-id|ap-detection|broadcast-tx-speed|countrycode|dhcp-sniff-state|dot11-shared-key-auth|fix-windows-dhcp|ids|mac-authlocal|manual-wlan-mapping|mobile-unit|mobility|oversized-frames|proxy-arp|qosmapping|radio|self-heal|sensor|service|smart-scan-channels|wlan) Parameters Refer to Table 14.1 on page 14-1 for the parameters negated using the no command.
14-24 Overview 14.1.21 oversized-frames Wireless Configuration Commands Use this command to use oversized frames for data traffic. Syntax oversized-frames Parameters enable Enables support for oversized frames.
14-25 14.1.22 proxy-arp Wireless Configuration Commands Use this command to respond to ARP requests on behalf of mobile units. Syntax proxy-arp Parameters enable Enables support for proxy arp.
14-26 Overview 14.1.23 qos-mapping Wireless Configuration Commands Use this command to configure QoS mappings between wired and wireless domains. Syntax qos-mapping(wired-to-wireless|wireless-to-wired) qos-mapping wired-to-wireless(dot1p<0-7>|dscp<0-63>) (background|best-effort|video|voice) qos-mapping wireless-to-wired(background|best-effort|video|voice) dot1p<0-7> Parameters wired-to-wireless wireless-to-wired Mappings used while switching wired traffic over the air.
14-27 14.1.24 radio Wireless Configuration Commands Use this command to configure radio related settings.
14-28 Overview bss (<1-4>|auto) WLAN Map wireless LANs to radio BSSID’s. • <1-4> –The BSS where a wireless lLAN is mapped. • auto – Automatic assignment of BSS. If the user selects wireless lans d the system assigns them to a BSS automatically. • WLAN – A list (1,3,7) or range (3-7) of WLAN indices. When a BSS is specified, the first WLAN is used as the primary WLAN. When the auto option is used, the system automatically assigns the first four WLANs as primaries on their respective BSS’s.
14-29 mac (AA-BB-CC-DD-EE-FF) Changes the parent (access port) MAC address of the radio. • AA-BB-CC-DD-EE-FF – MAC address in AA-BB-CC-DD-EE-FF format. max-mobile-units <1-256> Maximum number of mobile units allowed to associate. mu-power <0-20> Power adjustment level for mobile units associated with this access port. Mobile units that support this element must reduce their transmit power by the specified value. • <0-20> – Power in dBm. on-channel-scan Enables rogue scanning on this radio.
14-30 speed Overview Configures the basic and supported data rates. • 1 1-Mbps. • 11 11-Mbps. • 12 12-Mbps. • 18 18-Mbps. • 2 2-Mbps. • 24 24-Mbps. • 36 36-Mbps. • 48 48-Mbps. • 54 54-Mbps. • 5p5 5.5-Mbps. • 6 6-Mbps. • 9 9-Mbps. • basic1 basic 1-Mbps. • basic11 basic 11-Mbps. • basic12 basic 12-Mbps. • basic18 basic 18-Mbps. • basic2 basic 2-Mbps. • basic24 basic 24-Mbps. • basic36 basic 36-Mbps. • basic48 basic 48-Mbps.
14-31 wmm (background|besteffort|video|voice) (aifsn<1-15>|burst<065535>| cw<0-15>) 802.11e / Wireless MultiMedia (WMM) parameters (supported only on AP300). • background – Background category traffic. • best-effort– Best effort category traffic. • video –Video traffic category traffic. • voice – Voice traffic category traffic. • aifsn<1-15> – (Arbitration Inter Frame Spacing Number) The wait time in milliSeconds between data frames is derived using AIFSN and the slot-time.
14-32 Overview Example RFS7000(config-wireless)#radio 250 bss auto 3-5 RFS7000(config-wireless)# RFS7000(config-wireless)#radio 1 channel-power indoor 1 16 Regulatory parameter values depend on country of operation and radio type.
14-33 14.1.25 self-heal Wireless Configuration Commands Use this command to configure self healing. Syntax self-heal(interference-avoidance|neighbor-recovery) self-heal interference-avoidance(enable|hold-time<0-65535>| retries<0.0-15.
14-34 Overview Example RFS7000(config-wireless)#self-heal interference-avoidance enable RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal interference-avoidance hold-time 600 RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal neighbor-recovery enable Note: reducing the configured transmit power of radios will ensure that there is room to increase power when a neighbor fails RFS7000(config-wireless)# RFS7000(config-wireless)#self-heal neighbor-recovery neighbors 1 1 RFS7000(config-wire
14-35 14.1.26 sensor Wireless Configuration Commands Use this command to configure Wireless Intrusion Protection System parameters. Syntax sensor(default-config|vlan) sensor default-config(ip-mode|wips-server-ip) sensor default-config ip-mode(dhcp|static(A.B.C.D/M)(A.B.C.D)) sensor default-config wips-server-ip(primary|secondary)(A.B.C.D) Parameters default-config Default configuration sent to sensors when configured. ip-mode Configures the IP address mode of the sensors.
14-36 Overview 14.1.27 service Wireless Configuration Commands Use this command to invoke service commands to troubleshoot or debug the (config-wireless) instance configuration. Syntax service(show|wireless) service show (cli) service show wireless (ap(history) service wireless (clear-ap-log<1-256>|dump-core|dump-state|rate-scale| request-ap-log <1-256>|save-ap-log) Parameters show Shows running system information. cli Shows CLI tree of current mode.
14-37 RFS7000(config-wireless)#service show wireless ap history RFS7000(config-wireless)# RFS7000(config-wireless)#service wireless clear-ap-log 20 RFS7000(config-wireless)#service RFS7000(config-wireless)#service wireless dump-core RFS7000(config-wireless)# RFS7000(config-wireless)#service wireless dump-core RFS7000(config-wireless)# RFS7000(config-wireless)#service wireless rate-scale RFS7000(config-wireless)# RFS7000(config-wireless)#service wireless request-ap-log 35 RFS7000(config-wireless)# RFS7000(c
14-38 Overview 14.1.28 show Wireless Configuration Commands Use this command to view current system information. Syntax show Parameters ? Displays the parameters for which information can be viewed using the show command.
14-39 RFS7000(config-wireless)#show RFS7000(config-wireless)#show wireless AP Number of access-ports adopted : 2 Available licenses : 254 Redundancy enabled : N Redundancy mode : active # Mac Radios [indices] Mode 1 00-15-70-11-34-82 2 [ 3 4 ] 2 00-A0-F8-EA-4C-99 2 [ 1 2 ] RFS7000(config-wireless)# Model-Number Adoption- WSAP-5100-100-WW WSAP-5100-100-WW L2 (vlan: 1) L2 (vlan: 2)
14-40 Overview 14.1.29 smart-scan-channels Wireless Configuration Commands Use this command to configure a list of channels used on the network. This list is provided to mobile units that support partial scanning. Syntax smart-scan-channels(11a|11bg)<1-200> Parameters 11a Specifies a channel list for the 5Ghz band used by 802.11a mobile units. 11bg Specifies a channel list for the 2.4Ghz band used by 802.11bg mobile units. <1-200> List of channels.
14-41 14.1.30 wlan Wireless Configuration Commands Use this command to configure Wireless LAN related commands.
14-42 Overview Parameters [ <1-256> | WLAN] Select a single WLAN index. You also have the option of selecting a list (1,3,7) or range (3-7) of WLAN indices. accounting (none|radius|syslog) Accounting on this WLAN. • none – No accounting on this WLAN. • radius – Uses RADIUS accounting on this WLAN. • syslog – Uses syslog accounting on this WLAN. answer-bcast-ess Allows this WLAN to respond to probes for broadcast ESS.
14-43 dot11i [handshake | key | key-rotation | key-rotationinterval | opp-pmk-caching | phrase|pmk-caching | preauthentication | secondkey| tkip-cntrmeas-hold-time] Modifies tkip/ccmp (802.11i) related parameters. • • • enable() handshake (timeout <100-5000>) (retransmit<1-10>) – Use a handshake to configure timeout and retransmission. • timeout<100-5000> – The timeout (in milliseconds) between retries. • retransmit<1-10> – The number of retransmission attempts.
14-44 Overview encryption-type() The encryption type for this WLAN. • ccmp – AES Counter Mode CBC-MAC Protocol (AES-CCM/CCMP). • keyguard – Keyguard-MCM (Mobile Computing Mode). • none – No encryption. • tkip – Enables Temporal Key Integrity Protocol (TKIP). • tkip-ccmp – Enables both tkip and ccmp on this WLAN. • wep128 – Enables Wired Equivalence Privacy (WEP) with 128 bit keys. • wep128-keyguard – Enables both WEP128 as well as Keyguard-MCM on this WLAN.
14-45 hotspot() Modifies hotspot related parameters. • • • inactivity-timeout <60-86400> allow (rule index) (IP address) – Modifies hotspot allow-list parameters. Users who have not yet authenticated must be allowed access to these IP addresses. • Rule index – Allow-list Rule index (must be between (1-10). • IP address – Allow-list IP address. webpage (external|internal) (failure|login|welcome) – Modifies hotspot page parameters. • external – Modifies a hotspot’s External page.
14-46 Overview kdc [password (0||LINE) | realm (LINE) | server (primary|secondary|timeo ut)] auth-port<1-65535> Modifies KDC related parameters. • • password(0|2|LINE) – KDC server password, up to 127 characters. • 0 – Password is specified UNENCRYPTED. • 2 – Password is encrypted with password-encryption secret. • LINE – KDC server password, up to 127 characters. realm(LINE) – KDC realm, up to 127 characters. • • • LINE – KDC realm, up to 127 characters.
14-47 Quality of Service commands. qos [classification | mcast1 | • classification [background|best-effort|video|voice|wmm] – Select how mcast2 | prioritize-voice | traffic on this WLAN is classified (relative prioritization on the access svp | wmm] port). • • background – Traffic on this WLAN is treated as background traffic. • best-effort – Traffic on this WLAN is treated as best-effort. • video – Traffic on this WLAN is treated as video. • voice – Traffic on this WLAN is treated as voice.
14-48 Overview radius [accounting | authentication-protocol | dscpdynamicauthorization | dynamic-vlanassignment | mobile-unit | reauth | server] • aifsn – (Arbitration Inter Frame Spacing Number) The wait time (in milliSeconds) between data frames derived using AIFSN and the slot-time. • cw – (Contention Window parameters) Wireless stations pick a number between 0 and the minimum contention window to wait before retrying transmissions.
14-49 • pap – Password Authentication Protocol. • dscp<0-63> – Specifies a DSCP (Differentiated Services Code Point) v to provide QoS to RADIUS packets. The DSCP value must be between 0-63. • dynamic-authorization (enable) – Configures support for RADIUS dynamic authorization extensions (such as Disconnect Message) and Change-Of-Authorization, as described in RFC 3576. • • dynamic-vlan-assignment – Allows users to be assigned to RADIUS Server specified VLANs, instead of the VLAN mapped to the WLAN.
14-50 Overview secure-beacon Do not include the SSID of this WLAN in Beacon frames. ssid The SSID of this WLAN. symbol-extensions fastroaming (enable) Enables support for Symbol extensions. syslog (accounting) server port Syslog Accounting. • fast-roaming (enable) – Enables support for Symbol fast roaming. • accounting – Modifies accounting parameters. • server – Modifies syslog accounting server IP address. • port – Syslog server port.
14-51 RFS7000(config-wireless)#wlan 25 dot11i handshake timeout 2500 retransmit 5 RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 dot11i key-rotation enable RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 dot11i key-rotation-interval 2000 RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 enable RFS7000(config-wireless)# RFS7000(config-wireless)#wlan 25 hotspot webpage external failure "This feature is under development" RFS7000(config-wireless)# RFS7000(config-wireless)#wlan
14-52 Overview
Appendix A Customer Support Motorola’s Enterprise Mobility Support Center If you have a problem with your equipment, contact Enterprise Mobility support for your region. Contact information is available at: http://www.symbol.com/contactsupport.
A-2 RFS7000 Series CLI Reference Guide
MOTOROLA INC. 1303 E. ALGONQUIN ROAD SCHAUMBURG, IL 60196 http://www.motorola.